In addition to the SEC’s latest cybersecurity sweep, separate, targeted request letters have now been sent to a number of firms seeking their due diligence and oversight practices for their third party cloud service providers. Cloud based, electronic service providers are an increasingly common source for recordkeeping, explains Founder and President Amy Lynch. Ms Lynch adds that firms may not recognize these third parties as an area of their recordkeeping, and now the SEC is keenly interested in knowing how firms are using them and how firm information and data is being protected. See Fund Intelligence (subscription required), “SEC examiners conducting sweep of advisers’ cloud oversight.” Also, See our recent ComplianceAlerts, “New Risk Alert on Regulation S-P” and “OCIE Provides Guidance on Electronic Recordkeeping”
