Why Due Diligence Is Crucial | Vigilant Insights
Vigilant Insights
Brief Introduction
The SEC recently adopted a new rule related to Cybersecurity Disclosure.
Cybersecurity continues to be a major focus for the SEC. The way Firms protect their information, and the information of their clients, will come under scrutiny if an event occurs.
In a recent article by Ignites, Vigilant’s Managing Director, Bernadette Murphy, provided useful insights for Firms concerned about compliance implications related to cybersecurity.
Bernadette Murphy Insights
There are many layers to a compliance program, and different obligations may need to be handled simultaneously. Vendor due diligence and cybersecurity is a perfect example.
When it comes to cybersecurity policies and procedures, Bernadette insists that Firms have testing in place for vendors that “you can feel comfortable [with], and you can rely on”.
Bernadette warns that “if you have a third-party provider who had access to your systems or information on your investors for your firm and they don’t have adequate systems in place, you’ll be in a lot of trouble.”
Vigilant’s Conclusion
It is vital for Firms to implement proper due diligence into their policies and procedures. This includes ensuring that third-party service providers have adequate policies and procedures in place for areas that effect the services they provide.
We suggest Firms that have yet to perform a gap analysis of their policies and procedures do so, considering the significant number of new rules in the past two years.
In our regulatory environment, compliance needs to be seen as an ongoing process that will be constantly evolving and changing. The key to success is to create a proactive compliance culture, and prudently seek the advice of experts that will help compliance be part of your business goals instead of a burden.