US regulators have increased their focus on cybersecurity issues impacting financial services companies, with a host of guidance documents recently released by the US Securities and.
How DOL s Cybersecurity Guidance Impacts Retirement and Health/Welfare Plans | Quarles & Brady LLP jdsupra.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from jdsupra.com Daily Mail and Mail on Sunday newspapers.
For Investment Advisers and Broker-Dealers
DOL issues Cybersecurity Guidance. On April 14, 2021, the U.S. Department of Labor (“DOL”) Employee Benefits Security Administration (“EBSA”) issued cybersecurity guidance directed towards ERISA plan sponsors and ERISA fiduciary advisors. While the guidance appears similar to SEC’s advice, there is one noticeable difference: the DOL says firms “should” have a reliable annual third-party audit of security controls. As part of this audit, EBSA expects to see audit reports, audit files, penetration test reports, and any other analyses or reviews of cybersecurity practices. EBSA also wants documented corrections of any weaknesses identified in the independent third-party analyses. What are the implications to firms subject to this guidance? Will the DOL consider it a breach of fiduciary duty if a firm does not hire a third party to conduct an audit of its security controls? Can a firm do this assessment internally? Time will tell
The Government Accountability Office recently urged the U.S. Department of Labor to release guidance on cybersecurity matters in an effort to mitigate risks to 401(k) and other.