GAO questions SEC oversight

GAO questions SEC oversight

The Securities and Exchange Commission's oversight of security procedures for information systems at exchanges and clearinghouses can be improved, the General Accounting Office said in a report last month.

The SEC created an automation review policy program in 1989, asking exchanges and clearinghouses to act as self-regulatory bodies.

SEC employees carry out periodic on-site inspections, and internal auditors or external organizations can conduct independent reviews of their systems.

The policy was created to prevent attacks by hackers and unauthorized users who could disrupt markets.

The policy lacks a comprehensive guide that covers all issues key to SEC oversight, GAO said in a Sept. 10 report, Information Systems: Opportunities Exist to Strengthen SEC's Oversight of Capacity and Security.

This can cause inconsistency in SEC's oversight and a dependency on the knowledge and efforts of the policy staff, which has turned over frequently and has many inexperienced members, GAO said.

Infrequent inspections

Though SEC inspections look into key policy areas, they are not being done frequently, according to the report. Staff recommendations about capacity and security weaknesses were not being implemented, the report said.

GAO recommended that the policy program develop a consolidated inspection guide for staff and update it on a periodic basis.

The policy staff recommendations that have not been addressed by exchanges and clearinghouses should be brought to the attention of SEC officials, the report said.

Lastly, the report said there should be formal criteria for assessing the cooperation between exchanges and clearinghouses and the policy program.

SEC's Annette L. Nazareth, director of the Division of Market Regulation, in a written response to the report, said a single inspection guide would be outdated as quickly as it is generated and that the current approach has worked well.

There is a process to review the status of all recommendations, Nazareth said, adding that there is a formal process for assessing the cooperation between exchanges and clearinghouses and the policy program.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected