SlideShare a Scribd company logo

No Simple Exercise

Duff & Phelps
Duff & Phelps

Risk, not rules, must determine firms' cyber security requirements

Business
1 of 2
Download to read offline
No Simple Exercise Risk, not rules, must determine firms’ cybersecurity requirements. Author Adam Menkes Director Credit Suisse The SEC’s decision to issue guidance rather than specific requirements around cybersecurity has led to some uncertainty among registered investment advisors (RIAs) over how to implement certain aspects of their cybersecurity programs. 1 https://www.sec.gov/investment/im-guidance-2016-04.pdf 2 https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf 3 https://www.sec.gov/ocie/announcement/Cybersecurity-Risk-Alert--Appendix---4.15.14.pdf 4 http://www.finra.org/newsroom/2015/finra-issues-report-cybersecurity-practices-cybersecurity-investor-alert Without a clear statement of their expected obligations, many RIAs report that it has been difficult to determine if they have done enough to satisfy the SEC and investors alike. That said, the majority of firms have formed a strong base and continue to focus on improvements, as the threat landscape continues to evolve. Over time, the SEC and other regulators have issued substantial guidance on their key areas of focus, and RIAs have realised that taking action based on that guidance rather than waiting for specified regulations is the right approach. In April 2015,1 the SEC suggested investment companies and advisors “may wish to consider”, among other things, risk assessments, a cybersecurity strategy, and written policies and procedures as well as training. The Office of Compliance Inspections and Examinations (OCIE) initiative in September of that year outlined broker- dealers’ and investment advisors’ controls.2 In addition to the OCIE,3 regulatory bodies such as Financial Industry Regulatory Authority (FINRA)4 have provided additional guidelines for managers to look to. While following these other requirements may hold managers to a higher standard than is outlined by the OCIE, there is little indication to date to suggest that the SEC’s expectations are lower. Historically, the SEC and FINRA have been quick with enforcement action where their guidelines have been egregiously ignored. The number of cases brought by these two regulators on the basis of cybersecurity failings (at least in part) is already in the double digits. To each their own Set in this context, the SEC’s lack of specificity gives it the flexibility to evaluate each RIA’s adherence to the guidelines independently. The areas where the regulator will spend its time are increasingly clear; encryption, data retention limits, risk assessments, information security policies, documentation, incident response plans and workforce training are all fair game. It seems that there is to be, for now, no definitive or official list of requirements that RIAs can simply check off to claim compliance. In firms where the SEC sees the higher potential risk, it has left itself room to demand greater measures to protect against cyber threats, and lesser measures for threats that pose a lower risk. 22 DUFF & PHELPS – GRO VIEWPOINT 2017
This is not necessarily a bad thing. While RIAs may have less certainty about cyber compliance, they also have an opportunity to look at cybersecurity holistically and pragmatically. This should prompt them to consider not just the regulatory requirements, but also their own cybersecurity risks. The SEC is rightly focused on investor protection and market integrity. Firms’ intellectual property or client lists (from a competitive, rather than privacy, standpoint) are not really its concern. Meeting the SEC standards will not necessarily protect a firm’s algorithms, nor retain its customers when a trader leaves. Cybersecurity must go further than minimal compliance satisfaction. To an extent, the SEC’s flexibility means that it will continue to determine whether RIAs’ cybersecurity controls are adequate on a case-by-case basis, and RIAs likely should be taking the same approach. GIVEN THE MAGNITUDE OF RECENT CYBER BREACHES, OUR COMPANY PLANS TO FOCUS MORE RESOURCES AND TIME ON CYBERSECURITY. WHERE DO YOU EXPECT REGULATORS TO FOCUS IN 2017? 59.6%Agree 9.6%Unsure 3.2%Disagree 1.1%Strongly disagree Strongly agree 26.3% Focus Area Answer Options Accounting fraud AML/KYC and financial crime issues Asset misap- propriation Benchmark and FX manipulation Bribery and corruption Client suitability/ misselling Cyber- security Fee and expense allocation Firmwide culture of compliance High- frequency, dark pools, algo and electronic trading Liquidity manage- ment Marketing practices to investors/ customers Misstating/ misreporting asset values Proper disclosure for investors Valuation Don’t know Response Count Priority 1 1 34 2 2 5 7 48 16 9 2 8 6 0 10 4 3 157 Priority 2 2 17 0 2 4 11 35 19 14 11 7 14 3 9 6 2 156 Priority 3 5 11 3 4 12 7 21 7 22 7 5 17 3 18 6 4 152 DUFF & PHELPS – GRO VIEWPOINT 2017 23

Recommended

Having an Impact - Senior Manager Regimes in the UK and Elsewhere
Having an Impact - Senior Manager Regimes in the UK and ElsewhereHaving an Impact - Senior Manager Regimes in the UK and Elsewhere
Having an Impact - Senior Manager Regimes in the UK and ElsewhereDuff & Phelps
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to knowFitCEO, Inc. (FCI)
 
Langes directorsupdate magpi_september13
Langes directorsupdate magpi_september13 Langes directorsupdate magpi_september13
Langes directorsupdate magpi_september13 davidjac
 
WSJ(R+C)-IT
WSJ(R+C)-ITWSJ(R+C)-IT
WSJ(R+C)-ITKeith Darcy
 
Veta compliance operations review
Veta compliance operations reviewVeta compliance operations review
Veta compliance operations reviewMark Taylor
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we workPuneet Chopra
 
ACFE 2017: Audit and Fraud Joining Forces
ACFE 2017: Audit and Fraud Joining Forces ACFE 2017: Audit and Fraud Joining Forces
ACFE 2017: Audit and Fraud Joining Forces Jen Dunham, CFE
 
Hedge fund operational_due_diligence_corgentum_insights_regulatory_burden_
Hedge fund operational_due_diligence_corgentum_insights_regulatory_burden_Hedge fund operational_due_diligence_corgentum_insights_regulatory_burden_
Hedge fund operational_due_diligence_corgentum_insights_regulatory_burden_Corgetum Consulting (http://www.Corgentum.com)
 

Recommended

Having an Impact - Senior Manager Regimes in the UK and Elsewhere
Having an Impact - Senior Manager Regimes in the UK and ElsewhereHaving an Impact - Senior Manager Regimes in the UK and Elsewhere
Having an Impact - Senior Manager Regimes in the UK and ElsewhereDuff & Phelps
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to knowFitCEO, Inc. (FCI)
 
Langes directorsupdate magpi_september13
Langes directorsupdate magpi_september13 Langes directorsupdate magpi_september13
Langes directorsupdate magpi_september13 davidjac
 
WSJ(R+C)-IT
WSJ(R+C)-ITWSJ(R+C)-IT
WSJ(R+C)-ITKeith Darcy
 
Veta compliance operations review
Veta compliance operations reviewVeta compliance operations review
Veta compliance operations reviewMark Taylor
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we workPuneet Chopra
 
ACFE 2017: Audit and Fraud Joining Forces
ACFE 2017: Audit and Fraud Joining Forces ACFE 2017: Audit and Fraud Joining Forces
ACFE 2017: Audit and Fraud Joining Forces Jen Dunham, CFE
 
Hedge fund operational_due_diligence_corgentum_insights_regulatory_burden_
Hedge fund operational_due_diligence_corgentum_insights_regulatory_burden_Hedge fund operational_due_diligence_corgentum_insights_regulatory_burden_
Hedge fund operational_due_diligence_corgentum_insights_regulatory_burden_Corgetum Consulting (http://www.Corgentum.com)
 
ACFE 2017 - Audit and Fraud Joining Forces
ACFE 2017 - Audit and Fraud Joining ForcesACFE 2017 - Audit and Fraud Joining Forces
ACFE 2017 - Audit and Fraud Joining ForcesJen Dunham, CFE
 
DOL Fiduciary Rule Infographic
DOL Fiduciary Rule InfographicDOL Fiduciary Rule Infographic
DOL Fiduciary Rule InfographicEAI Information Systems
 
EY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesEY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesMatthew Whalley
 
SecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportSecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportAlex Himmelberg
 
2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity report2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity reportOwen Bartolome
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...NationalUnderwriter
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...EC-Council
 
Stratifi technologies
Stratifi technologiesStratifi technologies
Stratifi technologiesstratifi
 
SGF2016 12641 - Moving from Prediction to Decision
SGF2016 12641 - Moving from Prediction to DecisionSGF2016 12641 - Moving from Prediction to Decision
SGF2016 12641 - Moving from Prediction to DecisionCarl Case
 
ALN Risk Management Survey at ILTACON 2016
ALN Risk Management Survey at ILTACON 2016ALN Risk Management Survey at ILTACON 2016
ALN Risk Management Survey at ILTACON 2016Erez Bustan
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106Ted Richmond
 
Establishing an Organization Wide Fraud Policy
Establishing an Organization Wide Fraud PolicyEstablishing an Organization Wide Fraud Policy
Establishing an Organization Wide Fraud PolicyFraudBusters
 
Seal datasheet | trading derivative
Seal datasheet | trading derivativeSeal datasheet | trading derivative
Seal datasheet | trading derivativesealsoftwaredept
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseElizabeth Dimit
 
Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016John T. Araneo
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 

More Related Content

What's hot

ACFE 2017 - Audit and Fraud Joining Forces
ACFE 2017 - Audit and Fraud Joining ForcesACFE 2017 - Audit and Fraud Joining Forces
ACFE 2017 - Audit and Fraud Joining ForcesJen Dunham, CFE
 
EY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesEY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesMatthew Whalley
 
SecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportSecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportAlex Himmelberg
 
2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity report2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity reportOwen Bartolome
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...NationalUnderwriter
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...EC-Council
 
Stratifi technologies
Stratifi technologiesStratifi technologies
Stratifi technologiesstratifi
 
SGF2016 12641 - Moving from Prediction to Decision
SGF2016 12641 - Moving from Prediction to DecisionSGF2016 12641 - Moving from Prediction to Decision
SGF2016 12641 - Moving from Prediction to DecisionCarl Case
 
ALN Risk Management Survey at ILTACON 2016
ALN Risk Management Survey at ILTACON 2016ALN Risk Management Survey at ILTACON 2016
ALN Risk Management Survey at ILTACON 2016Erez Bustan
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106Ted Richmond
 
Establishing an Organization Wide Fraud Policy
Establishing an Organization Wide Fraud PolicyEstablishing an Organization Wide Fraud Policy
Establishing an Organization Wide Fraud PolicyFraudBusters
 
Seal datasheet | trading derivative
Seal datasheet | trading derivativeSeal datasheet | trading derivative
Seal datasheet | trading derivativesealsoftwaredept
 

What's hot (15)

ACFE 2017 - Audit and Fraud Joining Forces
ACFE 2017 - Audit and Fraud Joining ForcesACFE 2017 - Audit and Fraud Joining Forces
ACFE 2017 - Audit and Fraud Joining Forces
 
DOL Fiduciary Rule Infographic
DOL Fiduciary Rule InfographicDOL Fiduciary Rule Infographic
DOL Fiduciary Rule Infographic
 
EY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesEY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pages
 
SecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportSecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_Report
 
2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity report2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity report
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
 
Stratifi technologies
Stratifi technologiesStratifi technologies
Stratifi technologies
 
SGF2016 12641 - Moving from Prediction to Decision
SGF2016 12641 - Moving from Prediction to DecisionSGF2016 12641 - Moving from Prediction to Decision
SGF2016 12641 - Moving from Prediction to Decision
 
ALN Risk Management Survey at ILTACON 2016
ALN Risk Management Survey at ILTACON 2016ALN Risk Management Survey at ILTACON 2016
ALN Risk Management Survey at ILTACON 2016
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106
 
Establishing an Organization Wide Fraud Policy
Establishing an Organization Wide Fraud PolicyEstablishing an Organization Wide Fraud Policy
Establishing an Organization Wide Fraud Policy
 
Seal datasheet | trading derivative
Seal datasheet | trading derivativeSeal datasheet | trading derivative
Seal datasheet | trading derivative
 

Similar to No Simple Exercise

Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseElizabeth Dimit
 
Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016John T. Araneo
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
Cayman Compliant Series - AML Requirements for VASPs
Cayman Compliant Series - AML Requirements for VASPsCayman Compliant Series - AML Requirements for VASPs
Cayman Compliant Series - AML Requirements for VASPsRamona Tudorancea
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Happiest Minds Technologies
 
Where Is Your Sensitive Data Wp
Where Is Your Sensitive Data WpWhere Is Your Sensitive Data Wp
Where Is Your Sensitive Data Wptbeckwith
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolioKaloyan Krastev
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS SlidecastRobertXia
 

Similar to No Simple Exercise (20)

Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident Response
 
Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
 
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyHEMISPHERE SMB Case Study
HEMISPHERE SMB Case Study
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORT
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xg
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
 
Cayman Compliant Series - AML Requirements for VASPs
Cayman Compliant Series - AML Requirements for VASPsCayman Compliant Series - AML Requirements for VASPs
Cayman Compliant Series - AML Requirements for VASPs
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
 
Where Is Your Sensitive Data Wp
Where Is Your Sensitive Data WpWhere Is Your Sensitive Data Wp
Where Is Your Sensitive Data Wp
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolio
 
PCI DSS Slidecast
PCI DSS SlidecastPCI DSS Slidecast
PCI DSS Slidecast
 

More from Duff & Phelps

Hospitalist M&A Landscape – Winter 2018 – 2019
Hospitalist M&A Landscape – Winter 2018 – 2019Hospitalist M&A Landscape – Winter 2018 – 2019
Hospitalist M&A Landscape – Winter 2018 – 2019Duff & Phelps
 
Food and Beverage M&A Landscape Late Fall 2018
Food and Beverage M&A Landscape Late Fall 2018Food and Beverage M&A Landscape Late Fall 2018
Food and Beverage M&A Landscape Late Fall 2018Duff & Phelps
 
Healthcare Services Sector Update – November 2018
Healthcare Services Sector Update – November 2018Healthcare Services Sector Update – November 2018
Healthcare Services Sector Update – November 2018Duff & Phelps
 
Capital Markets Insights – Late Fall 2018
Capital Markets Insights – Late Fall 2018Capital Markets Insights – Late Fall 2018
Capital Markets Insights – Late Fall 2018Duff & Phelps
 
Regulatory Watch: Asset Management Q3
Regulatory Watch: Asset Management Q3Regulatory Watch: Asset Management Q3
Regulatory Watch: Asset Management Q3Duff & Phelps
 
Industry Multiples India Report: Fifth Edition
Industry Multiples India Report: Fifth Edition Industry Multiples India Report: Fifth Edition
Industry Multiples India Report: Fifth Edition Duff & Phelps
 
Restaurant Quarterly Update - Fall 2018
Restaurant Quarterly Update - Fall 2018Restaurant Quarterly Update - Fall 2018
Restaurant Quarterly Update - Fall 2018Duff & Phelps
 
LEED Market Study - Nov 2018
LEED Market Study - Nov 2018LEED Market Study - Nov 2018
LEED Market Study - Nov 2018Duff & Phelps
 
Healthcare Services Sector Update – October 2018
Healthcare Services Sector Update – October 2018Healthcare Services Sector Update – October 2018
Healthcare Services Sector Update – October 2018Duff & Phelps
 
IP Value Summit 2018 - Agenda
IP Value Summit 2018 - Agenda IP Value Summit 2018 - Agenda
IP Value Summit 2018 - AgendaDuff & Phelps
 
Regulatory Focus October 2018
Regulatory Focus October 2018Regulatory Focus October 2018
Regulatory Focus October 2018Duff & Phelps
 
Staffing Industry Insights - Fall 2018
Staffing Industry Insights - Fall 2018Staffing Industry Insights - Fall 2018
Staffing Industry Insights - Fall 2018Duff & Phelps
 
Medical Device Contract Manufacturing Update – Fall 2018
Medical Device Contract Manufacturing Update – Fall 2018Medical Device Contract Manufacturing Update – Fall 2018
Medical Device Contract Manufacturing Update – Fall 2018Duff & Phelps
 
Duff & Phelps Valuation Insights Greater China Edition October 2018
Duff & Phelps Valuation Insights Greater China Edition October 2018Duff & Phelps Valuation Insights Greater China Edition October 2018
Duff & Phelps Valuation Insights Greater China Edition October 2018Duff & Phelps
 
Canadian M&A Insights Fall 2018
Canadian M&A Insights Fall 2018Canadian M&A Insights Fall 2018
Canadian M&A Insights Fall 2018Duff & Phelps
 
Healthcare Services Sector Update September 2018
Healthcare Services Sector Update September 2018Healthcare Services Sector Update September 2018
Healthcare Services Sector Update September 2018Duff & Phelps
 
Cost Trend Update Bulletin July-2018
Cost Trend Update Bulletin July-2018Cost Trend Update Bulletin July-2018
Cost Trend Update Bulletin July-2018Duff & Phelps
 
Regulatory Focus September 2018
Regulatory Focus September 2018Regulatory Focus September 2018
Regulatory Focus September 2018Duff & Phelps
 
Hedge Fund and Private Equity Fund - Structures, Regulation and Criminal Risks
Hedge Fund and Private Equity Fund - Structures, Regulation and Criminal RisksHedge Fund and Private Equity Fund - Structures, Regulation and Criminal Risks
Hedge Fund and Private Equity Fund - Structures, Regulation and Criminal RisksDuff & Phelps
 
Food and Beverage M&A Landscape - Summer 2018
Food and Beverage M&A Landscape - Summer 2018Food and Beverage M&A Landscape - Summer 2018
Food and Beverage M&A Landscape - Summer 2018Duff & Phelps
 

More from Duff & Phelps (20)

Hospitalist M&A Landscape – Winter 2018 – 2019
Hospitalist M&A Landscape – Winter 2018 – 2019Hospitalist M&A Landscape – Winter 2018 – 2019
Hospitalist M&A Landscape – Winter 2018 – 2019
 
Food and Beverage M&A Landscape Late Fall 2018
Food and Beverage M&A Landscape Late Fall 2018Food and Beverage M&A Landscape Late Fall 2018
Food and Beverage M&A Landscape Late Fall 2018
 
Healthcare Services Sector Update – November 2018
Healthcare Services Sector Update – November 2018Healthcare Services Sector Update – November 2018
Healthcare Services Sector Update – November 2018
 
Capital Markets Insights – Late Fall 2018
Capital Markets Insights – Late Fall 2018Capital Markets Insights – Late Fall 2018
Capital Markets Insights – Late Fall 2018
 
Regulatory Watch: Asset Management Q3
Regulatory Watch: Asset Management Q3Regulatory Watch: Asset Management Q3
Regulatory Watch: Asset Management Q3
 
Industry Multiples India Report: Fifth Edition
Industry Multiples India Report: Fifth Edition Industry Multiples India Report: Fifth Edition
Industry Multiples India Report: Fifth Edition
 
Restaurant Quarterly Update - Fall 2018
Restaurant Quarterly Update - Fall 2018Restaurant Quarterly Update - Fall 2018
Restaurant Quarterly Update - Fall 2018
 
LEED Market Study - Nov 2018
LEED Market Study - Nov 2018LEED Market Study - Nov 2018
LEED Market Study - Nov 2018
 
Healthcare Services Sector Update – October 2018
Healthcare Services Sector Update – October 2018Healthcare Services Sector Update – October 2018
Healthcare Services Sector Update – October 2018
 
IP Value Summit 2018 - Agenda
IP Value Summit 2018 - Agenda IP Value Summit 2018 - Agenda
IP Value Summit 2018 - Agenda
 
Regulatory Focus October 2018
Regulatory Focus October 2018Regulatory Focus October 2018
Regulatory Focus October 2018
 
Staffing Industry Insights - Fall 2018
Staffing Industry Insights - Fall 2018Staffing Industry Insights - Fall 2018
Staffing Industry Insights - Fall 2018
 
Medical Device Contract Manufacturing Update – Fall 2018
Medical Device Contract Manufacturing Update – Fall 2018Medical Device Contract Manufacturing Update – Fall 2018
Medical Device Contract Manufacturing Update – Fall 2018
 
Duff & Phelps Valuation Insights Greater China Edition October 2018
Duff & Phelps Valuation Insights Greater China Edition October 2018Duff & Phelps Valuation Insights Greater China Edition October 2018
Duff & Phelps Valuation Insights Greater China Edition October 2018
 
Canadian M&A Insights Fall 2018
Canadian M&A Insights Fall 2018Canadian M&A Insights Fall 2018
Canadian M&A Insights Fall 2018
 
Healthcare Services Sector Update September 2018
Healthcare Services Sector Update September 2018Healthcare Services Sector Update September 2018
Healthcare Services Sector Update September 2018
 
Cost Trend Update Bulletin July-2018
Cost Trend Update Bulletin July-2018Cost Trend Update Bulletin July-2018
Cost Trend Update Bulletin July-2018
 
Regulatory Focus September 2018
Regulatory Focus September 2018Regulatory Focus September 2018
Regulatory Focus September 2018
 
Hedge Fund and Private Equity Fund - Structures, Regulation and Criminal Risks
Hedge Fund and Private Equity Fund - Structures, Regulation and Criminal RisksHedge Fund and Private Equity Fund - Structures, Regulation and Criminal Risks
Hedge Fund and Private Equity Fund - Structures, Regulation and Criminal Risks
 
Food and Beverage M&A Landscape - Summer 2018
Food and Beverage M&A Landscape - Summer 2018Food and Beverage M&A Landscape - Summer 2018
Food and Beverage M&A Landscape - Summer 2018
 

Recently uploaded

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxAbhayThakur200703
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 

No Simple Exercise

  • 1. No Simple Exercise Risk, not rules, must determine firms’ cybersecurity requirements. Author Adam Menkes Director Credit Suisse The SEC’s decision to issue guidance rather than specific requirements around cybersecurity has led to some uncertainty among registered investment advisors (RIAs) over how to implement certain aspects of their cybersecurity programs. 1 https://www.sec.gov/investment/im-guidance-2016-04.pdf 2 https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf 3 https://www.sec.gov/ocie/announcement/Cybersecurity-Risk-Alert--Appendix---4.15.14.pdf 4 http://www.finra.org/newsroom/2015/finra-issues-report-cybersecurity-practices-cybersecurity-investor-alert Without a clear statement of their expected obligations, many RIAs report that it has been difficult to determine if they have done enough to satisfy the SEC and investors alike. That said, the majority of firms have formed a strong base and continue to focus on improvements, as the threat landscape continues to evolve. Over time, the SEC and other regulators have issued substantial guidance on their key areas of focus, and RIAs have realised that taking action based on that guidance rather than waiting for specified regulations is the right approach. In April 2015,1 the SEC suggested investment companies and advisors “may wish to consider”, among other things, risk assessments, a cybersecurity strategy, and written policies and procedures as well as training. The Office of Compliance Inspections and Examinations (OCIE) initiative in September of that year outlined broker- dealers’ and investment advisors’ controls.2 In addition to the OCIE,3 regulatory bodies such as Financial Industry Regulatory Authority (FINRA)4 have provided additional guidelines for managers to look to. While following these other requirements may hold managers to a higher standard than is outlined by the OCIE, there is little indication to date to suggest that the SEC’s expectations are lower. Historically, the SEC and FINRA have been quick with enforcement action where their guidelines have been egregiously ignored. The number of cases brought by these two regulators on the basis of cybersecurity failings (at least in part) is already in the double digits. To each their own Set in this context, the SEC’s lack of specificity gives it the flexibility to evaluate each RIA’s adherence to the guidelines independently. The areas where the regulator will spend its time are increasingly clear; encryption, data retention limits, risk assessments, information security policies, documentation, incident response plans and workforce training are all fair game. It seems that there is to be, for now, no definitive or official list of requirements that RIAs can simply check off to claim compliance. In firms where the SEC sees the higher potential risk, it has left itself room to demand greater measures to protect against cyber threats, and lesser measures for threats that pose a lower risk. 22 DUFF & PHELPS – GRO VIEWPOINT 2017
  • 2. This is not necessarily a bad thing. While RIAs may have less certainty about cyber compliance, they also have an opportunity to look at cybersecurity holistically and pragmatically. This should prompt them to consider not just the regulatory requirements, but also their own cybersecurity risks. The SEC is rightly focused on investor protection and market integrity. Firms’ intellectual property or client lists (from a competitive, rather than privacy, standpoint) are not really its concern. Meeting the SEC standards will not necessarily protect a firm’s algorithms, nor retain its customers when a trader leaves. Cybersecurity must go further than minimal compliance satisfaction. To an extent, the SEC’s flexibility means that it will continue to determine whether RIAs’ cybersecurity controls are adequate on a case-by-case basis, and RIAs likely should be taking the same approach. GIVEN THE MAGNITUDE OF RECENT CYBER BREACHES, OUR COMPANY PLANS TO FOCUS MORE RESOURCES AND TIME ON CYBERSECURITY. WHERE DO YOU EXPECT REGULATORS TO FOCUS IN 2017? 59.6%Agree 9.6%Unsure 3.2%Disagree 1.1%Strongly disagree Strongly agree 26.3% Focus Area Answer Options Accounting fraud AML/KYC and financial crime issues Asset misap- propriation Benchmark and FX manipulation Bribery and corruption Client suitability/ misselling Cyber- security Fee and expense allocation Firmwide culture of compliance High- frequency, dark pools, algo and electronic trading Liquidity manage- ment Marketing practices to investors/ customers Misstating/ misreporting asset values Proper disclosure for investors Valuation Don’t know Response Count Priority 1 1 34 2 2 5 7 48 16 9 2 8 6 0 10 4 3 157 Priority 2 2 17 0 2 4 11 35 19 14 11 7 14 3 9 6 2 156 Priority 3 5 11 3 4 12 7 21 7 22 7 5 17 3 18 6 4 152 DUFF & PHELPS – GRO VIEWPOINT 2017 23