GAO questions SEC oversight
Connecting state and local government leaders
The Securities and Exchange Commission's oversight of security procedures for information systems at exchanges and clearinghouses can be improved, the General Accounting Office said in a report last month.
The Securities and Exchange Commission's oversight of security procedures for information systems at exchanges and clearinghouses can be improved, the General Accounting Office said in a report last month.
The SEC created an automation review policy program in 1989, asking exchanges and clearinghouses to act as self-regulatory bodies.
SEC employees carry out periodic on-site inspections, and internal auditors or external organizations can conduct independent reviews of their systems.
The policy was created to prevent attacks by hackers and unauthorized users who could disrupt markets.
The policy lacks a comprehensive guide that covers all issues key to SEC oversight, GAO said in a Sept. 10 report, Information Systems: Opportunities Exist to Strengthen SEC's Oversight of Capacity and Security.
This can cause inconsistency in SEC's oversight and a dependency on the knowledge and efforts of the policy staff, which has turned over frequently and has many inexperienced members, GAO said.
Infrequent inspections
Though SEC inspections look into key policy areas, they are not being done frequently, according to the report. Staff recommendations about capacity and security weaknesses were not being implemented, the report said.
GAO recommended that the policy program develop a consolidated inspection guide for staff and update it on a periodic basis.
The policy staff recommendations that have not been addressed by exchanges and clearinghouses should be brought to the attention of SEC officials, the report said.
Lastly, the report said there should be formal criteria for assessing the cooperation between exchanges and clearinghouses and the policy program.
SEC's Annette L. Nazareth, director of the Division of Market Regulation, in a written response to the report, said a single inspection guide would be outdated as quickly as it is generated and that the current approach has worked well.
There is a process to review the status of all recommendations, Nazareth said, adding that there is a formal process for assessing the cooperation between exchanges and clearinghouses and the policy program.
NEXT STORY: IT group delays security report