Skip to main content

NEW YORK, May 21, 2019 /PRNewswire/ -- Agio, a leading provider of cybersecurity and managed IT services for the financial services industry, has announced enhancements to its comprehensive SEC cybersecurity mock audit service. The offering, born of Agio's deep experience supporting clients who have undergone extensive audits, provides guidance for registered investment advisers and broker-dealers on the administrative, technical, and physical policies required to safeguard customer records and information in compliance with SEC requirements.

Agio's announcement follows a decision by the SEC's Office of Compliance Inspections and Examinations (OCIE) on April 16 to issue a formal Risk Alert, which listed notable deficiencies among firms' efforts to comply with Regulation S-P. Select policies and procedures that were reviewed failed to account for safeguarding customer information on personal devices, configuring these devices accordingly, prohibiting employees from sending customer PII to unsecure locations and designing incident response plans with role assignments and frequent assessments of system vulnerabilities.

"Deliberate and effective privacy policy enforcement requires an investment firm to exhibit immense skill and ethics while utilizing a robust training program," said Ray Hillen, Managing Director of Cybersecurity at Agio. "By scheduling regular reviews of compliance procedures and follow-up interactive training sessions with outside speakers, our clients will prepare themselves to articulate to their customers, investors and the OCIE – with great detail and accuracy – how nonpublic personal information is protected and its use is monitored."

Regulation S-P is the primary SEC rule regarding Initial Privacy Notices, Annual Privacy Notices and Opt-Out Notices that investment advisers and broker-dealers must offer their customers regarding the sharing of non-public personal information and personally identifiable information ("PII") with non-affiliated third parties.

To initiate Agio's SEC cybersecurity mock audit service, clients first provide necessary enterprise artifacts. The audit is then conducted over the course of 2-4 days, after which Agio presents preliminary findings and a final detailed report focusing on six key areas: governance and risk management; access rights and controls; data loss prevention; vendor management; training; and incident response. The company applies a unique scoring methodology to validate that clients have requisite safeguards, a defined procedure understood by the entire workforce, tangible metrics to confirm the efficacy of safeguards, as well as the governance controls needed to assure data privacy for all stakeholders.

"Technology has fundamentally changed the infrastructure underpinning financial services," said Bart McDonough, CEO and Founder of Agio. "The tools and tactics that investment funds are adopting for trading, managing portfolios, and conducting research have shifted dramatically, as have the communications channels used to exchange information. Platforms like LinkedIn, Telegram, Facebook, Catalant and Upwork may have improved the ability to gather and trade intelligence in today's world, but this also presents an issue for compliance teams protecting their customers' privacy as well."

Agio's experience helping enterprise clients map their data and navigate cybersecurity risks, including dispersed networks; large volumes of customer data; and interoperable technologies, complements the need to protect customer privacy and unauthorized use of their records. The company's SEC cybersecurity mock audit service is led by cybersecurity experts with a unique combination of regulatory compliance expertise and demonstrated technical depth, as evidenced by Agio's discovery of vulnerabilities in trading platforms, market data platforms (Bloomberg), and anti-virus platforms (Kaspersky) across financial services.

"As the SEC turns greater attention to cybersecurity, we leveraged our deep history and experience in navigating SEC audits on behalf of our clients to refine and perfect a mock audit program that effectively captures the real-life circumstances firms face when audited. With a dynamic and everchanging regulatory landscape, it is ever more crucial for firms to turn to third-party experts, like Agio, that blend deep technological, cybersecurity, data privacy, and regulatory expertise," continued McDonough.

About Agio
Agio is a hybrid cybersecurity and managed IT organization equipping financial services, health care and payments enterprises with best-in-breed cyber protection and technology support. Specifically across the alternative investment space, Agio has extensive experience building, maintaining, optimizing and securing IT infrastructure for the world's most prestigious hedge fund, private equity, and asset management firms. With more than 250 employees, our culture prioritizes frequent and timely communication to provide unrivaled service across all of our solutions including managed detection and response, 360° cybersecurity programs, virtual CISO (vCISO) support, technology hosting, monitoring, management, helpdesk, disaster prevention and recovery. Agio is headquartered in New York, NY, with additional offices in Raleigh, NC and Norman, OK. For more information, please visit

CONTACT:  Netanel Spero, 646-818-9019


If you like something I've posted please feel free to click the "like" button!

Original Post

Add Reply

Link copied to your clipboard.