Implications of the SEC's Draft Strategic Plan


ACA Group

Publish Date


Compliance Alert

  • Compliance
  • Cybersecurity

The U.S. Securities and Exchange Commission (SEC) recently outlined their new three-part strategic plan for fiscal years 2022-26. The Strategic Plan is by nature very broad, covering the wide variety of elements that make up what the SEC does, from mutual funds to private funds, public and privately offered securities disclosures and from broker-dealers to registered investment advisers and enforcement of anti-fraud provisions.

The three goals the SEC will prioritize are: 

  • Protecting working families and investors in America’s markets
  • Maintaining a robust and relevant regulatory framework 
  • Supporting a skilled and diverse workforce

Implications for cybersecurity professionals

Although the three goals do not solely focus on cybersecurity, the draft Fiscal Year 2022-26 Strategic Plan reinforces the SEC’s continued focus on cybersecurity risk and highlights key technological initiatives that the SEC will monitor for potential rulemaking in the future. The strategic plan has a few implications for cybersecurity and technology professionals to be aware of:

  1. The SEC continues to view cybersecurity as a key risk to mitigate
    The increased use of and reliance on technology introduced new capital market risks for investors. Cybersecurity threats to the market are growing in scale and sophistication and SEC examinations will continue to focus on cybersecurity as a key risk to investors and markets as part of the SEC’s four-year strategy. 

    Additionally, in response to frequent investor requests for more information on cybersecurity policies, the SEC is working to modernize their disclosure systems to provide more relevant information to investors to allow for better informed investor decisions.
  2. The SEC will continue to update its regulatory framework to remain up to date with changes in technology 
    Building a robust regulatory and technological framework is paramount to the security of the market system. The SEC will consider updating existing rules and regulations to accommodate for shifts in the technological space as well as encourage businesses to optimize their resiliency frameworks to be proactive when potential future regulatory requirements go into effect. 

Implications for Technology

The SEC recognizes that it needs to continually improve how it uses technology and data analytics “to surveil the markets, promote competition, and enforce the law.” One of the SEC’s goals in this plan is to better arm the Divisions of Enforcement and Examinations with data to determine which firms should be examined, what they should be examined for, and to determine if there are any issues in the examined firm. 

Firms should look to incorporate technology into their processes to keep pace with the SEC, confirm they are in compliance with regulatory requirements, and provide the necessary information to the regulator to prove their compliance.

How we help

Our team can help you navigate the evolving regulatory landscape while considering the complexity of your firm’s unique compliance requirements. We can work with your firm to develop and enhance your compliance program or conduct a mock exam to ensure the policies and procedures you’ve set are up to date and appropriate for your firm. 

Our cybersecurity and risk services help organizations secure their data and implement appropriate cybersecurity policies and testing practices, including:

Our ComplianceAlpha® regulatory technology solutions integrate risk and compliance management activities, trade surveillance and monitoring, compliance program testing, and in-depth analytics to help risk and compliance officers simplify and streamline their responsibilities. 

For questions about this alert, or to find out how we can help you mitigate risk and meet your regulatory obligations, please reach out to your ACA consultant or contact us.

Contact us