The U.S. Securities and Exchange Commission's inspections branch released a list of issues on Thursday that it will target in its 2017 exams of broker-dealers, investment companies and other commission-covered entities, including the activities of "robo- advisers" and cybersecurity weaknesses.

Edward McAndrew, a partner at Ballard Spahr in Washington, D.C., and Philadelphia, and co-leader of the firm's privacy and data security group, said that although cybersecurity is not a new priority on the inspection office's list, he expects the commission to ramp up the number of exams that target cybersecurity practices and to carry out increasingly rigorous evaluations in the future.

McAndrew said that the exams that target cybersecurity are already pretty wide-ranging. "It's everything from the overall cybersecurity program that the organization is using," he said, "to their incident response planning, to their technical controls—it can get pretty granular."