Header graphic for print
The BD/IA Regulator Providing securities regulatory, enforcement and litigation trends for broker-dealers, investment advisers and investment funds

Category Archives: Cybersecurity/Privacy

Subscribe to Cybersecurity/Privacy RSS Feed

New SEC Privacy and Cybersecurity Risk Alert Tells Broker Dealers and Investment Advisers Common Deficiencies to Avoid

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy

The SEC’s new Risk Alert provides valuable insight as to what the OCIE wants to see broker dealers and investment advisers accomplish with their privacy notices and their cybersecurity policies and procedures. The SEC wants this written documentation to be comprehensive, to accurately reflect the registrant’s practices, and to be implemented effectively throughout their business…. Read More

SEC Staff Raises Concerns Related to Cryptocurrency ETFs and Mutual Funds

Posted in Cybersecurity/Privacy, Fund Regulation

On January 18, 2018, the Securities and Exchange Commission’s (SEC) Division of Investment Management broke its relative silence regarding the recent growth of cryptocurrencies and cryptocurrency-related products. While signaling that registration of funds intending to invest substantially in cryptocurrency and related products is not on the immediate horizon, the guidance arguably provided the beginnings of… Read More

OCIE Provides Insight into Issues Identified in Recent Cybersecurity Sweep

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Fund Regulation, Investment Adviser Regulation

The National Exam Program of the SEC’s Office of Compliance Inspections and Examinations (OCIE) recently published its observations from the second generation of its Cybersecurity Initiative. It reported overall improvement in firms’ cybersecurity awareness and preparedness, but said there is plenty of room for improvement. The staff noted that many firms have failed to adopt procedures reasonably… Read More

7th Annual Financial Services, Regulatory and Compliance Conference

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Events, Fund Regulation

Wednesday, March 8, 2017 Morning Sessions: 8:45 a.m. – 12:30 p.m. EST Afternoon Sessions: 1:30 p.m. – 5:15 p.m. EST The Ritz-Carlton Charlotte 201 East Trade Street Charlotte, NC 28202 Please join Morrison & Foerster attorneys as we offer our insights regarding the future of financial services regulation. The morning sessions will focus on consumer… Read More

The SEC and FINRA Preview 2017 Enforcement Priorities at SIFMA’s C&L New York Regional Seminar

Posted in Cybersecurity/Privacy, FINRA Enforcement, SEC Enforcement

On November 2, 2016, several representatives from the SEC and FINRA spoke at SIFMA’s C&L New York Regional Seminar, including from the SEC, Stephanie Avakian, Deputy Director, Division of Enforcement, and from FINRA, Susan Axelrod, Executive Vice President, Regulatory Operations, and Susan Schroeder, Senior Vice President, Enforcement.  At a general session on enforcement during the… Read More

MJW to FSOC:  We’re On It

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Fund Regulation

In a keynote address before the Investment Company Institute on May 20, 2016, SEC Chair Mary Jo White signaled to the Financial Stability Oversight Council (FSOC) that the SEC is “working hard” to finalize rules that address potential systemic risks in asset management. The reminder follows FSOC’s recent statements that it continues to focus on… Read More

SEC Charges Investment Adviser With Failure to Adopt Proper Cybersecurity Policies and Procedures

Posted in Cybersecurity/Privacy, SEC Enforcement

A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of Regulation S-P (the “Safeguards Rule”).  Without admitting or denying the SEC’s findings, the investment adviser agreed to a censure, to cease and… Read More

Cybersecurity, Round 2: OCIE Announces Areas of Focus for Cybersecurity Examinations

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Investment Adviser Regulation

On September 15, 2015, OCIE issued a risk alert relating to its new cybersecurity examination initiative.  This is the second round of these examinations, and the alert provides a detailed look at OCIE’s current areas of focus. The examinations will involve testing broker-dealers and investment advisers to assess implementation of their cybersecurity procedures and controls. … Read More

FINRA is Apparently Holding its CARDS

Posted in Cybersecurity/Privacy, Enforcement, FINRA Enforcement

Broker-dealers appear to have succeeded, at least for now, in beating back FINRA’s proposal to capture extensive amounts of data through electronic means. For over a year, FINRA has been pushing its Comprehensive Automated Risk Data System (CARDS), which would require clearing firms (on behalf of introducing firms) and self-clearing firms to regularly submit to… Read More

SEC Urges Registered Funds and Registered Investment Advisers to Promptly Address Cybersecurity Risk

Posted in Cybersecurity/Privacy, Fund Regulation, Investment Adviser Regulation

The SEC’s Division of Investment Management issued guidance highlighting the importance of cybersecurity and discussing measures that registered investment companies (“funds”) and registered investment advisers (“advisers”) should consider when addressing cybersecurity risk. The latest guidance reflects the Staff’s continued focus on cybersecurity as a key compliance issue (see our report on the SEC’s cybersecurity sweep… Read More

NY Department of Financial Services: Check Your Vendors’ Cybersecurity

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy

According to a report released last week by the New York Department of Financial Services (NYDFS), the financial industry has a long way to go in overseeing the cybersecurity capabilities of outside vendors who carry out critical banking functions. Last week’s report follows a year of activity on that front. In a May 2014 report,… Read More

FINRA, SEC Provide Broker-Dealers with Motivation, Tools To Get the Job Done

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy

Both the U.S. Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) have recently issued guidance to broker-dealers on cybersecurity, providing valuable resources for them and for registered investment advisors to combat the growing threat of cyber-attacks. The two reports should provide the tools and information needed by those broker-dealers who have put off… Read More

FINRA Issues its Cybersecurity Report, Providing Tools and Encouragement to Broker-Dealers

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Enforcement, FINRA Enforcement

FINRA recently issued a Report on Cybersecurity Practices (“Report”), growing out of its targeted examination of firms last year.  To issue the Report, FINRA gave careful consideration to the needs of many broker-dealers for information and the tools to combat cyber intrusions.  The Report is comprehensive, and it doesn’t shy away from delving into technical… Read More

SEC Reports the Result of its Cybersecurity Sweep of Broker-Dealers and Investment Advisers

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Investment Adviser Regulation

An SEC cybersecurity sweep examination by the SEC’s Office of Compliance Inspections and Examinations (OCIE) found that 88 percent of the broker-dealers (BDs) and 74 percent of the registered investment advisers (RIAs) they visited experienced cyber-attacks directly or indirectly through vendors, the SEC reported in a February 3, 2015 Risk Alert. The sweep found that… Read More

FINRA Issues a Packed Priorities Letter for 2015

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, FINRA Enforcement

FINRA opened 2015 with a lengthy and ambitious agenda of regulatory priorities. This year’s Regulatory and Examination Priorities Letter is much longer than those issued the last two years, and repeats many of those years’ priorities, while adding additional products and practices. Amidst this smorgasbord of priorities, several are highlighted in FINRA’s accompanying press release,… Read More

Cybersecurity: SEC Is Starting to Scrutinize Registrants’ Practices

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Enforcement, FINRA Enforcement, Investment Adviser Regulation, SEC Enforcement

The SEC plans to examine the cybersecurity practices of over 50 registered broker-dealers and investment advisers. The SEC announced its plan in an April 15, 2014 Risk Alert, which closely follows the March 26 Cybersecurity Roundtable at which Chair Mary Jo White underscored the importance of cybersecurity to market security and customer data protection. At… Read More

FINRA Announces a Sweep to Assess BDs’ Cybersecurity

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Enforcement, FINRA Enforcement

After announcing that cybersecurity will be one of its 2014 examination priorities, FINRA wasted no time before commencing a sweep.  FINRA announced a Targeted Examination Letter to conduct an assessment of firms’ approaches to managing cybersecurity threats. FINRA bases its concern on “the critical role information technology (IT) plays in the securities industry, the increasing… Read More

SEC Examiners to Take a Close Look at Firms’ Cyber Security

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Enforcement, FINRA Enforcement, Fund Regulation, SEC Enforcement

A high-level SEC official told an industry group yesterday that the National Examination Program (NEP) will be reviewing asset managers’ policies and procedures for preventing cyber attacks.  In particular, the SEC is looking at the risks created by asset managers who give vendors access to their information technology systems. As reported by Reuters, Jane Jarcho,… Read More

Broker-Dealer Cybersecurity: Protect Yourself or Pay the Price

Posted in Broker-Dealer Regulation, Cybersecurity/Privacy, Enforcement, FINRA Enforcement

In its recently issued 2014 Regulatory and Examination Priorities Letter, FINRA stated that cybersecurity remains a priority given the ongoing cybersecurity issues reported across the financial services industry, including the increasing frequency and sophistication of attacks targeting the nation’s largest financial institutions. The securities industry watchdog continues to be concerned with the integrity of firms’… Read More