Category Archives: Cybersecurity
 

SEC Risk Alert: Observations from Cybersecurity Examinations of Investment Advisers

August 14, 2017

On August 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of U.S. Securities and Exchange Commission (“SEC”) released a Risk Alert which details its examination of the cybersecurity preparedness of 75 broker-dealers, investment advisers and investment companies in the U.S.  In comparison to prior cybersecurity examinations, this exam involved more active testing and validation of the firms’ procedures and controls related to cybersecurity. Click here to read the Risk Alert.

Continue Reading

Colorado Proposes Cybersecurity Rule for Investment Adviser Firms

April 21, 2017

The Colorado Division of Securities recently proposed two new rules that would require investment adviser firms and broker-dealers to assess cybersecurity risks and implement written policies and procedures “reasonably designed to ensure cybersecurity.” Click here to read the Rulemaking Notice. Given the sensitive and confidential nature of their work, cybersecurity is an important and evolving concern for investment adviser firms.

Continue Reading

FINRA Fines Firms for Deficiencies in Cybersecurity and Recordkeeping

December 29, 2016

The Financial Industry Regulatory Authority (“FINRA”) recently announced fines against 12 broker-dealers for alleged deficiencies related to their cybersecurity and record retention practices. In each case, the firms – who have consented to the fine without admitting or denying the charges – allegedly failed to properly store electronic records in a “write once read many” format that is meant to protect records from illicit alteration. The “write once read many” format is required by FINRA rules and protects broker-dealers against malicious interference with their vital business records, whether by outside hackers or disgruntled insiders.

Continue Reading

SEC Continues to Focus on Cybersecurity for Investment Advisers

August 02, 2016

As in 2015, the Securities and Exchange Commission (“SEC”) Examination Priorities for 2016 identify cybersecurity as an area of “potentially heightened [market-wide] risk.” Citing the Office of Compliance Inspections and Examinations (“OCIE”) 2015 Risk Alert, the SEC promised to continue using its exams to evaluate investment adviser firms’ cybersecurity preparedness. Click here to read our blog on the OCIE Cybersecurity Risk Alert.

Continue Reading

SEC Provides Guidance on How to Respond to Cybersecurity/Identity Theft Incident

September 28, 2015

The U.S. Securities and Exchange Commission (SEC) continues to promote the importance of cybersecurity and protecting confidential investor information. On September 22, 2015 the SEC’s Office of Investor Education and Advocacy issued an Investor Alert regarding investment accounts if they become victims of identity theft or a data breach. This Investor Alert came one week after the SEC issued a Risk Alert on the topic of its Cybersecurity Exam Initiative (September 15, 2015).

Continue Reading

The SEC’s Cybersecurity Enforcement Action and Risk Alert

September 25, 2015

The Securities and Exchange Commission (SEC) had a busy week regarding investment adviser and broker-dealer cybersecurity. On September 15, 2015 the SEC’s Office of Compliance Inspections and Examination (OCIE) issued a Risk Alert on the topic of its Cybersecurity Examination Initiative. The Risk Alert provides information on the areas of focus for OCIE’s cybersecurity examination (more on this below). The SEC followed up its Risk Alert with an enforcement action against an investment adviser for a cybersecurity incident. The SEC censured the investment adviser and imposed a fine of $75,000. The SEC found that the investment adviser failed to adopt written policies and procedures reasonably designed to protect customer records and information, in violation of Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)) (the “Safeguards Rule”).

Continue Reading

RIAs Should Consider SEC’s Online Security Tips for Investors

April 26, 2015

When cybersecurity is covered in the industry press these days, there often is discussion about its importance but unfortunately a lack of specificity in what steps an investment adviser can take to improve information security and IT practices.  Even the recent cybersecurity exam sweep results of the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (“SEC”) are somewhat difficult for investment advisers to interpret and translate into an information security plan; however, the SEC’s Office of Investor Education and Advocacy recently issued a bulletin giving investors tips on protecting their online accounts.  These recommendations to help protect an investor’s online account from fraud appear to RIA Compliance just as applicable to an investment adviser devising its cybersecurity policies and practices.

Continue Reading

Cybersecurity for Investment Advisers

October 28, 2014

In its Examination Priorities for 2014 notice the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) indicated that technology would be one of the most significant initiatives in 2014. This focus on technology will include an assessment on an investment adviser’s cybersecurity preparedness. In April 2014, OCIE issued a National Exam Program Risk Alert to provide additional information regarding its focus on assessing cybersecurity preparedness in the securities industry. The Risk Alert discusses OCIE’s cybersecurity initiative and the registered investment adviser and broker-dealer examinations OCIE is conducting of as part of this initiative that will, at a minimum, focus on the following:

Continue Reading