Category Archives: Cybersecurity
 

Kentucky Adopts IAR Continuing Education Rule, Cybersecurity Requirements

April 26, 2022

On April 18, 2022, Kentucky announced that it had adopted Senate Bill (“SB”) 298, making it the newest state to adopt an investment adviser representative continuing education (“IAR CE”) requirement, joining Mississippi, Vermont, Maryland, Michigan, and Wisconsin. Along with Michigan and Wisconsin, Kentucky’s new rule will become effective January 1, 2023. For investment adviser representatives in Mississippi, Vermont, and Maryland, an IAR CE requirement is already in effect.

Continue Reading

Email Phishing Scam from a FINRA Imposter

April 25, 2022

It was brought recently to our attention that many of our investment adviser clients have received a suspicious email similar to the sample below. This email appears to be sent from the email domain: claims-finra.org and includes a subject line such as “Re: FINRA URGENT REQUEST FOR….”

Continue Reading

RIA Phishing Email Alert – Posing as FINRA

June 09, 2021

Recently, several of our RIA clients have received suspicious emails claiming to be from FINRA. The suspicious emails used the subject line “New FINRA Request – (Firm Name),” and came from an email address with the domain, “@gateway-finra.org” Below is a screenshot of one of these suspicious emails.

Continue Reading

Investment Advisers Should Review Cybersecurity Incident Response Plans of Vendors

March 21, 2020

In this new environment of working from home during the COVID-19 pandemic, it’s important for investment adviser firms to remember to conduct initial and ongoing due diligence of the cybersecurity policies and practices (including incident response plans) of third-party vendors which maintain confidential information of your investment advisory clients and provide services through the cloud over the Internet.

Continue Reading

NASAA Cybersecurity Model Rule Package

May 31, 2019

On May 21, 2019, the North American Securities Administrators Association (NASAA) released a model cybersecurity rule package. NASAA’s proposed rule would require investment advisers to adopt policies and procedures regarding information security and to deliver annually its privacy policy to clients.

Continue Reading

SEC Risk Alert – Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies

May 07, 2019

On April 16, 2019, the United States Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a risk alert about “Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies” to encourage investment adviser firms to review their written policies and procedures to, “ensure compliance with the relevant regulatory requirements.”

Continue Reading

Cybersecurity Survey – Nebraska Registered Investment Advisers

January 22, 2019

On December 3, 2018 the Nebraska Department of Banking and Finance (NDBF) released their 2018 Cybersecurity Survey of Nebraska-Registered Investment Advisers. NDBF surveyed fifty-seven Nebraska registered investment advisers. The survey focused on devices used in advisory activities, Wi-Fi access points, passwords, encryption policies, and anti-virus/anti-malware services. The full report can be viewed here.

Continue Reading

SEC Fines Investment Adviser for Cybersecurity Failures

October 09, 2018

The United States Securities and Exchange Commission (SEC) has recently fined an Iowa-based investment adviser $1 million for alleged cybersecurity failures that led to a data breach that compromised the personal information of its clients. According to the SEC, information from over 5,600 of the investment adviser’s clients was obtained by criminals impersonating independent advisers. The SEC claims that the intruders gained access through weaknesses within the firm’s cybersecurity procedures. Some of these weaknesses had been exposed during previous fraudulent activity. The investment adviser allegedly failed to update and fix those issues.

Continue Reading