On April 18, 2022, Kentucky announced that it had adopted Senate Bill (“SB”) 298, making it the newest state to adopt an investment adviser representative continuing education (“IAR CE”) requirement, joining Mississippi, Vermont, Maryland, Michigan, and Wisconsin. Along with Michigan and Wisconsin, Kentucky’s new rule will become effective January 1, 2023. For investment adviser representatives in Mississippi, Vermont, and Maryland, an IAR CE requirement is already in effect.
Category Archives: Cybersecurity
Email Phishing Scam from a FINRA Imposter
April 25, 2022
It was brought recently to our attention that many of our investment adviser clients have received a suspicious email similar to the sample below. This email appears to be sent from the email domain: claims-finra.org and includes a subject line such as “Re: FINRA URGENT REQUEST FOR….”
RIA Phishing Email Alert – Posing as FINRA
June 09, 2021
Recently, several of our RIA clients have received suspicious emails claiming to be from FINRA. The suspicious emails used the subject line “New FINRA Request – (Firm Name),” and came from an email address with the domain, “@gateway-finra.org” Below is a screenshot of one of these suspicious emails.
NASAA Reminds RIAs to Contact Regulators Regarding Recent RIA Cybersecurity Incident
January 08, 2021
On January 7, 2021, the North American Securities Administrators Association (NASAA) reminded state-registered investment advisers to report to their primary securities regulator any known issues or concerns related to a recent RIA cybersecurity incident.
In this new environment of working from home during the COVID-19 pandemic, it’s important for investment adviser firms to remember to conduct initial and ongoing due diligence of the cybersecurity policies and practices (including incident response plans) of third-party vendors which maintain confidential information of your investment advisory clients and provide services through the cloud over the Internet.
The Securities Bureau of the Nebraska Department of Banking and Finance has proposed a new rule which would require investment advisers to develop and maintain physical and cybersecurity policies and procedures designed to protect client records and information.
NASAA Cybersecurity Model Rule Package
May 31, 2019
On May 21, 2019, the North American Securities Administrators Association (NASAA) released a model cybersecurity rule package. NASAA’s proposed rule would require investment advisers to adopt policies and procedures regarding information security and to deliver annually its privacy policy to clients.
SEC Risk Alert – Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies
May 07, 2019
On April 16, 2019, the United States Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a risk alert about “Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies” to encourage investment adviser firms to review their written policies and procedures to, “ensure compliance with the relevant regulatory requirements.”
Cybersecurity Survey – Nebraska Registered Investment Advisers
January 22, 2019
On December 3, 2018 the Nebraska Department of Banking and Finance (NDBF) released their 2018 Cybersecurity Survey of Nebraska-Registered Investment Advisers. NDBF surveyed fifty-seven Nebraska registered investment advisers. The survey focused on devices used in advisory activities, Wi-Fi access points, passwords, encryption policies, and anti-virus/anti-malware services. The full report can be viewed here.
SEC Fines Investment Adviser for Cybersecurity Failures
October 09, 2018
The United States Securities and Exchange Commission (SEC) has recently fined an Iowa-based investment adviser $1 million for alleged cybersecurity failures that led to a data breach that compromised the personal information of its clients. According to the SEC, information from over 5,600 of the investment adviser’s clients was obtained by criminals impersonating independent advisers. The SEC claims that the intruders gained access through weaknesses within the firm’s cybersecurity procedures. Some of these weaknesses had been exposed during previous fraudulent activity. The investment adviser allegedly failed to update and fix those issues.