Category Archives: Cybersecurity
 

NASAA Cybersecurity Model Rule Package

May 31, 2019

On May 21, 2019, the North American Securities Administrators Association (NASAA) released a model cybersecurity rule package. NASAA’s proposed rule would require investment advisers to adopt policies and procedures regarding information security and to deliver annually its privacy policy to clients.

Continue Reading

SEC Risk Alert – Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies

May 07, 2019

On April 16, 2019, the United States Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a risk alert about “Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies” to encourage investment adviser firms to review their written policies and procedures to, “ensure compliance with the relevant regulatory requirements.”

Continue Reading

Cybersecurity Survey – Nebraska Registered Investment Advisers

January 22, 2019

On December 3, 2018 the Nebraska Department of Banking and Finance (NDBF) released their 2018 Cybersecurity Survey of Nebraska-Registered Investment Advisers. NDBF surveyed fifty-seven Nebraska registered investment advisers. The survey focused on devices used in advisory activities, Wi-Fi access points, passwords, encryption policies, and anti-virus/anti-malware services. The full report can be viewed here.

Continue Reading

SEC Fines Investment Adviser for Cybersecurity Failures

October 09, 2018

The United States Securities and Exchange Commission (SEC) has recently fined an Iowa-based investment adviser $1 million for alleged cybersecurity failures that led to a data breach that compromised the personal information of its clients. According to the SEC, information from over 5,600 of the investment adviser’s clients was obtained by criminals impersonating independent advisers. The SEC claims that the intruders gained access through weaknesses within the firm’s cybersecurity procedures. Some of these weaknesses had been exposed during previous fraudulent activity. The investment adviser allegedly failed to update and fix those issues.

Continue Reading

SEC Risk Alert: Observations from Cybersecurity Examinations of Investment Advisers

August 14, 2017

On August 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of U.S. Securities and Exchange Commission (“SEC”) released a Risk Alert which details its examination of the cybersecurity preparedness of 75 broker-dealers, investment advisers and investment companies in the U.S.  In comparison to prior cybersecurity examinations, this exam involved more active testing and validation of the firms’ procedures and controls related to cybersecurity. Click here to read the Risk Alert.

Continue Reading

Colorado Proposes Cybersecurity Rule for Investment Adviser Firms

April 21, 2017

The Colorado Division of Securities recently proposed two new rules that would require investment adviser firms and broker-dealers to assess cybersecurity risks and implement written policies and procedures “reasonably designed to ensure cybersecurity.” Click here to read the Rulemaking Notice. Given the sensitive and confidential nature of their work, cybersecurity is an important and evolving concern for investment adviser firms.

Continue Reading

FINRA Fines Firms for Deficiencies in Cybersecurity and Recordkeeping

December 29, 2016

The Financial Industry Regulatory Authority (“FINRA”) recently announced fines against 12 broker-dealers for alleged deficiencies related to their cybersecurity and record retention practices. In each case, the firms – who have consented to the fine without admitting or denying the charges – allegedly failed to properly store electronic records in a “write once read many” format that is meant to protect records from illicit alteration. The “write once read many” format is required by FINRA rules and protects broker-dealers against malicious interference with their vital business records, whether by outside hackers or disgruntled insiders.

Continue Reading

SEC Continues to Focus on Cybersecurity for Investment Advisers

August 02, 2016

As in 2015, the Securities and Exchange Commission (“SEC”) Examination Priorities for 2016 identify cybersecurity as an area of “potentially heightened [market-wide] risk.” Citing the Office of Compliance Inspections and Examinations (“OCIE”) 2015 Risk Alert, the SEC promised to continue using its exams to evaluate investment adviser firms’ cybersecurity preparedness. Click here to read our blog on the OCIE Cybersecurity Risk Alert.

Continue Reading

SEC Provides Guidance on How to Respond to Cybersecurity/Identity Theft Incident

September 28, 2015

The U.S. Securities and Exchange Commission (SEC) continues to promote the importance of cybersecurity and protecting confidential investor information. On September 22, 2015 the SEC’s Office of Investor Education and Advocacy issued an Investor Alert regarding investment accounts if they become victims of identity theft or a data breach. This Investor Alert came one week after the SEC issued a Risk Alert on the topic of its Cybersecurity Exam Initiative (September 15, 2015).

Continue Reading