Header graphic for print
Securities Compliance Sentinel Analysis of cutting-edge securities industry issues

Category Archives: Cyber-Security

Subscribe to Cyber-Security RSS Feed

How can a phone call save your career

Posted in Cyber-Security, Financial Industry Trends, FINRA CRD, FINRA Enforcement

A 17-year veteran advisor recently agreed to a lifetime ban for falsifying the signatures of a client on 10 documents transferring money out of the client’s accounts over a period of two months. Part of this transfer also involved 17 unauthorized trades in the client’s non-discretionary accounts. So how could a phone call have saved… Continue Reading

Who wants to know some pre and post data breach considerations

Posted in Books and Records, Cyber-Security, Financial Industry Trends, Internal Investigations

In a recent blog by Chris Pogue (a digital forensic expert), he highlighted a handful of considerations for firms both pre and post data breach. After all, the issue is not really whether you will suffer a breach, but when and how bad will it be. Those considerations bear repeating, and include the following: Retention… Continue Reading

Who wants more cyber-security guidance

Posted in Books and Records, Cyber-Security, Financial Industry Trends

In a recent article written by Bill Winterberg in the Journal of Financial Planning he highlighted a number of pitfalls that advisors commonly fall into that expose sensitive client data and information to hackers and phishers. By falling into these pitfalls, advisors are unknowingly becoming the tool of the fraudster. Winterberg noted that the following… Continue Reading

Takeaways from the NYSE glitch

Posted in Compliance and Supervision, Cyber-Security, Securities Exchanges, Uncategorized

Earlier this week, the New York Stock Exchange halted trading for nearly four hours due to a technical “glitch”.  While the shutdown caused a lot of uncertainty among investors and ruffled some feathers on Wall Street, there are some important takeaways for securities practitioners. This was a reminder of the importance of data security.  The… Continue Reading

You just suffered a cyberattack, now what

Posted in Cyber-Security, Financial Industry Trends, FINRA Compliance, Registered Representatives, Securities Fraud, Social Media

A recent Investment News article highlighted the pervasive problem associated with cyberattacks and offered some guidance in the event of an attack. Before visiting that guidance, understand how pervasive these attacks are. The SEC recently conducted a sweep on cyberattacks. This sweep revealed that 88% of broker-dealers and 74% of advisors have experienced some form… Continue Reading

So What Does The SEC Think About Cybersecurity

Posted in Breach of Fiduciary Duty, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, FINRA Compliance, Investment Adviser Regulation, Investment Company Regulation, SEC Compliance

At the end of last month, the SEC provided a guidance update on cybersecurity for registered investment companies and registered investment advisors. This guidance is equally instructive for broker-dealers and registered representatives. Cyber threats are numerous and ever changing with technology. The SEC provided the guidance to highlight the importance of having a robust cybersecurity… Continue Reading

So Who Wants To Give A Vendor Access To Your IT Systems

Posted in Books and Records, Cyber-Security, Federal and State Criminal Activities, Financial Industry Trends, FINRA Compliance, FINRA Enforcement

At one time or another, member firms will likely need the services of an outside vendor. This may be particularly true for smaller member firms. Outside vendors have their place, but FINRA’s Report on Cybersecurity Practices details that level of vigilance needed when it comes contracting with vendors who have access to your IT systems.… Continue Reading

Cybersecurity: FINRA’s Take

Posted in Compliance and Supervision, Cyber-Security, Financial Industry Trends, FINRA Compliance, SEC Compliance

We recently highlighted the Security and Exchange Commission’s 2014 OCIE Cybersecurity Initiative.  Not to be outdone, FINRA also released its Report on Cybersecurity Practices, which provided a much more in-depth report on cybersecurity.  Therein, FINRA offered its own insights into what it expects from firms’ cybersecurity risk management practices: FINRA recommends that firms have a… Continue Reading

Do Not Fall Behind On Cybersecurity

Posted in Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, Financial Industry Trends, FINRA Compliance, Investment Adviser Regulation, SEC Compliance

Cybersecurity is more than just a trending topic.  As hacks and leaks continue to be publicized, the Securities and Exchange Commission is stepping up its game and increasing its focus on cybersecurity compliance. The SEC’s Office of Compliance and Inspections recently released an initial summary of their findings from their 2014 OCIE Cybersecurity Initiative.  The… Continue Reading

So How Is Your Cybersecurity

Posted in Books and Records, Cyber-Security, Federal and State Criminal Activities, Financial Industry Trends, FINRA Compliance, FINRA Enforcement, SEC Compliance, SEC Enforcement, Social Media

The SEC and FINRA have continued to designate cybersecurity as an exam priority.  Both the SEC and FINRA have also recently published the findings of their exam sweeps.  As reported by the Investment News, the results of those sweeps when it comes to cybersecurity are telling. The sweeps show that firms, much like with compliance,… Continue Reading

What Does The “E” in Email Mean?

Posted in Broker-Dealer Regulation, Cyber-Security, Financial Industry Trends, FINRA Compliance, FINRA CRD, FINRA Enforcement, Securities Litigation

Recent history shows that FINRA is going after brokers who alter client’s records.  This, unfortunately, reminded me of my own bad experience as a young lawyer when defending a broker. That broker had great “contemporaneous” notes of his communications with the client that made the case very defendable.  My opponent questioned the authenticity of these… Continue Reading

Cyber-Security – What Do Enforcement Actions Tell You

Posted in Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, Financial Industry Trends, FINRA Compliance

In a recent NSCP Currents article, Giselle Casella addressed what every compliance office must know about cyber-security.  One of the more compelling lessons was what can be learned from enforcement actions dealing with cyber-security.  Cyber-security enforcement actions fell into the following groupings:  Inadequate security policies and procedures; Failure to enforce policies and procedures; Failure to… Continue Reading

Cybersecurity Threats Abound and FINRA Asks Questions

Posted in Cyber-Security, FINRA Compliance, FINRA Enforcement

FINRA has sent targeted sweep letters to almost 20 broker-dealers conerning their approaches to managing cybersecurity risks.  http://www.finra.org/Industry/Regulation/Guidance/TargetedExaminationLetters/P443219; and http://www.sec.gov/News/Testimony/Detail/Testimony/1370540757488#.UvVcWJUo61s. Among other questions, the survey asks the firms about their approaches to information technology; risk assessment; business continuity plans in case of cyber-attack; organization structures and reporting lines; and processes for sharing and obtaining information… Continue Reading

Do You Need Another Reason To Take Cyber-Security Seriously

Posted in Cyber-Security, Dodd-Frank, Federal and State Criminal Activities, Financial Industry Trends

As we all know, the SEC and FINRA have made cyber-security an exam priority in 2014, but what does it mean when the audit of your regulator shows that it is susceptible to a data breach.  A recent audit of the SEC found that its cyber-security was far from perfect.  I am sure that there… Continue Reading

What Are You Doing About Cyber-Security

Posted in Books and Records, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, FINRA Compliance, FINRA Enforcement, SEC Compliance, SEC Enforcement

It was apparently not enough that the SEC and FINRA made cyber-security an exam priority for 2014, but the Department of the Treasury has now focused on this pervasive issue.  In recent comments, Treasury Secretary Lew has urged financial firms to step it up when protecting against cyber-attacks.  Stories of cyber-attacks are becoming so common… Continue Reading

You Knew It Was Coming… SEC Cybersecurity Exams

Posted in Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, SEC Compliance

We have repeatedly warned broker-dealers and registered investment advisers that they needed to be prepared as it related to cybersecurity.  Now, the SEC’s Office of Compliance Inspections and Examinations has announced that it will conduct cybersecurity examinations of these entities.  See http://www.sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix+-+4.15.14.pdf.  These examinations will be conducted as part of a “sweep exam,” and will assess… Continue Reading

FINRA “Sweeping” Firms for Cyber-Security

Posted in Cyber-Security, Financial Industry Trends, FINRA Compliance

We keep saying it, and we will keep saying it, cyber-security issues will not go away. Now, FINRA has notified its member firms that it will begin assessment examinations regarding controls, procedures, approaches and management of cyber-security threats.  See http://www.finra.org/Industry/Regulation/Guidance/TargetedExaminationLetters/P443219.  In particular, FINRA examiners will review business continuity plans, service provider arrangements, other third party vendor agreements, reporting lines,… Continue Reading

SEC AGAIN LOOKING AT CYBERSECURITY ISSUES

Posted in Cyber-Security, Social Media

This is another area where we consistently blog because it is a constant issue.  The SEC is now reviewing public companies’ disclosure relating to cyber security risks to determine if additional guidance is needed in this area. In 2011, the SEC Division of Corporation Finance advised firms to disclose compromises regarding their data security. Since… Continue Reading

What You Need To Know About Identity Theft

Posted in Compliance and Supervision, Cyber-Security, Investment Adviser Regulation, SEC Compliance

Hardly a day goes by without hearing horrible stories of a person having their identity stolen and their finances ruined as a result.  The SEC is now stepping into this hornet’s nest by adopting new rules for financial advisors who have the authority to move client funds to third parties.  The new rules require firms… Continue Reading

Lawyers and Issuers Really Need to Listen to SEC Comments Regarding Cyber Security

Posted in Capital Formation, Cyber-Security, Law Firms and Lawyers

The SEC’s Division of Corporation Finance has indicated that lawyers for issuers and issuers themselves should focus on and respond to the SEC’ Staff’s comments during the corporate filing review process.   The SEC’s Staff has seen that issuers and their counsel are not necessarily responding completely to comments.  The SEC Staff believes that this has caused the process… Continue Reading