Header graphic for print
Securities Compliance Sentinel Analysis of cutting-edge securities industry issues

Category Archives: Cyber-Security

Subscribe to Cyber-Security RSS Feed

You just suffered a cyberattack, now what

Posted in Cyber-Security, Financial Industry Trends, FINRA Compliance, Registered Representatives, Securities Fraud, Social Media

A recent Investment News article highlighted the pervasive problem associated with cyberattacks and offered some guidance in the event of an attack. Before visiting that guidance, understand how pervasive these attacks are. The SEC recently conducted a sweep on cyberattacks. This sweep revealed that 88% of broker-dealers and 74% of advisors have experienced some form… Continue Reading

So What Does The SEC Think About Cybersecurity

Posted in Breach of Fiduciary Duty, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, FINRA Compliance, Investment Adviser Regulation, Investment Company Regulation, SEC Compliance

At the end of last month, the SEC provided a guidance update on cybersecurity for registered investment companies and registered investment advisors. This guidance is equally instructive for broker-dealers and registered representatives. Cyber threats are numerous and ever changing with technology. The SEC provided the guidance to highlight the importance of having a robust cybersecurity… Continue Reading

So Who Wants To Give A Vendor Access To Your IT Systems

Posted in Books and Records, Cyber-Security, Federal and State Criminal Activities, Financial Industry Trends, FINRA Compliance, FINRA Enforcement

At one time or another, member firms will likely need the services of an outside vendor. This may be particularly true for smaller member firms. Outside vendors have their place, but FINRA’s Report on Cybersecurity Practices details that level of vigilance needed when it comes contracting with vendors who have access to your IT systems.… Continue Reading

So How Is Your Cybersecurity

Posted in Books and Records, Cyber-Security, Federal and State Criminal Activities, Financial Industry Trends, FINRA Compliance, FINRA Enforcement, SEC Compliance, SEC Enforcement, Social Media

The SEC and FINRA have continued to designate cybersecurity as an exam priority.  Both the SEC and FINRA have also recently published the findings of their exam sweeps.  As reported by the Investment News, the results of those sweeps when it comes to cybersecurity are telling. The sweeps show that firms, much like with compliance,… Continue Reading

What Does The “E” in Email Mean?

Posted in Broker-Dealer Regulation, Cyber-Security, Financial Industry Trends, FINRA Compliance, FINRA CRD, FINRA Enforcement, Securities Litigation

Recent history shows that FINRA is going after brokers who alter client’s records.  This, unfortunately, reminded me of my own bad experience as a young lawyer when defending a broker. That broker had great “contemporaneous” notes of his communications with the client that made the case very defendable.  My opponent questioned the authenticity of these… Continue Reading

Cyber-Security – What Do Enforcement Actions Tell You

Posted in Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, Financial Industry Trends, FINRA Compliance

In a recent NSCP Currents article, Giselle Casella addressed what every compliance office must know about cyber-security.  One of the more compelling lessons was what can be learned from enforcement actions dealing with cyber-security.  Cyber-security enforcement actions fell into the following groupings:  Inadequate security policies and procedures; Failure to enforce policies and procedures; Failure to… Continue Reading

Cybersecurity Threats Abound and FINRA Asks Questions

Posted in Cyber-Security, FINRA Compliance, FINRA Enforcement

FINRA has sent targeted sweep letters to almost 20 broker-dealers conerning their approaches to managing cybersecurity risks.  http://www.finra.org/Industry/Regulation/Guidance/TargetedExaminationLetters/P443219; and http://www.sec.gov/News/Testimony/Detail/Testimony/1370540757488#.UvVcWJUo61s. Among other questions, the survey asks the firms about their approaches to information technology; risk assessment; business continuity plans in case of cyber-attack; organization structures and reporting lines; and processes for sharing and obtaining information… Continue Reading

Do You Need Another Reason To Take Cyber-Security Seriously

Posted in Cyber-Security, Dodd-Frank, Federal and State Criminal Activities, Financial Industry Trends

As we all know, the SEC and FINRA have made cyber-security an exam priority in 2014, but what does it mean when the audit of your regulator shows that it is susceptible to a data breach.  A recent audit of the SEC found that its cyber-security was far from perfect.  I am sure that there… Continue Reading

What Are You Doing About Cyber-Security

Posted in Books and Records, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, FINRA Compliance, FINRA Enforcement, SEC Compliance, SEC Enforcement

It was apparently not enough that the SEC and FINRA made cyber-security an exam priority for 2014, but the Department of the Treasury has now focused on this pervasive issue.  In recent comments, Treasury Secretary Lew has urged financial firms to step it up when protecting against cyber-attacks.  Stories of cyber-attacks are becoming so common… Continue Reading

You Knew It Was Coming… SEC Cybersecurity Exams

Posted in Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, SEC Compliance

We have repeatedly warned broker-dealers and registered investment advisers that they needed to be prepared as it related to cybersecurity.  Now, the SEC’s Office of Compliance Inspections and Examinations has announced that it will conduct cybersecurity examinations of these entities.  See http://www.sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix+-+4.15.14.pdf.  These examinations will be conducted as part of a “sweep exam,” and will assess… Continue Reading

FINRA “Sweeping” Firms for Cyber-Security

Posted in Cyber-Security, Financial Industry Trends, FINRA Compliance

We keep saying it, and we will keep saying it, cyber-security issues will not go away. Now, FINRA has notified its member firms that it will begin assessment examinations regarding controls, procedures, approaches and management of cyber-security threats.  See http://www.finra.org/Industry/Regulation/Guidance/TargetedExaminationLetters/P443219.  In particular, FINRA examiners will review business continuity plans, service provider arrangements, other third party vendor agreements, reporting lines,… Continue Reading


Posted in Cyber-Security, Social Media

This is another area where we consistently blog because it is a constant issue.  The SEC is now reviewing public companies’ disclosure relating to cyber security risks to determine if additional guidance is needed in this area. In 2011, the SEC Division of Corporation Finance advised firms to disclose compromises regarding their data security. Since… Continue Reading

What You Need To Know About Identity Theft

Posted in Compliance and Supervision, Cyber-Security, Investment Adviser Regulation, SEC Compliance

Hardly a day goes by without hearing horrible stories of a person having their identity stolen and their finances ruined as a result.  The SEC is now stepping into this hornet’s nest by adopting new rules for financial advisors who have the authority to move client funds to third parties.  The new rules require firms… Continue Reading

Lawyers and Issuers Really Need to Listen to SEC Comments Regarding Cyber Security

Posted in Capital Formation, Cyber-Security, Law Firms and Lawyers

The SEC’s Division of Corporation Finance has indicated that lawyers for issuers and issuers themselves should focus on and respond to the SEC’ Staff’s comments during the corporate filing review process.   The SEC’s Staff has seen that issuers and their counsel are not necessarily responding completely to comments.  The SEC Staff believes that this has caused the process… Continue Reading