Header graphic for print
Securities Compliance Sentinel Analysis of cutting-edge securities industry issues

Category Archives: Cyber-Security

Subscribe to Cyber-Security RSS Feed

Take Away From The NSCP New York Regional Conference

Posted in Breach of Fiduciary Duty, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, Financial Industry Trends, FINRA Compliance, FINRA Enforcement, Investment Adviser Regulation, Public Customer Arbitrations, Registered Representatives, SEC Compliance, SEC Enforcement, Securities Litigation

It was great speaking at the May 17 New York NSCP regional conference on risk issues facing firms where Ernie Badway and I discussed cyber-security, risk issues, regulatory matters, issues involving elder clients and ways compliance personnel can protect themselves.  For those of you who could not make the conference, these topics are frequently discussed… Continue Reading

NSCP Spring Conference in New York

Posted in Breach of Fiduciary Duty, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, Financial Industry Trends, FINRA Compliance

On Tuesday, May 17, Ernie Badway and I are the keynote speakers at the NSCP Spring Conference in New York, entitled “Juggling Compliance Risks — Maintaining the Balance“. Among other things, Ernie and I will be speaking about cybersecurity, risk avoidance techniques, government regulations, elder client issues and compliance.  We hope to see you at… Continue Reading

Don’t Forget This Data Security Risk

Posted in Books and Records, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, Federal and State Criminal Activities, Financial Industry Trends, FINRA Compliance, FINRA Enforcement, Registered Representatives, SEC Compliance, SEC Enforcement

In a recent SEC enforcement action, a registered representative was suspended for 6 months and fined $75,000 for, among other things, forwarding confidential client information from his personal email to a former registered representative who maintained the initial client relationships. The representative also used his personal email to conduct firm business. In some instances, he… Continue Reading

Why system passwords are not as easy as 123

Posted in Books and Records, Broker-Dealer Regulation, Cyber-Security, Financial Industry Trends, FINRA Compliance, Registered Representatives, SEC Compliance, SEC Enforcement

As we all know, cybersecurity remains a top priority for the SEC and FINRA. Unfortunately, a recent Investment News article would suggest that firms do not take it as seriously, or, at least, firm employees do not. A recent study of passwords by SplashData demonstrates that advisers and firm employees are not taking to heart… Continue Reading

So, I guess it is all about supervision and risk management after all

Posted in Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, FINRA Compliance, FINRA Enforcement

Other than the non-defined “culture”, FINRA’s 2016 exam priorities are also focused on supervision and risk management. At least these categories are a bit more defined so that you are not left guessing what FINRA means. Under these broad topics, FINRA is focused on four primary areas, which include: Management of conflicts of interest, including… Continue Reading

Ten New Year resolutions that will help your firm

Posted in Breach of Fiduciary Duty, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, Financial Industry Trends, FINRA Compliance, Public Customer Arbitrations, Registered Representatives, SEC Compliance, Securities Fraud, Securities Litigation

Most people say that New Year resolutions are only as good as the paper on which they are written. Notwithstanding that ringing endorsement, I will give it a shot. Here are some things that you should be resolved to doing in the New Year: Read the SEC and FINRA exam priority letters that each issue… Continue Reading

Who wants some additional ideas about cybersecurity

Posted in Cyber-Security, Financial Industry Trends, FINRA Compliance, FINRA Enforcement, SEC Compliance, SEC Enforcement

A recent Investment News article highlighted issues investments advisors face regarding their cybersecurity programs when it comes to regulatory examinations. First; don’t assume that your insurance policy covers the aftermath of a cyber-event. If you think you have coverage, make sure you document that understanding so that you do not have a shock when it… Continue Reading

Who wants to know three key parts of a data security program

Posted in Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, Financial Industry Trends, FINRA Compliance, SEC Compliance

Any data security program has to have three critical components. Those key components are the following: First; risk assessment. You must test, retest, and retest your systems (including your staff) for gaps and vulnerabilities. Hackers are very sophisticated. Do what you can to stay ahead of the curve on understanding the risks to your systems… Continue Reading

How can your clients be part of your data security program

Posted in Books and Records, Broker-Dealer Regulation, Cyber-Security, Financial Industry Trends, FINRA Compliance, SEC Compliance, SEC Enforcement

In order to have sound cyber-security protocols, you need to do more than just physically protecting your systems and having written supervisory programs. Specifically, you need to fully engage your clients to be part of the protocol. Their participation can make your program work that much better than without them. How so? For one, every… Continue Reading

Cybersecurity and regulatory enforcement; what are you doing

Posted in Books and Records, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, FINRA Compliance, FINRA Enforcement, SEC Compliance, SEC Enforcement

No one likes being a victim, let alone being a victim twice. But that is what you may face if you have a data breach. If your firm had a vulnerability that a hacker exposed, your regulator may come after you regardless if there is any client harm. After all, your system had a gap… Continue Reading

Why elder issues are not just about your clients

Posted in Books and Records, Breach of Fiduciary Duty, Broker-Dealer Regulation, Compliance and Supervision, Conflicts of Interest, Cyber-Security, FINRA Compliance, Ponzi Schemes, Registered Representatives, SEC Compliance, SEC Enforcement, Securities Fraud, Securities Litigation

The SEC and FINRA have made it very clear that they are focused on senior customers and elder abuse. Granted, firms must be focused on the elder customers, but, at the same time, must also focus on the fact that many advisors are included in the graying generation. What are firms to do about that?… Continue Reading

Who wants more reasons to focus on data security

Posted in Books and Records, Broker-Dealer Regulation, Collateral Consequences, Compliance and Supervision, Cyber-Security, Federal and State Criminal Activities, Financial Industry Trends, FINRA Compliance, Investment Adviser Regulation, Investment Company Regulation, Registered Representatives, SEC Compliance, SEC Enforcement, Social Media

The SEC recently issued an investor bulletin regarding one of our favorite topics; data security of customer accounts. The primary areas of the SEC’s focus were: Have a strong password, keep it secure and change it often. Use a two-step verification process if the firm offers it. Use different passwords for different on-line accounts. Avoid… Continue Reading

So who thought that the SEC was not serious about cybersecurity

Posted in Books and Records, Breach of Fiduciary Duty, Cyber-Security, Federal and State Criminal Activities, SEC Compliance, SEC Enforcement

In a recent blog post, I noted that the SEC is undertaking another cybersecurity exam priority. If that was not enough to get your attention about your own cybersecurity program, you need not look any further. The SEC just sanctioned a registered investment advisor for failing to adopt proper cybersecurity policies and procedures prior to… Continue Reading

What you need to know about the SEC cybersecurity exam priority.

Posted in Books and Records, Cyber-Security, SEC Compliance, SEC Enforcement

In a recent risk alert, the SEC announced that it was instituting a second exam priority focused on cybersecurity at broker-dealers and registered investment advisors. The SEC decided to conduct this second targeted exam due to its findings from an earlier cybersecurity exam priority. This new initiative will focus on the following areas: Governance and… Continue Reading

What Do Insider Trading And Data Breaches Have In Common

Posted in Cyber-Security, Federal and State Criminal Activities, Insider Trading, Money Laundering, SEC Enforcement, Securities Fraud

It is bad enough that firms and publicly traded companies have to make sure that their respective IT architecture is safe and secure, but recent developments demonstrate that you have to be weary regarding the media outlet with who you share material, non-public information. The SEC and the DOJ in a joint effort have brought… Continue Reading

Who wants some advice regarding cyber-threats?

Posted in Books and Records, Broker-Dealer Regulation, Collateral Consequences, Compliance and Supervision, Cyber-Security, Federal and State Criminal Activities, Financial Industry Trends, FINRA Compliance, Investment Adviser Regulation, Investment Company Regulation, SEC Compliance

A recent article in Onwallstreet.com highlighted certain areas of focus for investment advisors/broker-dealers when it comes to addressing cyber-threats. The article focused on four areas of particular significance. First, a firm must have a robust risk assessment approach to cyber-security. After all, a firm cannot develop and deploy cybersecurity policies and procedures unless and until… Continue Reading

How can a phone call save your career

Posted in Cyber-Security, Financial Industry Trends, FINRA CRD, FINRA Enforcement

A 17-year veteran advisor recently agreed to a lifetime ban for falsifying the signatures of a client on 10 documents transferring money out of the client’s accounts over a period of two months. Part of this transfer also involved 17 unauthorized trades in the client’s non-discretionary accounts. So how could a phone call have saved… Continue Reading

Who wants to know some pre and post data breach considerations

Posted in Books and Records, Cyber-Security, Financial Industry Trends, Internal Investigations

In a recent blog by Chris Pogue (a digital forensic expert), he highlighted a handful of considerations for firms both pre and post data breach. After all, the issue is not really whether you will suffer a breach, but when and how bad will it be. Those considerations bear repeating, and include the following: Retention… Continue Reading

Who wants more cyber-security guidance

Posted in Books and Records, Cyber-Security, Financial Industry Trends

In a recent article written by Bill Winterberg in the Journal of Financial Planning he highlighted a number of pitfalls that advisors commonly fall into that expose sensitive client data and information to hackers and phishers. By falling into these pitfalls, advisors are unknowingly becoming the tool of the fraudster. Winterberg noted that the following… Continue Reading

Takeaways from the NYSE glitch

Posted in Compliance and Supervision, Cyber-Security, Securities Exchanges

Earlier this week, the New York Stock Exchange halted trading for nearly four hours due to a technical “glitch”.  While the shutdown caused a lot of uncertainty among investors and ruffled some feathers on Wall Street, there are some important takeaways for securities practitioners. This was a reminder of the importance of data security.  The… Continue Reading

You just suffered a cyberattack, now what

Posted in Cyber-Security, Financial Industry Trends, FINRA Compliance, Registered Representatives, Securities Fraud, Social Media

A recent Investment News article highlighted the pervasive problem associated with cyberattacks and offered some guidance in the event of an attack. Before visiting that guidance, understand how pervasive these attacks are. The SEC recently conducted a sweep on cyberattacks. This sweep revealed that 88% of broker-dealers and 74% of advisors have experienced some form… Continue Reading

So What Does The SEC Think About Cybersecurity

Posted in Breach of Fiduciary Duty, Broker-Dealer Regulation, Compliance and Supervision, Cyber-Security, FINRA Compliance, Investment Adviser Regulation, Investment Company Regulation, SEC Compliance

At the end of last month, the SEC provided a guidance update on cybersecurity for registered investment companies and registered investment advisors. This guidance is equally instructive for broker-dealers and registered representatives. Cyber threats are numerous and ever changing with technology. The SEC provided the guidance to highlight the importance of having a robust cybersecurity… Continue Reading