Way back in 2017, the SEC obtained an emergency asset freeze against an internet-based ICO involving certain Canadian residents, who had raised over $15 million on a variety of social media sites through an alleged fraudulent scheme. http://www.sec.gov/litigation/complaints/2017/comp-pr2017-219.pdf.

At the time, it made major news and helped launch the SEC’s Cybersecurity Unit.  Of course, there 

FINRA has published cybersecurity guidance for all its member firms.  See https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf.

In particular, FINRA is indicating that it wants its member firms to bolster their cybersecurity regimes, and limit both internal and external threats.  The FINRA report also provides a number of resources for firms in applying this guidance.

Please make no mistake about

Not one for making people feel at ease, the SEC’s Division of Investment Management has indicated that it is not comfortable with investment companies investing in cryptocurrencies and similar products.

In a letter sent to industry groups, the SEC’s IM Director indicated that the Staff had numerous concerns over funds investing in these instruments.  The

FINRA recently issued a report regarding its examination findings. FINRA issued this report so that firms can gain insight from the work of FINRA’s examination of other firms.

Among the FINRA’s findings are the following areas that need additional attention:

  1. Cybersecurity, including access management, risk assessments, vendor management, branch office security, segregation on internal duties

Over the last several months, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has been conducting a “sweep examination” of over 70 broker-dealers and investment advisers to assess their cybersecurity policies and procedures.  https://www.sec.gov/files/observations-from-cybersecurity-examinations.pdf.  In particular, OCIE looked at their preparedness regarding governance and risk assessment; access rights and controls; data loss prevention;

The recent cyberattacks across the globe have caused the  SEC’s Office of Compliance Inspections and Examinations (“OCIE”) to issue an alert and highlight certain best practices for firms to handle these ransomware attacks.

The OCIE staff based this guidance on its review of various firms, concluding that these firms should perform a cyber-risk assessment; conduct

On March 1, New York will go live with cybersecurity rules for financial service providers such as banks, insurance companies and others subject to the Department of Financial Services’ jurisdiction. At its core, the rules require these entities to have cybersecurity programs directed to consumer protection.

New York firms must now have written policies and