Recently, the Office of Compliance Inspections and Examinations (“OCIE”) released an alert to broker-dealers and registered investment advisers regarding the risks associated with credential stuffing.  See https://www.sec.gov/files/Risk%20Alert%20-%20Credential%20Compromise.pdf.

Credential stuffing is an automated attack on web-based user accounts and direct network login account credentials. Cyber attackers obtain lists of usernames, email addresses, and corresponding passwords from

Sadly, the hackers of the world have not let the pandemic get in the way of their nefarious activities.  In particular, BDs and RIAs have been primary targets.   In our prior blog postings, we discussed business continuity plans and the requirement these plans include cybersecurity provisions.   We believe that the SEC, FINRA, and the various

Join me, along with co-presenters Daniel Garrie of Law and Forensics and Jessica Friedman of JP Morgan Chase, for a recorded CLE webinar offering an update on the New York State Department of Financial Services’ cybersecurity regulations, which are designed to combat the growing threat cyber threats pose to information and financial systems. The regulations

Way back in 2017, the SEC obtained an emergency asset freeze against an internet-based ICO involving certain Canadian residents, who had raised over $15 million on a variety of social media sites through an alleged fraudulent scheme. http://www.sec.gov/litigation/complaints/2017/comp-pr2017-219.pdf.

At the time, it made major news and helped launch the SEC’s Cybersecurity Unit.  Of course, there 

FINRA has published cybersecurity guidance for all its member firms.  See https://www.finra.org/sites/default/files/p602363%20Report%20on%20Cybersecurity%20Practices_0.pdf.

In particular, FINRA is indicating that it wants its member firms to bolster their cybersecurity regimes, and limit both internal and external threats.  The FINRA report also provides a number of resources for firms in applying this guidance.

Please make no mistake about

Not one for making people feel at ease, the SEC’s Division of Investment Management has indicated that it is not comfortable with investment companies investing in cryptocurrencies and similar products.

In a letter sent to industry groups, the SEC’s IM Director indicated that the Staff had numerous concerns over funds investing in these instruments.  The

FINRA recently issued a report regarding its examination findings. FINRA issued this report so that firms can gain insight from the work of FINRA’s examination of other firms.

Among the FINRA’s findings are the following areas that need additional attention:

  1. Cybersecurity, including access management, risk assessments, vendor management, branch office security, segregation on internal duties