Over the last five years, cybersecurity has consistently been a top priority of the Securities and Exchange Commission (“SEC”). We have written about the SEC’s focus on cybersecurity in July 2020 and January 2020. With an additional enforcement action in June, the SEC is continuing to signal that firms regulated…
The Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert highlighting the need for investment advisers to prevent unauthorized access to client data stored on websites. Recently, cyber attackers have used “credential stuffing” and other methods to breach web-based user accounts. Credential stuffing is when a hacker combines…
The Securities and Exchange Commission (“SEC”) recently published its sixth risk alert on cybersecurity since 2014. In this alert, the SEC focused on how its regulated firms protect themselves against ransomware risk. I previously wrote about the SEC’s last risk alert on ransomware here. Ransomware is malware that stops a…
The SEC’s Office of Compliance Inspections and Examinations and (OCIE) has issued “Cybersecurity and Resiliency Observations,” which summarizes and reflects on the risks of cybersecurity its examiners have observed in thousands of examinations of broker-dealers and investment advisers over the past eight years. Fittingly, OCIE observed that one size does…
In our previous post, we described the SEC’s announcement of examination priorities in 2020 for the Commission’s Office of Compliance Inspections and Examinations (OCIE). In that post, we discussed areas of examination that will apply to a large percentage of registered investment advisors and other regulated entities. In this post,…
The North American Securities Administrators Association—also known as “NASAA”—a cooperative association consisting of the chief securities regulators for each of the 50 United States, as well as Canadian and Mexican jurisdictions, has recently voted to adopt a model information security rule. NASAA’s new model information security rule could—if widely implemented…
In its latest Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) heeds advisers and broker/dealers to take a fresh look at their policies and procedures in the area of electronic customer record storage in light of shortcomings discovered by OCIE’s staff as part of recently-conducted regular examinations.…
FINRA has alerted its Member Firms to be on the watch for a fraudulent phishing email scheme targeted at compliance personnel. A phishing scheme typically uses email or some other type of electronic message to trick the recipient into clicking a malicious link or infected file attachment by mimicking a…
Earlier this year, Securities and Exchange Commission Chairman Jay Clayton appointed Stephanie Avakian and Steven Peikin as co-directors of the SEC’s Enforcement Division. In an interview with Reuters, Avakian and Peikin expressed particular concern about cyber threats and how the SEC should make cybersecurity an enforcement priority. According to Peikin,…
On May 17, 2017, the Securities and Exchange Commission’s (“SEC’s”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert pertaining to cybersecurity. According to the Risk Alert, an extensive ransomware attack called WannaCry, WCry, or Wanna Decryptor “rapidly affected numerous organizations across over one hundred countries.” In light…