Articles Tagged with Cyber Security

In our previous post, we described the SEC’s announcement of examination priorities in 2020 for the Commission’s Office of Compliance Inspections and Examinations (OCIE).  In that post, we discussed areas of examination that will apply to a large percentage of registered investment advisors and other regulated entities.  In this post, we focus on another priority, namely robo-advisers.

Otherwise known as automated investment platforms, “robo-advisers” have come under increased scrutiny by OCIE.  The number of these advisers has increased substantially over the last four years.  OCIE intends to focus on issues such as the eligibility of the robo-adviser to register with the SEC, marketing practices engaged in by robo-advisers, the ability to comply with fiduciary duty, the adequacy of the adviser’s disclosures, the effectiveness of the adviser’s compliance program, and the firm’s cybersecurity policies, procedures and practices.

Advisers Act Rule 203A-2(e) permits “internet only advisers” to register with the SEC, provided certain conditions are met and maintained.  Specifically, the adviser must provide investment advice to all clients exclusively through an interactive website and maintain records demonstrating that it does so.  Under the rule, an adviser may provide investment advice through means other than the internet to up to fourteen clients during any twelve-month period. Undoubtedly there are some firms that registered on this basis who were either not eligible at the time or, through the evolution of their business, have strayed from the conditions required to remain eligible for registration.

Continue reading

FINRA has alerted its Member Firms to be on the watch for a fraudulent phishing email scheme targeted at compliance personnel. A phishing scheme typically uses email or some other type of electronic message to trick the recipient into clicking a malicious link or infected file attachment by mimicking a message from a trustworthy party. This particular scheme employs an email purportedly originating from an Anti-Money Laundering compliance officer at an otherwise apparently legitimate Indiana-based credit union. The email—which was received recently by a number of FINRA Member Firms—specifically targets compliance personnel by appearing to be a communication regarding an attempted transfer of money by a client of the recipient’s firm to the credit union which has been placed on hold due to concerns about potential money laundering. The scam is designed to get the recipient to open an attachment, which, according to FINRA “likely contains a malicious virus or malware designed to obtain unauthorized access to the recipient’s computer network.”

FINRA noted the following additional aspects of the fraudulent email that recipients should be alert for:

  • An otherwise legitimate reference to a provision of the USA Patriot Act allowing financial institutions to share information with each other.
  • An actual email address that appears to be from Europe, rather than the U.S.-based credit union.
  • Numerous instances of poor grammar and sentence structure.

Continue reading

Contact Information