The Securities and Exchange Commission (“SEC”) recently issued a Risk Alert addressing client account credential compromises against SEC-registered investment advisers (“advisers”) and brokers and dealers (“broker-dealers,” and together with advisers, “firms”). These compromises utilized “credential stuffing”, which is a method of cyber-attack to client accounts that uses compromised client login credentials, resulting in the possible … Continue reading Credential Compromise Risk Increasing for Client Accounts
The Securities and Exchange Commission (“SEC”) recently issued an investigative report cautioning that public companies should consider cyber threats when implementing internal accounting controls, especially where the movement of assets is involved. The report is based on the SEC Enforcement Division’s investigations of the internal accounting controls of nine public companies that fell victim to … Continue reading Stronger Internal Accounting Controls Needed to Fight Cyber Threats
The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections (“OCIE”) issued a Risk Alert that provides its observations on the elements of robust cybersecurity policies and procedures. Those observations resulted from OCIE’s examinations conducted pursuant to the Cybersecurity Examination and the elements noted by OCIE staff (“staff”) during the review of the respective policies … Continue reading SEC’s Observations on the Elements of Robust Cybersecurity Policies and Procedures
The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections (“OCIE”) has issued a Risk Alert that provides observations on cybersecurity arising from OCIE’s examinations conducted pursuant to the Cybersecurity Examination Initiative of 75 registered broker-dealers, investment advisers and investment companies. The initiative was initially focused on making a preliminary assessment of industry practices and … Continue reading SECs Cybersecurity Examination Initiative Notes Firms Should Improve Cybersecurity
The Securities and Exchange Commission (“SEC”) has recently noted that there have been reports of malicious emails sent to some EDGAR filers that appear to be part of a phishing campaign that appears to be meant to compromise company network systems and obtain access to non-public information. The malicious emails purport to be communications from the … Continue reading Phishing Scam Targeting EDGAR Filers
Standardizing cybersecurity regulations is becoming more important as the focus on cybersecurity continues to spur new laws, regulations and guidelines. Just recently Treasury Secretary Steven Mnuchin noted that since the safety of the financial system is critical, he has made cybersecurity his top technology priority and that he will use his authority as chairman of the … Continue reading Standardizing Cybersecurity Regulations
In the on-going evolution of the fight against cyber-security threats, broker-dealers and investment advisers need to have robust cyber-security policies and procedures. One of the initial steps is to think about creating a data classification policy to better understand the real types of sensitive information shared within the firm. Once you have classified the data … Continue reading Cyber-Security Procedures and Data Classification
The Financial Industry Regulatory Authority (FINRA) announced at its recent 2016 Annual FINRA Conference in Washington DC that it has created a Cybersecurity Checklist to assist small member firms in establishing a cybersecurity program to assist small firms in establishing a cybersecurity program to identify and assess cybersecurity threats, protect assets from cyber intrusions, detect when their … Continue reading FINRA Issues Small Firm Cybersecurity Checklist
FINRA’s Cybersecurity Conference provides a forum to learn the fundamentals and take a deeper dive into key areas of cybersecurity. Understand your organization’s vulnerabilities, the range of potential threats and learn tips to identify them. Gain knowledge for how to protect your organization from cyber threats and how to respond and recover when attacked
Every financial firm has an obligation to be vigilant in our industry’s commitment to cybersecurity. As cyber attacks become more frequent and destructive, cyber insurance policies can offer critical protections to complement your risk management program.
SIFMA, FireEye, DeWitt Stern and ACE Group, a leading provider of cyber insurance, are providing a cyber insurance webinar to learn more about the current cybersecurity landscape and the SIFMA Cyber Insurance Program. Participants will be provided an opportunity for in-depth Q&A.
On October 21 and 22, 2015, the FBI, U.S. Secret Service (USSS) and the Department of the Treasury will host open houses at locations across the country to enhance collaboration between the financial services sector and federal law enforcement entities on cybersecurity. Session attendees will gain further insight into the capabilities of the FBI and USSS, a better understanding of cybersecurity threats and information about how to incorporate collaboration with law enforcement into internal incident response plans.
In light of both the targeted sweep exams the expanded exam modules of the SEC, FINRA and state securities regulators on cybersecurity, and recent enforcement actions related to cyber breaches, it is important for financial firms to to step back and reassess their policies and procedures related to cybersecurity and the protection of customer identification. To … Continue reading Cybersecurity Best Practices for Broker-Dealers and Advisers for 2015
The Securities and Exchange Commission (SEC) announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, has agreed to settle charges that it failed to establish cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients. Without … Continue reading SEC Sanctions Investment Adviser $75,000 for Cyberattack
The Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) has issued an additional Risk Alert regarding the Targeted Industry Reviews and Examinations Initiative for the second round of cybersecurity examinations. This current initiative follows the (i) SEC sponsored Cybersecurity Roundtable where SEC Commissioners and staff, along with industry representatives, underscored the importance of cybersecurity in March … Continue reading SEC Exam Program Doubles Up Focus on Cybersecurity
The last 18 months has found the financial industry in the spotlight for cybersecurity breaches, and as a result, the SEC and FINRA are ramping up their expectations regarding cybersecurity for the financial industry. This is based in large part on both the importance of the financial markets to the United States economy and the negative impact … Continue reading Financial Industry Cybersecurity Standards Not Modeled After Government Agencies, Thankfully …
Half-day Compliance Boot Camps focus on basic regulatory requirements and compliance responsibilities. Participants are required to complete approximately three hours of assigned pre-course readings and online coursework prior to attending the session. Pre-course work is assigned and distributed approximately one week before the session. This course is designed for compliance professionals who are new to … Continue reading FINRA Boot Camp: Cybersecurity and Supervision
The FINOP Exchange Announces a Virtual Presentation on Cybersecurity in the Financial Industry by presents virtual cybersecurity. Daniel LeGaye & Michael Schaps of The LeGaye Law Firm will focus on the current threats and trends that permeate the cybersecurity landscape for the financial industry. This presentation will take place virtually from 11:00 am to 12:30 … Continue reading The LeGaye Law Firm Delivers Cybersecurity Presentation
National Society of Compliance Professionals Panel Information Date: Thursday, April 10, 2014 Time: 11:30 – 12:30 Where: Haynes and Boone, LLP, 2323 Victory Avenue, Suite 700, Dallas, Texas 75219 Session 2a GI – Cyber Security, Data Protection & Business Continuity (BC) Latest Hacker Ploys & Cyber Security Scams Protecting Client Information Employee Training, including the … Continue reading 2014 NSCP Southern Regional Meeting – Dallas