Close

Articles Posted in Cyber Security

Updated:

New SEC Cybersecurity Enforcement Case

Over the last five years, cybersecurity has consistently been a top priority of the Securities and Exchange Commission (“SEC”). We have written about the SEC’s focus on cybersecurity in July 2020 and January 2020. With an additional enforcement action in June, the SEC is continuing to signal that firms regulated…

Updated:

Cybersecurity: OCIE Warns Against Credential Stuffing

The Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert highlighting the need for investment advisers to prevent unauthorized access to client data stored on websites. Recently, cyber attackers have used “credential stuffing” and other methods to breach web-based user accounts. Credential stuffing is when a hacker combines…

Updated:

SEC Signals Ransomware Risk to Investment Advisers is High

The Securities and Exchange Commission (“SEC”) recently published its sixth risk alert on cybersecurity since 2014. In this alert, the SEC focused on how its regulated firms protect themselves against ransomware risk. I previously wrote about the SEC’s last risk alert on ransomware here. Ransomware is malware that stops a…

Updated:

SEC Issues Observations on “Cybersecurity and Resiliency”

The SEC’s Office of Compliance Inspections and Examinations and (OCIE) has issued “Cybersecurity and Resiliency Observations,” which summarizes and reflects on the risks of cybersecurity its examiners have observed in thousands of examinations of broker-dealers and investment advisers over the past eight years. Fittingly, OCIE observed that one size does…

Updated:

Robo-Advisers Included Among SEC Examination Priorities

In our previous post, we described the SEC’s announcement of examination priorities in 2020 for the Commission’s Office of Compliance Inspections and Examinations (OCIE).  In that post, we discussed areas of examination that will apply to a large percentage of registered investment advisors and other regulated entities.  In this post,…

Updated:

State Securities Regulators’ Association Adopts Model Information Security Rule for RIAs

The North American Securities Administrators Association—also known as “NASAA”—a cooperative association consisting of the chief securities regulators for each of the 50 United States, as well as Canadian and Mexican jurisdictions, has recently voted to adopt a model information security rule. NASAA’s new model information security rule could—if widely implemented…

Updated:

New OCIE Risk Alert Urges Advisers to Review Their Data Security Procedures

In its latest Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) heeds advisers and broker/dealers to take a fresh look at their policies and procedures in the area of electronic customer record storage in light of shortcomings discovered by OCIE’s staff as part of recently-conducted regular examinations.…

Updated:

FINRA Issues Warning of Phishing Scheme Targeting Compliance Personnel

FINRA has alerted its Member Firms to be on the watch for a fraudulent phishing email scheme targeted at compliance personnel. A phishing scheme typically uses email or some other type of electronic message to trick the recipient into clicking a malicious link or infected file attachment by mimicking a…

Updated:

New SEC Co-Directors of Enforcement Identify Cyber Threats as the Greatest Threats to Financial Markets

Earlier this year, Securities and Exchange Commission Chairman Jay Clayton appointed Stephanie Avakian and Steven Peikin as co-directors of the SEC’s Enforcement Division.  In an interview with Reuters, Avakian and Peikin expressed particular concern about cyber threats and how the SEC should make cybersecurity an enforcement priority.  According to Peikin,…

Updated:

SEC’s Office of Compliance Inspections and Examinations Publishes Cybersecurity Alert Following Ransomware Attack

On May 17, 2017, the Securities and Exchange Commission’s (“SEC’s”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert pertaining to cybersecurity.  According to the Risk Alert, an extensive ransomware attack called WannaCry, WCry, or Wanna Decryptor “rapidly affected numerous organizations across over one hundred countries.”  In light…

Contact Us