Over the last five years, cybersecurity has consistently been a top priority of the Securities and Exchange Commission (“SEC”). We have written about the SEC’s focus on cybersecurity in July 2020 and January 2020. With an additional enforcement action in June, the SEC is continuing to signal that firms regulated…
Articles Posted in Cybersecurity
Cybersecurity: OCIE Warns Against Credential Stuffing
The Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert highlighting the need for investment advisers to prevent unauthorized access to client data stored on websites. Recently, cyber attackers have used “credential stuffing” and other methods to breach web-based user accounts. Credential stuffing is when a hacker combines…
SEC Signals Ransomware Risk to Investment Advisers is High
The Securities and Exchange Commission (“SEC”) recently published its sixth risk alert on cybersecurity since 2014. In this alert, the SEC focused on how its regulated firms protect themselves against ransomware risk. I previously wrote about the SEC’s last risk alert on ransomware here. Ransomware is malware that stops a…
Robo-Advisers Included Among SEC Examination Priorities
In our previous post, we described the SEC’s announcement of examination priorities in 2020 for the Commission’s Office of Compliance Inspections and Examinations (OCIE). In that post, we discussed areas of examination that will apply to a large percentage of registered investment advisors and other regulated entities. In this post,…
SEC Announces 2020 Examination Priorities
Earlier this month, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its examination priorities for 2020. Many of the priorities listed are similar to those identified in previous years’ priorities lists. The SEC’s approach in addressing them, however, continues to evolve to keep pace with the changing landscape…
State Securities Regulators’ Association Adopts Model Information Security Rule for RIAs
The North American Securities Administrators Association—also known as “NASAA”—a cooperative association consisting of the chief securities regulators for each of the 50 United States, as well as Canadian and Mexican jurisdictions, has recently voted to adopt a model information security rule. NASAA’s new model information security rule could—if widely implemented…
New OCIE Risk Alert Urges Advisers to Review Their Data Security Procedures
In its latest Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) heeds advisers and broker/dealers to take a fresh look at their policies and procedures in the area of electronic customer record storage in light of shortcomings discovered by OCIE’s staff as part of recently-conducted regular examinations.…
FINRA Issues Warning of Phishing Scheme Targeting Compliance Personnel
FINRA has alerted its Member Firms to be on the watch for a fraudulent phishing email scheme targeted at compliance personnel. A phishing scheme typically uses email or some other type of electronic message to trick the recipient into clicking a malicious link or infected file attachment by mimicking a…
Investment Advisers Cautioned not to Use Client Usernames and Passwords to Access Accounts
Investment advisers’ use of clients’ usernames and passwords to access their clients’ accounts to observe the accounts’ performance has come under scrutiny in recent years. In February 2017, the SEC Office of Compliance Inspections and Examinations (“OCIE”) disclosed in a Risk Alert that investment advisers’ use of client usernames and…
SEC to Host National Compliance Outreach Seminar in April
On February 13, 2018, the Securities and Exchange Commission announced that it is accepting registrations for the National Compliance Outreach Seminar (“National Seminar”). The National Seminar, which is part of the SEC’s Compliance Outreach Program, is designed to help educate registered investment advisers’ chief compliance officers (“CCOs”), as well as…