See why ACA Insight is the leading newsletter on regulatory compliance. Sign up for a free 1-week trial.

The weekly news source for investment management legal and compliance professionals

Topic: Cybersecurity

Information Security Rule Proposed by State Securities Regulators Association

October 19, 2018
Rules and guidance from the SEC on cybersecurity and related matters have been proposed and/or issued in recent years – but the agency is not the only regulator taking action in these areas. States also have the authority to regulate securities entities – and the association representing state and provincial securities regulators in the United States, Canada and Mexico, the North American Securities Administrators Association (NASAA), is seeking comment on a proposed information security and data privacy model Rule and related amendments.

Read More

Commissioner Wants Cybersecurity Reg SCI Expanded to Advisers and Broker-Dealers

October 12, 2018
Regulation SCI was adopted by the SEC in November 2014 and requires exchanges, clearinghouses and others to put in place written cyber policies and procedures – but should now be expanded to include advisers, broker-dealers and transfer agents. That’s the view of SEC Commissioner Kara Stein, who, in a recent speech on data usage and regulation, said that she has asked agency Chairman Jay Clayton to prioritize the issuance of what she calls “Regulation SCI 2.0.”

Read More

Cybersecurity: Firm Pays $1 Million to Settle Deficient Procedure Charges

September 28, 2018
A dually-registered adviser/broker-dealer agreed on September 26 to pay the SEC $1 million in fines as part of a settlement over cybersecurity violations. The settlement with Des Moines-based Voya Financial Advisers involved violations of two agency cybersecurity-related rules, as well as a 2016 incident in which hackers gained access to personally identifiable information for at least 5,600 of the firm’s customers.

Read More

Cybersecurity Again Top Adviser Compliance Topic

July 20, 2018
A recently released nationwide survey provides numbers behind what should not be a surprise conclusion for most asset management professionals: Cybersecurity remains far and away the hottest topic among investment advisers, dwarfing other concerns like advertising, custody, privacy and fiduciary duty.

Read More

SEC Strategic Plan Draft Calls for Cybersecurity, Enforcement, Revisiting Rules

July 6, 2018
The SEC’s draft five-year strategic plan for 2018 through 2022 – the first released by chairman Jay Clayton – centers around three high-concept goals: Investors, innovation and performance. Within those three goals, however, are more practical initiatives focusing on a variety of topics, including cybersecurity, enforcement and revisiting existing rules.

Read More

SEC’s Information Security Found Wanting by its Inspector General

April 6, 2018
The SEC continues to have a way to go to improve its own cybersecurity. A new audit from the agency’s Office of the Inspector General has found that information security at the SEC in at least six of seven functional areas is two levels below what is needed.

Read More

Cyber Threats Grow as Advisers, Companies and Governments Seek Defenses

April 6, 2018
The threat to advisers, broker-dealers and other financial institutions from cyber assaults is likely to get worse as hackers become more sophisticated and their goals expand. Companies look at new best practices as both federal and state governments retroactively play catch up, but if what experts say is true, things may get worse before they get better – if they get better at all.

Read More

2017 in Review: A New SEC, Cybersecurity Threats and the Fiduciary Rule

December 29, 2017
The past year saw a great deal of change and development in the asset management community, but three loom larger than others: A new SEC with Jay Clayton at the helm, bringing different priorities than his predecessor; exacerbating cybersecurity concerns, with the SEC itself one of the victims; and the Department of Labor’s Fiduciary Rule and its exemptions, delays in their taking effect, and the increasing likelihood of SEC involvement in the process.

Read More

Cybersecurity Concerns Cause SEC to Delay Reporting Requirements

December 15, 2017
Investment companies and their advisers now have nine more months to comply with new EDGAR reporting requirements, the SEC said on December 8. It tied the delay to cybersecurity steps that the agency is or will be undertaking.

Read More

SEC Nominees Offer Guarded Views on Cybersecurity, Rules and Enforcement

October 27, 2017
One typically does not learn a great deal about nominees for public posts, like serving as an SEC commissioner, at the Senate confirmation hearings. They are, after all, not unlike job interviews and the candidates’ main goal is to get confirmed – so answers tend to be carefully worded and designed not to raise eyebrows. That said, some sense of where candidates stand tends to come through.

Read More

SEC Cyber Breach Resulted in Access to Personally Identifiable Information

October 6, 2017
At least two individuals had their names, dates of birth and social security numbers accessed by third parties as a result of the SEC’s 2016 cyber breach, Commission chairman Jay Clayton disclosed October 2. His disclosure also left open the possibility that the agency’s internal review might uncover more individuals with accessed personally identifiable information.

Read More

After the Cyber Breach: SEC Faces Questions, Clayton Testifies, Effect on the CAT

September 29, 2017
The asset management industry, including the SEC, is weighing the impact of the cybersecurity breach that agency chair Jay Clayton recently disclosed to the public (ACA Insight, 9/25/17). In the wake of the disclosure, the SEC announced a new initiative, Clayton testified before a Senate committee, and industry leaders and observers speculated as what it all might mean for future regulation and oversight, including the launching of the agency’s Comprehensive Audit Trail (CAT).

Read More

Clayton Reveals Potential Harm from Past SEC Cybersecurity Incident

September 22, 2017
SEC chairman Jay Clayton, in a September 20 cybersecurity statement providing an overview of how the agency is addressing its own cybersecurity threats, revealed that the SEC last month discovered that an earlier-detected agency breach had created an opportunity for "illicit gain."

Read More

OCIE Finds Increased Cybersecurity But Wants More

August 11, 2017
The SEC’s Office of Compliance Inspections and Evaluations on August 7 made public its observations from its most recent round of cybersecurity exams – and what it found is encouraging only to a point. The message delivered by OCIE in its National Exam Program risk alert was this: Advisory firms, broker-dealers and investment companies have made strides in providing cybersecurity, but there is still a long way to go.

Read More

Cybersecurity Hottest Compliance Topic among Advisers in 2017, Survey Finds

July 14, 2017
It was true for the past three years, and it’s true again in 2017: Cybersecurity is the hottest compliance topic among investment advisers, according to a nationwide survey released this month. Eighty-six percent of advisers think so. Custody is a distant second, with 26 percent of advisory firms ranking it as the most important compliance concern.

Read More