See why ACA Insight is the leading newsletter on regulatory compliance. Sign up for a free 1-week trial.

The weekly news source for investment management legal and compliance professionals

Topic: Cybersecurity

Nine Inspectors General Call for Joint Efforts to Address Cybersecurity and More

August 2, 2019
Inspectors General from the SEC, the CFTC, the Treasury Department and six other financial regulatory bodies recently issued a report that addresses seven management and performance challenges they face – a list that includes enhanced oversight of cybersecurity, managing and securing information technology, and sharing threat information.

Read More

Peirce Calls for Digital Token Safe Harbor

August 2, 2019
Long a backer of digital innovation in the securities markets, SEC Commissioner Hester Peirce on July 30 called for the creation of a digital token safe harbor that would permit issuers to offer tokens "under an alternative regime with robust requirements."

Read More

SEC Report Card: OIG Focuses on Information Security and More

July 19, 2019
The SEC, those regulated by it may be glad to know, is itself scrutinized – by its internal Inspector General, whose office issues a report to Congress every six months. The most recent report makes clear that the SEC is not bulletproof, needs better information security, and is the subject of audits concerning its analytics initiatives, information technology investments and more.

Read More

Survey: Cybersecurity Again Hottest Compliance Topic, Custody Drops

July 19, 2019
Advisory firms nationwide continue to be highly concerned about cybersecurity, with approximately 83 percent of them naming it their highest compliance concern for the sixth year in a row. Concerns about custody compliance, however, are down from last year.

Read More

OCIE Director on Anti-Money Laundering, Cybersecurity, Customer Funds

June 14, 2019
What do SEC examinations involving anti-money laundering, cybersecurity and protection of customer funds have in common? Examination efforts in these areas are examples of the agency protecting retail investors. So said SEC Office of Compliance Inspections and Examinations Director Peter Driscoll, who recently addressed the SIFMA Operations Conference in Boca Raton, FL.

Read More

Technology in the Coming Years: What Advisory Firms Should Expect

May 3, 2019
Technology has altered the world for investment advisers. The rise of auto-advisers, the ever-increasing need for cybersecurity, the overwhelming prevalence of various forms of social media, cryptocurrencies and more have shaped a business and compliance reality that many advisers might not have predicted a decade or more ago. Given that each new step in high tech appears to exponentially bolster the arrival and impact of the subsequent one, what should advisers expect in the next decade, and how should they prepare for it?

Read More

Third OCIE Cybersecurity Exam Sweep Underway

March 29, 2019
The SEC’s Office of Compliance Inspections and Examinations isn’t letting the grass grow under its feet when it comes to advisory firms and cybersecurity. Having completed two cybersecurity exam sweeps in recent years, OCIE has now begun a third – this time focusing on large branch office networks and firms that have merged with or acquired other firms.

Read More

SEC Modifies Form N-PORT Reporting to Address Cybersecurity Concerns

March 1, 2019
The SEC last week eased up a bit on its portfolio reporting requirements for investment companies. In an interim final Rule, it changed the frequency with which funds must file Form N-PORT with the agency from monthly to quarterly. Doing so, it said, will address both data and cybersecurity concerns.

Read More

The SEC Strikes Back: EDGAR Hacking Suspects Found and Charged

January 18, 2019
Nine suspects – hackers, traders and other entities from multiple countries – were charged by the SEC January 15 in federal court with perpetrating the 2016 hack of the agency’s online Electronic Data Gathering, Analysis and Retrieval (EDGAR) system, including some of its personally identifiable information.

Read More

The Year Ahead: New and Revised Rules, Cryptocurrency and Cybersecurity Enforcement

January 4, 2019
Advisory firms, investment companies and broker-dealers should get ready for some changes as 2019 takes off. Among other things, they will be likely to deal with new rules, revisions to existing rules, and enforcement efforts targeted at reining in cryptocurrencies and strengthening cybersecurity.

Read More

2018 in Review: Standards of Care, Cryptocurrencies, SEC Changes and More

December 21, 2018
With the past year almost over and a new one about to begin, it’s time to take a look back and take stock of what was accomplished in 2018 and what issues remain. The past 12 months found major developments involving standards of care for advisers and broker-dealers, the emergence of an SEC strategy regarding cryptocurrencies, a full year in office for a new SEC team and philosophy, the rising challenges of cybersecurity, and more.

Read More

Information Security Rule Proposed by State Securities Regulators Association

October 19, 2018
Rules and guidance from the SEC on cybersecurity and related matters have been proposed and/or issued in recent years – but the agency is not the only regulator taking action in these areas. States also have the authority to regulate securities entities – and the association representing state and provincial securities regulators in the United States, Canada and Mexico, the North American Securities Administrators Association (NASAA), is seeking comment on a proposed information security and data privacy model Rule and related amendments.

Read More

Commissioner Wants Cybersecurity Reg SCI Expanded to Advisers and Broker-Dealers

October 12, 2018
Regulation SCI was adopted by the SEC in November 2014 and requires exchanges, clearinghouses and others to put in place written cyber policies and procedures – but should now be expanded to include advisers, broker-dealers and transfer agents. That’s the view of SEC Commissioner Kara Stein, who, in a recent speech on data usage and regulation, said that she has asked agency Chairman Jay Clayton to prioritize the issuance of what she calls “Regulation SCI 2.0.”

Read More

Cybersecurity: Firm Pays $1 Million to Settle Deficient Procedure Charges

September 28, 2018
A dually-registered adviser/broker-dealer agreed on September 26 to pay the SEC $1 million in fines as part of a settlement over cybersecurity violations. The settlement with Des Moines-based Voya Financial Advisers involved violations of two agency cybersecurity-related rules, as well as a 2016 incident in which hackers gained access to personally identifiable information for at least 5,600 of the firm’s customers.

Read More

Cybersecurity Again Top Adviser Compliance Topic

July 20, 2018
A recently released nationwide survey provides numbers behind what should not be a surprise conclusion for most asset management professionals: Cybersecurity remains far and away the hottest topic among investment advisers, dwarfing other concerns like advertising, custody, privacy and fiduciary duty.

Read More

SEC Strategic Plan Draft Calls for Cybersecurity, Enforcement, Revisiting Rules

July 6, 2018
The SEC’s draft five-year strategic plan for 2018 through 2022 – the first released by chairman Jay Clayton – centers around three high-concept goals: Investors, innovation and performance. Within those three goals, however, are more practical initiatives focusing on a variety of topics, including cybersecurity, enforcement and revisiting existing rules.

Read More

SEC’s Information Security Found Wanting by its Inspector General

April 6, 2018
The SEC continues to have a way to go to improve its own cybersecurity. A new audit from the agency’s Office of the Inspector General has found that information security at the SEC in at least six of seven functional areas is two levels below what is needed.

Read More

Cyber Threats Grow as Advisers, Companies and Governments Seek Defenses

April 6, 2018
The threat to advisers, broker-dealers and other financial institutions from cyber assaults is likely to get worse as hackers become more sophisticated and their goals expand. Companies look at new best practices as both federal and state governments retroactively play catch up, but if what experts say is true, things may get worse before they get better – if they get better at all.

Read More

2017 in Review: A New SEC, Cybersecurity Threats and the Fiduciary Rule

December 29, 2017
The past year saw a great deal of change and development in the asset management community, but three loom larger than others: A new SEC with Jay Clayton at the helm, bringing different priorities than his predecessor; exacerbating cybersecurity concerns, with the SEC itself one of the victims; and the Department of Labor’s Fiduciary Rule and its exemptions, delays in their taking effect, and the increasing likelihood of SEC involvement in the process.

Read More

Cybersecurity Concerns Cause SEC to Delay Reporting Requirements

December 15, 2017
Investment companies and their advisers now have nine more months to comply with new EDGAR reporting requirements, the SEC said on December 8. It tied the delay to cybersecurity steps that the agency is or will be undertaking.

Read More