See why ACA Insight is the leading newsletter on regulatory compliance. Sign up for a free 1-week trial.

The weekly news source for investment management legal and compliance professionals

Topic: E-mails and Web/Internet Issues

OIG to SEC: Improve Information Security, Regulatory Oversight, Contract Management

October 13, 2017
When it rains, it pours. A little more than two weeks after the SEC began dealing with the public fallout from the cyber breach of one of its key electronic systems, its Office of the Inspector General issued its annual statement on the agencyís management and performance challenges. While the statement identified some progress the SEC made in addressing these challenges, it found significant areas for improvement.

Read More

SEC Cyber Breach Resulted in Access to Personally Identifiable Information

October 6, 2017
At least two individuals had their names, dates of birth and social security numbers accessed by third parties as a result of the SECís 2016 cyber breach, Commission chairman Jay Clayton disclosed October 2. His disclosure also left open the possibility that the agencyís internal review might uncover more individuals with accessed personally identifiable information.

Read More

After the Cyber Breach: SEC Faces Questions, Clayton Testifies, Effect on the CAT

September 29, 2017
The asset management industry, including the SEC, is weighing the impact of the cybersecurity breach that agency chair Jay Clayton recently disclosed to the public (ACA Insight, 9/25/17). In the wake of the disclosure, the SEC announced a new initiative, Clayton testified before a Senate committee, and industry leaders and observers speculated as what it all might mean for future regulation and oversight, including the launching of the agencyís Comprehensive Audit Trail (CAT).

Read More

Clayton Reveals Potential Harm from Past SEC Cybersecurity Incident

September 22, 2017
SEC chairman Jay Clayton, in a September 20 cybersecurity statement providing an overview of how the agency is addressing its own cybersecurity threats, revealed that the SEC last month discovered that an earlier-detected agency breach had created an opportunity for "illicit gain."

Read More

OCIE Finds Increased Cybersecurity But Wants More

August 11, 2017
The SECís Office of Compliance Inspections and Evaluations on August 7 made public its observations from its most recent round of cybersecurity exams Ė and what it found is encouraging only to a point. The message delivered by OCIE in its National Exam Program risk alert was this: Advisory firms, broker-dealers and investment companies have made strides in providing cybersecurity, but there is still a long way to go.

Read More

Cybersecurity Hottest Compliance Topic among Advisers in 2017, Survey Finds

July 14, 2017
It was true for the past three years, and itís true again in 2017: Cybersecurity is the hottest compliance topic among investment advisers, according to a nationwide survey released this month. Eighty-six percent of advisers think so. Custody is a distant second, with 26 percent of advisory firms ranking it as the most important compliance concern.

Read More

Electronic Messaging May Be Subject of New Sweep Examination

July 7, 2017
Advisory firms should consider preparing for what may be a new SEC sweep exam: electronic messaging. While it is not yet certain that such sweep exams have begun or are scheduled to begin, advisers would be wise to review their policies and procedures, as well as how they use and document such forms of communication as instant messaging, text/SMS messaging, emails sent and received on non-company systems, and personal or private messaging.

Read More

Ransomware Attack: OCIE Urges Asset Managers to Take Preventive Measures

May 19, 2017
The ransomware assault playing havoc with organizations globally this month has not gone unnoticed by the SEC. It issued a risk alert on May 17 urging advisers, investment companies and broker-dealers to not only keep current with the latest developments about the ransomware attack, but conduct cyber-risk assessments, penetration tests, and ensure they are maintaining their IT systems.

Read More

Too Much Cybersecurity May Not Be a Good Thing

April 21, 2017
Cybersecurity is regularly ranked a top priority by advisory firms and other financial institutions. Media outlets report on companies that get hacked. The SEC issues guidance and also takes enforcement actions against advisers for not protecting client information. Cyber consultants and systems vendors find plenty of work, as advisers cannot seem to spend enough money to assure clients and potential clients that their confidential information is safe. So can a firm provide too much cybersecurity? You bet it can.

Read More

Cybersecurity: Best Practices to Reassure Anxious Clients

April 14, 2017
Every few weeks, it seems, a major company is in the news because a hacker breached its cybersecurity system. Confidential information, including personal identification data like social security numbers, account numbers and emails, are stolen. What can advisory firms do to reassure justifiably concerned clients and prospective clients that their information is well protected?

Read More

Electronic Communication Reviews Must Keep Up with Technology

March 31, 2017
Advisory firms need to stay up to date with technology when it comes to reviewing electronic communications. Gone are the days when email monitoring was considered cutting edge. Chief compliance officers that want to be effective today need to review communications sent by text messaging, on social media and on emerging electronic platforms, including apps.

Read More

Watchdog Agency Finds Information Security at SEC Below Par

March 24, 2017
The SECís information security program does not measure up as "effective" against legal requirements, according to the agencyís own Office of the Inspector General. The watchdog agency this month issued an audit report to the SEC with 21 recommendations for corrective action.

Read More

Beware Spear Phishing Emails Sent to EDGAR Filers

March 17, 2017
Investment advisory firms, take note: If you receive, or have already received, what appears to be an email from the SECís EDGAR program, donít open the attachment in the message Ė it may be an attempt by a scammer to gain unauthorized entry to your computer or network.

Read More

Robo-Adviser Guidance Focuses on Disclosure, Suitable Advice, Compliance

March 3, 2017
Given the growth in the use of automated advisory systems Ė known as "robo-advisers" Ė by investment advisory firms in recent years, it was only a matter of time before the SEC stepped in with at least some guidance. That day has arrived.

Read More

Cybersecurity Vendors: Can They Answer Key Questions?

December 30, 2016
An advisory firmís cybersecurity risks seem to grow with no end in sight, and vendor access to data just increases a firmís vulnerability further. Make sure your cybersecurity vendors are doing what they need to do so that they are part of the solution, not part of the problem.

Read More

Ceresney’s Departure May Not Mean Less Enforcement

December 16, 2016
SEC Division of Enforcement director Andrew Ceresney, who will leave the agency before the end of the year, oversaw a period of increased enforcement of financial institutions, not least of which was investment advisory firms. But advisers and their defense counsel would be premature to break out the champagne bottles just yet. Not that much may change.

Read More

Beware the CAT: More Scrutiny Likely After Approval of Trading Database Plan

December 2, 2016
The SEC will soon be able to track trading activity in domestic equity and options markets to within 100 microseconds. Once it is active, the Comprehensive Audit Trail (CAT) will allow the agency to conduct not only more focused investigation of broker-dealers, but also of advisers. The agency recently approved the plan to create this single, comprehensive database, which is expected to be up and running within two years.

Read More

Cybersecurity Budget: Determine the Dollars You Need, Then Make the Case

November 18, 2016
Itís one thing to know the kind of cybersecurity program that will protect your firm. Itís another to convince the firm to allocate the budget that will make that program a reality.

Read More

Stein Calls on SEC to Step Up on Data Technology

November 11, 2016
The SEC needs to get ahead of the data technology curve Ė or at least keep up with it. That, at least, appears to be the view of agency commissioner Kara Stein, who in a recent speech called on the agency to take advantage of opportunities data provides, and to overcome challenges that may get in the way of the SEC "keeping up" with dataís growing role in the markets. She also called for a new office within the agency to coordinate the creation of data strategy.

Read More

Hiring a Cybersecurity Czar: How to Do It, What to Look For

November 4, 2016
No one wants to have their data, not to mention sensitive client information, misused or stolen. Advisory firms may already have some IT staff on board, but as cybercrimes become increasingly sophisticated and regulatory requirements increase, they may want to bring on board an individual to oversee everything cybersecurity, in other words, a cybersecurity czar.

Read More