See why ACA Insight is the leading newsletter on regulatory compliance. Sign up for a free 1-week trial.

The weekly news source for investment management legal and compliance professionals

Topic: E-mails and Web/Internet Issues

Watchdog Agency Finds Information Security at SEC Below Par

March 24, 2017
The SECís information security program does not measure up as "effective" against legal requirements, according to the agencyís own Office of the Inspector General. The watchdog agency this month issued an audit report to the SEC with 21 recommendations for corrective action.

Read More

Beware Spear Phishing Emails Sent to EDGAR Filers

March 17, 2017
Investment advisory firms, take note: If you receive, or have already received, what appears to be an email from the SECís EDGAR program, donít open the attachment in the message Ė it may be an attempt by a scammer to gain unauthorized entry to your computer or network.

Read More

Robo-Adviser Guidance Focuses on Disclosure, Suitable Advice, Compliance

March 3, 2017
Given the growth in the use of automated advisory systems Ė known as "robo-advisers" Ė by investment advisory firms in recent years, it was only a matter of time before the SEC stepped in with at least some guidance. That day has arrived.

Read More

Cybersecurity Vendors: Can They Answer Key Questions?

December 30, 2016
An advisory firmís cybersecurity risks seem to grow with no end in sight, and vendor access to data just increases a firmís vulnerability further. Make sure your cybersecurity vendors are doing what they need to do so that they are part of the solution, not part of the problem.

Read More

Ceresney’s Departure May Not Mean Less Enforcement

December 16, 2016
SEC Division of Enforcement director Andrew Ceresney, who will leave the agency before the end of the year, oversaw a period of increased enforcement of financial institutions, not least of which was investment advisory firms. But advisers and their defense counsel would be premature to break out the champagne bottles just yet. Not that much may change.

Read More

Beware the CAT: More Scrutiny Likely After Approval of Trading Database Plan

December 2, 2016
The SEC will soon be able to track trading activity in domestic equity and options markets to within 100 microseconds. Once it is active, the Comprehensive Audit Trail (CAT) will allow the agency to conduct not only more focused investigation of broker-dealers, but also of advisers. The agency recently approved the plan to create this single, comprehensive database, which is expected to be up and running within two years.

Read More

Cybersecurity Budget: Determine the Dollars You Need, Then Make the Case

November 18, 2016
Itís one thing to know the kind of cybersecurity program that will protect your firm. Itís another to convince the firm to allocate the budget that will make that program a reality.

Read More

Stein Calls on SEC to Step Up on Data Technology

November 11, 2016
The SEC needs to get ahead of the data technology curve Ė or at least keep up with it. That, at least, appears to be the view of agency commissioner Kara Stein, who in a recent speech called on the agency to take advantage of opportunities data provides, and to overcome challenges that may get in the way of the SEC "keeping up" with dataís growing role in the markets. She also called for a new office within the agency to coordinate the creation of data strategy.

Read More

Hiring a Cybersecurity Czar: How to Do It, What to Look For

November 4, 2016
No one wants to have their data, not to mention sensitive client information, misused or stolen. Advisory firms may already have some IT staff on board, but as cybercrimes become increasingly sophisticated and regulatory requirements increase, they may want to bring on board an individual to oversee everything cybersecurity, in other words, a cybersecurity czar.

Read More

Cybersecurity on a Tight Budget: Consider These Cost-Conscious Steps

October 7, 2016
Think an effective cybersecurity program requires a lot of expense? Think again. Small firms or any firm with limited financial resources can put an effective cybersecurity program in place without straining the company wallet.

Read More

Top Cybersecurity Mistakes Made by Investment Advisers

August 12, 2016
Investment advisers nationwide rate cybersecurity as the number one issue they face. The SEC has made it a top priority and is taking enforcement actions against firms that it finds are not properly addressing cyber risks. The upshot of all this is that advisory firms are increasingly taking steps to safeguard the privacy of client and business records, as well as the security of firm assets. But a key question they need to ask is: Are those steps the correct ones?

Read More

A Cybersecurity Plan Not Tested May Be a Plan That Doesn’t Work

July 22, 2016
You can do everything right in your cybersecurity plan. It can be based on a solid risk assessment, cover and prioritize areas of risk, assign appropriate responsibilities, and be the subject of training. But if you do not test it, that may all be for naught.

Read More

Cybersecurity Tops All Other Adviser Concerns

July 8, 2016
Thereís no question about it. Nothing comes close to cybersecurity when investment advisers are asked to name their greatest concerns. A recent survey of advisers found that cybersecurity ranked more than three times higher than any other topic.

Read More

SEC Fines Morgan Stanley $1 Million for Cybersecurity Compliance Gaps

June 10, 2016
The SEC wants advisers and broker-dealers to know that it takes cybersecurity compliance very seriously Ė and will bring enforcement actions against firms that fail to take required steps. Witness its June 8 settlement with financial giant Morgan Stanley Smith Barney. The investment adviser and broker-dealer will pay a $1 million fine to settle charges that the companyís failure to protect the personally identifiable information of approximately 730,000 accounts allowed hackers to steal and sell the customersí information online.

Read More

An Effective Cybersecurity Response Plan: Your Best Protection

May 19, 2016
When the cyber event occurs, you donít want to be caught unprepared. The best way to be ready for any cybersecurity threat is to have an effective cybersecurity response plan in place, one that offers clear, plain-English instructions for how to handle events when they occur, yet that is flexible enough to adapt to different types of threats.

Read More

Cybersecurity Training: Employees are Your First Line of Defense

February 19, 2016
Knowing your cybersecurity risk areas and drafting effective cybersecurity policies and procedures are important, but if you donít train staff on those risk areas, policies and procedures, your cybersecurity program will not be as effective as it needs to be.

Read More

The Year in Review: Challenges in Asset Management, Cybersecurity, Insider Trading

December 18, 2015
No two years are alike, and a review of 2015ís top developments that affected, or will affect, advisers and funds proves the point. 2015 was a year of challenges: proposed rules affecting asset managers, an intensified focus on cybersecurity that is only likely to intensify more, and an unexpected change to the definition of insider trading.

Read More

Draft Cybersecurity Policies and Procedures That Fit Your Firm

December 4, 2015
One size doesnít fit all when it comes to drafting cybersecurity policies and procedures, an essential part of an effective cybersecurity program. While most need to be drawn with certain parameters in mind, they also need to be tailored to match the conditions and risks of your advisory firm.

Read More

Crowdfunding: Get Ready for Client Interest and Potential Investments

November 6, 2015
The SEC this week adopted final crowdfunding rules that will allow small businesses to raise capital from investors Ė including possibly your clients Ė through web portals. Many of your clients will likely not be interested in making these investments, but smart advisers will be ready with at least some answers for those who are.

Read More

Assess Cybersecurity Risks Before Creating Policies and Procedures

October 16, 2015
Make sure you put the cart before the horse when you take your first steps in protecting your firm from cybersecurity attacks.

Read More