See why ACA Insight is the leading newsletter on regulatory compliance. Sign up for a free 1-week trial.

The weekly news source for investment management legal and compliance professionals

Topic: E-mails and Web/Internet Issues

Ransomware Attack: OCIE Urges Asset Managers to Take Preventive Measures

May 19, 2017
The ransomware assault playing havoc with organizations globally this month has not gone unnoticed by the SEC. It issued a risk alert on May 17 urging advisers, investment companies and broker-dealers to not only keep current with the latest developments about the ransomware attack, but conduct cyber-risk assessments, penetration tests, and ensure they are maintaining their IT systems.

Read More

Too Much Cybersecurity May Not Be a Good Thing

April 21, 2017
Cybersecurity is regularly ranked a top priority by advisory firms and other financial institutions. Media outlets report on companies that get hacked. The SEC issues guidance and also takes enforcement actions against advisers for not protecting client information. Cyber consultants and systems vendors find plenty of work, as advisers cannot seem to spend enough money to assure clients and potential clients that their confidential information is safe. So can a firm provide too much cybersecurity? You bet it can.

Read More

Cybersecurity: Best Practices to Reassure Anxious Clients

April 14, 2017
Every few weeks, it seems, a major company is in the news because a hacker breached its cybersecurity system. Confidential information, including personal identification data like social security numbers, account numbers and emails, are stolen. What can advisory firms do to reassure justifiably concerned clients and prospective clients that their information is well protected?

Read More

Electronic Communication Reviews Must Keep Up with Technology

March 31, 2017
Advisory firms need to stay up to date with technology when it comes to reviewing electronic communications. Gone are the days when email monitoring was considered cutting edge. Chief compliance officers that want to be effective today need to review communications sent by text messaging, on social media and on emerging electronic platforms, including apps.

Read More

Watchdog Agency Finds Information Security at SEC Below Par

March 24, 2017
The SECís information security program does not measure up as "effective" against legal requirements, according to the agencyís own Office of the Inspector General. The watchdog agency this month issued an audit report to the SEC with 21 recommendations for corrective action.

Read More

Beware Spear Phishing Emails Sent to EDGAR Filers

March 17, 2017
Investment advisory firms, take note: If you receive, or have already received, what appears to be an email from the SECís EDGAR program, donít open the attachment in the message Ė it may be an attempt by a scammer to gain unauthorized entry to your computer or network.

Read More

Robo-Adviser Guidance Focuses on Disclosure, Suitable Advice, Compliance

March 3, 2017
Given the growth in the use of automated advisory systems Ė known as "robo-advisers" Ė by investment advisory firms in recent years, it was only a matter of time before the SEC stepped in with at least some guidance. That day has arrived.

Read More

Cybersecurity Vendors: Can They Answer Key Questions?

December 30, 2016
An advisory firmís cybersecurity risks seem to grow with no end in sight, and vendor access to data just increases a firmís vulnerability further. Make sure your cybersecurity vendors are doing what they need to do so that they are part of the solution, not part of the problem.

Read More

Ceresney’s Departure May Not Mean Less Enforcement

December 16, 2016
SEC Division of Enforcement director Andrew Ceresney, who will leave the agency before the end of the year, oversaw a period of increased enforcement of financial institutions, not least of which was investment advisory firms. But advisers and their defense counsel would be premature to break out the champagne bottles just yet. Not that much may change.

Read More

Beware the CAT: More Scrutiny Likely After Approval of Trading Database Plan

December 2, 2016
The SEC will soon be able to track trading activity in domestic equity and options markets to within 100 microseconds. Once it is active, the Comprehensive Audit Trail (CAT) will allow the agency to conduct not only more focused investigation of broker-dealers, but also of advisers. The agency recently approved the plan to create this single, comprehensive database, which is expected to be up and running within two years.

Read More

Cybersecurity Budget: Determine the Dollars You Need, Then Make the Case

November 18, 2016
Itís one thing to know the kind of cybersecurity program that will protect your firm. Itís another to convince the firm to allocate the budget that will make that program a reality.

Read More

Stein Calls on SEC to Step Up on Data Technology

November 11, 2016
The SEC needs to get ahead of the data technology curve Ė or at least keep up with it. That, at least, appears to be the view of agency commissioner Kara Stein, who in a recent speech called on the agency to take advantage of opportunities data provides, and to overcome challenges that may get in the way of the SEC "keeping up" with dataís growing role in the markets. She also called for a new office within the agency to coordinate the creation of data strategy.

Read More

Hiring a Cybersecurity Czar: How to Do It, What to Look For

November 4, 2016
No one wants to have their data, not to mention sensitive client information, misused or stolen. Advisory firms may already have some IT staff on board, but as cybercrimes become increasingly sophisticated and regulatory requirements increase, they may want to bring on board an individual to oversee everything cybersecurity, in other words, a cybersecurity czar.

Read More

Cybersecurity on a Tight Budget: Consider These Cost-Conscious Steps

October 7, 2016
Think an effective cybersecurity program requires a lot of expense? Think again. Small firms or any firm with limited financial resources can put an effective cybersecurity program in place without straining the company wallet.

Read More

Top Cybersecurity Mistakes Made by Investment Advisers

August 12, 2016
Investment advisers nationwide rate cybersecurity as the number one issue they face. The SEC has made it a top priority and is taking enforcement actions against firms that it finds are not properly addressing cyber risks. The upshot of all this is that advisory firms are increasingly taking steps to safeguard the privacy of client and business records, as well as the security of firm assets. But a key question they need to ask is: Are those steps the correct ones?

Read More

A Cybersecurity Plan Not Tested May Be a Plan That Doesn’t Work

July 22, 2016
You can do everything right in your cybersecurity plan. It can be based on a solid risk assessment, cover and prioritize areas of risk, assign appropriate responsibilities, and be the subject of training. But if you do not test it, that may all be for naught.

Read More

Cybersecurity Tops All Other Adviser Concerns

July 8, 2016
Thereís no question about it. Nothing comes close to cybersecurity when investment advisers are asked to name their greatest concerns. A recent survey of advisers found that cybersecurity ranked more than three times higher than any other topic.

Read More

SEC Fines Morgan Stanley $1 Million for Cybersecurity Compliance Gaps

June 10, 2016
The SEC wants advisers and broker-dealers to know that it takes cybersecurity compliance very seriously Ė and will bring enforcement actions against firms that fail to take required steps. Witness its June 8 settlement with financial giant Morgan Stanley Smith Barney. The investment adviser and broker-dealer will pay a $1 million fine to settle charges that the companyís failure to protect the personally identifiable information of approximately 730,000 accounts allowed hackers to steal and sell the customersí information online.

Read More

An Effective Cybersecurity Response Plan: Your Best Protection

May 19, 2016
When the cyber event occurs, you donít want to be caught unprepared. The best way to be ready for any cybersecurity threat is to have an effective cybersecurity response plan in place, one that offers clear, plain-English instructions for how to handle events when they occur, yet that is flexible enough to adapt to different types of threats.

Read More

Cybersecurity Training: Employees are Your First Line of Defense

February 19, 2016
Knowing your cybersecurity risk areas and drafting effective cybersecurity policies and procedures are important, but if you donít train staff on those risk areas, policies and procedures, your cybersecurity program will not be as effective as it needs to be.

Read More