Regulatory Readiness
-
SEC’s OCIE RISK ALERT
On May 23, 2019, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) released a new risk alert identifying security risks associated with the storage of electronic customer records and information in various network storage solutions, including cloud-based storage. Some of the concerns brought to light from recent examinations were misconfigured…
-
CYBERSECURITY RISK ALERT: SEC Regulation S-P Risk Alert
Today, April 16, 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a risk alert regarding compliance issues related to Regulation S-P. The focal points identified by the OCIE were the failure to provide customers with privacy and opt-out notices, as well as the failure to adopt written policies and procedures that address…
-
CYBERSECURITY NEWS ALERT: CFTC’s First Ever Examination Priorities
On February 12, 2019, the Commodity Futures Trading Commission (CFTC) released its first-ever examination priorities for registrants of the Division of Market Oversight (DMO), Division of Swap Dealer & Intermediary Oversight (DSIO), and Division of Clearing & Risk (DCR). A notable inclusion in the examination priorities is service provider oversight. In the release, the CFTC…
-
Cybersecurity Risk Alert – NFA
The National Futures Association (NFA) recently amended the NFA Compliance Rules 2-9, 2-36, and 2-49: Information Systems Security Programs. The amendments address three areas originally covered in the 2016 Interpretive Notice and go into effect on April 1, 2019. The amendments are as follows: Cybersecurity Training Previously, the NFA required employee cybersecurity training upon hire and periodically…
-
Cybersecurity News Alert – U.S. Securities and Exchange Commission (SEC)
SEC Cybersecurity News Alert: On Thursday, December 20th, the U.S. Securities and Exchange Commission (SEC) released the examination priorities for 2019. The SEC has shifted their examination priorities from years past in an effort to adapt to emerging risks, but cybersecurity continues to remain a top priority for the SEC. The SEC will be focusing…
-
CYBERSECURITY NEWS ALERT: December 2018
On December 20th, the Financial Industry Regulatory Authority (FINRA) released a report detailing the effective cybersecurity practices and common risks observed during recent examinations. The report focused on the following key areas: Branch Controls Phishing Attacks Insider Threats Penetration Testing Mobile Device Security Branch Controls: Maintaining rigorous cybersecurity controls is a firm’s best defense against attacks…
-
Lessons From the SEC’s First Red Flags Rule Settlement – The Cybersecurity Law Report
Thumb drives are often considered unassuming devices that make the transfer of digital data easy through quick access to ports from one device to another. However, recent findings from the FBI have shown malicious parties using thumb drives in order to infect recipients’ computers with malware. Cybersecurity Dangers of Thumb Drives Cyber attacks have been…
-
Cybersecurity News Alert – SEC
SEC Cybersecurity News Alert: Today, the Securities and Exchange Commission (SEC) announced that a Des Moines-based broker-dealer and investment adviser has agreed to pay $1 million for its failures in cybersecurity policies and procedures surrounding a cyber-breach. The charge against Voya Financial Advisors Inc. (VFA) is the first SEC enforcement action charging violations of the…
