Logical Encryption Controls to Secure Your Firm Encryption is all the rage today. Regulators are asking firms about their encryption policies, and those who do not have well-executed strategies can find themselves at risk of examination deficiencies or enforcement. With NSA spying allegations, the general public has begun to understand that encryption [...]
SEC Risk-Based Exam Navigation Utilize FINRA’s RCA Survey for SEC Examination Prep Many Investment Advisers pay little attention to the Financial Industry Regulatory Authority’s guidance and news items. This is a mistake, not only because FINRA has been out in front on issues such as Business Continuity, Identity Theft, AML, and Cybersecurity, [...]
What to Expect from the SEC as Cybersecurity Hits the Docket The New York Times reported on Sunday that the Securities and Exchange Commission has enforcement with cybersecurity implications on the schedule. The authors speculated about something that we have all known for years, the SEC is going for high-profile or impact [...]
Due Diligence For Your Vendors And Your Firm Bolstering fortifications around vendors is a critical area of any firm's cybersecurity program. At the same time, investment advisers, investment companies, and broker-dealers, as vendors themselves, are subject to increasing scrutiny by their institutional investors. Both the SEC and FINRA have recognized the importance [...]
A compliance officer knows that he or she must consider third party risks in any assessment. As the threat landscape has changed, third-party risk has become more and more focused on information security. The need for initial and ongoing due diligence of critical third parties is understood and should be part of [...]
A first glance, Cyber Liability Insurance seems like a panacea for the harried financial services firm looking to shore up its defenses from nefarious hackers. However, if you don’t have your cybersecurity house in order, you can find yourself doubling down on the losing end: paying for a policy that doesn’t pay [...]
Regulatory guidance on cybersecurity shows little sign of abating and additional governmental legislation continues to complicate every CCO’s day. With the regulatory landscape continuing to grow more complex, we pause to ask the question: Have you thought about your next presence exam? Preparing today can be the most important step you as [...]
Commissioner Luis A. Aguilar delivered the morning keynote address last Thursday at the SINET Innovation Summit 2015 in New York. We continue to pay close attention when the Commissioner speaks as he has been a proponent on the subject of Cybersecurity, has contributed key guidance in previous speeches, and was the driving [...]
Recent guidance from the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the FBI suggests that Business Email Compromise (BEC) that leads to fraudulent wire transactions remains a significant threat to the industry. While the controls listed in the June 19th Fraud Alert were primarily directed at executives, Advisors and other [...]
The Division of Investment Management’s recent cybersecurity guidance suggested that firms consider implementing training to provide guidance to officers and employees “concerning applicable threats and measures to prevent, detect, and respond to… threats and that monitor compliance with cybersecurity policies and procedures.” In addition, the Division suggested that firms “may wish to [...]