How to Identify and Avoid Vishing and Smishing Attacks WHAT HAPPENED? You likely have heard of phishing attacks, a type of social engineering scheme that tricks victims into clicking email links infected with malware, or into giving sensitive information to cybercriminals posing as a credible contact. Sophisticated attackers use [...]
5 Ways to Strengthen Your Firm’s Vendor Management Program WHAT HAPPENED? Vendor management is a critical piece of creating a comprehensive information security strategy for firms. Vendors processing or maintaining sensitive information on behalf of your firm and its clients are especially important to review and conduct due diligence [...]
Are You Taking Steps To Avoid Ransomware Attacks? WHAT HAPPENED? Earlier this month, the Office of Compliance Inspections and Examinations of the United States Securities and Exchange Commission (OCIE) issued a Risk Alert which outlines best practices for maintaining a secure network; the United States Cybersecurity and Infrastructure Agency [...]
The CCPA Enforcement Date Is Approaching: What You Should Know WHAT HAPPENED? The July 1, 2020 enforcement date for the California Consumer Privacy Act (CCPA) is fast approaching. The original adoption of the regulations, on Jan. 1 of this year, contained a six-month enforcement delay. Although some organizations requested [...]
What Does OCIE Look for When Examining Cybersecurity Practices? WHAT HAPPENED? In recent years, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission made cybersecurity a top priority when examining all types of firms. As the use of digital technology becomes more essential to [...]
OCIE Releases List of Common Investment Company, Money Market Fund, and Target Date Fund Compliance Issues WHAT HAPPENED? On Nov. 7, 2019, the Office of Compliance Inspections and Examinations of the Securities and Exchange Commission released a Risk Alert outlining common compliance observations among investment companies, money market funds, [...]
OCIE Warns of Cloud-Based Server Security Risks WHAT HAPPENED? Last week, the Office of Compliance Inspections and Examinations (OCIE) discovered several security risks related to the storage of customer information by broker-dealers and advisers, particularly related to the use of cloud-based servers. The primary risk was found to stem [...]
OCIE Warns Advisers and Broker-Dealers of Regulation S-P Compliance Issues WHAT HAPPENED? On April 16, 2019, the Office of Compliance Inspections and Examinations (OCIE) published a list of compliance issues in connection with Regulation S-P. Regulation S-P requires registered investment advisers, investment companies, and broker-dealers (registrants) to provide notice [...]
FINRA Releases Report On Selected Cybersecurity Practices WHAT HAPPENED? On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a Report on Selected Cybersecurity Practices (the “2018 Report”). In it, FINRA outlines five topics of focus: Cybersecurity controls in branch offices; Methods of limiting phishing attacks; Identifying and [...]