Tag Archives: SEC

Broker-Dealer and Investment Adviser Agrees to Settle SEC Enforcement Action Arising From a Data Security Incident

The U.S. Securities and Exchange Commission (SEC) recently announced a consent order settling an enforcement action brought by the SEC against Voya Financial Advisors Inc. (VFA) in connection with a data security incident that occurred in 2016. VFA is a registered broker-dealer and investment adviser with the SEC. The order memorializes the SEC’s agreement to … Continue Reading

SEC Investigation Highlights BEC Risk and Need for Comprehensive Risk Assessments by Public Companies

The Securities and Exchange Commission issued a press release and an investigative report on Oct. 16 cautioning public companies to consider cyber threats when implementing internal accounting controls. The report stems from the SEC’s investigation of nine companies that lost between $1 million and $100 million each in so-called business email compromise (BEC) frauds, in … Continue Reading

SEC Clarifies Existing Cybersecurity Disclosure Guidance

On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) issued cybersecurity disclosure guidance for public companies (“SEC Guidance”) that, according to SEC Chair Jay Clayton, “reinforces and expands” on the SEC Division of Corporation Finance’s prior guidance from 2011 (“Corp Fin Guidance” as we previously covered) regarding disclosure requirements under the federal securities … Continue Reading

Former SEC Commissioner Louis A. Aguilar Describes Corporate Directors’ Cybersecurity Duties

When Louis A. Aguilar was a commissioner at the Securities and Exchange Commission, he helped organize the SEC’s March 2014 roundtable to discuss the cyber risks facing public companies. The numerous data breaches that have occurred at public companies, from Target to Yahoo and many more, show that public companies have not yet succeeded in … Continue Reading

Data Security in the Financial Industry: Five Key Developments to Keep An Eye on in 2016

According to a 2015 report on threats to the financial services sector, 41% of financial services organizations polled had experienced a data breach or failed a compliance audit in the previous year, and 57% listed preventing a data breach as their top IT priority.  Reflecting the ever-increasing awareness of threats to financial data security, 2015 … Continue Reading

The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs

On September 15, 2015, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert (2015 Risk Alert) to provide broker-dealers and investment advisers with information on the focus areas of its upcoming round of cybersecurity examinations. OCIE is building on its previous cybersecurity examinations to increase … Continue Reading

Lost, Unencrypted Laptop Leads FINRA to Fine a Broker-Dealer $225,000 for Violating Reg S-P

With the recent focus by the SEC and FINRA on cybersecurity for broker-dealers and investment advisers as a backdrop, FINRA recently brought and settled an enforcement action under SEC Regulation S-P against broker-dealer Sterne, Agee & Leach, Inc. The case arose from a May 2014 incident in which a Sterne information technology employee inadvertently left … Continue Reading

SEC Adopts Rules to Improve Systems Compliance and Integrity

On November 19, 2014, the Securities and Exchange Commission (SEC) unanimously voted to adopt Regulation Systems Compliance and Integrity (Reg SCI), which will govern the technology infrastructure of the U.S.’s securities exchanges and certain other trading platforms and market participants.[1] Reg SCI will supersede and replace the SEC’s current Automation Review Policy (ARP). The new … Continue Reading

How to Respond to SEC Inquiries Concerning Data Breach and Data Security Policies

Every company, whether public or private, has exposure to potential data breach or theft of confidential information. When this occurs, various state and federal regulatory organizations have jurisdiction over ensuring that there is prompt, corrective, and remedial action taken by the company whose systems have been compromised. Much of the focus of articles and commentary … Continue Reading

Broker-Dealers and Investment Advisers Now Targeted by Both Cyber Intruders and SEC Cybersecurity Examiners

The following BakerHostetler Executive Alert was authored by: Andrew W. Reich and Jonathan A. Forman Cybersecurity has increasingly become a critical issue for all types of businesses, few more so than broker-dealers, investment advisers and others in the financial sector. The cyber threat is much broader than customer data privacy as addressed by the Securities … Continue Reading

SEC To Issue Stronger Cybersecurity Guidance?

In February we wrote about whether Facebook’s IPO would set the tone under the SEC’s then-relatively new cybersecurity disclosure guidance. In subsequent months, it has become apparent that this guidance is still not yielding the level of disclosure on cybersecurity matters that regulators want. This is especially true with respect to the disclosure of past … Continue Reading

SEC Greenlights Use of Social Media for Publicly Disclosing Company Information

Co-authored by: Jonathan Nowakowski Recognizing the reality that many investors likely get more information from Facebook and Twitter than a corporate 10-K and that most public companies have a robust social media presence, the U.S. Securities and Exchange Commission (“SEC”) recently weighed in on the use of social media by public companies to disclose material … Continue Reading

SEC and CFTC Propose Identity Theft Prevention Rules

Reflective of an increased interest in data privacy concerns, on February 28, 2012, the Securities and Exchange and Commodity Futures Trading commissions jointly released proposed rules designed to protect investors from identity theft by mandating the creation of programs to detect potential security threats.  The proposed rules are meant to implement Title X of the … Continue Reading

Will Facebook’s IPO Cybersecurity Disclosures Set the Tone Under SEC’s New Guidance?

Facebook filed its long-awaited Form S-1 with the SEC on February 1.  Given the nature of its business, concerns regarding data privacy were peppered throughout the filing.  While other business risk factors may be paramount (e.g., reliance on Zynga, slowing growth, etc.), data privacy has been and will continue to be an important issue for … Continue Reading

SEC Provides Guidance on Cybersecurity Disclosure Obligations

The SEC released a guidance document on October 13, 2011, which set forth the views of the Division of Corporation Finance regarding disclosure obligations relating to cybersecurity risks and incidents.  Even though there is no disclosure requirement specific to cybersecurity risks and incidents, information about such incidents and their effects may need to be disclosed … Continue Reading
LexBlog