Though we've known ever since the SEC released its exam priorities for 2018 that cybersecurity would continue, as in years past, to be a priority, the SEC's Office of Compliance Inspections and Examinations ("OCIE") recently announced a plan for a new cybersecurity sweep.
Of course, if your firm has been taking proper precautions around the issue of cybersecurity, you should have little to worry about. However, there are many firms who still adopt cyber policies but do not following them or still struggle to understand the precautions that need to be taken to mitigate against cyber risks.
What makes this initiative different from years past is the ever-increasing growth of robo-advisers, particularly in Silicon Valley. In addition, we are seeing tremendous popularity with virtual currencies (including cryptocurrencies). More and more, investment transactions are taking place involving such currencies, and as the use of such currencies rise, so too does the potential for fraud. For instance, in 2017 we saw a huge number of cryptocurrency frauds take place in the UK, in Japan, and in the U.S.
Cybersecurity Is More Important Than Ever in the Modern Digital Landscape
The modern digital landscape makes cybersecurity a more important concern than ever before. Many processes that were once exclusively completed using analog methods are now handled digitally. For instance, many firms employ an IT vendor to streamline its business processes through the use of services like Google Drive and Dropbox to store client information, which is something many firms would not have done even 10 years ago.
With the proliferation of new cybercrimes last year and the subsequent damage to large corporations and small businesses alike, it is no wonder cybersecurity is a regulatory focus. Combined with the passage and implementation of legislation to protect consumer data, including the recent implementation of GDPR (General Data Protection Regulation), it's more important than ever that your firm take cyber threats seriously and put into place policies and procedures to protect both client information and to maintain compliance.
Proper Cybersecurity Requires a Range of Risk Management Precautions
The stark reality of the modern digital landscape is that cyber-attacks are inevitable and cannot be completely prevented by even the most diligent firms. As such, your firm needs to employ a range of risk management precautions to ensure your client's data (and investments) are protected (and that you remain in compliance).
When a firm maintains a remote office or merges with a new firm, data is put at risk. Beyond simple hackers or identity thieves, cyber criminals can include malicious employees and dishonest vendors or contractors. As part of the National Examination Program's initiatives, OCIE wants to ensure that your firm is taking all necessary precautions to ensure policies and procedures are in place to mitigate both internal risk and external risk. When even the SEC itself is taking public steps to reveal how it collects and protects data, firms should understand that this is nothing to be taken lightly or put on the backburner.
Is your firm prepared for a cyber-attack? Contact us for more information or Legal Considerations for Your Cybersecurity Program to learn more about the steps your firm should be taking to maintain compliance.
- Managing Partner and CEO
Michelle L. Jacko, Esq. is the Managing Partner and CEO of Jacko Law Group, PC, which offers securities, corporate, real estate and employment law counsel to broker-dealers, investment advisers, investment companies ...
Add a comment
- New SEC Climate Change and ESG Task Force to Enhance Investor Protection by Red Flagging Examples of Corporate Greenwashing
- What Investment Advisers Must do to Qualify for the DOL’s Prohibited Transaction Exemption for IRA Rollovers
- SEC Division of Examinations Cites Enhanced Focus on Business Continuity Processes, Protection of Retail Investors and ESG-Related Risks Among its 2021 Priorities
- FINRA Report Suggests Growing Need for Enhanced Risk Management in Cybersecurity and Outside Business Activities
- Deadline Approaching: Considerations for Your Form ADV
- Leveraging JLG's Latest Service: Real Estate
- Safeguarding Your Firm Against Fraudulent or Improper Recognition of Revenue
- New Advisers Act Advertising Rule to Undergo Further Review
- Investors, Advisers Must be Mindful to Comply with New U.S. Ban on Estimated $1 Trillion of Chinese Securities
- Your First Meeting on the SEC’s New Investment Adviser Marketing Rule Should Address These Topics
- Securities and Exchange Commission (SEC)
- Investment Advisers
- Regulatory Examinations
- Policies and Procedures
- Social Media Marketing
- Due Diligence
- Transition Services
- California Consumer Privacy Act (CCPA)
- Aging Clients
- Advisers Act
- Virtual Currency
- Dodd-Frank Act
- Ponzi Scheme
- Office of Compliance Inspections and Examinations (OCIE)
- Broker Protocol
- Securities Law
- Form U5
- Private Equity
- Private Funds
- Hedge Funds
- Regulation Best Interest
- Personally Identifiable Information (PII)
- Government Shutdown
- Risk Alert
- Exchange-Traded Funds (ETFs)
- Investment Company Act
- Rule 6c
- Wells Fargo