SEC Risk Alert on Prevention of Identity Theft and Reg S-ID What happened? The Division of Examinations (“EXAMS”) issued a Risk Alert to assist firms with identity theft prevention programs required under Regulation S-ID. Financial institutions (including broker-dealers and registered investment advisors) must determine whether they offer “covered accounts” [...]
Be Alert as Ransomware Conti-nues to Take Over WHAT HAPPENED? The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have seen Conti ransomware used in more than 400 attacks on U.S. and international organizations. Typically, Conti ransomware attacks are malicious in nature and occur when a bad actor intends to steal [...]
Cybersecurity and ESG Proposals Are on the Horizon: Key Takeaways from SEC Chair’s Senate Testimony WHAT HAPPENED? Before the Senate Banking Committee on September 14th, SEC Chair, Gary Gensler, indicated that numerous rules related to cybersecurity and climate risk, among others are in the works. Even though this is the first time the [...]
ALERT: Phishing Attack Posing as FINRA Request WHAT HAPPENED? Broker-dealers, investment advisers, and investment companies could be affected by a new phishing campaign. This is similar to the FINRA survey phishing campaign that occurred in October 2020.The attack is originating from bad actors, purporting to be the Financial Industry Regulatory Authority (FINRA) [...]
SEC Cybersecurity Sanctions: Your Firm Could Be Next WHAT HAPPENED? On August 30th, the SEC sanctioned eight firms in three actions for failures in cybersecurity policies and procedures. The investigations revealed: Among the eight firms, nearly 200 cloud-based email accounts of firm personnel, representatives, and financial advisors were taken over by unauthorized [...]
The SEC’s Latest Exam and Request List Trends WHAT HAPPENED? With new SEC leadership in place, including Chairman Gary Gensler and Director of Enforcement Gurbir Grewal, the Commission’s examination trends continue to evolve. Some focus areas, like cybersecurity and business continuity, are more relevant than ever with the changes [...]
SEC Cybersecurity Sweep Exams? Here is what you need to know. WHAT HAPPENED? Recently, there has been an increase in SEC Exam requests related to cybersecurity. Although the SEC has not yet announced a sweep exam, there appears to be a cybersecurity exam initiative underway. This is likely due [...]
2021 SEC Examination Priorities: What You Should Know WHAT HAPPENED? On March 3, 2021, the Division of Enforcement of the U.S. Securities and Exchange Commission (the Division) released its list of 2021 Examination Priorities. The annual list outlines the regulator’s most pertinent exam initiatives and highlights important areas of [...]
Six New Data Privacy Bills That Could Become Law in 2021 WHAT HAPPENED? State mandated data privacy regulations are constantly evolving to meet the needs of the changing cybersecurity landscape. Staying up to date with these rules is critical to maintaining a compliant and functional cybersecurity program at your [...]
Scam Risks in 2021 and How to Avoid Them Cybercriminals are becoming increasingly sophisticated and continue to find new ways to compromise both individuals’ and firms’ data security. Phishing attacks often use current events or crises to entice users to click infected links, download malicious programs or documents, or provide [...]