Category: Cybersecurity


SEC Announces Enforcement Division Cyber Specialty Unit

Posted on September 26th, by in Cybersecurity, Enforcement, General. Comments Off on SEC Announces Enforcement Division Cyber Specialty Unit

On September 25, 2017, the Securities and Exchange Commission announced the creation of an Enforcement Division “Cyber Unit” that will focus on cyber-related violative conduct. The timing of this is much more than coincidental; indeed it’s obvious. Just last week, SEC Chairman Jay Clayton disclosed: 1) a 2016 intrusion of the SEC’s EDGAR system due to a software vulnerability in the test filing component of the system, resulting in access to nonpublic information; and 2) the creation of a senior-level cybersecurity working group. Since the disclosure of the EDGAR breach, the financial press has reported that SEC Enforcement, the Secret Service, and the FBI have been investigating, and that Chairman Clayton asked the SEC’s Office of Inspector General to investigate. On September 26, 2017, Chairman Clayton appears before the Senate Committee on Banking, Housing, and Urban Affairs where he will … Read More »


SEC Charges Investment Adviser with Failure to Adopt Proper Cybersecurity Policies and Procedures Prior to Cyberattack

Posted on September 24th, by in Cybersecurity, OCIE, Office of Compliance Inspections and Examinations. Comments Off on SEC Charges Investment Adviser with Failure to Adopt Proper Cybersecurity Policies and Procedures Prior to Cyberattack

On Tuesday, September 22, 2015, the SEC charged an investment adviser with failing to adopt a written policy and procedure reasonably designed to safeguard customer records and information. The charge spawned from a July 2013 cyberattack on the investment adviser’s third party-hosted server, which potentially compromised the personally identifiable information (“PII”) of over 100,000 individuals stored on the server. Without admitting or denying the SEC’s findings, the investment adviser has agreed to settle the charge for approximately $75,000 and cease and desist from committing or causing any future violations of the SEC’s “Safeguards Rule.”

Rule 30(a) of Regulation S-P (the “Safeguards Rule”) requires every investment adviser registered with the SEC to adopt written policies and procedures reasonably designed to safeguard customer records and information. Specifically, the policies and procedures must be reasonably designed to: (1) insure the security and confidentiality of … Read More »


SEC to Examine Registered Broker-Dealers’ and Investment Advisers’ Procedures for Countering Cybersecurity Threats

Posted on April 28th, by , , and in Cybersecurity, Office of Compliance Inspections and Examinations, SEC Guidance. Comments Off on SEC to Examine Registered Broker-Dealers’ and Investment Advisers’ Procedures for Countering Cybersecurity Threats

Background and Purposes

On April 15, 2014, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a “Risk Alert” explaining a new initiative to assess cybersecurity preparedness in the securities industry.  Although not an official rule, regulation or statement of the SEC, the Risk Alert advised that OCIE will be conducting examinations of more than 50 registered broker-dealers and registered investment advisers, regarding their cybersecurity and data security procedures and policies.

OCIE’s cybersecurity initiative is designed to obtain information about the industry’s recent experiences with certain types of cyber threats.  The examinations will focus on the following topics: the firm’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with … Read More »




From the Blog:

SEC Announces Enforcement Division Cyber Specialty Unit

On September 25, 2017, the Securities and Exchange Commission announced the creation of an Enforcement Division “Cyber Unit” that will focus on cyber-related violative...

Split Second Circuit Affirms Insider Trading Conviction While Rejecting Newman’s “Meaningfully Close Personal Relationship” Requirement

On August 23, 2017, the United States Court of Appeals for the Second Circuit affirmed an insider trading conviction against a portfolio manager, and...

7th Circuit Affirms 1st Conviction For Spoofing

Spoofing is not going away after all. Last week, the U.S. Court of Appeals for the Seventh Circuit unanimously upheld the first-ever criminal conviction...