Cyber-Fraud Victim or Securities Law Violator?


Posted on October 23, 2018, by Mary P. Hansen and Peter Baldwin in Cybersecurity, SEC. Comments Off on Cyber-Fraud Victim or Securities Law Violator?

The Securities and Exchange Commission (SEC) recently released a report detailing whether or not certain companies that had fallen victim to cyber-related frauds had violated the Securities Exchange Act of 1934 by failing to have proper internal accounting controls. The nine companies investigated by the SEC fell prey to fraudulent “business email compromise” schemes, which are responsible for the highest estimated out-of-pocket losses of any cyber-related crimes in the last five years. The primary question for the SEC was whether or not the companies had failed to enact compliant internal accounting controls that may have prevented such fraud.

This alert details the SEC’s finding and advice for companies in an environment where cybersecurity is increasingly complicated and essential.

Read the full alert.





Comments are closed.



From the Blog:

CFTC Divisions Publish Inaugural Exam Priorities

In an effort to increase awareness and attention by regulated entities, the CFTC’s divisions of Market Oversight (DMO), Swap Dealer & Intermediary Oversight (DSIO), and Clearing...

Good Disclosure of Bad Internal Controls Is Not Enough

On January 29, the SEC announced settled charges with four public companies for failing to maintain adequate internal control over financial reporting (ICFR). According...

Alert: FINRA’s 529 Plan Share Class Initiative to Self-Report

On January 28, 2019, FINRA released its Regulatory Notice 19-04 announcing its 529 plan self-reporting initiative. This initiative is part of FINRA efforts to...