On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves and their online accounts. FINRA issued a similar, more extensive “Report on Cybersecurity Practices” on the same day.
The National Exam Program Risk Alert, “Cybersecurity Examination Sweep Summary” summarizes cybersecurity practices and policies of 57 registered broker-dealers, and 49 registered investment advisers based on examinations conducted by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”). These findings should be reviewed by CISOs and CIOs who have responsibility for cybersecurity protection because they highlight best practices and areas ripe for improvement. It is reasonable to assume that both the SEC and FINRA will expect firms to review the findings and tailor their own internal assessments and practices to improve their cybersecurity posture, accordingly. They also underscore that the simplest cyber-related scams (phishing, fraudulent e-mail scams, etc.) are still remarkably successful.
Congress continues to struggle with the issue of proper oversight for investment advisors. Despite catastrophes like the Bernie Madoff scheme, SEC budget constrictions have resulted in only a handful of investment advisors being reviewed by the Commission each year (as compared to over half of all broker-dealers). Various bills have been floated to remedy the situation.
In April, the Investment Adviser Oversight Act of 2012 was introduced in the House. Proposed as an amendment to the 1940 Investment Adviser Oversight Act, the new act seeks to regulate investment advisors by requiring them to join a new self-regulatory organization (SRO) that would be funded by their membership fees. Though not explicitly set forth by the Act, the Financial Industry Regulatory Authority (FINRA) was expected to create and oversee the new governing SRO. Read More
On July 11, 2012, the Securities and Exchange Commission (SEC) approved a new rule, which will require the national securities exchanges and self-regulatory organizations like the Financial Industry Regulatory Authority (FINRA) to establish a market-wide consolidated audit trail. The new consolidated audit trail will improve regulators’ ability to monitor and analyze trading activity. With the approval of Rule 613, the exchanges and FINRA must jointly submit to the SEC a comprehensive plan of how they plan to develop, implement, and maintain the consolidated audit trail. Rule 613 also requires that the consolidated audit trail collect and identify every order, cancellation, modification, and trade execution for all exchange-listed equities and equity options in all U.S. markets. Read More
A recent report released by the Government Accountability Office (“GAO”) last week concluded that the SEC can improve its oversight of the Financial Industry Regulatory Authority (“FINRA”), a self-regulatory organization charged with policing securities broker-dealers. The GAO’s criticism of the SEC is a politically hot issue because Congress is currently considering whether to shift authority for overseeing investment advisors from the SEC to FINRA—the subordinate organization the SEC is purportedly doing a poor job of overseeing.
The GAO report was a product of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which required the GAO to study the SEC’s oversight of FINRA. In particular, the report examined (1) how the SEC has conducted its oversight of FINRA in the past; including FINRA rule proposals and the effectiveness of its rules; and (2) how the SEC plans to enhance its oversight of FINRA.
The report concluded that that while the SEC routinely inspects many of FINRA’s programs, it does not conduct any retrospective review, i.e., it does not review whether FINRA’s rules are actually effective. In fact, the report concluded that the SEC does not even have a process for retrospective review.
Significantly, the GAO report also concluded that the SEC had conducted virtually no review of FINRA operations aimed at executive compensation and corporate governance issues. The SEC claimed it had purposefully overlooked compensation and governance operations because of competing priorities and resource constraints, and instead had focused its resources on FINRA’s regulatory departments, which the SEC perceived as programs with the greatest impact on investors.
Given these and other conclusions, the GAO recommended that the SEC “encourage FINRA to conduct retrospective reviews of its rules” as well as establish its own process for examining FINRA reviews. It further recommended that the SEC utilize a risk-management framework in developing its future oversight plans.
Please do not include any confidential, secret or otherwise sensitive information concerning any potential
or actual legal matter in this e-mail message. Unsolicited e-mails do not create an attorney-client
relationship and confidential or secret information included in such e-mails cannot be protected from
disclosure. Orrick does not have a duty or a legal obligation to keep confidential any information that
you provide to us. Also, please note that our attorneys do not seek to practice law in any jurisdiction
in which they are not properly authorized to do so.
By clicking "OK" below, you understand and agree that Orrick will have no duty to keep confidential any
information you provide.