Office of Compliance Inspections and Examinations

The SEC Opens Up a New Front in the Cybersecurity Wars

cybersecurity

For the last few years, the SEC has been issuing guidance as to appropriate cybersecurity policies and procedures for financial firms.  In a move that signal’s the regulator’s willingness to put muscle into its cybersecurity guidance, the SEC announced an agreement with St. Louis-based investment company, R.T. Jones Capital Equities Management (“R.T. Jones” or “the company”), to settle charges that the company failed to adequately safeguard the personal information (“PI”) of approximately 100,000 individuals.  Consistent with this trend, the SEC has announced that its Office of Compliance Inspections and Examinations (“OCIE”) would be conducting a second round of investigations[1] into the cybersecurity practices of brokerage and advisory firms (the “Cybersecurity Examination Initiative”).  These moves signal the SEC’s increasing scrutiny of investment firms’ information security practices and indicate the regulator’s willingness to enforce the guidance that it has issued.

READ MORE

Going for Brokerage: SEC Report Highlights Best (and Worst) Practices in Cybersecurity Preparedness

On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves and their online accounts.  FINRA issued a similar, more extensive “Report on Cybersecurity Practices” on the same day.

READ MORE