Tag: cybersecurity

SEC Issues New Cyber Risk Alert to Financial Firms

Financial firms have a bigger target on their backs at the moment, according to a new risk alert issued July 10, 2020 by the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE).  This new risk alert on ransomware cautions investment advisers, broker-dealers, and investment companies that OCIE has recently observed a marked … Continued

FINRA Enhanced Security Features for Super Account Administrators (SAAs) and Account Administrators (AAs)

FINRA recently deployed a new security feature for users of the Web CRD and IARD systems which is being rolled out to firms in phases over the next several months. FINRA is implementing Multi-Factor Authentication (MFA) which will add an additional layer of security for Super Account Administrators (SAAs) and Account Administrators (AAs) verifying their … Continued

Where Are Your Cybersecurity Blindspots with COVID-19?

Google Data Reveals 350% Surge In Phishing Websites During Coronavirus Pandemic More financial firms have shifted to a remote workforce in the midst of the COVID-19 pandemic. While the availability of VPNs and cloud-based services has enabled firms to continue operating, the paradigm shift to an entire staff working from home has not come without … Continued

SEC Releases More Cyber Best Practices, Including Surprise Additions

In advance of National Data Privacy Day today, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has just released a new summary of cybersecurity best practices it has observed over the course of thousands of examinations it has conducted over the past few years. In its Cybersecurity and Resiliency Observations, OCIE … Continued

Compliance Lessons Learned in 2019

Now that we are in mid-January, a few things are evident. We have likely broken one or more New Year’s resolutions, the effect of any rest over the holidays has worn off and we need to complete our annual compliance reviews for 2019 and firm up our 2020 plans. While I don’t have solid advice … Continued

Countdown to CCPA: Are You Ready to Comply with New Data Privacy Requirements?

With less than one month before the California Consumer Privacy Act (CCPA) is effective, companies are preparing to update their cybersecurity programs. Many must address the regulation’s new data privacy requirements, which have caught some financial institutions off guard. Modeled to some extent after the European Union’s General Data Protection Regulation (GDPR), the CCPA provides … Continued

Recent Privacy Law Changes for Advisers a Focus of Cyber Discussion in Scottsdale

Regulators and legislators certainly have been busy in 2019, leaving little breathing room for financial firms. More data privacy laws are on the horizon, particularly at the state level, with some very real implications for SEC-registered investment advisers. That was the key message from the “Regulatory Update on Privacy Regulations and Cybersecurity” panel during the … Continued

Virginia Investment Adviser Rules Amended – September 16, 2019 Compliance Date

Last week we discussed the changes to the Massachusetts IA Disclosure Rule. That is not the only state legislature that has been busy. On August 21, 2019, the Virginia State Corporation Commission adopted revisions to Chapters 20, 30, 45, and 80 of Title 21 of the Virginia Administrative Code. The amendments impact Virginia state registered … Continued

CFTC Orders Firm to Pay $1.5 Million in Connection with Phishing Cyber Breach, Cites Inadequate Cyber Training

The Commodity Futures Trading Commission (CFTC) isn’t holding back when it comes to holding firms accountable for protecting their client’s funds and information. On September 12, 2019, the CFTC issued an order bringing proceedings against a registrant to the tune of $1.5 million US relating to claims that the registrant violated Commission Regulations 166.3 and … Continued

Cayman Islands Data Protection Law Nears Taking Effect

Cybersecurity regulations have landed ashore on the islands, and life is about to become anything but a beach for firms forced to comply with the Cayman Islands’ new Data Protection Law (DPL), slated to take effect September 30, 2019. With provisions largely mirroring the EU’s General Data Protection Regulation (GDPR), entities with a presence or … Continued

Serious Security Flaw Discovered in Three Widely Used VPNs – Update Now!

Virtual Private Networks (“VPNs”) are a secure way for employees to access firm files remotely, whether working from a home office or while travelling. They work by creating an encrypted connection from a laptop or PC to a firm’s server and allowing users to securely access and transfer files while out of the office. Access … Continued

How Can a Small Advisory Practice Economically Be as Cyber-Secure as Possible?    

Cybersecurity is a risk that applies to firms both large and small without discrimination. Even very small advisory firms, which I’ll define as having one to five staff for purposes of this discussion, have a wealth of information worth safeguarding. Cybercrime is often a crime of opportunity. Hackers are metaphorically going door to door (computer … Continued

SEC Begins Cyber Sweep of Investment Advisers with Focus on Cloud Storage

A sweep of investment advisers is underway by the U.S. Securities and Exchange Commission, which has sent out many letters to firms over the last week requesting information about their use of cloud providers. The move could be part of the SEC’s Phase 3 Cybersecurity Exam Initiative, and is likely related to the April Regulation … Continued

What Happens When Your CRM is Breached?

Even your client relationship management (CRM) software may not be safe from hackers. That’s the lesson some advisers are learning after an announcement by CRM vendor Redtail that it discovered in March 2019 that its cloud-based software had left some sensitive client data publicly accessible. The data left vulnerable included first names, last names, addresses, … Continued


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.


Mailing List