Tag: cybersecurity

Recent Privacy Law Changes for Advisers a Focus of Cyber Discussion in Scottsdale

Regulators and legislators certainly have been busy in 2019, leaving little breathing room for financial firms. More data privacy laws are on the horizon, particularly at the state level, with some very real implications for SEC-registered investment advisers. That was the key message from the “Regulatory Update on Privacy Regulations and Cybersecurity” panel during the … Continued

Virginia Investment Adviser Rules Amended – September 16, 2019 Compliance Date

Last week we discussed the changes to the Massachusetts IA Disclosure Rule. That is not the only state legislature that has been busy. On August 21, 2019, the Virginia State Corporation Commission adopted revisions to Chapters 20, 30, 45, and 80 of Title 21 of the Virginia Administrative Code. The amendments impact Virginia state registered … Continued

CFTC Orders Firm to Pay $1.5 Million in Connection with Phishing Cyber Breach, Cites Inadequate Cyber Training

The Commodity Futures Trading Commission (CFTC) isn’t holding back when it comes to holding firms accountable for protecting their client’s funds and information. On September 12, 2019, the CFTC issued an order bringing proceedings against a registrant to the tune of $1.5 million US relating to claims that the registrant violated Commission Regulations 166.3 and … Continued

Cayman Islands Data Protection Law Nears Taking Effect

Cybersecurity regulations have landed ashore on the islands, and life is about to become anything but a beach for firms forced to comply with the Cayman Islands’ new Data Protection Law (DPL), slated to take effect September 30, 2019. With provisions largely mirroring the EU’s General Data Protection Regulation (GDPR), entities with a presence or … Continued

Serious Security Flaw Discovered in Three Widely Used VPNs – Update Now!

Virtual Private Networks (“VPNs”) are a secure way for employees to access firm files remotely, whether working from a home office or while travelling. They work by creating an encrypted connection from a laptop or PC to a firm’s server and allowing users to securely access and transfer files while out of the office. Access … Continued

How Can a Small Advisory Practice Economically Be as Cyber-Secure as Possible?

Cybersecurity is a risk that applies to firms both large and small without discrimination. Even very small advisory firms, which I’ll define as having one to five staff for purposes of this discussion, have a wealth of information worth safeguarding. Cybercrime is often a crime of opportunity. Hackers are metaphorically going door to door (computer … Continued

SEC Begins Cyber Sweep of Investment Advisers with Focus on Cloud Storage

A sweep of investment advisers is underway by the U.S. Securities and Exchange Commission, which has sent out many letters to firms over the last week requesting information about their use of cloud providers. The move could be part of the SEC’s Phase 3 Cybersecurity Exam Initiative, and is likely related to the April Regulation … Continued

What Happens When Your CRM is Breached?

Even your client relationship management (CRM) software may not be safe from hackers. That’s the lesson some advisers are learning after an announcement by CRM vendor Redtail that it discovered in March 2019 that its cloud-based software had left some sensitive client data publicly accessible. The data left vulnerable included first names, last names, addresses, … Continued

Regulation Best Interest, Cybersecurity Top Concerns at IAA 2019 Compliance Conference

The Investment Adviser Association (IAA) represents the interests of investment advisers in Washington D.C., and the IAA Investment Adviser Compliance Conference 2019 was a forum for the discussion of future potential rulemaking. Cybersecurity and Fiduciary Rule considerations were headline topics, with custody and marketing right behind. The following is a summary of key issues discussed … Continued

SEC OCIE Issues 2019 Examination Priorities

Well ahead of the New Year, the SEC Office of Compliance Inspections and Examinations (OCIE) announced its 2019 examination priorities. In keeping with OCIE’s four “pillars” of promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy, the Dec. 20 release provides a preview of key areas where OCIE intends to focus its limited … Continued

What Am I Looking At? Making Sense of Your Cyber Testing Reports

It’s no surprise that Compliance and IT do not speak the same language. Compliance staff often speak in terms of regulations and policies, whereas bits and bytes are the language of IT staff. This distinction is clear when it comes to cybersecurity risk management, as the compliance and IT audiences are looking for different takeaways … Continued

Lessons Learned: Wargaming Your Incident Response Plan

Data breaches and cyber incidents made headlines again recently with the announcement that 50 million Facebook accounts were compromised as well as the SEC’s issuance of sanctions against a dual registrant stemming from the firm’s response to phishing attacks. So it was both timely and fitting that U.S. intelligence community veteran Jeff Welgan, Executive Director … Continued

Data Breach Prevention and Response

According to the Investment Firm of the Future, a report published by CFA Institute earlier this year, 24% of the organization’s members rated cybersecurity as their firm’s top technology priority. With the myriad challenges facing investment professionals in 2018, that’s a striking number. What to do? E.J. Yerzak, Director of Cyber IT Services for Ascendant Compliance … Continued


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Loading form...

Mailing List

Loading form...