Monthly Archives

May 2019

SEC Risk Alert: Safeguarding Customer Records and Information in Network Storage – Use of Third-Party Security Features

By | Uncategorized | No Comments

issued May 23, 2019

The U.S. Securities and Exchange Commission (“SEC” or the “Commission”) has again commenced a series of cybersecurity examinations of registered investment advisers. The SEC distributed numerous request letters in May to gather registrant information pertaining to vendor diligence and oversight of cloud providers. The Commission is scrutinizing adviser policies and procedures which relate to the identification and monitoring of risks attendant to client information stored on third party vendor platforms. In general, advisers have a fiduciary duty and regulatory obligation pursuant to privacy regulations and cybersecurity guidance to ensure that non-public client information residing on third-party platforms remains secure and protected from misappropriation.

Read More

SEC Risk Alert: Compliance Issues with Privacy Notices and Safeguard Policies

By | Uncategorized | No Comments

issued April 16, 2019

On April 16, 2019 the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert related to Privacy Notice and safeguard policy compliance issues. This regulatory communication is applicable to investment advisers and broker-dealers (“registrants”) alike.  OCIE cited issues identified in deficiency letters from broker-dealer and adviser exams completed by the Staff during the past two years. It should be noted by SEC registrants that the Commission has issued deficiency notices and pursued enforcement actions on the basis of registrant non-compliance with Risk Alerts, including on the basis of guidance in the absence of a rule.

Read More