Throughout 2024, financial sector regulators sharpened their focus on data protection and cybersecurity issues impacting financial institutions and the public. Key federal agencies like the Securities and Exchange Commission (“SEC”), the Federal Trade Commission (“FTC”), and the Consumer Financial Protection Bureau (“CFPB”) have been joined by state regulators, such as the New York Department of Financial Services (“NYDFS”), in proposing and finalizing significant rulemaking, pursuing novel enforcement actions, and issuing influential guidance. 2025 promises to be a continuation of this considerable trend.
Read More"You still get some of them that think, 'I'm okay. My IT people tell me, I'm okay'
Read MoreOn October 21, 2024, the Division of Examinations (Division) of the Securities and Exchange Commission (SEC) published its 2025 examination priorities (2025 priorities). The release of the 2025 priorities is intended to inform registered investment advisers, investment companies and broker-dealers of potential areas the Division will review during examinations in 2025.
Read MoreOn October 16, 2024, the New York Department of Financial Services (“DFS”) issued guidance addressing how institutions can meet their existing obligations under 23 NYCRR 500 (“Part 500”) given new and heightened cybersecurity risks arising from artificial intelligence (“AI”). DFS recommends a number of steps for companies to prepare for such risks, including:
Read MoreThe SEC has unveiled its 2025 examination priorities, highlighting the emerging and continuing risk areas it perceives among wealth firms, investment advisers, broker-dealers, and wealth technology companies.
Read MoreThe Cyber and Analytics Unit within the Member Supervision program of the Financial Industry Regulatory Authority, Inc. ("FINRA") recently published a cybersecurity advisory regarding increasing cybersecurity risks.
The Cyber and Analytics Unit within the Member Supervision program of the Financial Industry Regulatory Authority, Inc. ("FINRA") recently published a cybersecurity advisory regarding increasing cybersecurity risks at third-party providers (the "Cybersecurity Advisory").1 The Cybersecurity Advisory highlights third-party risks to FINRA member firms and effective practices to mitigate such risks.
Read MoreWealth managers face a new reality. The costs of cybercrime will soon reach $10.5 trillion per year(according to Cybersecurity Ventures)—which is larger than the sale of all illegal drugs worldwide, combined—and financial industry participants and their clients are compelling targets. Numerous firms have already been attacked and millions of dollars of client assets have been stolen.
Read MoreIt is no surprise that with the increased use of technology and its' ever-evolving advancements, comes an increased rate in cyber-crime and threats to personal consumer information. In response to these developments, and to modernize and improve the protection of consumer information, on May 16, 2024, the Securities and Exchange Commission (SEC), announced the adoption of amendments to Regulation S-P. These rules apply to broker-dealers (including funding portals), investment companies, registered investment advisers, and transfers agents (collectively "covered institution(s)").
Read MoreThe SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and ultimately reimbursed clients for the money lost, the SEC still fined the company $850,000 for failure to provide the necessary safeguards to protect its clients’ funds.
Read More