FINRA Focuses on Outside Vendor Use, Cybersecurity, and AML in 2025
The Financial Industry Regulatory Authority is touting its focus this year on a number of common compliance themes, including broker-dealers’ cybersecurity risks, and anti-money laundering controls, while adding some new hot spots, including the selection of third-party vendors, according to its annual regulatory oversight report.
Read More
SEC Shifts Enforcement Focus With Launch of Cyber and Emerging Technologies Unit Print PDF Link Share
On February 20, 2025, the Securities and Exchange Commission (SEC) announced the formation of the Cyber and Emerging Technologies Unit, known as “CETU,” which will replace the Crypto Assets and Cyber Unit (“CACU”).
CETU aims to combat cyber-related misconduct and provide safeguards for retail investors against malpractices emerging in the technologies sector. The formation of CETU reflects a significant shift in the SEC’s priorities as to the digital assets sector, specifically an apparent move away from non-fraud crypto enforcement actions, such as alleged registration or technical violations of the securities laws.
Read More
What the SEC Amendments to Regulation S-P Mean for Your Business
On May 16, 2024, the SEC adopted amendments to Regulation S-P requiring broker-dealers, registered investment companies, registered investment advisers, funding portals, and transfer agents (collectively, “covered institutions”) to create an incident response program to deal with unauthorized access to or use of customer information. The amendments also expanded the obligations of covered institutions by requiring them to safeguard and properly dispose of a broader range of data types and maintain records documenting compliance with the amendments. Finally, the annual privacy notice delivery provisions now include an exception from a 2015 amendment to the Gramm-Leach-Bliley Act (GLBA).
Read More
Finra Focuses on Outside Vendor Use, Cybersecurity and AML in 2025
The Financial Industry Regulatory Authority on Tuesday touted its focus this year on a number of common compliance themes, including broker-dealers’ cybersecurity risks and anti-money laundering controls while adding some new hot spots, including the selection of third-party vendors, according to its annual regulatory oversight report.
Read More
Beware Outsourcing’s Security Risks, Finra Says
Financial services firms must establish procedures to ensure that their day-to-day operations and regulatory compliance are not interrupted in the event of a cybersecurity issue involving a third-party vendor, Finra says.
Read More
Summary of Regulation S-P Revisions Applicable to Investment Advisers
On May 15, 2024 the SEC issued Release Nos. 34-100155; IA-6604 (the “Adopting Release”) providing for amendments to the safeguards and disposal rules of Regulation S-P (the “Amendments”). The compliance dates for the Amendments are December 31, 2025 for “large” investment advisers (those with $1.5 billion or more in assets under management) and June 3, 2026 for “small” investment advisers (those with less than $1.5 billion in assets under management.
The safeguards rule requires investment advisers (and other Covered Institutions - broker-dealers, investment companies and transfer agents) to adopt written policies and procedures that address administrative, technical and physical safeguards to protect customer records and information (“Customer Information”). The disposal rule requires investment advisers (and other Covered Institutions) to ensure the proper disposal of Consumer Report information, and pursuant to the Amendments, Customer Information. This alert summarizes the Amendments as applicable to investment advisers.
Read More
8 Effective Information Security Measures to Safeguard Your Firm
Cybersecurity threats continue to evolve as cybercriminals become more sophisticated, even using advanced technology, such as artificial intelligence (AI), to carry out their scams. They also try to exploit human vulnerabilities, duping their targets into revealing sensitive information by clicking on questionable links or responding to phishing emails. In fact, human error accounts for up to 95 percent of security breaches.
Read More
