Like many other industries, Registered Investment Advisers ("RIAs") have dealt with significant regulatory, technological, and systemic change in recent years. Compared to FINRA-regulated entities, RIAs often face these changes with less frequent or significant touchpoints from their primary regulator, the Securities and Exchange Commission (SEC). The SEC's method of regulating RIAs is typically principle-based rather than prescriptive-based, which the industry generally favors, but this approach certainly has its own pitfalls.
Read MoreOn October 16, 2023, the Securities and Exchange Commission (SEC) Division of Examinations (Division) announced its examination priorities for 2024. As it has done every year since it first began publishing its annual priorities in 2013, the Division enumerated the areas that will be a focus for the next fiscal year including: (i) investment advisers’ fiduciary duties and compliance programs, (ii) investment company compliance and governance practices, and broker-dealer practices, (iii) cybersecurity and resiliency, (iv) crypto assets and FinTech products and services, and (v) anti-money laundering (AML) programs.
Read MoreConcerns about regulatory risk and trade errors are also among top RIA concerns.
Registered investment advisors (RIAs) are more concerned about their liabilities for a cyberbreach or theft of data than any other potential business exposure, according to the 2023 RIA Risk Survey from insurance brokerage Golsan Scruggs.
Read MoreCybersecurity and data privacy risks continue to loom large with potentially significant consequences. Litigation, often filed soon after incidents, adds to the possible repercussions. In our previous article, we discussed a trio of states providing affirmative defenses or “safe harbors” that companies can take advantage of to minimize litigation exposure resulting from a data breach. Three other states have recently followed, with Oklahoma, Iowa, and Tennessee recently passing their own “safe harbor” laws.
Read MoreFinancial institutions must get ready to report on assessing, monitoring, mitigating and remediating cyber risks
Read MoreNew York Attorney General Letitia James and a coalition of five attorneys general reached a $6.5 million agreement Thursday with Morgan Stanley Smith Barney LLC for compromising the personal information of millions of customers nationwide.
According to James’ office, Morgan Stanley “failed to decommission its computers and erase unencrypted data in certain computer devices that were later auctioned while still containing consumers’ personal information, including data belonging to 1.1 million New Yorkers.”
Read MoreIn today’s rapidly evolving digital landscape, cybersecurity has become a critical concern for businesses across all industries. Recognizing the need for increased transparency and accountability, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) has issued a new pronouncement1 that outlines cybersecurity requirements for all registrants, which includes registered investment companies and registered investment advisers (“RIAs” or “advisers”). Implementation of this new SEC pronouncement is of critical importance as it will help advisers safeguard their (and their investors’) sensitive data and protect against cyber threats. By embracing these requirements, companies can enhance their cybersecurity posture, build trust with investors, and mitigate potential financial, operational, and reputational risks.
Read MoreThis is the second in a three-part series discussing the newly amended rules (collectively the “Rules”) adopted by the Colorado Division of Securities (“Division”) effective as of March 30, 2023 (the “Effective Date”) applicable to certain Colorado investment advisers and their registered representatives (“IARs”). The Rules mostly affect investment advisers registered with Colorado State (such advisers, “Colorado Licensed Advisers”).
Read MoreThe U.S. Securities and Exchange Commission will continue to review broker-dealers’ and advisers’ cybersecurity practices next year, the agency said in a report issued Monday.
“Operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, intense weather-related events, and geopolitical concerns,” the agency said in its “2024 Examination Priorities, Division of Examinations” report.
Read MoreCybersecurity and Cybersecurity Compliance share the same objective (protecting sensitive data from cyber threats), but they aren’t the same thing. They are related but have different focuses.
Read More