Compliance and Regulatory Services (“CARS”) Hot Topics for October 2015

October 13, 2015

This month, we are highlighting a new SEC Risk Alert from the Office of Compliance Inspections and Examination (“OCIE”) outlining a list of focus areas for its cybersecurity inspection program. This is the second in a series of OCIE risk alerts dealing with cybersecurity, and this time OCIE is also attaching to its release a first-day letter that is dedicated to just cybersecurity. The alert provides SEC-registered investment advisers with a very good roadmap for creating a risk-based program to protect their firm’s proprietary information and maintaining the privacy of critical client data that reside on both their own computer systems and at those of third-party vendors selected to receive client data.

Cyber risk has become a worldwide priority. It threatens all financial institutions. The potential for loss of critical operational and client data is always present. OCIE considers a failure to take appropriate action a violation of the federal privacy laws; states who have adopted privacy legislation will as well. This is evidenced by a recent SEC action against a registered investment adviser further described below. There is clearly no SEC tolerance for anything less than a strong cybersecurity program.
OCIE's 2015 Cybersecurity Examination Initiative is part of its National Examination Program and outlines several areas of interest they will be looking at during their on-site inspection. The focal areas are governance and risk assessment [our emphasis added] access rights and controls, data loss prevention, vendor management, training and incident response.  This is all part of establishing a cyber framework similar to that outlined previously when the OCIE recommended that SEC registrants adopt such a framework and cited the National Institute of Standards and Technology’s "Framework for Improving Critical Infrastructure Cybersecurity" as a viable solution.

The SEC recently fined and sanctioned an investment adviser because its policies and procedures were not reasonably designed to prevent a third-party hosted web server from being accessed by a foreign intruder. The intruder gained access to the adviser’s clients’ names and social security numbers. The SEC further charged the firm with violating privacy law Regulation S-P by failing to conduct periodic risk assessments, employ a firewall, encrypt client data, and establish procedures to respond to cybersecurity incidents.

Our Take: Although not even the United States federal government and the governments from around the world can prevent a cyber-attack, it is the SEC’s intention to make every registered investment adviser responsible for maintaining the integrity of client data whether that information resides on proprietary or third-party vendor servers.


SEC News 

Sept. 30, 2015 SEC Charges Executives for Defrauding Investors in Financial Fraud Scheme
Sept. 30, 2015 China-Based Company and CEO To Pay $55.6 Million for Inaccurate Disclosures
Sept. 30, 2015 Fee Rate Advisory #2 for Fiscal Year 2016
Sept. 30, 2015 Latour Trading Charged With Market Structure Rule Violations
Sept. 30, 2015 SEC Sanctions 22 Underwriting Firms for Fraudulent Municipal Bond Offerings 
Sept. 29, 2015 SEC Names William Royer to Lead Exam Program in Atlanta Office
Sept. 29, 2015 SEC Charges Investment Adviser With Fraud
Sept. 29, 2015 SEC Charges UBS Puerto Rico and Two Individuals in Actions Relating to Former Broker’s Fraud 
Sept. 29, 2015 SEC to Hold Equity Market Structure Advisory Committee Meeting on October 27
Sept. 28, 2015 SEC Charges Trinity Capital Corporation and Former Bank Executives With Accounting Fraud
Sept. 28, 2015 Credit Suisse to Pay $4.25 Million and Admits to Providing Deficient “Blue Sheet” Trading Data
Sept. 28, 2015 SEC Charges Five With Insider Trading, Including Two Attorneys and an Accountant
Sept. 28, 2015 SEC Charges Hitachi With FCPA Violations
Sept. 25, 2015 SEC Publishes Request for Comment on Regulation S-X
Sept. 25, 2015 SEC Charges Former Officers of SMF Energy With Fraud
Sept. 24, 2015 SEC Proposes to Amend Rules Governing Administrative Proceedings
Sept. 24, 2015 SEC Charges Six in Stock Fraud Scheme
Sept. 24, 2015 SEC Charges Individual and Firm for Manipulative Press Release Announcing Takeover Bid
Sept. 23, 2015 SEC Approves Renewal of Advisory Committee on Small and Emerging Companies
Sept. 23, 2015 SEC Charges Consultant and Friend With Insider Trading in Advance of P.F. Chang’s Merger
Sept. 23, 2015 SEC Charges Two Philadelphia Area Men For Defrauding Friends And Family In Private Equity Fund
Sept. 22, 2015 Lara Shalov Mehraban Named Associate Director for Enforcement in SEC’s New York Regional Office
Sept. 22, 2015 SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Policies and Procedures Prior To Breach
Sept. 22, 2015 SEC Proposes Liquidity Management Rules For Mutual Funds And ETFs
Sept. 22, 2015 SEC Charges Retailer for Improper Valuation and Inadequate Internal Accounting Controls
Sept. 21, 2015 SEC Charges Two Men in Stock Manipulation Scheme
Sept. 21, 2015 SEC Charges Investment Adviser With Improperly Using Mutual Fund Assets to Pay Distribution Fees
Sept. 18, 2015 SEC Announces Agenda for September 23 Meeting of the Advisory Committee on Small and Emerging Companies
Sept. 18, 2015 Attorney and Auditors Settle Charges in Microcap Scheme Involving Purported Mining Companies
Sept. 17, 2015 SEC Charges Florida-Based CPA with Fraud for Issuing Bogus Audit Opinions
Sept. 17, 2015 SEC Charges Clearing Firm Officials for Improper Margin Loans, Accounting and Disclosure Failures
Sept. 16, 2015 SEC Removes References to Credit Ratings in Money Market Fund Rule and Form
Sept. 14, 2015 SEC Charges Medical Diagnostics Company Chairman and Two Others Behind Scheme to Manipulate Company Stock
Sept. 14, 2015 SEC Obtains $30 Million From Traders Who Profited on Hacked News Releases
Sept. 11, 2015 SEC Charges Five Arizona Residents With Stealing Millions From Investors to Fund Travel and Entertainment Sprees
Sept. 10, 2015 SEC Announces Fraud Charges in Cross-Border Scheme to Secretly Control and Manipulate Stock of Chinese Companies After Reverse Mergers
Sept. 10, 2015 Robert Cohen and Joseph Sansone Named Market Abuse Unit Co-Chiefs
Sept. 9, 2015 SEC Halts Scheme by Trio Accused of Stealing Investor Money While Promising “Indestructible Wealth”
Sept. 9, 2015 SEC Announces Fraud Charges Against Financial Adviser Accused of Greatly Exaggerating Assets Under Management and Investment Returns on Paid Radio Program
Sept. 9, 2015 SEC Charges Father and Son and Friend With Insider Trading
Sept. 9, 2015 SEC Charges BDO and Five Partners in Connection With False and Misleading Audit Opinions
Sept. 8, 2015 SEC Charges Video Management Company Executives With Accounting Fraud
Sept. 8, 2015 Smeeta Ramarathnam Named Deputy Director in the Office of Credit Ratings
Sept. 8, 2015 SEC Charges Three RMBS Traders With Defrauding Investors
Sept. 8, 2015 SEC Charges Bankrate and Former Executives With Accounting Fraud
Sept. 8, 2015 SEC Charges Sports Nutrition Company With Failing to Properly Disclose Perks for Executives
Sept. 4, 2015 SEC Charges Seattle-Area Hedge Fund Adviser With Taking Unearned Management Fees
Sept. 2, 2015 SEC Charges Advisory Firm With Fraud for Improperly Retaining Fees
Sept. 2, 2015 SEC Halts Ongoing Fraud in Minnesota



Sept. 30 2015 Market Structure in the 21st Century: Bringing Light to the Dark
Sept. 17, 2015 Remarks at the AICPA National Conference on Banks and Savings Institutions
Sept. 17, 2015 Remarks at the Bloomberg BNA Conference on Revenue Recognition
Sept. 9, 2015 Accountants and Capital Markets in an Era of Digital Disruption: Remarks to the Institute of Chartered Accountants in England and Wales and BritishAmerican Business



Sept. 30, 2015 Some Demographic Groups Under-Represented Among Investor Households, FINRA Foundation Research Finds
Sept. 30, 2015 Statement Regarding Series 24 Exam
Sept. 29, 2015 FINRA Sanctions UBS Puerto Rico $18.5 Million for Supervisory Failures Regarding Sales of Puerto Rican Closed-End Funds and Related Loans
Sept. 29, 2015 FINRA Issues Investor Alert, Smart Beta – What You Need to Know
Sept. 17, 2015 FINRA Board Approves Rulemaking Item to Protect Seniors and Other Vulnerable Adults from Financial Exploitation
Sept. 15, 2015 FINRA Sanctions 10 Former Global Arena Representatives as a Result of FINRA Crackdown on Broker Migration
Sept. 15, 2015 FINRA Releases Guidance on Liquidity Risk Management Practices
Sept. 2, 2015 FINRA Issues Investor Alert, Messaging Apps Are Latest Platform for Delivering Pump-And-Dump Scams


(Complete Listing:

FINRA Rule Filings List
(Complete Listing:

Have Questions or Comments?

If you have any questions, we'd like to hear from you.