The Securities and Exchange Commission (“SEC”) has announced the adoption of amendments to Regulation S-P (“Amendments”) to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal...more
5/30/2024
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
Personally Identifiable Information ,
Policies and Procedures ,
Regulation S-P ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
On September 26, in the Securities and Exchange Commission’s (“SEC”) first enforcement action for violations of Regulation S-ID (the “Identity Theft Red Flags Rule”), Voya Financial Advisors Inc. (“VFA”), an SEC-registered...more
As noted in our earlier Foley Adviser, March 1, 2016 is the effective date for NFA member firms (including futures commissions merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail...more
The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs...more
10/30/2015
/ Breach Notification Rule ,
CFTC ,
Commodities ,
Commodity Pool ,
Corporate Executives ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Due Diligence ,
Futures ,
Information Systems Security Program (ISSP) ,
Information Technology ,
Major Swap Participants ,
NFA ,
NIST ,
Personal Data ,
Recordkeeping Requirements ,
Security Risk Assessments ,
Sensitive Business Information ,
Swap Dealers ,
Third-Party Service Provider ,
Training Requirements
In recent years, the SEC has been focused on cybersecurity. It has issued risk alerts, conducted examinations and provided guidance about what the agency sees as widespread weaknesses in many policies and procedures to...more
9/28/2015
/ Broker-Dealer ,
Cease and Desist Orders ,
Civil Monetary Penalty ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Hackers ,
OCIE ,
Personally Identifiable Information ,
Policies and Procedures ,
Registered Investment Advisors ,
Regulation S-P ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Security Risk Assessments
Second Round of Cybersecurity Examinations to Begin -
On September 15, 2015, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a Risk Alert announcing a...more
9/21/2015
/ Broker-Dealer ,
Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Privacy ,
Data Protection ,
Data Security ,
Investment Adviser ,
OCIE ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Security Risk Assessments ,
Third-Party ,
Training
On April 28, 2015, the SEC’s Division of Investment Management (the “Division”) issued a Guidance Update regarding the SEC’s initiative to assess cybersecurity preparedness and threats in the securities industry, further...more
On June 3, 2014, the Massachusetts Securities Division released a survey to assess cybersecurity readiness and practices of Massachusetts-registered investment advisers....more
On April 15, 2014, the Office of Compliance Inspections and Examinations of the Securities and Exchange Commission (the “SEC”) issued a Risk Alert regarding the SEC’s initiative to assess cybersecurity preparedness and...more