newyork1.jpg

SEC to Conduct Second Phase of Cybersecurity Sweep

After completing a sweep of 100 firms focusing on preparedness concerning cybersecurity in 2014 and subsequently releasing their summary findings in February 2015, the SEC is poised to begin a second phase of their cybersecurity initiative this summer. This is in line with the 2015 exam priorities that included a continued focus on cybersecurity.

On March 9, 2015, in an interview with the compliance publication IA Watch, Jane Jarcho, OCIE’s national associate director of the Investment Adviser/Investment Company exam program, described the current thinking behind its “phase 2” initiative around cybersecurity. Ms. Jarcho explained that the next phase will begin this summer or early in 2016 and will include about the same number of firms being contacted. One major difference with this second phase is that, unlike the first sweep conducted, these exams will be onsite visits. Ms. Jarcho said that examiners will dig deeply into a few cyber related topics during these visits.

“It’s still in flux exactly what we’ll be doing” in phase 2, Jarcho said. But Jarcho did indicate that likely areas of inquiry would include what response plans firms have for a cyber breach or attack; due diligence of vendors’ cyber policies and procedures; and what role senior management and boards play in approving a firm’s cybersecurity policies and procedures. Phase 2 will be a nationwide effort and will more than likely be influenced by the “more notorious breaches” reported in the press, she added.

While there are currently no rules dictated by OCIE with respect to a firm’s approach to cybersecurity, there are resources that many firms are referring to while creating and adopting cyber related policies and procedures. These include the National Institute of Standards and Technology framework and the Federal Financial Institutions Examination Council guidance.

Increasingly, civil actions and class-action suits related to cyber-security threats are being filed. In a recent decision, rendered on March 13, 2015, a federal judge dismissed two data-breach class action cases filed by plaintiffs whose personal information was hacked from a payroll company. These individuals were consequently at an increased risk of identity theft. However, Judge John Jones III found because no actual identity-theft-related crimes occurred as a result of the breach, there was no compensable injury and it does not suffice to allege an imminent injury. The defendants were lucky in this instance but, in most cases, there will be injury involved and consequently, in addition to an SEC inquiry, fund managers may be exposed to civil actions.

SEC3 can assist your firm in creating, implementing and maintaining your cybersecurity policies and procedures. For further information, please contact your SEC3 representative or contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Newsletter

Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on Mutual Fund CCO topics.
tip: check both to keep informed!

Communiques

SEC3 Newsletter

Commentary: How Compliance Officers & Firms Can Help Limit CCO Personal Liability This article originally appeared on the Thomson Reuters Regulatory Intelligence subscription service for compliance and risk professionals and is... read more »

Wishing One-and-All a Happy, Healthy and Prosperous New Year

We hope each of you found some peace and tranquility in the company of loved ones this holiday season and want to wish one-and-all a happy, healthy and prosperous New... read more »

Understanding How to Mitigate Liability and Navigate Insurance Options (Part II)

In June, we shared our thoughts around common insurance gaps and insurance riders that CCOs as well as managers should understand. One of the gaps we shared related to pre-claim... read more »

Cybersecurity - What have we learned and what have we done?

Regulatory Landscape In April 2015, the Securities and Exchange Commission ("SEC's") Division of Investment Management issued a guidance update, identifying cybersecurity as a critical issue. Several regulators are in fact focusing... read more »

Gatekeepers in SEC Crosshairs

Ever since the enforcement cases were announced as part of the SEC’s “Operation Broken Gate,” the SEC enforcement division has continued to ramp up scrutiny of gatekeepers including third-party service... read more »

Anna M. Bencrowsky, CRCP, CMFS Joins SEC3

We are pleased to announce that Anna M. Bencrowsky, CRCP, CMFS has joined SEC3 as a Senior Consultant. Prior to joining SEC3, Anna held several executive compliance positions. Anna recently retired... read more »

Events

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email info@seccc.com to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...

Webcast: SEC 2017 Examination Focus Area – Cybersecurity Testing

Penetration Testing & Vulnerability Assessments - Examining the SEC & FINRA Requirements When: Wednesday, January 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder,...

Chief Compliance Officer Roundtable: Breakfast Briefing

When: October 20, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Thomas Westle and Janaya...

Practicing Law Institute - Hedge Fund Management 2016

When: September 15, 2016 Where: New York & concurrent webcast | 1177 Avenue of the Americas | New York, NY 10036 Schedule: 9:00 am – 5:00 pm Janaya Moscony, President of SEC3 will...

CHIEF COMPLIANCE OFFICER ROUNDTABLE: BREAKFAST BRIEFING

When: April 13, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 22nd Floor Boardroom Thomas Westle and Janaya Moscony, along with industry experts,...

COMPLIANCE SCIENCE SUMMIT 2015

When: November 17, 2015 Where: Convene Midtown East | 730 Third Avenue | New York, NY 10017 Janaya Moscony, President, SEC Compliance Consultants, Inc. will be moderating a...

CHIEF COMPLIANCE OFFICER ROUNDTABLE: BREAKFAST BRIEFING

When: October 13, 2015 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 22nd Floor Boardroom Thomas Westle and Janaya Moscony, along with...