Financial regulators are emphasizing the risk poor cybersecurity poses to market integrity and financial stability, and elaborating on policies and controls they expect the firms they oversee to have in place. Investment managers’ responsibility for cybersecurity has grown like compound returns. The SEC’s Office of Compliance Inspections and Examinations disclosed that its examination staff would be testing investment advisers to assess cybersecurity procedures and controls, and the National Futures Association proposed an interpretive notice expressly…

As the end of 2015 approaches, financial regulators continue to emphasize the risk that poor cybersecurity poses to market integrity and financial stability, and to elaborate on the policies, procedures and controls they expect investment advisers, commodity pool operators and registered investment companies to have in place. Click here to read more.…

Cybersecurity continues to be a priority for the Securities and Exchange Commission (SEC). The SEC’s Office of Compliance Inspections and Examinations conducted a cybersecurity “sweep” examination in 2014 and released a summary of its results in early 2015. The SEC’s Division of Investment Management — which regulates investment companies and investment advisers — has now issued additional cybersecurity guidance in the form of a Guidance Update, which provides more detail on what reasonable security measures…

Information security is not only a good idea — it is also a legal obligation. Federal and state laws impose obligations on businesses, including investment advisers, to keep their data secure. Most of these laws focus on requiring businesses to take reasonable security measures. While it may take regulators and courts years to clearly define what exactly those are, best practices that facilitate compliance can and should be developed and followed now. Click here…

Cybersecurity continues to be a priority for the Securities and Exchange Commission. The SEC’s Office of Compliance Inspections and Examinations conducted a cybersecurity “sweep” examination in 2014 and released a summary of its results in early 2015. The SEC’s Division of Investment Management — which regulates investment companies and investment advisers — has now issued additional cybersecurity guidance in the form of a Guidance Update. Most registrants will find the Guidance Update to be fairly…

On April 1, 2015, the Securities and Exchange Commission (“SEC”) announced its first enforcement action against a company for using language in a confidentiality agreement that could prevent or deter whistleblowing activity. Rule 21F-17 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) provides that “no person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to…

Earlier this week, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert providing observations derived from its “Cybersecurity Examination Initiative,” which was announced on April 15, 2014. The Risk Alert is based on OCIE’s examinations of the cybersecurity policies and practices of 57 registered broker-dealers and 49 registered investment advisers. While the Risk Alert does not provide specific guidance, it does provide fund managers with a snapshot of the cybersecurity practices…