The SEC has a long to-do list, but ensuring that advisors and other registrants are protecting clients' sensitive information from cyber threats is right at the top, and more enforcement actions are expected.
The SEC’s Enforcement Division is using the Regulation S-P privacy rule to bring actions against firms that fail to safeguard client data, said the unit’s head, Andrew Ceresney, via an SEC webcast on Tuesday.
"Cyber is obviously a focus of ours, as I know it is for the other divisions, and we've brought a number of cases there relating to Reg S-P and failure to have policies and procedures relating to safeguarding information," Ceresney said, citing the case the commission brought against R.T. Jones, a St. Louis-based RIA, this past summer.
"There'll be others coming down the pike," Ceresney cautioned.
The SEC is reviewing the cybersecurity policies in place at advisors and broker-dealers. Separately, the commission has been shifting exam personnel from the BD side of the Office of Compliance Inspections and Examinations to the unit that oversees RIAs. MORE