SCOTTSDALE, ARIZONA FEBRUARY 16, 2021 – Advisor Armor is proud to release Applet Version 1.6.1 which provides customizable cybersecurity policy enforcement across unlimited endpoints including desktops, laptops, tablets, and mobile devices under a single user license. This novel software scans, notifies, and reports policy conformance in real-time.

The SEC’s Regulation S-P Rule 30 requires firms to have written policies and procedures that are reasonably designed to safeguard customer records and information. FINRA Rule 4370 (Business Continuity Plans and Emergency Contact Information) also applies to denials of service and other interruptions to members’ operations. In addition to firms’ compliance with SEC regulations, FINRA reminds firms that cybersecurity remains one of the principal operational risks facing broker-dealers, and expects firms to develop reasonably designed cybersecurity programs and controls that are consistent with their risk profile, business model and scale of operations.

The New York Department of Financial Services (DFS), which regulates certain covered entities and licensed persons in the financial services sector doing business in New York, recently provided guidance to its regulated entities that the annually required Certificate of Compliance with the DFS Cybersecurity Regulations must be submitted no later than April 15, 2021.

As 2020 finally comes to a close, compliance officers face the unenviable job of performing their compliance program’s annual review under Advisers Act Rule 206(4)-7). An essential element of that review is updating the firm’s compliance policies and procedures to reflect relevant changes to regulations and regulatory guidance. Here’s a cheat sheet for Chief Compliance Officers summarizing the SEC’s big-ticket items from 2020.

The 2020 pandemic struck hard and fast, bringing with it much uncertainty and chaos. That chaos opened up new avenues for cybercriminals to strike, some taking advantage of vulnerabilities created by millions of remote employees who work on unsecured home devices.

The financial services industry faced unprecedented cybersecurity and privacy challenges in 2020. From learning how to operate with a remote workforce, dealing with a complex and evolving regulatory environment, facing an exponential rise in the number and sophistication of cyberattacks – particularly ransomware attacks and the significant and still unfolding breach of the federal government – and navigating COVID-19 issues, the cyber resilience of financial institutions was tested to its limits.

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) recently alerted investment professionals about many of the common lapses it observed when conducting thousands of cybersecurity exams. The report warned that hackers are in fact becoming more aggressive and sophisticated — and in some cases backed by substantial resources and nation-state actors.

To help educate independent advisers, asset managers, investment firms, boards, and prospects about the importance of protecting confidential client data here is a checklist of the top five things professionals in the financial industry should consider when setting priorities.

The North American Securities Administrators Association said Monday that its membership has voted to adopt a model rule setting parameters on how to implement a continuing education program for investment adviser representatives (IARs) in their jurisdictions.

Employers in the financial services sector are facing an unprecedented number of cybersecurity attacks during the pandemic crisis. To put this in perspective, the Financial Industry Regulatory Authority (FINRA) has issued nine notices regarding the ongoing and widespread cybersecurity threats facing the industry since the COVID-19 pandemic began – and only issued seven cybersecurity notices in the 14 years before the pandemic. What do financial services employers need to know about this development, and what can you do to minimize your chances of falling victim to such an attack?

Compliance is a key issue for all firms. Many companies use the U.S. sentencing guidelines as a starting point. In other instances, regulators craft a starting point with rules that direct the creation of programs. This is true, for example, for investment advisers registered with the Commission. In either case, the critical point is to craft the policies and procedures so that they effectively monitor the business and evolve with it.

OCIE – the SEC’s Office of Compliance Inspections and Examinations – published a Risk Alert on November 19, 2020 discussing key issues for registered investment advisers. OCIE Observations: Investment Adviser Compliance Programs (here). The Alert provides a good discussion of key issues in crafting and maintaining an effective compliance program.