The Cyber and Analytics Unit within the Member Supervision program of the Financial Industry Regulatory Authority, Inc. ("FINRA") recently published a cybersecurity advisory regarding increasing cybersecurity risks.

The Cyber and Analytics Unit within the Member Supervision program of the Financial Industry Regulatory Authority, Inc. ("FINRA") recently published a cybersecurity advisory regarding increasing cybersecurity risks at third-party providers (the "Cybersecurity Advisory").1 The Cybersecurity Advisory highlights third-party risks to FINRA member firms and effective practices to mitigate such risks.

Wealth managers face a new reality. The costs of cybercrime will soon reach $10.5 trillion per year(according to Cybersecurity Ventures)—which is larger than the sale of all illegal drugs worldwide, combined—and financial industry participants and their clients are compelling targets. Numerous firms have already been attacked and millions of dollars of client assets have been stolen.

It is no surprise that with the increased use of technology and its' ever-evolving advancements, comes an increased rate in cyber-crime and threats to personal consumer information. In response to these developments, and to modernize and improve the protection of consumer information, on May 16, 2024, the Securities and Exchange Commission (SEC), announced the adoption of amendments to Regulation S-P. These rules apply to broker-dealers (including funding portals), investment companies, registered investment advisers, and transfers agents (collectively "covered institution(s)").

The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and ultimately reimbursed clients for the money lost, the SEC still fined the company $850,000 for failure to provide the necessary safeguards to protect its clients’ funds.

You need your

Social Security number

Exams by the Securities and Exchange Commission that include an onsite portion “are back in full swing,” according to Amy Lynch, founder of FrontLine Compliance. RIAs should expect the SEC to visit “as it aggressively pursues its goal of conducting more exams,” Lynch said.

The SEC’s Spring 2024 Current Agenda was released on July 5, 2024, providing advisers with a mix of good news and bad news. On the good news side, the SEC decided to repropose the rules that would require investment advisers (Advisers Act Rule 211(h)(2)-4) and broker-dealers (Exchange Act Rule 15(l)-2) to eliminate or neutralize conflicts of interest that arise from the use of predictive analytics, artificial intelligence, or other covered technologies. The financial industry harshly criticized the proposal, including calls for a full withdrawal of the rule. According to the agenda, these rules will be reproposed in October 2024.

Quick Take: The Office of Information and Regulatory Affairs, a division of the Office of Management and Budget, released its Spring 2024 Unified Agenda of Regulatory and Deregulatory Actions, which includes short- and long-term regulatory actions that government agencies, including the SEC, plan to take. The SEC’s Agenda provides insight into the SEC’s priorities and anticipated timing of actions; however, the timing of rule adoptions and proposals may vary and could come before or after dates listed in the Agenda. The SEC’s Agenda includes eight items from the SEC’s Division of Investment Management.

On July 8, the SEC issued an updated 2024 regulatory agenda, which includes updated timing related to several key regulatory actions. This signals another busy few months for the SEC.

On May 15, 2024, the SEC announced it would make amendments to Regulation S-P (Reg S-P). This will be the first amendment to the regulation since its adoption 24 years ago in 2000. The regulation focuses on how institutions handle customers’ private personal information. The amendment comes in response to the ever-evolving technologies that expose individuals’ sensitive data to potential security breaches. SEC Chair Gary Gensler stated “Over the last 24 years, the nature, scale and impact of data breached has transformed substantially” and that “amendments to regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data.”