The SEC Warns Brokers And Investment Advisors To Implement Effective Cybersecurity Measures


The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has announced that cybersecurity is a priority for 2019.  The division said in December that its examinations will place an emphasis on the configuration of storage systems and information security governance.  Pursuant to this goal, the OCIE recently conducted examinations of the cyber-security measures adopted and implemented by SEC-registered investment advisors and broker-dealers and subsequently issued two risk alerts to address the areas where it observed deficiencies.

On April 16, 2019, the OCIE issued a risk alert intended to assist investment advisers and broker-dealers in providing compliant privacy and opt-out notices to their clients, and in adopting and implementing policies and procedures for safeguarding customer records, pursuant to Regulation S-P.  The alert provided a list of the most common deficiencies and weaknesses identified by OCIE staff, including (1) the failure to provide privacy and opt-out notices to customers at the frequency required by Regulation S-P; (2) the failure to adopt policies and procedures to implement the Safeguards Rule set forth in Regulation S-P, which requires a registrant to adopt written policies and procedures to address administrative, technical, and physical safeguards for the protection of customer information; and (3) the use of inadequate written policies and procedures to ensure the confidentiality of customer records and to protect against threats or hazards to the security of customer records.  The OCIE encouraged registrants to review their written policies and procedures to ensure their compliance with Regulation S-P.

Then, on May 23, 2019, the OCIE issued a second risk alert to identify security risks it observed with the storage of electronic customer records and information by broker-dealers and investment advisors in network storage solutions, including cloud-based storage.  During the OCIE’s examinations it identified misconfigured network storage solutions, inadequate oversight of vendor-provided network storage solutions, and insufficient data classification policies and procedures.  The OCIE reminded registrants to (1) adopt policies and procedures that are designed to support the initial installation, on-going maintenance, and regular review of network storage solutions; (2) establish guidelines for security controls and configuration standards; and (3) implement vendor management guidelines and procedures such as software patches and hardware updates.

About Faruqi & Faruqi, LLP

Faruqi & Faruqi, LLP focuses on complex civil litigation, including securities, antitrust, wage and hour, personal injury and consumer class actions as well as shareholder derivative and merger and transactional litigation. The firm is headquartered in New York, and maintains offices in California, Delaware, Georgia and Pennsylvania.

Since its founding in 1995, Faruqi & Faruqi, LLP has served as lead or co-lead counsel in numerous high-profile cases which ultimately provided significant recoveries to investors, direct purchasers, consumers and employees.

To schedule a free consultation with our attorneys and to learn more about your legal rights, call our offices today at (877) 247-4292 or (212) 983-9330.

About Megan Sullivan

Megan Sullivan is a Partner in the New York office of Faruqi & Faruqi, LLP.

Tags: faruqi & faruqi, SEC, 10b-5, faruqilaw, cybersecurity, OCIE, Regulation S-P Megan Sullivan Megan Sullivan
Partner at Faruqi & Faruqi, LLP

New York office
Tel: (212) 983-9330
Fax: (212) 983-9331
E-mail: msullivan@faruqilaw.com

Finding us

Our Offices


Our offices are nationwide. If you have any questions about a case or our firm, please contact us.

New York

685 Third Avenue 26th Floor
New York, New York 10017
(212) 983-9330
(877) 247-4292
(212) 983-9331

California

10866 Wilshire Boulevard Suite 1470
Los Angeles, California 90024
(424) 256-2884
(424) 256-2885

Delaware

3828 Kennett Pike Suite 201
Wilmington, Delaware 19807
(302) 482-3182
(302) 482-3612

Georgia

3975 Roswell Rd Suite A
Atlanta, Georgia 30342
(404) 847-0617
(404) 506-9534

Pennsylvania

1617 JFK Boulevard, Suite 1550
Philadelphia, Pennsylvania 19103
(215) 277-5770
(215) 277-5771

Faruqi & Faruqi office in New York, New York

Faruqi & Faruqi office in Los Angeles, California

Faruqi & Faruqi office in Wilmington, Delaware

Faruqi & Faruqi office in Atlanta, Georgia

Faruqi & Faruqi office in Philadelphia, Pennsylvania