{"id":319,"date":"2015-05-05T09:43:39","date_gmt":"2015-05-05T13:43:39","guid":{"rendered":"https:\/\/www2.law.temple.edu\/10q\/?p=319"},"modified":"2015-05-05T09:43:39","modified_gmt":"2015-05-05T13:43:39","slug":"sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers","status":"publish","type":"post","link":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/","title":{"rendered":"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers"},"content":{"rendered":"

Cybercrime, as numerous almost daily headlines tell us, is understandably a favored tactic of organized criminals. The crimes can be committed far from the locus of the harm and do not involve face-to-face confrontations, are capable of repetition once devised, and can be highly lucrative. From organized computer wizards in Eastern Europe, to governmental actors in North Korea, to crime syndicates in the United States, it seems that everyone wants to get in on the act.<\/p>\n

The Securities and Exchange Commission (SEC) has, appropriately, taken notice. Most recently, in March 2015, the National Associate Director of the SEC\u2019s Investment Adviser\/Investment Company exam program, announced to the press that the SEC would be continuing and expanding a cybersecurity initiative it had launched a year earlier.<\/p>\n

The SEC\u2019s initiative was first introduced by its Chair, Mary Jo White, on March 26, 2014 at a Cybersecurity Roundtable sponsored by the Commission. The SEC announced that it would conduct special examinations of more than fifty broker-dealers and registered investment advisers. Registered investment advisers collectively manage approximately $62 trillion dollars of wealth. The examinations would be conducted by the SEC\u2019s Office of Compliance Inspections and Examinations (\u201cOCIE\u201d).<\/p>\n

The SEC then proceeded to exam 57 broker-dealers and 49 registered investment advisers to better understand how each were addressing cybersecurity issues. In connection with this program, the SEC released publicly a complex and detailed questionnaire<\/a> that it required its examinees to complete.<\/p>\n

On February 3, 2015 the SEC issued a summary<\/a> of its examination findings. The examination summary found that most broker-dealers and investment advisers had adopted written information security policies and conducted periodic risk assessments to identify cybersecurity threats.<\/p>\n

Importantly, the examination found that the vast majority of broker-dealers (88%) and investment advisers (74%) had experienced some type of cyber-attack directly or through a vendor.<\/p><\/blockquote>\n

Most of the attacks related to fraudulent emails, which are requests to disburse money that purport to be from a client but are in fact from an imposter and malware, which is the installment of hostile or intrusive software on a host computer.<\/p>\n

The examination also indicated that a number of these cyber-attack schemes were successful. Approximately 12 broker-dealers reported losses related to fraudulent emails and one adviser reported a loss in excess of $75,000. The examination also found that while most firms conducted a comprehensive inventorying, cataloguing, or mapping of their technology resources, only 58% of broker-dealers and 21% of advisers maintain insurance to cover losses attributable to cybersecurity incidents.<\/p>\n

The SEC promised that in 2015, it would, \u201ccontinue to focus on cybersecurity using risk-based examinations.\u201d The examination noted that in January 2015 OCIE had released its examination priorities<\/a> for the year, which stated that in 2014, \u201cwe launched an initiative to examine broker-dealers\u2019 and investment advisers\u2019 cybersecurity compliance and controls\u201d and in 2015, \u201cwe will continue these efforts and will expand them to include transfer agents.\u201d<\/p>\n

With the March 2015 announcement by OCIE\u2019s National Associate Director of Investment Adviser\/Investment Company exam program referenced above, SEC regulated entities now have a sense as to the SEC\u2019s intentions in \u201cphase 2\u201d of its cybersecurity initiative. Between summer 2015 and early 2016, the SEC intends to begin a second round of examinations of the same number of investment advisers and broker-dealers. Phase 2, unlike Phase 1, will also involve on-site visits by SEC staff. Phase 2 will be a nationwide effort that will inquire into firms\u2019 response plans in the event of a cyber attack or breach, due diligence of vendors\u2019 cyber policies, and the role of senior executives in cybersecurity risk management.<\/p>\n

Clearly any firm subject to an examination should be carefully reviewing cybersecurity issues but should do so not out of fear of an SEC examination but to protect itself and its clients from the many bad actors who wish to profit by doing them harm.<\/p>\n

Most recently on April 28, 2015, another branch of the SEC, the Division of Investment Management, issued its own \u201cGuidance Update<\/a>\u201d on cybersecurity issues. The Guidance Update states that the Division of Investment Management has identified cybersecurity as an important issue and one that it will continue to focus on and monitor.\u00a0The Division recommended that investment advisers and investment companies consider taking a number of measures to address cybersecurity risks, including: (1) conducting a comprehensive periodic assessment of electronic information used, threatened, or vulnerable, as well as the security controls in place to protect the data; (2) create an effective strategy to prevent, detect, and respond to cybersecurity threats; and (3) implement the strategy through written policies and procedures and training of officers and employees.<\/p>\n

 <\/p>\n

Paul Snitzer joined Prudent Management Associates as General Counsel in 2011 after practicing law in Philadelphia for almost 20 years, first at Dechert Price & Rhoads and then at Duane Morris.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Cybercrime, as numerous almost daily headlines tell us, is understandably a favored tactic of organized criminals. The crimes can be committed far from the locus of the harm and do not involve face-to-face confrontations, are capable of repetition once devised, and can be highly lucrative. From organized computer wizards in Eastern Europe, to governmental actors<\/p>\n","protected":false},"author":5,"featured_media":353,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[61],"tags":[],"coauthors":[60],"class_list":["post-319","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-legal-developments","masonry-post","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-33"],"yoast_head":"\nSEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers - The Temple 10-Q<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers - The Temple 10-Q\" \/>\n<meta property=\"og:description\" content=\"Cybercrime, as numerous almost daily headlines tell us, is understandably a favored tactic of organized criminals. The crimes can be committed far from the locus of the harm and do not involve face-to-face confrontations, are capable of repetition once devised, and can be highly lucrative. From organized computer wizards in Eastern Europe, to governmental actors\" \/>\n<meta property=\"og:url\" content=\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/\" \/>\n<meta property=\"og:site_name\" content=\"The Temple 10-Q\" \/>\n<meta property=\"article:published_time\" content=\"2015-05-05T13:43:39+00:00\" \/>\n<meta name=\"author\" content=\"Paul Snitzer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Paul Snitzer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/\"},\"author\":{\"name\":\"Books Schatschneider\",\"@id\":\"https:\/\/law.temple.edu\/10q\/#\/schema\/person\/23e7012f0cf133dbeb0e76693c9e0154\"},\"headline\":\"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers\",\"datePublished\":\"2015-05-05T13:43:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/\"},\"wordCount\":778,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png\",\"articleSection\":[\"Legal Developments\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/\",\"url\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/\",\"name\":\"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers - The Temple 10-Q\",\"isPartOf\":{\"@id\":\"https:\/\/law.temple.edu\/10q\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png\",\"datePublished\":\"2015-05-05T13:43:39+00:00\",\"author\":{\"@id\":\"https:\/\/law.temple.edu\/10q\/#\/schema\/person\/23e7012f0cf133dbeb0e76693c9e0154\"},\"breadcrumb\":{\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#primaryimage\",\"url\":\"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png\",\"contentUrl\":\"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png\",\"width\":1024,\"height\":512,\"caption\":\"Cyber_security_May2015_b&w\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/law.temple.edu\/10q\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/law.temple.edu\/10q\/#website\",\"url\":\"https:\/\/law.temple.edu\/10q\/\",\"name\":\"The Temple 10-Q\",\"description\":\"Temple's Business Law Magazine\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/law.temple.edu\/10q\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/law.temple.edu\/10q\/#\/schema\/person\/23e7012f0cf133dbeb0e76693c9e0154\",\"name\":\"Books Schatschneider\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/62b6c5fa1068c42262dab498d74cb3fc60fbba8344047dc13348bd3aacf7b70a?s=96&d=mm&r=g9dc77189f33a293d2c82a50cd24ebb9f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/62b6c5fa1068c42262dab498d74cb3fc60fbba8344047dc13348bd3aacf7b70a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/62b6c5fa1068c42262dab498d74cb3fc60fbba8344047dc13348bd3aacf7b70a?s=96&d=mm&r=g\",\"caption\":\"Books Schatschneider\"},\"url\":\"https:\/\/law.temple.edu\/10q\/author\/rschatsc\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers - The Temple 10-Q","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/","og_locale":"en_US","og_type":"article","og_title":"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers - The Temple 10-Q","og_description":"Cybercrime, as numerous almost daily headlines tell us, is understandably a favored tactic of organized criminals. The crimes can be committed far from the locus of the harm and do not involve face-to-face confrontations, are capable of repetition once devised, and can be highly lucrative. From organized computer wizards in Eastern Europe, to governmental actors","og_url":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/","og_site_name":"The Temple 10-Q","article_published_time":"2015-05-05T13:43:39+00:00","author":"Paul Snitzer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Paul Snitzer","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#article","isPartOf":{"@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/"},"author":{"name":"Books Schatschneider","@id":"https:\/\/law.temple.edu\/10q\/#\/schema\/person\/23e7012f0cf133dbeb0e76693c9e0154"},"headline":"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers","datePublished":"2015-05-05T13:43:39+00:00","mainEntityOfPage":{"@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/"},"wordCount":778,"commentCount":0,"image":{"@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#primaryimage"},"thumbnailUrl":"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png","articleSection":["Legal Developments"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/","url":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/","name":"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers - The Temple 10-Q","isPartOf":{"@id":"https:\/\/law.temple.edu\/10q\/#website"},"primaryImageOfPage":{"@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#primaryimage"},"image":{"@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#primaryimage"},"thumbnailUrl":"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png","datePublished":"2015-05-05T13:43:39+00:00","author":{"@id":"https:\/\/law.temple.edu\/10q\/#\/schema\/person\/23e7012f0cf133dbeb0e76693c9e0154"},"breadcrumb":{"@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#primaryimage","url":"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png","contentUrl":"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png","width":1024,"height":512,"caption":"Cyber_security_May2015_b&w"},{"@type":"BreadcrumbList","@id":"https:\/\/law.temple.edu\/10q\/sec-continuing-cybersecurity-examinations-of-broker-dealers-and-investment-advisers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/law.temple.edu\/10q\/"},{"@type":"ListItem","position":2,"name":"SEC Continuing Cybersecurity Examinations of Broker-Dealers and Investment Advisers"}]},{"@type":"WebSite","@id":"https:\/\/law.temple.edu\/10q\/#website","url":"https:\/\/law.temple.edu\/10q\/","name":"The Temple 10-Q","description":"Temple's Business Law Magazine","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/law.temple.edu\/10q\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/law.temple.edu\/10q\/#\/schema\/person\/23e7012f0cf133dbeb0e76693c9e0154","name":"Books Schatschneider","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/62b6c5fa1068c42262dab498d74cb3fc60fbba8344047dc13348bd3aacf7b70a?s=96&d=mm&r=g9dc77189f33a293d2c82a50cd24ebb9f","url":"https:\/\/secure.gravatar.com\/avatar\/62b6c5fa1068c42262dab498d74cb3fc60fbba8344047dc13348bd3aacf7b70a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/62b6c5fa1068c42262dab498d74cb3fc60fbba8344047dc13348bd3aacf7b70a?s=96&d=mm&r=g","caption":"Books Schatschneider"},"url":"https:\/\/law.temple.edu\/10q\/author\/rschatsc\/"}]}},"acf":[],"jetpack_featured_media_url":"https:\/\/law.temple.edu\/10q\/wp-content\/uploads\/sites\/12\/2015\/06\/Cyber_security_May2015_bw.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/posts\/319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/comments?post=319"}],"version-history":[{"count":0,"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/posts\/319\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/media\/353"}],"wp:attachment":[{"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/media?parent=319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/categories?post=319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/tags?post=319"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/law.temple.edu\/10q\/wp-json\/wp\/v2\/coauthors?post=319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}