• Skip to primary navigation
  • Skip to main content
Logo
Open search bar
  • About
    • Meet the Team
    • Todd Cipperman
    • Why Choose Us
  • Services
    • Money Managers
    • Registered Funds
    • Private Equity
    • Broker-Dealers
    • CyberSecure - Funds
  • In The News
  • Outsourced CCO
  • Client Engagement
  • Resources
    • Helpful Information
    • Regulatory Exams
    • Executive Interviews
    • Blog
    • Podcasts & Videos
    • Best Practices
  • Contact Us

Our Take Blog

Home
Our Take Blog
SEC Punishes RIA for Failing to Stop Cyber-Attack 

SEC Punishes RIA for Failing to Stop Cyber-Attack 

The SEC fined and sanctioned an investment adviser for failing to adopt policies and procedures reasonably designed to protect confidential client information from a hacker.  The SEC asserts that a foreign cyber-intruder gained access to customers’ names and social security information housed at its third party-hosted web server.  Although no clients suffered financial harm, the SEC charges the firm with violating the Safeguards Rule (Rule 30(a) of Regulation S-P) by failing to conduct periodic risk assessments, employing a firewall, encrypting client data, and establishing procedures to respond to a cybersecurity incident.  The Co-Chief of the SEC Enforcement Division’s Asset Management Unit, Marshall S. Sprung, said “As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients.”

OUR TAKE: Although it may be difficult/impossible to stop cyber-attacks especially at a third party, firms must adopt policies and procedures to create a legal defense that it did all that was reasonable despite an attack.  We expect that many firms will struggle with the costs and implementation of enhanced cyber-security.

 

Back to Top
logo
480 E. Swedesford Road, Suite 220, Wayne, PA 19087
610-687-5320
LinkedIn Twitter
© 2020 Marlivia Properties LLC