National Cybersecurity Awareness Month (NCSAM) is coming to a close, but diligent cybersecurity efforts must continue. In honor of another successful NCSAM, below we have gathered some of our most popular cybersecurity content you can use as a quick reference for all of your cyber-related interests.

On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a report on cybersecurity practices for broker-dealers. Today’s post is the third in a series of summaries sharing essential, timely insight on how these practices may impact your business. Please click here for the first and second posts on cybersecurity practice impacts.

This post focuses on threats posed by insiders of the firm, which may be created by either deliberate, malicious conduct or by inadvertent mistakes. Both types of data breaches create significant risk to the firm and its customers. In the Report, FINRA notes that, while most higher revenue firms (95-99%) address insider threats as part of the program, only 66% of mid-level revenue firms address such risks. Its assessment comes from their review of firm responses to relevant inquiry areas in the 2017 and 2018 their Risk Control Assessment (RCA).
Continue Reading

On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a report on cybersecurity practices for broker-dealers. Today’s post is the second in a series of summaries sharing essential, timely insight on how these practices impact your business. Please click here for the first post on cybersecurity practice impacts.

FINRA names “phishing” attacks as one of the most common cybersecurity threats raised by firms with the self-regulator.[1] The goal of a phishing email is to manipulate the recipient into taking action. FINRA focuses on two types of phishing attacks in the report. The first is “spear phishing,” where the sender researches and targets the recipient(s) with a customized approach designed to get confidential information from the individual(s). The second is “whaling,” wherein the hacker sends targeted emails impersonating senior executives at the firm in order to set action in motion, typically wiring funds to specifically identified accounts.   
Continue Reading

On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a report on cybersecurity practices for broker-dealers. This post is the first of a series of summaries sharing essential, timely insight on how these practices impact your business. The Report follows close on the heels of FINRA’s annual Report on Examination Findings issued Dec. 14, 2018. Now we know why Cybersecurity, a top regulatory and examination priority for FINRA in 2018, was not included in their examination findings report. Not surprising, albeit somewhat unusual, the importance of the topic and FINRA’s insights warranted a separate communication.
Continue Reading

The U.S. Treasury recently released a report identifying improvements that would support nonbank financial institutions but also embrace innovation and technology.  Among other things, the report recommends the creation of a national data breach notification standard and the development of effective national and international Fintech policies, including Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) efforts.

This post originally appeared in our sister publication, Subject To Inquiry.

On May 21, the North American Securities Administrators Association (NASAA) announced a massive and coordinated series of enforcement actions by U.S. state and Canadian provincial regulators to combat fraudulent practices involving cryptocurrency-related investment products.

As cryptocurrencies have gained in popularity, companies have increasingly turned to a method known as an initial coin offering (ICO) to raise capital. ICOs, however, are ripe for potential fraud. As the Washington Post has explained, “consumers face higher risks of being misled at a time when the intense demand for bitcoin has prompted many retail investors to take extreme steps to gain exposure to the currency…”


Continue Reading

The 2018 Regular Session of the Virginia General Assembly recently concluded after considering approximately 3700 bills and resolutions during the 60-day session. Several privacy-related bills were on the legislative agenda, but few were enacted into law.

Tax Return Data

As highlighted in January, the General Assembly this year continued its efforts to address the

The one-year transitional period under the New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies expired on March 1, 2018. Financial services companies that are regulated by NYDFS now face additional requirements for assessing, monitoring, testing and reporting on the integrity and security of their information systems and the overall effectiveness of their cybersecurity programs.

Overview of New York Cybersecurity Regulations

The NYDFS cybersecurity regulations became effective on March 1, 2017, and the initial 180-day transitional period expired on August 28, 2017. The regulations that took effect last year require all covered entities to implement a cybersecurity program that identifies and protects against cybersecurity risks and adopt comprehensive policies and procedures for the protection of the company’s information systems and nonpublic information. The cybersecurity regulations apply to any organization operating under or required to operate under a NYDFS license, registration, charter, certificate, permit, accreditation or similar authorization under the New York Banking Law, Insurance Law or Financial Services Law. Click here for more information about the requirements of the regulations that took effect last year.

Additional Actions Required to Achieve Compliance

On March 1, 2018, additional requirements under the cybersecurity regulations took effect. In addition to the requirements that took effect last year, covered entities that are subject to the cybersecurity regulations must implement the following additional cybersecurity measures:
Continue Reading

The Financial Industry Regulatory Authority (FINRA) is ramping up on their commitment to assist the industry in its cybersecurity compliance efforts. Recent guidance to the industry from FINRA includes:

  1. an Examination Findings Report, detailing observations from recent broker-dealer examinations with the goal of assisting broker-dealers in enhancing their compliance programs and better anticipating potential

On October 18, 2017, the European Commission issued its report on the first annual review of the EU- U.S. Privacy Shield, aimed at allowing personal data transfer from the EU to the U.S. through the implementation of a data protection framework providing an adequate level of protection in the U.S. Over 2,400 companies have