Scarinci Hollenbeck, LLC, LLCScarinci Hollenbeck, LLC, LLC

Firm News

(Client) SEC Focuses on Cybersecurity Weaknesses

Author: Scarinci Hollenbeck, LLC

Date: November 11, 2015

Key Contacts

Back

SEC Focuses on Cybersecurity Weaknesses and Enforces Rule 30(a) of Regulation S-P (“Safeguards Rule”) against Investment Adviser

On Sept 22, 2015, the SEC announced its settlement of an administrative cease-and-desist proceeding through imposition of remedial sanctions against R.T. Jones Capital Equities Management, Inc., an SEC-registered investment adviser.[1]

This is the first enforcement matter establishing a willful violation of Rule 30(a) of Regulation S-P under the Securities Act of 1933, known as the “Safeguards Rule.”[2]  This proceeding is instructive for its itemization of the advisor’s failures over an extensive time period.

Interestingly, although the advisor discovered a possible cybersecurity breach at its third-party-hosted web server, and retained two cybersecurity consulting firms to independently confirm the cyber-attack, assess the scope of the breach and whether personally identifiable information (“PII”) stored on the server had been compromised, the attack  did not appear to have caused any  financial harm to any firm client.  The firm’s failure to have the “basics” of a cybersecurity regime, however, was sufficient for the SEC to impose sanctions.[3]

The SEC determined that the advisor violated the Safeguards Rule, adopted in 2000, and amended in 2005, which requires  adoption of written policies and procedures  reasonably designed to safeguard client’s PII.  The adviser took certain remedial efforts by appointing an information security manager over its PII data security and implemented a written information security policy, which included: (a) moving off of a web server-hosted server, (b) encrypting PII, installing a new firewall and log-in system, and (c) retaining a cybersecurity firm to provide a report/advice on IT security.  These efforts should be viewed as the minimum requirements the SEC’s OCIE and enforcement staff’s expect from a firm’s cybersecurity program.

What are the “takeaways” from this enforcement action?  Firm management CIO’s/CTO’s and CCO’s should take into account when considering the severity of the sanctions imposed against R.T. Jones that during the past 18 months, OCIE published two Risk Alerts on cybersecurity, and the SEC published a “Guidance Update,” and hosted a Cybersecurity Roundtable.[4]  There will not be much room for advisers to attempt to excuse their cybersecurity deficiencies in the context of this educational effort.

Cybersecurity remains a focus of OCIE and Enforcement. The time is  now  to plan and implement a year-end reassessment of  firm cybersecurity breach readiness and Incident Response Plan.  (“IRP”)

Here are “actionable ideas” for assuring  your firm (whether a broker-dealer, or investment adviser) has satisfied Cybersecurity basics:

  • Review the Firm’s Cybersecurity WSP’s and IRP; document the review process with COO/CIO/CTO/CLO, and engage with senior management for change approvals as required.
  • Review third-party vendor/hosts agreements and understand the division of responsibilities between Firm and third-party; correct as determined to be necessary.
  • Review Privacy Policies and BCP; revise as needed.
  • Test (SSAE 16) firewall(s); BYOD coverage, encryption/password basics.
  • Check the Firm’s internal audit examination process for ‘red flags’ of cybersecurity breach, as part of testing.
  • Complete 2015 Cybersecurity Training Program; incorporate Cybersecurity topic in firm’s Annual Compliance Meeting.
  • Consult with IT/Legal Experts, as required.

[1]           Order available at http://www.sec.gov/litigation/admin/2015/ia-4204.pdf; Press Release at http://www.sec.gov/news/pressrelease/2015-202.html.[2]           17 C.F.R. §248-30(a).[3]           The Advisor was also censured and required to pay  a $75,000 civil  penalty.[4]           OCIE’s 2015 Cybersecurity Examination Initiative, IV National Exam Program Risk Alert, Sept. 15, 2015, https://www.sec.gov/ocie/announcement/ocie-2015 – cybersecurity-examination.initiative.pdf.  National Exam Program Risk Alert, Feb. 3, 2015, at https://www.sec.gov/about/offices/ocie/cybersecurity-examination-sweep-summary.pdf.  IM Guidance Update No. 2015-02 (April 2015), at http://www.sec.gov/investment/im-guidance-2015-02.pdf

No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

Scarinci Hollenbeck, LLC, LLC

Related Posts

See all
Nathanya G. Simon Named to ROI-NJ Influencers "Women in Business" 2025 List post image

Nathanya G. Simon Named to ROI-NJ Influencers "Women in Business" 2025 List

Scarinci Hollenbeck Partner Nathanya G. Simon named by ROI-NJ to the “ROI Influencers: Women in Business” list for fourth consecutive year Scarinci Hollenbeck Partner Nathanya G. Simon has been named by ROI-NJ to the “ROI Influencers: Women in Business” list for 2025. After four decades of practice, Nathanya’s pioneering influence in the field of special […]

Author: Scarinci Hollenbeck, LLC

Link to post with title - "Nathanya G. Simon Named to ROI-NJ Influencers "Women in Business" 2025 List"
SH Partner Angela Turiano Named Director of Legislative Affairs for SHRM Princeton post image

SH Partner Angela Turiano Named Director of Legislative Affairs for SHRM Princeton

Congratulations Angela Turiano on appointment as Director of Legislative Affairs for SHRM Princeton April 17, 2025 – Little Falls, NJ – Scarinci & Hollenbeck, LLC congratulates Partner Angela Turiano on her appointment as Director of Legislative Affairs for SHRM Princeton. Along with serving as a member of SHRM Princeton’s leadership team, Angela will monitor pending legislative, regulatory, […]

Author: Scarinci Hollenbeck, LLC

Link to post with title - "SH Partner Angela Turiano Named Director of Legislative Affairs for SHRM Princeton"
Brittany P. Tarabour Nominated as Three-Year Trustee of the Monmouth Bar Association post image

Brittany P. Tarabour Nominated as Three-Year Trustee of the Monmouth Bar Association

Congratulations Brittany P. Tarabour for Nomination as Three-Year Trustee of the Monmouth Bar Association Red Bank, NJ – April 9, 2025 – Scarinci & Hollenbeck, LLC proudly congratulates Brittany P. Tarabour on her nomination by the Monmouth Bar Association to serve as a Three-Year Trustee. Founded in 1908, the Monmouth Bar Association is dedicated to […]

Author: Scarinci Hollenbeck, LLC

Link to post with title - "Brittany P. Tarabour Nominated as Three-Year Trustee of the Monmouth Bar Association"
Bloomberg Law Podcast Discusses Dua Lipa IP Victory with Ron Bienstock post image

Bloomberg Law Podcast Discusses Dua Lipa IP Victory with Ron Bienstock

Scarinci Hollenbeck Partner Ron Bienstock Featured on Bloomberg Law Podcast to Discuss Dua Lipa Copyright Infringement Lawsuits Little Falls, NJ – April 8, 2025 – Scarinci & Hollenbeck, LLC Partner and Chair of the firm’s Intellectual Property and Entertainment & Media departments Ronald S. Bienstock was recently featured on the Bloomberg Law podcast to discuss […]

Author: Scarinci Hollenbeck, LLC

Link to post with title - "Bloomberg Law Podcast Discusses Dua Lipa IP Victory with Ron Bienstock"
NJ Super Lawyers Names Scarinci Hollenbeck Attorneys post image

NJ Super Lawyers Names Scarinci Hollenbeck Attorneys

Scarinci Hollenbeck Attorneys From Little Falls and Red Bank Named to 2025 New Jersey Super Lawyers List Little Falls, NJ – April 2, 2025 – Scarinci & Hollenbeck, LLC attorneys from both NJ offices were named to the 2025 New Jersey Super Lawyers and Rising Stars list. Each attorney was chosen in recognition of their […]

Author: Scarinci Hollenbeck, LLC

Link to post with title - "NJ Super Lawyers Names Scarinci Hollenbeck Attorneys"
Angela Turiano to Serve as Mock Arbitrator for Fordham Law Securities Arbitration Clinic post image

Angela Turiano to Serve as Mock Arbitrator for Fordham Law Securities Arbitration Clinic

On Thursday, April 3, 2025, Partner Angela Turiano will make her fifth appearance as a mock arbitrator for the Securities Arbitration Clinic at the prestigious Fordham School of Law. Angela will draw on her years of experience to provide feedback to these future lawyers after making opening presentations and closing arguments, with the goal of […]

Author: Scarinci Hollenbeck, LLC

Link to post with title - "Angela Turiano to Serve as Mock Arbitrator for Fordham Law Securities Arbitration Clinic"

No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

Sign up to get the latest from our attorneys!

Explore What Matters Most to You.

Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.

Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.

Let`s get in touch!

* The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.

Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!