The rules require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information. The SEC has already launched its second sweep in regards to cybersecurity and has now fined R.T. Jones Capital Equities Management $75,000 for failure to have policies and procedures to mitigate a data breach.
According to the SEC’s order:
- T. Jones stored sensitive personally identifiable information (“PII”) of clients on its third party-hosted web server from September 2009 to July 2013.
- The firm’s server was attacked in July 2013 by an unknown hacker who gained access and copy rights to the data on the server, rendering the PII of more than 100,000 individuals vulnerable to theft.
- The firm failed entirely to adopt written policies and procedures reasonably designed to safeguard customer information. (I.e. conduct periodic risk assessments, implement a firewall, encrypt PII stored on server, or maintain a response plan for cybersecurity incidents.)
Even though the firm has not received any indications of a client suffering financial harm as a result of the cyber attack, the firm was censured and fined.
“As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients,” said Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit. “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”
Please click here for more information regarding this case.
Need help creating and implementing your cybersecurity policy? Let Red Oak guide you in protecting your client’s PII. Do not make the mistake of thinking it will never happen to you.
About Red Oak Compliance Solutions
Red Oak Compliance Solutions is a leading provider of intelligent compliance software, offering a range of AI-powered solutions designed to help firms of all sizes successfully navigate the increasingly complex regulatory landscape. Our suite of 17(a)-4/WORM compliant features offer risk minimization, cost reduction, and process optimization capabilities with features that are designed to evolve with our client’s needs. Our flagship advertising review software enables firms to deliver compliant content to the market with confidence, faster. Our Disclosure Management and Intelligence solution simplifies the management of disclosures, while our Registration Management solution automates and streamlines the licensing and registration process, further enhancing your internal processes.