The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Financial Services Regulation

  • From Vol. 4 No.3 (Feb. 14, 2018)

    Virtual Currencies Present Significant Risk and Opportunity, Demanding Focus From Regulators, According to CFTC Chair

    Keeping up with the exploding use of cryptocurrencies like bitcoin demands a special focus from regulators, CFTC Chairman J. Christopher Giancarlo stated in recent remarks to the ABA Derivatives and Futures Section Conference. He noted that virtual currencies represent both significant risk and opportunity for investors, discussed the role of the CFTC and other regulators in overseeing virtual currencies and outlined the CFTC staff review checklist of virtual currency futures markets. Giancarlo also examined the importance of mutual cross-border regulatory deference, using the E.U.’s and CFTC’s approach to margin rules to illustrate the benefits of global regulatory cooperation. See our three-part series on blockchain technology: “Basics of the Blockchain Technology and How the Financial Sector Is Currently Employing It” (Jun. 14, 2017); “How Financial Service Providers Can Use Blockchain to Improve Operations and Compliance” (Jun. 28, 2017); and “Blockchain and the Financial Services Industry: Potential Impediments to Its Eventual Adoption” (Jul. 12, 2017).

    Read Full Article …
  • From Vol. 4 No.2 (Jan. 31, 2018)

    Lessons and Trends From FTC’s 2017 Privacy and Data Security Update: Enforcement Actions (Part One of Two)

    In its recently released Privacy & Data Security Update, the FTC recapped its 2017 privacy and data security enforcement actions, advocacy, workshops and guidance, providing valuable information about steps companies can take to ensure their privacy and data security measures are up-to-snuff. In this first part of our article series covering lessons from the Update, we examine, with expert insight, enforcement highlights – from financial services actions to general privacy cases – and what these actions tell us about steps companies should take to comply with applicable laws and steer clear of the FTC’s reach. Part two will cover what can be learned from the FTC’s 2017 workshops and guidance and shed light on what to expect from the agency in 2018. See also “FTC Priorities for 2017 and Beyond” (Jan. 11, 2017).

    Read Full Article …
  • From Vol. 4 No.1 (Jan. 17, 2018)

    How Blockchain Will Continue to Revolutionize the Private Funds Sector in 2018

    Although blockchain trading has generated some skepticism and regulatory criticism, bitcoin traded at record highs in 2017 and looks poised to climb even higher in 2018. Karl Cole-Frieman, a founding partner of boutique law firm Cole-Frieman & Mallon and an expert on the evolving blockchain and bitcoin markets, spoke to The Cybersecurity Law Report about the issues surrounding blockchain trading and how to best approach to the new technologies in the months to come. See also our three-part series on blockchain technology: “Basics of the Blockchain Technology and How the Financial Sector Is Currently Employing It” (Jun. 14, 2017); “How Financial Service Providers Can Use Blockchain to Improve Operations and Compliance” (Jun. 28, 2017); and “Blockchain and the Financial Services Industry: Potential Impediments to Its Eventual Adoption” (Jul. 12, 2017).

    Read Full Article …
  • From Vol. 3 No.25 (Dec. 20, 2017)

    Electronic Signatures: Implementation Considerations for the Financial Sector (Part Two of Two)

    Digital signatures are becoming more prevalent in financial transactions given the volume of documents and number of contracts involved. While e-signatures can offer efficiency, understanding when and how they work in the contracting process and navigating the variety of available technologies remains perplexing to many businesses. In this second installation of our two-part series on electronic signatures, we offer practical advice from lawyers and technical consultants on how to implement a compliant e-signatures program, and how to vet and use vendors that provide these services. In the first part, K&L Gates attorneys discussed the legal landscape for electronic signatures, how an electronic signature differs from a digital signature and the legal risks associated with the adoption of electronic signatures. See also “Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part One of Two)” (Jul. 26, 2017); Part Two (Aug. 9, 2017).

    Read Full Article …
  • From Vol. 3 No.24 (Dec. 6, 2017)

    Electronic Signatures: Implementation Considerations for the Financial Sector (Part One of Two)

    Electronic signatures have been around for a while, and the U.S. laws governing them are more than 15 years old. However, understanding when and how an electronic signature works in the contracting process and navigating the variety of available technologies is still perplexing to many businesses, especially in the financial services sector, which is governed by a complex regulatory backdrop. In this guest article, the first part of our two-part series on electronic signatures, K&L Gates attorneys discuss the legal landscape for electronic signatures, how an electronic signature differs from a digital signature and the legal risks associated with the adoption of electronic signatures. Part two of the series will include practical advice from other lawyers and consultants on how to implement an e-signatures program while avoiding risks and how to vet and use vendors that provide these services. See also “What the Financial Industry Should Know to Recognize and Combat Cyber Threats (Part One of Two)” (Jul. 26, 2017); Part Two (Aug. 9, 2017).

    Read Full Article …
  • From Vol. 3 No.21 (Oct. 25, 2017)

    Survey Finds Cybersecurity Preparedness of Alternative Asset Managers to be Inadequate Relative to Traditional Asset Managers and Broker-Dealers

    Alternative asset managers may have some catching up to do with their compliance and cybersecurity programs. In its 2017 C-Suite Survey, Cipperman Compliance Services asked financial services executives about the role of their firms’ chief compliance officers; attitudes toward compliance; and the sophistication of their firms’ compliance programs and cybersecurity preparedness. Based upon the responses of executives from alternative asset managers, the survey suggests that their compliance programs are less likely to withstand SEC scrutiny and their firms are less prepared on cybersecurity matters, relative to traditional asset manager and broker-dealer participants. This article analyzes CCS’ findings with insights from CCS president Rob Prucnal. See also “Surveys Show Cyber Risk Remains High for Financial Services Despite Preventative Steps” (Jun. 28, 2017); and “SEC Report Cites Cybersecurity Progress Along With Gaps in Training and Compliance” (Aug. 23, 2017).

    Read Full Article …
  • From Vol. 3 No.19 (Sep. 27, 2017)

    Deloitte Survey Shows Getting Skilled Cybersecurity Talent and Addressing Cyber Threats Among the Top Challenges for Financial Institutions

    Financial institutions anticipate cybersecurity to be one of the top risks they will face over the next two years, according to a Deloitte survey. Exacerbating the challenge is recruiting skilled cybersecurity talent as well as obtaining near-real-time threat intelligence. The survey also found that some organizations have turned to corporate risk officers to assist them, while others have seen increasingly activist boards of directors. We analyze the results of the survey. See also “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 3 No.17 (Aug. 23, 2017)

    SEC Report Cites Cybersecurity Progress Along With Gaps in Training and Compliance

    Depite progress since 2014 in developing cybersecurity policies, there are still some critical areas where asset managers fall short with cyber preparedness, according to a new SEC risk alert. One particular shortcoming the SEC sets forth is the failure of some firms to act upon their own codified cybersecurity policies. With expert insight and advice, we detail the new alert’s findings, recommendations and implications. See “What the Financial Industry Should Know to Recognize and Combat Cyber Threats (Part One of Two)” (Jul. 26, 2017); Part Two (Aug. 9, 2017).

    Read Full Article …
  • From Vol. 3 No.17 (Aug. 23, 2017)

    Inside Advice on the Growing Cyber Insurance Market for the Financial Sector

    In light of increasing cyber threats, regulatory focus, and the realization that complete breach prevention is impossible, interest in cybersecurity insurance has rapidly increased in the financial sector. Graig Vicidomino, associate director of Crystal & Company, spoke to The Cybersecurity Law Report about trends in the financial market for cyber insurance, particularly for fund managers, including costs, amounts of coverage, scope of coverage and policy benefits. He also provides practical post-breach advice and insights from clients seeking to cover specific types of incidents. See also “How to Make an Informed Policy Selection in the Dynamic Cyber Insurance Market” (Aug. 9, 2017); and “Navigating the Evolving Cyber Insurance Market” (Jun. 14, 2017).

    Read Full Article …
  • From Vol. 3 No.16 (Aug. 9, 2017)

    Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part Two of Two)

    The use of more than one factor to establish identity online – multi-factor authentication (MFA) – is a crucial way to protect against breaches that involve stolen credentials or compromised accounts. Various combinations of authentication factors are emerging, and continually evolving, as hackers become more sophisticated. In this second part of our two-article series about MFA for the financial sector, we explore MFA innovations (including those from the Fast Identity Online Alliance), what regulators expect around the world, resources and guidance for best practices and how companies can economically implement an MFA system. In part one, we discussed the MFA landscape for the financial sector, strategies for ensuring both security and user friendliness, challenges that certain factors present and the means to overcome those challenges. See also “Finding the Best Ways to Secure Digital Transactions in a Mobile World” (Oct. 19, 2016).

    Read Full Article …
  • From Vol. 3 No.16 (Aug. 9, 2017)

    What the Financial Sector Should Know to Recognize and Combat Cyber Threats (Part Two of Two)

    Financial Trojans are a widespread threat faced by the financial industry, and the U.S. is among the top five countries with the greatest number of detections, according to Symantec’s 2017 Internet Security Threat Report (ISTR). In a recent webinar, Symantec’s technical and threat experts provided insight on the key findings of the ISTR, with a focus on the latest and growing threats to the financial sector, noting that attackers will increasingly target large organizations and financial institutions. This second part of our two-part article series covering the ISTR and Symantec’s webinar details common sources of financial Trojans, looks at potential future attack targets and trends, and provides best practices for avoiding and mitigating these attacks. Part one summarized the threat landscape and the speakers’ insights on what common attacks look like, new threat actors and tools, and how to recognize them. See also “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 3 No.16 (Aug. 9, 2017)

    Identifying and Managing Third-Party Cybersecurity Risks for Asset Managers

    As connectivity grows, the risk that data entrusted to vendors could be compromised or that a company’s own system may be breached through one of its vendors continues to increase. A recent Advise Technologies program focused on how private fund managers can understand and mitigate third-party risks. A panel of attorneys and compliance and regulatory consultants discussed the regulatory emphasis on third-party risk, ways to assess this risk, and common errors and best practices for managing vendors, including due diligence questionnaires. While certain regulatory considerations are specific to fund managers, the due diligence concerns and best practices provide important advice to all companies working with third-party vendors.  See our two-part series on vendor risk management “Nine Due Diligence Questions” (May 25, 2016), and “14 Key Contract Terms” (June 8, 2016).

    Read Full Article …
  • From Vol. 3 No.15 (Jul. 26, 2017)

    Overcoming the Challenges and Reaping the Benefits of Multi-Factor Authentication in the Financial Sector (Part One of Two)

    As hackers phish their way into SMS messages with one-time passcodes or use photos of fingerprints or eye veins to bypass biometric factors, developing effective online multi-factor authentication (MFA) systems is becoming more difficult. Using two or even three ways to establish identity online is particularly significant in the financial sector, where failure to secure the accounts of clients or employees can lead to massive losses. Online authentication factors must not only be secure, but also convenient for the user and, of course, make economic sense. In this first part of our two-article series, we explore the MFA landscape for the financial sector, strategies for ensuring both security and user friendliness, challenges that certain factors present and the means to overcome those challenges. In the second part, we will discuss MFA innovations, including those from the Fast Identity Online Alliance, what regulators expect around the world, and how companies can economically implement an MFA system. See also “Finding the Best Ways to Secure Digital Transactions in a Mobile World” (Oct. 19, 2016).

    Read Full Article …
  • From Vol. 3 No.15 (Jul. 26, 2017)

    How the CCO Can Use SEC Guidance to Tackle Cyber Threats 

    Increasing cyber threats and a shifting regulatory landscape have expanded the role of CCOs, who need to ensure proper cyber defenses are in place and regulatory compliance is up-to-date. The CCO must manage a capable team and monitor developments while continuously updating the company’s compliance program and efforts. In this guest article, Alaric Founder and CEO of Alaric Compliance Services Guy Talarico explores changing threat sources, regulatory priorities, best practices with an emphasis on SEC guidance, as well as the information sources a CCO must track to fulfill this critical and dynamic role. See also “How to Effectively Find, Compensate and Structure Cybersecurity Leadership (Part One of Two)” (Dec. 14, 2016); Part Two (Jan. 11, 2017).

    Read Full Article …
  • From Vol. 3 No.14 (Jul. 12, 2017)

    Blockchain and the Financial Services Industry: Potential Impediments to Its Eventual Adoption (Part Three of Three)

    Although excitement about the potential use of blockchain technology – an immutable, time-stamped and decentralized digital ledger of transactions – in the financial services industry has been growing, numerous impediments to its large-scale adoption remain. Issues ranging from a lack of regulatory support of blockchain to basic concerns about the resources required to implement the technology could slow its growth in the private funds industry. This third article in our series about the nature and uses of blockchain for the financial services industry details issues that could stymie the spread of blockchain, while also setting forth a realistic timeline and manner for its likely adoption by the private funds industry. The first article provided a primer on the technology and detailed several financial industry uses that are already being explored. The second article explored potential private fund back-office functions (e.g., regulatory reporting and maintaining shareholder ledgers) that could be optimized using blockchain technology. See “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 3 No.14 (Jul. 12, 2017)

    Navigating the Intersection of ERISA Fiduciary Duties and Cybersecurity Risk

    Last year, two retirement-plan administrators experienced data breaches, and unlike the liability standards for breaches of healthcare plans, which are more certain, Employee Retirement Income Security Act of 1974 (ERISA) liability standards are not clear. In many instances, ERISA fiduciary duty can extend to cybersecurity or data protection. And liability for violations of ERISA fiduciary duties is personal to the individual fiduciary. This article summarizes insights presented by Poyner Spruill, LLP attorneys at a recent Strafford program on the relationship between cybersecurity and ERISA. The panelists looked at recent breaches and litigation involving ERISA plans; evaluated when cybersecurity is a fiduciary duty under ERISA; analyzed whether ERISA preempts state cybersecurity and data-protection laws; and explored how plan sponsors can implement effective cybersecurity measures. See also “Navigating Data Breaches and Regulatory Compliance for Employee Benefit Plans” (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 3 No.13 (Jun. 28, 2017)

    How Financial Service Providers Can Use Blockchain to Improve Operations and Compliance (Part Two of Three)

    Blockchain technology – a distributed database used to immutably timestamp and record transactions – is most commonly thought of in the single context of digital currencies, yet its applications are varied and limited only by the objectives of the adopting users. There are many more practical applications of the technology that could greatly enhance the efficacy of the financial sector while also dramatically reducing its overhead expenses. In particular, the technology could help private funds streamline their operations in various ways while simultaneously improving their compliance protocols. This second article in our three-part series about blockchain in the financial sector discusses various potential uses of blockchain technology, such as reconciling trades and onboarding investors, to improve private fund operational efficiencies and compliance efforts. The first article explained how blockchain functions and provided examples of how major elements of the financial industry (e.g., derivatives trading and repurchase agreements) are already incorporating the technology. The third article will explore how and when the private funds industry will adopt the technology, while presenting issues related to that implementation. See also “Are New York’s Cyber Regulations a “Game Changer” for Hedge Fund Managers?” (Jun. 14, 2017). 

    Read Full Article …
  • From Vol. 3 No.13 (Jun. 28, 2017)

    Surveys Show Cyber Risk Remains High for Financial Services Despite Preventative Steps

    While financial services firms are spending more on key cybersecurity measures, the risk and the financial consequences of a breach remain high. Studies show that the average breach cost continues to rise in the U.S. and, for smaller financial firms especially, critical security gaps remain. This article highlights parts of three recent surveys conducted by Ponemon, TD Bank, and ACA Aponix with the National Society of Compliance Professionals that provide insight into the current state of vulnerabilities and benchmarking for financial firms. See “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 3 No.12 (Jun. 14, 2017)

    Basics of the Blockchain Technology and How the Financial Sector Is Currently Employing It (Part One of Three)

    “Blockchain” is frequently mentioned at financial services industry conferences as a transformative technology with the potential to “disrupt” the private funds industry, but uncertainty about it persists. This three-part series serves as a primer about the technology and its interplay with the financial services industry going forward. This first article provides an overview of how blockchain functions and examines how the finance industry is already using it. The second article will describe potential ways private funds and service providers can adopt blockchain technology to enhance fund operations and compliance practices. The third article will explore some of the risks impeding the growth of blockchain and address the most plausible timing and manner for it to be eventually adopted in the industry. See “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 3 No.12 (Jun. 14, 2017)

    Are New York’s Cyber Regulations a “Game Changer” for Hedge Fund Managers?

    Experts caution that the New York State Department of Financial Services’ cybersecurity regulations are relevant beyond the covered entities to hedge fund managers, for example, because compliance with the regulations may become the “gold standard.” Some state organizations, such as the Colorado Division of Securities, have already proposed similar rules following New York’s lead. Panelists at the recent Alternative Asset Management Symposium sponsored by Crystal & Company highlighted the key provisions and discussed how they may affect alternative asset managers and their service providers. The experts from Crystal, Brown Rudnick, Mullen Coughlin, Charles River Associates and Prosek Partners addressed the impact of the regulations, including the CISO’s role, third-party vetting and potential enforcement. See “What Covered Financial Entities Need to Know About New York’s New Cybersecurity Regulations” (Mar. 8, 2017).

    Read Full Article …
  • From Vol. 3 No.8 (Apr. 19, 2017)

    How to Ensure Cyber Risks Do Not Derail an IPO

    In preparation for a public offering, companies should expect scrutiny of their cybersecurity risks and the measures they take to address them, just as they do with other aspects of their business. Cyber risks and incidents can derail an IPO if they are not handled correctly. Gibson Dunn partners Andrew L. Fabens, Stewart L. McDowell and Peter W. Wardle spoke with The Cybersecurity Law Report about steps companies should take in preparing for an IPO, as well as the potential impact cybersecurity can have on the IPO process and stock price. See also “Tackling Cybersecurity and Data Privacy Issues in Mergers and Acquisitions (Part One of Two)” (Sep. 16, 2015); Part Two (Sep. 30, 2015).

    Read Full Article …
  • From Vol. 3 No.7 (Apr. 5, 2017)

    Best Practices for Mitigating Compliance Risks When Investment Advisers Use Social Media 

    The advent of Twitter, Facebook, LinkedIn and other social media forums has had a dramatic impact on society at large, including the investment funds industry. Yet, investment advisers and firms may not fully grasp the compliance and operational risks that new technologies and sites can pose. Questions abound as to whether social media can be used to provide material information to certain investors at the expense of others, when the line is crossed from informational content to marketing a fund and whether the social media accounts of individual employees and representatives need to be monitored for compliance purposes. In-house compliance officers, outside counsel and an SEC branch chief in the Chief Counsel’s Office of the SEC’s Division of Investment Management discussed and offered insights on these issues at a recent Regulatory Compliance Association PracticEdge session. See also “What It Takes to Establish Compliant Social Media Policies for the Workplace” (Mar. 22, 2017).

    Read Full Article …
  • From Vol. 3 No.5 (Mar. 8, 2017)

    What Covered Financial Entities Need to Know About New York’s New Cybersecurity Regulations

    Cybersecurity regulations from the New York State Department of Financial Services took effect on March 1, 2017. The scope of the regulations, which apply to financial institutions, insurance companies, and other financial services firms licensed by the State of New York, was narrowed to a degree following numerous industry comments on the proposed draft. This guest article by James Kaplan and Moein Khawaja, partner and associate at Quarles & Brady, explains the new requirements and changes from previous versions, and provides guidance regarding the implementation of the regulations and best cybersecurity practices related to the current regulatory environment. They also predict what future regulation might look like in this area. See also “Preparing to Meet the Deadlines of DFS’ Revised New York Cybersecurity Regulation” (Jan. 25, 2017).

    Read Full Article …
  • From Vol. 3 No.3 (Feb. 8, 2017)

    How Fund Managers Can Prepare for Investor Cybersecurity Due Diligence 

    Cybersecurity remains a top-of-mind issue for regulators, investors and investment advisers. As part of operational due diligence, investors often evaluate whether an adviser has robust cybersecurity defenses. Similarly, advisers must ensure that their administrators, brokers and other third parties have appropriate defenses. A recent program hosted by the Investment Management Due Diligence Association gave specifics on what investors may be looking for, including due diligence questions they may ask and how they may evaluate a firm’s cybersecurity program, including its cyber insurance. See also our two-part series on vendor risk management “Nine Due Diligence Questions” (May 25, 2016), and “14 Key Contract Terms” (June 8, 2016). 

    Read Full Article …
  • From Vol. 3 No.2 (Jan. 25, 2017)

    Preparing to Meet the Deadlines of DFS’ Revised New York Cybersecurity Regulation

    The New York State Department of Financial Services proposed a cybersecurity regulation that raised many eyebrows when it was first introduced in September 2016. Taking into account the over 150 comments it received, the DFS published an updated version of the regulation at the end of 2016 and delayed the effective date by two months – until March 1, 2017. In this interview, Patterson Belknap Webb & Tyler LLP partner Craig A. Newman offers insight on what the new regulation means to covered institutions and the actions companies will need to take to be in compliance. See also “Steps Financial Institutions Should Take to Meet New York’s Proposed Cybersecurity Regulation” (Sep. 21, 2016).  

    Read Full Article …
  • From Vol. 3 No.2 (Jan. 25, 2017)

    FINRA Emphasizes the Importance of Proper Electronic Record Storage in Enforcement Actions

    Accurate recordkeeping is one of the core duties of broker-dealers and investment advisers. As the number of electronic records has exploded in recent years, so have the risks of hacks or other malicious acts. FINRA recently settled enforcement actions against 12 of its members, imposing a total of $14.4 million in fines, for their failures to store electronic records in “write once, read many” (commonly referred to as “WORM”) format, as well as other violations of SEC recordkeeping rules. In its press release, FINRA emphasized that the deficiencies affected hundreds of millions of records, and the need to maintain records in the WORM format because “the volume of sensitive financial data stored electronically has risen exponentially and there have been increasingly aggressive attempts to hack into electronic data repositories, posing a threat to inadequately protected records.” This article explores the violations and key terms of the eight separate FINRA Letters of Acceptance, Waiver and Consent (AWCs). See also “FINRA Lays Out Cyber Expectations in Action Against Broker-Dealer” (Dec. 14, 2016).

    Read Full Article …
  • From Vol. 2 No.25 (Dec. 14, 2016)

    FINRA Lays Out Cyber Expectations in Action Against Broker-Dealer

    A recent FINRA action against Lincoln Financial Securities Corporation, a general securities business, involving the firm’s alleged failure to safeguard customer data, preserve customer records and implement an appropriate supervisory system sheds light on regulatory expectations for a range of sectors. This article explains the alleged misconduct, the terms of the settlement, the remedial measures the firm is implementing, and the cybersecurity measures FINRA expects firms to take. See also “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 2 No.21 (Oct. 19, 2016)

    How the Financial Services Industry Can Handle Cybersecurity Threats, Acquisition Diligence and Breach Response

    The financial services sector is often praised as having some of the most mature cybersecurity practices, but it also holds especially sensitive data and is one of the most common targets for malicious hackers. Asset managers in particular are confronted with general cybersecurity risks while navigating industry nuances. At a recent panel hosted by Major, Lindsey & Africa, Debevoise partners Luke Dembosky and Jim Pastore, both former federal prosecutors, addressed emerging cybersecurity threats, risks from vendors, potential breaches in a pre-acquisition and post-acquisition context, breach response and special considerations for breaches of investor or consumer data. Much of the advice is relevant to all companies grappling with data security risks and breach consequences. See also our two-part series on how the financial services sector can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape (Part One of Two)” (Dec. 9, 2015); “A Plan for Building a Cyber-Compliance Program (Part Two)” (Jan. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.20 (Oct. 5, 2016)

    FCA Director Lays Out Cybersecurity Expectations for Financial Services Firms

    To safeguard sensitive personal and financial data and assets, and to protect the stability of the financial markets, an industry-wide “security culture” is necessary in the financial services sector. Firms of all sizes and profiles must actively and continually refine their governance, detection and prevention methods in response to the ever-evolving threat. This was the theme of a speech delivered by Nausicaa Delfas, Director of Specialist Supervision for the U.K. Financial Conduct Authority (FCA), at the recent FT Cyber Security Summit.  The key points of the speech are directed at financial firms, but offer useful insight into the U.K. regulator’s priorities and advice for any company looking to improve its “security culture.” For a comparison of the FCA and SEC stances on cybersecurity, see our two-part series “Navigating FCA and SEC Cybersecurity Expectations (Part One of Two)” (Jan. 6, 2016); Part Two (Jan. 20, 2016). 

    Read Full Article …
  • From Vol. 2 No.19 (Sep. 21, 2016)

    Steps Financial Institutions Should Take to Meet New York’s Proposed Cybersecurity Regulation

    With the ever-growing threat posed to the financial services industry by nation-states, terrorist organizations and independent criminal actors, earlier this month New York Governor Andrew Cuomo announced a proposed regulation that would require financial institutions to develop and implement cybersecurity programs to prevent and mitigate cyber attacks. After a 45-day comment period, following the upcoming publication in the New York State Register on September 28, the regulation is set to become effective January 1, 2017. “Even though the rules are not final, regulated financial institutions should begin considering how to comply today,” Orrick partner and cybersecurity & data privacy team co-chair Aravind Swaminathan told The Cybersecurity Law Report. In this article, we outline what companies need to do to be compliant with the new proposed regulation. See also “How the Financial Services Industry Can Manage Cyber Risk” (Jul. 20, 2016). 

    Read Full Article …
  • From Vol. 2 No.16 (Aug. 3, 2016)

    Procedures for Hedge Fund Managers to Safeguard Trade Secrets From Rogue Employees 

    In an era when high-profile data theft cases have shaken some people’s faith in the security of personal information entrusted to fund managers, it is critically important for firms to take steps to detect, prevent and address such thefts by rogue employees. This is of particular urgency for hedge fund managers now that the SEC has stepped up its focus on cybersecurity. Data security and the measures that can help safeguard trade secrets and sensitive information were the focus of a recent Hedge Fund Association panel discussion featuring participants from the law firm Gibbons, the litigation consulting firm DOAR and the hedge fund Litespeed Partners. See also “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 2 No.15 (Jul. 20, 2016)

    How the Financial Services Industry Can Manage Cyber Risk

    Financial services providers and financial institutions are prime targets for hackers, and have also been targets of SEC scrutiny – the agency has recently brought actions against Morgan Stanley, Craig Scott Capital, and RT Jones for cybersecurity violations, even in the absence of a breach. How can firms in those industries ensure their cybersecurity programs are robust and mitigate risk? At a recent symposium held by the Hedge Fund Association, panelists with various cybersecurity perspectives and expertise shared their insight on preparedness, incident response plans, vendor management, cyber insurance (including recommendations for carriers) and whether to use cloud services. See also our two-part series on how the financial services sector can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape (Part One of Two)” (Dec. 9, 2015); “A Plan for Building a Cyber-Compliance Program (Part Two)” (Jan. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.13 (Jun. 22, 2016)

    Morgan Stanley Action Signals SEC’s Continued Enforcement of Safeguards Rule

    Morgan Stanley Smith Barney may have escaped charges under Section 5 of the Federal Trade Commission Act, but it has agreed to pay $1 million to settle charges that it violated the Safeguards Rule. The settlement stems from allegations that employee Galen Marsh transferred data containing the PII of 730,000 customers to his personal server. That data later appeared on multiple internet sites. There was no harm alleged, and this settlement, coupled with the R.T. Jones and Craig Scott Capital actions, may show that the SEC is picking up enforcement of the Safeguards Rule. “Here, the SEC clearly is trying to make a statement to the broker-dealer and investment adviser community about how seriously it takes cyber. This also seems like a message to the FTC that the SEC intends to be the key cop on this part of the cyber beat,” Jeremy Feigelson, a partner at Debevoise, told The Cybersecurity Law Report. We analyze the settlement and its implications. See also “How Financial Service Providers Can Address Common Cybersecurity Threats” (Mar. 16, 2016).

    Read Full Article …
  • From Vol. 2 No.10 (May 11, 2016)

    SEC Teaches Broker-Dealer a Lesson About Keeping Business Emails Secure

    In its continued enforcement of appropriate cybersecurity controls, the SEC initiated administrative proceedings against Craig Scott Capital, LLC (CSC), a broker-dealer based in Uniondale, New York, and its two principals for failing to protect confidential consumer information by using personal email addresses for business matters. “The enforcement action, including the fines imposed, reflects how seriously SEC takes the adoption of and compliance with proper policies and procedures,” Anastasia Rockas, a partner at Skadden, told The Cybersecurity Law Report. The SEC, alleging no harm to consumers, fined CSC $100,000 and its two principals $25,000 each. See also “Investment Adviser Penalized for Weak Cyber Polices; OCIE Issues Investor Alert” (Sep. 30, 2015).

    Read Full Article …
  • From Vol. 2 No.6 (Mar. 16, 2016)

    How Financial Service Providers Can Address Common Cybersecurity Threats

    The National Futures Association’s Interpretive Notice on cybersecurity, which became effective on March 1, 2016, calls for NFA members to adopt an Information Systems Security Program robust enough to guard against increasingly sophisticated cybersecurity threats. Senior NFA personnel and industry experts recently gathered at a workshop to give advice on complying with the Notice and how to strengthen a firm’s ability to prevent, detect and remediate cybersecurity incidents. This article covers the panelists’ discussion of critical cybersecurity threats; cybersecurity response plans; training; and other practical cybersecurity measures. For previous coverage of the NFA workshop, see “Expert Advice on Newly Effective NFA Cybersecurity Requirements for Market” (Mar. 2, 2016). See also CSLR’s two-part series on how the financial services sector can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape (Part One of Two)” (Dec. 9, 2015); “A Plan for Building a Cyber-Compliance Program (Part Two)” (Jan. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.5 (Mar. 2, 2016)

    Expert Advice on Newly Effective NFA Cybersecurity Requirements for Market Participants

    How will the National Futures Association’s new Interpretive Notice on cybersecurity (effective March 1, 2016) change data and electronic system security requirements for NFA members? The NFA recently held a Cybersecurity Workshop featuring a number of senior NFA personnel and industry experts to discuss the particulars of the Notice and provide insight into what NFA examiners will be looking for when they conduct member examinations. The program, which was moderated by NFA director Amy McCormick, included NFA directors Shuna Awong, Patricia Cushing and Dale Spoljaric, as well as industry participants Patricia Donahue, senior vice president and chief compliance officer at Rosenthal Collins Group LLC; Buddy Doyle, founder and CEO of Oyster Consulting; and Peter Salmon, a senior director at the Investment Company Institute. See also “New NFA Notice Provides Cybersecurity Guidance to Futures and Derivatives Market” (Nov. 11, 2015).

    Read Full Article …
  • From Vol. 2 No.2 (Jan. 20, 2016)

    Navigating FCA and SEC Cybersecurity Expectations (Part Two of Two)

    When designing cyber-compliance programs, financial firms operating in multiple jurisdictions must adopt a coordinated approach to cybersecurity that meets the divergent regulatory requirements of all jurisdictions in which they are doing business. This two-part series examines the operations of the U.K. Financial Conduct Authority (FCA) and the SEC, both of which have increased their focus on cybersecurity, albeit with differing approaches. Part One discussed the FCA and SEC as regulators of financial services in their respective jurisdictions and outlined the guidance issued, and the methods adopted, by the two regulators. This article explores how asset managers and others in the financial sector can navigate the current regulatory environments, including existing guidance, in the U.S. and U.K., and simultaneously satisfy the requirements of each regulator. See also Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part One of Two)” (Jun. 17, 2015); Part Two (Jul. 1, 2015) and “Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two) (May 6, 2015); Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    Navigating FCA and SEC Cybersecurity Expectations (Part One of Two)

    Given the increased scrutiny of cybersecurity by governments around the globe, regulated entities operating in more than one jurisdiction must be aware of the relevant regulatory cybersecurity expectations.  This two-part series looks at the operations of the U.K. Financial Conduct Authority (FCA) and the SEC, both of which have increased their focus on cybersecurity, but with differing approaches.  Part One discusses the FCA and SEC as regulators of financial services in their respective jurisdictions and outlines the guidance issued, and the methods adopted, by the two regulators.  Part Two will explore how the financial sector is navigating the current regulatory environments, including existing guidance, in the U.S. and abroad and how the industry can simultaneously satisfy the requirements of each regulator.  See also “Meeting Expectations for SEC Disclosures of Cybersecurity Risks and Incidents (Part One)” (Aug. 12, 2015) and Part Two (Aug. 26, 2015).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    Cybersecurity and Whistleblowing Converge in a New Wave of SEC Activity

    The SEC has long-prioritized incentivizing corporate whistleblowers to report violations of the securities laws, and protecting them when they do.  Increasingly, the federal agency also has vigorously enforced certain key aspects of cybersecurity, as its importance has permeated every facet of the way registered entities operate.  In a recent webinar, Orrick attorneys Mark Mermelstein, Jill Rosenberg and Renee Phillips examined how these two formerly disassociated areas of regulatory enforcement are converging in a new wave of SEC guidance and enforcement.  This article discusses the practitioners’ insights on the SEC’s recent initiatives and enforcement actions both in cybersecurity and whistleblowing contexts; the applicable regulations; and how companies can address and mitigate the risks of cybersecurity whistleblower actions.  See also “The SEC’s Updated Cybersecurity Guidance Urges Program Assessments” (May 6, 2015).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    How the Financial Services Sector Can Meet the Cybersecurity Challenge: A Plan for Building a Cyber-Compliance Program (Part Two of Two)

    Despite the abundance of principles-based cybersecurity guidance provided by regulators, interpreting those principles and turning them into actionable items remains a formidable task.  Nevertheless, financial services professionals have a fiduciary duty to devote best efforts to mitigating cyber risk by building an appropriate risk management solution.  In a guest article, the second in a two-part series, Moshe Luchins, the deputy general counsel and compliance officer of Zweig-DiMenna Associates LLC, provides a practical blueprint to build a cyber-compliance program.  Many aspects of the blueprint are not only applicable to those in the financial industry but to other sectors as well.  The first article explored current regulatory expectations applicable to the financial services sector.  See also “Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two)” (May 6, 2015) and Part Two (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    How the Financial Services Sector Can Meet the Cybersecurity Challenge:  A Snapshot of the Regulatory Landscape (Part One of Two)

    The cyber focus has become increasingly intense for the financial services sector.  Industry compliance personnel are challenged to keep up with cybersecurity requirements in this area, with new major regulatory developments occurring on a regular basis.  In a guest article, the first in a two-part series, Moshe Luchins, the deputy general counsel and compliance officer of Zweig-DiMenna Associates LLC, explores the current cybersecurity regulatory expectations applicable to the financial services sector.  The second article will provide a practical blueprint for building a cyber compliance program.  See also “Debunking Cybersecurity Myths and Setting Program Goals for the Financial Services Industry,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 1 No.16 (Nov. 11, 2015)

    New NFA Notice Provides Cybersecurity Guidance to Futures and Derivatives Market

    Cybersecurity in the futures and derivatives market is “perhaps the single most important new risk to market integrity and financial stability,” according to Commodity Futures Trading Commission Chairman Timothy Massad.  The National Futures Association (NFA), a self-regulatory organization responsible for the registration of certain market participants, recently received approval from the CFTC of its Interpretive Notice to several existing NFA compliance rules.  The new guidance will provide more specific standards for supervisory procedures and will require NFA members to adopt and enforce written policies and procedures to secure customer data and electronic systems.  “The approach of the Interpretive Notice is to tie cybersecurity best practices to a firm’s supervisory obligations,” Stephen Humenik, a Covington & Burling partner, told The Cybersecurity Law Report.  See also “Debunking Cybersecurity Myths and Setting Program Goals for the Financial Services Industry,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    MasterCard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part Two of Two)

    With threat vectors increasing at least as rapidly as new technology, companies need to be well-versed in how to recognize and prevent cyber attacks.  In the second installment of our coverage of PLI’s recent Cybersecurity 2015: Managing the Risk program, two top-level executives and leaders in cybersecurity, Jenny Menna, U.S. Bank’s cybersecurity partnership executive, and Greg Temm, vice president for information security and cyber intelligence at MasterCard, tackle mitigating cyber risk.  They discuss, among other things: information sharing efforts; eight important components of an information technology ecosystem; and how to prevent cyber attacks at home and in the office.  In the first article in the series, they addressed the current cyber landscape, prevalent threats, and responses to those threats that are being implemented by the government, regulators and private companies.  See also “Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.14 (Oct. 14, 2015)

    MasterCard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part One of Two)

    Two senior-level executives in the financial industry, leading cybersecurity experts, recently offered their views on how they are balancing the lure of new technology with the associated risks.  In this article, the first in a two-part series covering the PLI program “Cybersecurity 2015: Managing the Risk,” Jenny Menna, the cybersecurity partnership executive at U.S. Bancorp and Greg Temm, vice president for information security at MasterCard, and responsible for MasterCard’s cyber intelligence program, address: the current cyber landscape; the most pressing threats across industries; and how the government, regulators and private companies are responding to those threats.  In the second article, they tackle mitigating cybersecurity risk, including industry projects geared toward improving the overall cybersecurity ecosystem; and tips for avoiding cyber threats at work and home.  See “The SEC’s Updated Cybersecurity Guidance Urges Program Assessments,” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015).

    Read Full Article …
  • From Vol. 1 No.13 (Sep. 30, 2015)

    What the OCIE Cybersecurity Risk Alert Means for Investment Advisers and Broker-Dealers

    Continuing its emphasis on the cyber-preparedness of broker dealers, the SEC Office of Compliance Inspections and Examinations (OCIE) announced a second round of examinations “to assess implementation of firm procedures and controls.”  On September 15, 2015, OCIE issued a Risk Alert detailing its concerns, as well as sample requests for information in six focus areas: governance and risk assessments, access controls, data security, vendor management, training and incident response.  We analyze the alert and explore the cybersecurity implications for investment advisers and broker-dealers.  See also “Meeting Expectations for SEC Disclosures of Cybersecurity Risks and Incidents (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 10 (Aug. 12, 2015); Part Two, Vol. 1, No. 11 (Aug. 26, 2015).

    Read Full Article …
  • From Vol. 1 No.13 (Sep. 30, 2015)

    Investment Adviser Penalized for Weak Cyber Polices; OCIE Issues Investor Alert

    So far, the SEC’s focus on cybersecurity has largely been relegated to providing guidance to registrants and learning about the state of cybersecurity preparedness through focused examinations.  One sign that the SEC will go further and take action against firms that fail to follow that guidance, regardless of whether harm is alleged, is the recent settlement with investment adviser R.T. Jones Capital Equities Management, Inc.  The firm suffered a cybersecurity breach that compromised information of over 100,000 retirement plan participants and has agreed to pay a $75,000 fine to settle the charges that it violated the Safeguards Rule.  The SEC released a related Investor Alert that offers guidance to individual investors who believe that their personally identifiable information has been compromised.  We provide the highlights.  See also “The SEC’s Two Primary Theories in Cybersecurity Enforcement Actions,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.11 (Aug. 26, 2015)

    The Development of E-Currency and Its Potential Impact on the Future

    The rapid evolution of decentralized digital currency, like Bitcoin, has been tumultuous.  Without any central authority such as a government, company or bank in charge, it has been riddled with criminal activity, public skepticism and fluctuation in value.  Yet, this revolutionary technology has been recognized by some for the tremendous benefits it can provide in many different environments around the world.  During a recent panel at PLI’s TechLaw Institute 2015: The Digital Evolution, panelists gave an overview of the Bitcoin technology and how it works, and explored the related events of the last several years from a development and a legal enforcement standpoint.  They also shared their view of the future of digital currency.

    Read Full Article …
  • From Vol. 1 No.10 (Aug. 12, 2015)

    Can an Employee Be Liable for Inadvertently Providing Security Details to a Fraudulent Caller?

    An investment management firm’s CFO allowed a fraudulent caller to obtain security details leading to the illegitimate transfer of nearly $1.16 million from the firm’s accounts and is liable for the damages, a new claim filed in the U.K. High Court of Justice alleges.  The firm says that its CFO acted negligently and in breach of his contractual, tortious and fiduciary duties in failing to protect assets in corporate bank accounts.  The CFO – who believed he was providing security details to a member of the anti-fraud team of the firm’s’ private bank – denies these allegations, asserting that he was acting honestly, in what he reasonably and genuinely believed to be the best interests of his employer.  We examine the claim, the defense, and six issues the case raises relating to cybersecurity and employees.  See also “Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 3 (May 6, 2015); Part Two of Two, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.7 (Jul. 1, 2015)

    Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part Two of Two)

    Cybersecurity is one important element of an investment manager’s overall regulatory compliance responsibilities.  Although not explicitly required by SEC regulations, it is clear that the SEC and other regulators expect fund managers to test for cybersecurity vulnerabilities and preparedness.  A recent program sponsored by K&L Gates and the Investment Advisors’ Association featuring experts from those entities as well as BNY Mellon and Nth Generation explored the most effective and efficient testing methods   This article, the second in a two-part series, discusses testing approaches; vulnerability assessments; penetration testing; and recent SEC and private litigation on cybersecurity matters.  The first article summarized the panelists’ discussion of the legal and compliance framework for cybersecurity testing; testing considerations; and how to leverage OCIE’s recent cybersecurity examination initiative to improve cybersecurity compliance and testing.  See also “The SEC’s Two Primary Theories in Cybersecurity Enforcement Actions,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.6 (Jun. 17, 2015)

    Regulatory Compliance and Practical Elements of Cybersecurity Testing for Fund Managers (Part One of Two)

    Cybersecurity is one important element of a fund manager’s overall regulatory compliance responsibilities.  Although not explicitly required by SEC regulations, it is clear that managers are expected to test for cybersecurity vulnerabilities and preparedness.  Such testing was recently considered in depth at a program sponsored by K&L Gates and the Investment Adviser Association (IAA).  The program was moderated by Mark C. Amorosi, a partner at K&L Gates.  The other speakers were Laura L. Grossman, assistant general counsel at IAA; Jason Harrell, corporate senior information risk officer at BNY Mellon; Jeromie Jackson, director of security & analytics at Nth Generation; and K&L Gates partners Jeffrey B. Maletta and Andras P. Teleki.  This article, the first in a two-part series, details the panelists’ discussion of the legal and compliance framework for cybersecurity testing; testing considerations; and how to leverage OCIE’s recent cybersecurity examination initiative to improve cybersecurity compliance and testing.  The second article will discuss testing approaches; vulnerability assessments; penetration testing; and recent SEC and private litigation on cybersecurity matters.  See “The SEC’s Two Primary Theories in Cybersecurity Enforcement Actions,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.5 (Jun. 3, 2015)

    Navigating Data Breaches and Regulatory Compliance for Employee Benefit Plans

    Employee benefit plans, including health and pension plans, are prime targets of hackers, as evident from the most recent Anthem and Premera crises, and the proper proactive and reactive steps are key to mitigating breach risk and breach fallout.  In a recent Strafford webinar, Ogletree Deakins attorneys Vance E. Drawdy, Timothy G. Verrall and Stephen A. Riga shared their insights on best practices for fiduciaries and sponsors to navigate the complex state and federal regulations on data breaches that are applicable to ERISA benefit plans.  This article details some of their advice on preventing, assessing and responding to a plan data breach.  See also “Steps to Take Following a Healthcare Data Breach,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 1 No.4 (May 20, 2015)

    Analyzing and Mitigating Cybersecurity Risks to Investment Managers (Part Two of Two)

    The financial services industry, a favorite target of hackers, is especially vulnerable to cybersecurity threats.  A recent program sponsored by K&L Gates and the Investment Adviser Association addressed the difficult and high-stakes cybersecurity issues investment managers are facing.  This article, the second in a two-part series, discusses the panel’s views on mitigating cybersecurity risks.  The first article summarized the key points raised by the panel relating to the costs of cyber breaches; applicable laws and regulations; and cyber threats.  The program was moderated by Mark C. Amorosi, a partner at K&L Gates, and featured a panel consisting of Jeffrey Bedser, CEO of iThreat Cyber Group; Laura L. Grossman, assistant general counsel of the IAA; Andras P. Teleki, a partner at K&L Gates; and E.J. Yerzak, vice president at Ascendant Compliance Management.

    Read Full Article …
  • From Vol. 1 No.3 (May 6, 2015)

    Analyzing and Mitigating Cybersecurity Threats to Investment Managers (Part One of Two)

    Financial services firms are a key target of hackers and responding to the breaches they may cause does not come cheap – the average response cost in the financial services sector is more than double the overall average of $5.84 million, according to data from the Ponemon Institute LLC.  As incidents increase, regulators are paying closer attention and firms are spending more on cyber preparedness.  A recent program sponsored by K&L Gates and the Investment Adviser Association surveyed the current cybersecurity threat environment and SEC cybersecurity initiatives for the financial services sector; summarized the applicable laws and regulations that bear on cybersecurity; considered the multitude of cybersecurity risks faced by investment managers; and offered a number of strategies for mitigating those risks. 

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    Debunking Cybersecurity Myths and Setting Program Goals for the Financial Services Industry

    The financial sector has been an obvious target of hackers for a long time.  Increased scrutiny of firms’ security from regulators, including the SEC, and customers has raised the stakes even further as firms try to stay ahead of risks.  ACA Compliance Group recently presented a program to help those regulated industries navigate the current cybersecurity landscape.  The panelists, Raj Bakhru and Marc Lotti, both partners at ACA Aponix (the cybersecurity and risk arm of ACA Compliance Group), offered insights into what advisers and fund managers may expect from regulators going forward; discussed common misperceptions about cybersecurity; and explored goals of cybersecurity and technology risk programs. 

    Read Full Article …