SEC Charges Investment Adviser with Failure to Adopt Cybersecurity Policies and Procedures

 
Sunday, December 13, 2015

The rules require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information.  The SEC has already launched its second sweep in regards to cybersecurity and has now fined R.T. Jones Capital Equities Management $75,000 for failure to have policies and procedures to mitigate a data breach.

According to the SEC’s order:

  • T. Jones stored sensitive personally identifiable information (“PII”) of clients on its third party-hosted web server from September 2009 to July 2013.
  • The firm’s server was attacked in July 2013 by an unknown hacker who gained access and copy rights to the data on the server, rendering the PII of more than 100,000 individuals vulnerable to theft.
  • The firm failed entirely to adopt written policies and procedures reasonably designed to safeguard customer information.  (I.e. conduct periodic risk assessments, implement a firewall, encrypt PII stored on server, or maintain a response plan for cybersecurity incidents.)

Even though the firm has not received any indications of a client suffering financial harm as a result of the cyber attack, the firm was censured and fined.

“As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients,” said Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit.  “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”

Please click here for more information regarding this case.

Need help creating and implementing your cybersecurity policy? Let Red Oak guide you in protecting your client’s PII. Do not make the mistake of thinking it will never happen to you.

About Red Oak Compliance Solutions

Red Oak Compliance Solutions is the global advertising review software of choice in the financial services industry. It is a comprehensive suite of SEC 17A-4 compliant features that are 100% books and records compliant and provides clients with 35% faster approvals and 70% fewer touches or better. We also offer Smart Review(SM), which solves for the storage and maintenance of disclosures, helping firms reduce risk, decrease review times, and increase the speed of distribution of marketing materials. Smart Registration(SM) automates the licensing and registration management process to help reduce regulatory risk and time spent on manual processes. Overall, Red Oak allows firms to minimize risk, reduce costs, and increase compliance review process effectiveness and efficiencies.