Securities and Exchange Commission (SEC) 2017 Examination Priorities Emphasize Cybersecurity
October 6th, 2016
What this means for firms in the securities industry is that if they haven’t already taken steps towards meeting the stringent requirements laid out in 2014, they should hurry towards that, so that they don’t incur charges the way R. T. Jones Capital Equities Management did. R. T. Jones violated the “safeguards rule” by not keeping written policies and procedures to ensure the security and confidentiality of personally-identifiable information (PII), implement a firewall, encrypt PII on its server, and maintain a response plan for cybersecurity incidents.
While the fine is one aspect, the firm also had to write to all of their 100,000 customers letting them know that they had a security breach in July 2013 and let a China-based intruder steal their customers’ information. They also had to offer to pay for credit monitoring services for all of their customers.
In this environment, securities industry companies need to meet and exceed every cybersecurity requirement of the SEC so as never to compromise the data of their customers, and have to send out those embarrassing letters to their customers, explaining that the customers’ data was compromised, and risk losing those hard-earned customers!