Financial Regulatory Forum

Safeguard customers’ personal information; regulators are watching

By Julie DiMauro, Compliance Complete

NEW YORK, Sept. 19, 2014 (Thomson Reuters Accelus) - In a sanction that can serve as a wake-up to the financial industry, Verizon Communications last week agreed to pay $7.4 million to end an investigation that found it failed to tell two million new customers about their privacy rights before using their information for marketing purposes, the Federal Communications Commission said.

The privacy probe highlights the vigilance that must be paid to consumer privacy rights to meet regulators’ requirements. Although the financial industry mostly answers to different regulators, it too is subject to laws and regulations protecting the privacy of its customers. (more…)

IA brief: Account takeovers are big cybersecurity risk for advisers

By Jason Wallace, Compliance Complete

NEW YORK, April 24, 2014 (Thomson Reuters Accelus) - A recent cybersecurity roundtable hosted by the Securities and Exchange Commission should act as a call to action for investment advisers, as the threat of cyber attacks is high for all companies and increasing daily, say event panelists.

Investment advisers, whether small or midsize, are not immune from these attacks and now is a good time to recognize the firm’s risks, review available guidance, hone formal policies and procedures, and preparing for an imminent SEC exam module concerning cybersecurity. (more…)

IA brief: SEC opens door to social media ratings and client lists

By Jason Wallace, Compliance Complete

NEW YORK, April 22, 2014 (Thomson Reuters Accelus) - The Securities and Exchange Commission’s guidance update this week on investment adviser use of social media and the applicability of the testimonial rule will help ease uncertainty over using of certain features of social media sites like Yelp, Foursquare, Facebook and LinkedIn.

The guidance, in the form of 9 questions and answers, primarily focused on the use of third-party review sites and whether it would trigger a testimonial violation. The guidance included specific examples opening the door to using Yelp, Foursquare or a similar site that offers a business review feature, granted certain conditions are achieved. (more…)

Forget HFT; “High Intelligence Trading” is the new frontier for technology, markets, regulation

By Henry Engler, Compliance Complete

NEW YORK, Apr. 10, 2014 (Thomson Reuters Accelus) - While fast is good, smart is better, and with untold resources of computing power and memory banks in the clouds, the new frontier in electronic trading combines sophisticated intelligent software with rapid-fire processing, enabling traders to stay one step ahead of the regulators.

“What’s the difference between pure speed and adding intelligence to that speed?” asked Terry Keene, head of iSys, a technology integration firm, at a conference focused on high performance computing. The answer is “big data analytics” that brings decision-making and trading to a “near-time” environment, he added. (more…)

Book by high-profile author Lewis may spur high-frequency-trading reform push, success unclear

By Emmanuel Olaoye, Compliance Complete

WASHINGTON/NEW YORK, Apr. 2, 2014 (Thomson Reuters Accelus) - During a clip on Sunday night’s “60 Minutes” program, host Steve Kroft asked bestselling author Michael Lewis why he was so opposed to high frequency trading.

“If it wasn’t so complicated, it would be illegal,” said Lewis, who is the author of a new book called “Flash Boys: A Wall Street Revolt.”  (more…)

Cybersecurity and the board of directors: avoiding personal liability — Part II of III

By Steven L. Caponi, Compliance Complete contributing author

NEW YORK, Aug. 6 (Thomson Reuters Accelus) - The first article in this three-part series discussed how legal principles governing directors’ fiduciary duties may be applied to cybersecurity and the risks posed by cyber attacks. To summarize, Delaware’s corporate law places an affirmative obligation on fiduciaries to keep informed of serious risks facing the enterprise. The failure to exercise appropriate oversight in the face of known risks constitutes a breach of the duty of loyalty, a breach that cannot be exculpated under 8 Del. C. §102(b)(7).

In Part II of this series, we explore the “red flags” placing directors on notice of their obligation to proactively manage cyber security risks, and that expose a complacent board to costly litigation and the specter of personal liability. When evaluating whether a particular issue warrants board consideration, directors and officers should look at the nature of the risk, its potential impact on the company, and the extent to which the risk is foreseeable.  (more…)

Cybersecurity and the board of directors: avoiding personal liability – Part I of III

By Steven L. Caponi, Contributing author for Compliance Complete

NEW YORK, July 25 (Thomson Reuters Accelus) - The likelihood of a cybersecurity breach hitting one’s company in the near future is as certain as will be the resulting drop in shareholder value, finger pointing, fines, regulatory headaches and civil litigation alleging the board was asleep at the wheel in the face of a known danger. In a letter to the Chairman of the Securities and Exchange Commission from five U.S. senators, including Commerce committee Chairman Jay Rockefeller, the Senators noted:

“Every day, malicious actors attack and disrupt computer networks to steal valuable trade secrets, intellectual property, and financial and confidential information, causing significant damage to the United States Government, our citizens, our business, and our country.”  (more…)

Cybersecurity in Canada: Finance industry, government seek ways to share data

By Daniel Seleanu, Compliance Complete

TORONTO/NEW YORK, July 18 (Thomson Reuters Accelus) - More cooperation with government intelligence agencies would improve the Canadian financial industry’s cyber security capabilities, regulatory and industry experts told Thomson Reuters. Financial institutions have deployed defences, but face considerable threat from cyber-criminals intent on committing fraud, stealing sensitive information, and disrupting their networks.

To mitigate those risks, security and financial experts have called for an enhanced information-sharing system that would allow firms to provide detailed cyber-attack statistics to the government in exchange for intelligence on emergent threats and mitigation strategies. To date, attempts to establish such a system have had little result.  (more…)

Kill switches may be too difficult to implement despite new call by CFTC member, expert says

By Emmanuel Olaoye, Compliance Complete

WASHINGTON, Oct. 17 (Thomson Reuters Accelus) - CFTC Commissioner Bart Chilton has called for high frequency traders, or “cheetahs” to face so-called kill switches that would shut down a broker dealer’s trading over erroneous orders or technology glitches. But a trading expert said the measure may be too difficult to implement in practice.

The problem with kill switches lies with the timing of the decision to turn off electronic trading, said Bernard Donefer, a professor of Trading Technology and Risk management in financial markets at Baruch College and NYU Stern School of Business.  (more…)

Financial cybercrime a national security threat, U.S. Justice Department official warns

By Julie DiMauro and Stuart Gittleman

NEW YORK, Sept. 21 (Thomson Reuters Accelus) - U.S.-based financial services institutions that don’t tell law enforcement agencies about having been victimized by cybercrime are compromising the nation’s security as well as that of their firms, a top Department of Justice official warned this week.

The remarks on Wednesday by Lanny Breuer, assistant attorney general for the department’s criminal division, came as a financial industry group warned banks to be on heightened alert for cyber attacks after Bank of America and JPMorgan Chase experienced unexplained outages on their public websites. (more…)

  •