The Securities and Exchange Commission announced that a St. Louis-based investment adviser has agreed to settle charges that it failed to establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients.
The federal securities laws require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information. An SEC investigation found that R.T. Jones Capital Equities Management violated this “safeguards rule” during a nearly four-year period when it failed to adopt any written policies and procedures to ensure the security and confidentiality of PII and protect it from anticipated threats or unauthorized access.
“As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients,” said Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit. “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”
Don’t let your firm end up in the news. Contact ACE IT Solutions to ensure you are meeting the SEC’s cybersecurity requirements.
ACE IT Solutions helps financial firms meet SEC cyber security requirements, including developing written policies and procedures to protect PII. Contact us at 646.558.5575 for more details on our cyber security solutions for financial firms.
View the full press release here: http://www.sec.gov/news/pressrelease/2015