Displaying 45 results
Finra caught up in email phishing scheme
A new cybersecurity alert warns member firms to be wary of fraudulent messages impersonating key members of the regulator’s leadership.
Osaic, Securities America fined by Finra over cybersecurity
The regulator fined the firms $150,000 each for failures related to protecting thousands of clients’ private information and cybersecurity gaffes.
Grayscale places bet on data privacy with industry-first ETF
Crypto asset management giant seeks to invest in data privacy providers, as well as blockchain and AI-based cybersecurity.
Giant bank goes old school as hack bites
Regulators, governments try to assess fallout as suspected Russian cyberattack creates mayhem.
AI scams contribute to rise in investment fraud
A record $3.82 billion was stolen through investment fraud in 2022, a 128% increase over the previous year.
Retirement Clearinghouse reports data breach
Social Security and account numbers were compromised in a phishing attack, but accounts were not accessed, according to the firm.
SEC proposes first cybersecurity rule for investment advisers
Under the regulation, advisers would have to adopt and implement policies and procedure to address cyber risks and report incidents to the SEC and on their Form ADV.
SEC warns of widespread issues with robo-advice
The agency issued a risk alert and deficiency letters to almost all of the robo-advisers examined, citing shortcomings in how the companies manage portfolios and disclose conflicts. The alert could signal future enforcement actions.
Protecting client data in account aggregation
It’s up to advisers to communicate with investors who need help with understanding the management of risk across multiple accounts.
Prepping fintech platforms for the next cyberattack
It’s critical for fintech firms to have incident response plans if a catastrophic event and subsequent cyberattack were to happen.
SEC marketing rule causes advisers most compliance concerns
Even though advisers don’t have to comply with the rule for more than a year, it ranked as the hottest compliance topic, according to a survey; cybersecurity and climate change/ESG were other areas worrying advisers.
SEC fines multiple firms for cybersecurity lapses that exposed client data
The agency fined 8 firms, including Cetera and Cambridge, a total of $750,000 for inadequate policies and procedures to protect customer information.
T-Mobile data breach highlights cybersecurity issues for clients
Advisers should be proactively discussing the attack with clients to protect those that have current or past association, experts say. There are simple tips for clients to follow.
Cyber insurance for 401(k)s rises in cost, demand
Coverage is now harder to get, and it costs more, largely due to the higher volume of attacks that resulted in higher loss ratios for insurers.
Texas pension fraud case highlights cybersecurity risks
A man was sentenced for helping steal nearly $1 million from participants in the Employees Retirement System of Texas, a development that occurs as the DOL is ramping up efforts to boost cybersecurity in retirement plans.
Spark announces best practices to protect against retirement fraud
The Spark Institute's standards build upon DOL cybersecurity guidance to provide more clear-cut practices designed to defeat retirement account fraud.
Prep for ransomware attacks or be ready to pay the price
Ransomware attacks in the U.S. increased 300% in 2020 and cost victims $350 million. Advisers make easy targets because they publicly release AUM and hold some of the most sensitive client data that directly connects to their finances.
Data security concerns force the DC industry to cooperate
The recent Government Accountability Office report and even more recent Department of Labor guidance on cybersecurity hammer home the reality that protecting plan and especially participant data has become a fiduciary responsibility.
DOL’s cybersecurity tips were needed, but 401(k)s shouldn’t ask much from participants
A system built around inaction shouldn’t expect people to become more involved with it, much less bear responsibility for keeping their accounts safe.
Failure to overhaul cybersecurity for remote work creates regulatory risks
Firms scrambling to enhance their policies and procedures should focus on the three most common weaknesses — device security, software vulnerabilities and data privacy.