facebook linked in twitter


December 1, 2017

Office of Compliance Inspections and Examinations Identifies Common Weaknesses in Cybersecurity Compliance

By Scott N. Sherman

National Society of Compliance Professionals’ Currents

Reprinted with permission from the National Society of Compliance Professionals’ Currents

While state governments have always possessed the authority to impose and enforce cybersecurity regulations, traditionally, they have allowed federal agencies like the FTC or the SEC to spearhead the enforcement efforts. In light of recent high profile data breaches, this trend has shifted course, throwing financial firms into the enforcement crosswinds of both the federal regulatory agencies and the state governments. To this end, the Massachusetts Attorney General filed a complaint against Equifax on September 17, 2017, alleging violations of the Massachusetts Data Security Regulations. While it remains to be seen where the bulk of enforcement will come from, it is clear that cybersecurity is a priority for both state legislatures and regulatory agencies. As regulation and enforcement continue to progress, broker-dealers, investment advisers, and investment companies must remain alert to their compliance obligations.