Published on:

SEC Risk Alert regarding safety of customer records and cloud vendor diligence.

As part of its cybersecurity sweep, the SEC has examined risks related to the storage of customer records and information by investment advisers on cloud-based storage platforms and issued a Risk Alert, “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features.” The sweep focused on vendor due diligence and oversight and registered advisers’ monitoring of data and customer information safety.  Among other information, OCIE sought vendor contracts (including service level agreements); vendor reviews; risks assessments of cloud service providers, including data encryption, data loss prevention, books & records exposure, identity and access management; and policies and procedures and their alignment to technology standards.

The Risk Alert identified as the main compliance issues related to cloud-based storage (i) Misconfigured network storage solutions (inadequately configured security settings to protect against unauthorized access; lack of policies and procedures addressing the security configuration);  (ii) Inadequate oversight of vendor-provided network storage solutions (lack of, or inadequate, policies, procedures, contractual provisions that security settings on vendor-provided network storage solutions were configured in accordance with the firm’s standards); and (iii) Insufficient data classification policies and procedures (firms’ policies and procedures did not identify the different types of data stored electronically by the firm and the appropriate controls for each type of data).

The Risk Alert encourages investment advisers to review their practices, policies, and procedures with respect to the electronic storage of customer information and to consider any necessary improvements, and to actively oversee vendors.  The SEC included helpful recommendations for cyber/cloud risk management, including the implementation of policies and procedures designed to support the initial installation, on-going maintenance, and regular review of the network storage solution; guidelines for security controls and baseline security configuration standards to ensure that each network solution is configured properly; and vendor management policies and procedures that include, among other things, regular implementation of software patches and hardware updates followed by reviews to ensure that those patches and updates did not unintentionally change, weaken, or otherwise modify the security configuration.

Please contact your counsel at Pillsbury’s Investment Funds Group if you need help with reviewing and enhancing your cloud storage and related policies.

Published on:

By

This is a reminder about the upcoming annual compliance deadlines that may or may not apply to you.

Please click HERE to open a summary chart of the filing deadlines.

Please feel free to contact us if you have questions or need assistance with any of these filings.

Sincerely,

Pillsbury IFIM Group

Published on:

By

In a press release issued by the Securities and Exchange Commission on December 20, 2018, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its 2019 Examination Priorities.

This year’s examination priorities, although not exhaustive, are divided into 6 categories:

  1. Compliance and risk at registrants responsible for critical market infrastructure;
  2. Matters of importance to retail investors, including seniors and those saving for retirement;
  3. FINRA and MSRB;
  4. Digital assets;
  5. Cybersecurity; and
  6. Anti-money laundering programs.

Read the OCIE 2019 Examination Priorities in full HERE.

Published on:

By

This is a reminder that the 2019 IARD account renewal obligation for investment advisers (including exempt reporting advisers) starts this November.  An investment adviser must ensure that its IARD account is adequately funded to cover payment of all applicable registration renewal fees and notice filing fees.

Key Dates in the Renewal Process:

November 12, 2018 – Preliminary Renewal Statements which list advisers’ renewal fee amount are available for printing through the IARD system.

December 17, 2018 – Deadline for full payment of Preliminary Renewal Statements.  In order for the payment to be posted to its IARD Renewal account by the December 17 deadline, an investment adviser should submit its preliminary renewal fee to FINRA through the IARD system by December 14, 2018.

December 28, 2018 – January 1, 2019 – IARD system shut down.  The system is generally unavailable during this period.

January 2, 2019 – Final Renewal Statements are available for printing.  Any additional fees that were not included in the Preliminary Renewal Statements will show in the Final Renewal Statements.

January 21, 2019 – Deadline for full payment of Final Renewal Statements.

For more information about the 2019 IARD Account Renewal Program including information on IARD’s Renewal Payment Options and Addresses, please visit http://www.iard.com/renewals.asp

Please contact us if you have questions.

Published on:

By

The California legislature recently passed a bill that would require public companies whose principal place of business is in California (as indicated in their Form 10-K) to have at least 1 woman on its Board of Directors by the end of 2019.  Thereafter, by the end of 2021, these companies would be required to have a minimum of 1 female director if they have a board of 4 or less, 2 female directors if they have a board of 5, or 3 female directors if they have a board of 6 or more.  There would be a monetary fine for non-compliance of $100,000 for a first violation and $300,00 for a second or subsequent violation (per-seat).

The bill is currently under consideration by Governor Jerry Brown, who has until September 30th to decide whether to sign the bill.

Published on:

By

Covered businesses will need to update policies and procedures for responding to customer inquiries about collection, use, sale and disclosure of customers’ personal information or face stiff enforcement actions.

Takeaways

  • The California Consumer Privacy Act of 2018 provides consumers with broad rights to control use of their personal information by covered businesses.
  • Covered businesses will need to review and revise their existing privacy policies to make the required disclosures and to provide two methods for customers to inquire about use of their personal information.

READ MORE . . .

Read this article and additional Pillsbury publications at Pillsbury Insights.

Published on:

howey-coins-300x171The rapid growth of cryptocurrency markets, digital asset products and initial coin offerings (ICOs), and the alarmingly high number of fraudulent ICO attempts among them, has prompted the SEC to engage the public in some creative investor education.

Continue reading →

Published on:

By

Pillsbury Investment Funds practice co-leader Ildiko Duckor recently spoke with The Hedge Fund Law Report about the strategies and risks inherent in investing in and managing quant funds, which utilize highly sophisticated computer-based models to automate trading activities and are increasingly popular in the “hyper-connected” trading and investment sector.

Continue reading →

Published on:

By

The future of the Department of Labor’s Fiduciary rule is in limbo following the Fifth Circuit’s decision striking it down “in toto.”

Takeaways

  • The future of the Fiduciary rule is uncertain, particularly in light of the Fifth Circuit’s decision vacating the rule.
  • Retirement plan fiduciaries should continue to stay apprised of the viability of the Fiduciary rule with an eye towards the services provided by their plans’ investment advisors.
  • Industry experts are hopeful that the DOL and SEC will coordinate their efforts to provide clear guidance to investment advisers and broker-dealers, plan fiduciaries and plan participants.

READ MORE . . .

Read this article and additional Pillsbury publications at Pillsbury Insights.

Published on:

By

This alert contains a summary of the primary annual and periodic compliance-related obligations that may apply to investment advisers registered with the Securities and Exchange Commission (the “SEC”) or with a particular state (“Investment Advisers”), and commodity pool operators (“CPOs”) and commodity trading advisors (“CTAs”) registered with the Commodity Futures Trading Commission (the “CFTC”) (collectively with Investment Advisers, “Managers”).[1]  Due to the length of this Alert, we have linked the topics to the Table of Contents and other subtitles for easy click-access.

This summary consists of the following segments: (i) List of Annual Compliance Deadlines; (ii) New Developments; (iii) 2018 National Exam Program Examination Priorities; (iv) Continuing Compliance Areas; and (v) Securities and Other Forms Filings.

READ MORE . . .

Read this article and additional Pillsbury publications at Pillsbury Insights.