- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Aaron Nicodemus2023-04-27T18:43:00
The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission (SEC).
A risk alert issued Wednesday by the SEC’s Division of Examinations found “some firms did not adopt or implement written policies and procedures that address safeguards for their branch offices despite the existence of the same or similar risks.” These failures provide hackers with an avenue to access customer personal information, the agency said.
The Safeguards Rule under Regulation S-P requires firms to adopt written policies and procedures that “address administrative, technical, and physical safeguards for the protection of customer records and information.” These procedures must be reasonably designed to “ensure the security and confidentiality of customer records and information,” protect against threats to that data, and protect against unauthorized access that could harm or inconvenience customers.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
Nonbank financial institutions must report certain data breaches to the Federal Trade Commission within 30 days of discovery under a new amendment to the agency’s Safeguards Rule.
Broker-dealers complying with anti-money laundering/countering the financing of terrorism requirements put forward by the SEC must be mindful of the resources they are providing for their programs during the current heightened risk environment.
A lack of risk visibility is causing companies to reject customers–and potentially lose money–over fears they might be in danger of violating rules around anti-money laundering and sanctions regulations.
The Treasury Department’s Financial Crimes Enforcement Network updated an alert first issued in February warning financial institutions of Israeli extremists fomenting violence in the West Bank.
A Bank of England report warned of private equity risk management deficiencies as interest rates remain stagnant, with international coordination important.
