Updated November, 2015. When your clients Google your investment firm, make sure you end up on the first page – for something positive.
The Securities and Exchange Commission, for the first time in its history, has fined a registered advisor $75,000 for failing to establish the required cybersecurity policies and procedures in advance of a breach.
The federal securities laws require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information. An SEC investigation found that R.T. Jones Capital Equities Management violated this “safeguards rule” during a nearly four-year period when it failed to adopt any written policies and procedures to ensure the security and confidentiality of PII and protect it from anticipated threats or unauthorized access.
According to the SEC’s order instituting a settled administrative proceeding:
“Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.” said Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit.
The SEC’s order finds that R.T. Jones violated Rule 30(a) of Regulation S-P under the Securities Act of 1933. Without admitting or denying the findings, R.T. Jones agreed to cease and desist from committing or causing any future violations of Rule 30(a) of Regulation S-P. R.T. Jones also agreed to be censured and pay a $75,000 penalty.
Speak to a security expert at Abaxio today about any of the IT Security Policies your firm may be required to have in place:
5700 North Lincoln Avenue, Suite 217 Chicago, IL 60659 24x7 Support 1.514.575.1770
514.575.1770