- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Aaron Nicodemus2023-04-27T18:43:00
The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission (SEC).
A risk alert issued Wednesday by the SEC’s Division of Examinations found “some firms did not adopt or implement written policies and procedures that address safeguards for their branch offices despite the existence of the same or similar risks.” These failures provide hackers with an avenue to access customer personal information, the agency said.
The Safeguards Rule under Regulation S-P requires firms to adopt written policies and procedures that “address administrative, technical, and physical safeguards for the protection of customer records and information.” These procedures must be reasonably designed to “ensure the security and confidentiality of customer records and information,” protect against threats to that data, and protect against unauthorized access that could harm or inconvenience customers.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
Nonbank financial institutions must report certain data breaches to the Federal Trade Commission within 30 days of discovery under a new amendment to the agency’s Safeguards Rule.
Broker-dealers complying with anti-money laundering/countering the financing of terrorism requirements put forward by the SEC must be mindful of the resources they are providing for their programs during the current heightened risk environment.
The U.S. Department of the Treasury’s Financial Crimes Enforcement Network issued an alert to financial institutions about their obligations to report deepfakes, warning artificial intelligence has given bad actors additional tools in their arsenal.
A nationwide rental outlet affiliated with Rent-a-Center and its chief executive have been sued by the Consumer Financial Protection Bureau for allegedly deceiving five million consumers about the terms of credit agreements.
A lack of risk visibility is causing companies to reject customers–and potentially lose money–over fears they might be in danger of violating rules around anti-money laundering and sanctions regulations.
