Regulatory Readiness

Cybersecurity Program Management

Service Spotlight: Cybersecurity Program Management from Drawbridge

July 13, 2021

Cyber attacks and other digital risks continuously threaten every aspect of the security of your business, including business continuity, operational resilience, revenue, brand and reputation, and customer relationships. In order to protect the interests of your clients, partners, investors and vendors, your firm must have a comprehensive cyber program in place, no matter what type…

Read More

SEC Division of Examinations Announces 2021 Examination Priorities

March 16, 2021

This month, the Securities and Exchange Commission’s Division of Examinations announced its 2021 examination priorities. The examination priorities are published each year, offering insights into those areas that the Division believes could present risks to investors and the U.S. capital markets. The Division will focus on climate-related risks, as well as conflicts of interest for…

Read More


May 23, 2019

On May 23, 2019, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) released a new risk alert identifying security risks associated with the storage of electronic customer records and information in various network storage solutions, including cloud-based storage. Some of the concerns brought to light from recent examinations were misconfigured…

Read More

Hedge Funds Besieged by on Daily Basis

May 1, 2019

By David Beach — May 1, 2019 Hackers are exploiting inherent weaknesses in mature hedge funds on a daily basis, say a security vendor and the chief technology officer of an established fund, leading to huge boosts in cybersecurity spending. “Hedge funds are being targeted simply because of cash movements where frequent large transfers are normal…

Read More


April 16, 2019

Today, April 16, 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a risk alert regarding compliance issues related to Regulation S-P. The focal points identified by the OCIE were the failure to provide customers with privacy and opt-out notices, as well as the failure to adopt written policies and procedures that address…

Read More

CYBERSECURITY NEWS ALERT: CFTC’s First Ever Examination Priorities

February 26, 2019

On February 12, 2019, the Commodity Futures Trading Commission (CFTC) released its first-ever examination priorities for registrants of the Division of Market Oversight (DMO), Division of Swap Dealer & Intermediary Oversight (DSIO), and Division of Clearing & Risk (DCR). A notable inclusion in the examination priorities is service provider oversight.

Read More

Cybersecurity News Alert: SEC Infiltration EDGAR System Hack

January 16, 2019

On Tuesday, January 15th, the U.S. Securities and Exchange Commission (SEC) announced that it charged nine defendants in an alleged hack of the SEC’s EDGAR system. The hackers allegedly infiltrated the SEC EDGAR system and extracted nonpublic information to use for illegal trading, ultimately profiting $4,135,015 in the process.

Read More

Cybersecurity News Alert – U.S. Securities and Exchange Commission (SEC)

December 20, 2018

SEC Cybersecurity News Alert: On Thursday, December 20th, the U.S. Securities and Exchange Commission (SEC) released the examination priorities for 2019. The SEC has shifted their examination priorities from years past in an effort to adapt to emerging risks, but cybersecurity continues to remain a top priority for the SEC. The SEC will be focusing…

Read More

Lessons From the SEC’s First Red Flags Rule Settlement – The Cybersecurity Law Report

October 10, 2018

SEC’s First Red Flags Rule Settlement: Broker-dealer Voya’s $1-million settlement with the SEC for alleged violations of the Safeguards Rule and the Identity Theft Red Flags Rule shows that the SEC is willing to act when it believes firms could have done more to prevent attacks. “The SEC expects companies to not only have in…

Read More