Cybersecurity

Selflessly, Blaine Doyle recently attended a presentation here in Chicago by the SEC and CFTC, so you didn’t have to do it yourself.  Here is his recount of the highlights. – Alan

Anyone who has sat through a talk by financial regulators is undoubtedly familiar with the refrain from the individuals that they do not speak for the Commission and that the opinions offered are their own.  Even with that disclosure (and they ALWAYS make that disclosure), regulators are still notoriously tight lipped when it comes to just about anything, but especially if it relates to Enforcement.  However, when two high ranking officials from the CFTC and SEC decided to present, as the star attractions, at the Chicago Bar Association, they had no choice but to spill the beans.  While nobody would accuse them of having given up state secrets, they did offer some insights into where their respective Commissions are and, more importantly, where they are going.  With that in mind, here is what they had to say (with special emphasis on the securities side):

While the government shutdown of early 2019 is ancient history to most of us, the speakers from both the CFTC and SEC emphasized the disruption that the break caused to their respective organizations and personnel.  Moreover, on the issue of government funding, they both noted that their organizations are understaffed from past hiring freezes and are trying to backfill positions that have been open for some time.  The speaker from the CFTC mentioned that in some respects his organization had been in “triage” mode due to personnel shortages and that he was hoping that the additional hires will help ease the work load.  So why does this matter to the reader?  If you work in the industry, it would be reasonable to expect that as both organizations hire additional staff, scrutiny on registrants and, possibly, the number of enforcement actions will increase in the coming years.
Continue Reading “The Opinions Offered Today Are Mine Alone And Do Not Represent The Commission” — A Summary Of Recent Remarks From SEC And CFTC Officials

Rightly or wrongly, I don’t know much about cryptocurrencies or digital coins. But that’s ok. What is worrisome, on the other hand, is that I am increasingly concerned that FINRA doesn’t either. And while my own ignorance will have exactly zero impact on your day, that is most certainly not the case with FINRA.

I came to this conclusion after reading Reg Notice 19-24, released last week. On its face, the Notice seems fairly benign. What it does is extend by one year FINRA’s “request” that “each member keep its Regulatory Coordinator informed of new activities or plans regarding digital assets, including cryptocurrencies and other virtual coins and tokens.” You may recall that last year, in Reg Notice 18-23, FINRA issued its initial request for this sort of information through the end of July 2019. Now, FINRA is “encouraging” its member firms to keep this up for another year, through July 2020.

I don’t have any real problem with this “request,” apart from my usual cynicism when FINRA uses this particular word. Remember: FINRA characterizes its use of Rule 8210 as “requests” for documents and information, as if the recipient has a choice whether or not to respond, when, in fact, the failure to respond to the “request” can result in a permanent bar from the industry. No, my problem is that as FINRA attempts to gets its head around digital assets, as a result of the fact that it doesn’t necessarily understand the regulatory issues that such products will ultimately generate, it is asking for information beyond that which it is entitled to receive.
Continue Reading Why Is FINRA So Interested In Your Non-Securities Business?

Yesterday, two of my colleagues here at Ulmer, Fran Goins and Michael Hoenig, published an article in @BLaw Insight in response to a recent report by FINRA outlining the best practices for BDs to deal with cyber threats.  Since this is undoubtedly a subject of considerable interest to many of you, I wanted to share

I am happy to share this post from my colleague, Greg Stein, about ransomware.  While ransomware is not something unique to the financial services industry, because, as criminal Willie Sutton famously answered when asked why he robbed banks, our industry is “where the money is,” BDs, IAs and banks do seem to attract more than

Readers of this blog know that sales practice issues represent my sweet-spot.  Today, in what is probably a welcome departure from my rants, my partner (and co-chair of Ulmer’s Financial Services & Securities Litigation Group) Fran Goins, who knows all things about data privacy and cybersecurity, offers some helpful advice on dealing with the WannaCry