Beth Kiesewetter – Associate; Morgan, Lewis & Bockius LLP
Richard Cortese, VP, Education Services - National Regulatory Services
Description:
“Identity thieves appear to be directing increased attention to the securities business, and their attacks are growing in sophistication,” warned John Walsh, Chief Counsel, SEC Office of Compliance Inspections and Examinations, in an October 2006 speech at the NRS Annual Fall Compliance Conference. Some experts have observed that the threat of identity theft has only increased in the wake of the global financial crisis.
In its examinations, SEC staff is focusing heightened attention on a firm’s information security or “safeguarding” controls for protecting client information. OCIE Director Lori A. Richards has identified this area with a number of deficiencies found in SEC examinations. In recent years, the SEC has become concerned with the increasing number of information security breaches that have come to light in the securities industry and the potential for identity theft and other misuse of personal financial information. In March 2008, the SEC proposed amendments to Regulation S-P. The proposed amendments would set forth more specific requirements for safeguarding information and responding to information security breaches, and broaden the scope of the information covered by Regulation S-P’s safeguarding and disposal provisions.
For whom:
Investment adviser compliance professionals, internal auditors, in-house legal counsel, managers and anyone who interacts with or has compliance responsibilities, as well as information officers.
Learning Objectives:
Understand the safeguarding portion of Regulation S-P and the 2008 proposed amendments.
Lean about strong internal controls to identify and assess the red flags of identity theft, effective safeguards for controlling these risks, responses to information breaches and recommended steps for preventing them, and reasonable monitoring and testing of your safeguarding program.
Learn about the efforts on the part of the states and the FTC to impose broader and more specific requirements on companies that collect personal information.
Identify areas of current SEC focus that are likely to surface during an SEC examination and obtain guidance on how to achieve a successful examination outcome in the area of information security.
Pre-requisites for participation:
No prerequisites are required. However, attendees can benefit by reviewing SEC Regulation S-P.