Insights & Alerts

SBC Cyber Forum: Your Obligations Under the NYDFS Amended Regulation

February 13, 2024

Attorney John J. Cooney, P.C. joined the SBC Cyber Forum to discuss recent amendments to the NYDFS Cybersecurity Regulation. Click here for an On Demand viewing of the recorded webcast.  Enter the Passcode: C2ymECU$

Click Here to Get the Presentation Slides 

Regulatory Alert: NYDFS Amended Cybersecurity Regulation

January 2024

On November 1, 2023, the New York Department of Financial Services (NYDFS) announced amendments to Cybersecurity Regulation, 23 NYCRR Part 500. The amended regulations aim to ensure cybersecurity risk is integrated into business planning, decision-making and on-going risk management and include amendments to risk assessments, incident response and training.

Join us on February 13th at 4:00 PM EST on the SBC Monthly Cyber Forum to learn more. Click here to register for the webinar.

Read More 

Regulatory Alert: SEC Proposes Cybersecurity Rule for Market Entities, Investment Advisors, and Funds

February 2023

As part of a comprehensive effort to enhance cybersecurity preparedness and resilience across all registrants of the Securities and Exchange Commission (SEC), the SEC has:

  1. Proposed Cybersecurity Risk Management Rule for “Market Entities”
  2. Reopened the February 2022 proposal on Cybersecurity Risk Management for Investment Advisers and Funds

The proposed rules are substantially similar to regulatory guidance issued by the SEC over the past 10+ years. As such, content from previous SBC alerts that cover notable regulatory guidance has been included in the appendix of this alert. The proposed rules and related actions are outlined in this SBC Cybersecurity Alert…

Read More

SBC Research & Insights: Mitigating Cybersecurity Threats and Vulnerabilities via Effective Vendor Risk Management Programs

April 2022

The intent of this document is to present context required in evolving our cybersecurity due diligence programs, to summarize applicable regulatory requirements, and to outline best practice considerations for performing effective vendor cybersecurity risk management. Simultaneously, this paper highlights cleverDome, Inc., an organization with a vision of collective industry action to solve cybersecurity problems in new and innovative ways.

Read More

Regulatory Alert: SEC Proposes Cybersecurity Rules for Investment Advisors

February 2022

The SEC has proposed cybersecurity rule 206(4)-9, for investment advisors, and rule 38a-2, for asset managers. As SEC Chair Gensler has previously indicated, the SEC is considering several rule changes to strengthen the cybersecurity programs of SEC registrants. These current proposals, focused on SEC-registered investment advisers and funds, seek to improve business practices around cybersecurity and cyber risks, specifically maintaining the security of data, IT systems, and networks, promoting resiliency and incident response, and addressing the timeliness and materiality of cybersecurity incident notifications and disclosures. Registered investment advisers, investment companies, and investment funds should consider how these proposals will impact their current operations and risk management strategies, as well as reporting and disclosures activities.

Read More

Cybersecurity Alert: Summary of Notable Cybersecurity Frameworks and Standards

January 2021

Most regulatory guidance for companies follows and is informed by notable cybersecurity frameworks. The purpose of this alert is to summarize related information.

Read More

Cybersecurity Alert: Summary of Cybersecurity Guidance from Financial Services Regulators

January 2021

NASD (n/k/a FINRA) Rules of Fair Practice have always required confidential treatment of customer information. Regulation S-P further strengthened this requirement. Brokers, dealers, investment companies, and investment advisers registered with the SEC are required to:

  1.  Adopt reasonably designed written policies and procedures addressing administrative, technical, and physical safeguards for the protection of customer information and records; and
  2.  Protect against any anticipated threats or hazards to the security or integrity of customer records and information, and against unauthorized access to or use of customer records or information.

Business practices have evolved significantly since the time that FINRA and the SEC originally issued guidance regarding the protection of customer information. This alert summarizes such cybersecurity guidance.

Read More

SBC Research & Insights: Utilizing Cybersecurity Risk Assessments to Take Focused Action

August 2015

The menace of cybercrime is becoming more automated and sophisticated. Financial services firms such as brokers, dealers, asset managers, and investment advisors are high-value targets due to the sensitive information they are required to gather and maintain. This SBC Whitepaper shows you how to use a cybersecurity risk assessment to take focused action to be compliant with regulatory guidance and be secure using our technical know-how.

Read More

Paul Osterberg

Your Cyber Expert

Paul is an experienced financial services industry executive serving as a Chief Information Security Officer with multiple Broker Dealers, Registered Investment Advisors, Wealth Managers, and Insurance Firms. 

Paul and his team have completed over 300 cybersecurity risk assessments over the past five years and performed vendor risk assessments on hundreds of third parties serving the independent advice industry.

Join our mailing list  for SBC’s latest Alerts & Insights