Cybersecurity “enforcement has begun,” Thomas Hibarger, managing director of Stroz Friedberg, warned Wednesday at the Securities Enforcement Forum in Washington, adding however that enforcement is “not a trend yet.”
Indeed, executives from both the Securities and Exchange Commission and the Financial Industry Regulatory Authority noted at the forum, held by Securities Docket, that cybersecurity preparedness is an exam priority this year and next.
“Cyber is an important topic,” added Russell Ryan, senior vice president and deputy chief at FINRA enforcement, who sat on the panel with Hibarger. “Brokerage firms are a prime target of criminal cybersecurity because that’s where the money and personal information is.”
Exam teams “are looking at [cybersecurity] closely” and assessing the policies that firms have in place, Ryan said. Cybersecurity has been a FINRA exam priority for the “past two years,” he added. “There hasn’t been a ton of activity on the enforcement side but I do think we’ll see more as we go on.”
Advisory firms and broker-dealers “must have reasonable [cybersecurity] safeguards in place,” noted Julie Riewe, co-chief of the SEC’s Asset Management Unit, which is housed in the agency’s Division of Enforcement.
She noted the first cybersecurity enforcement case the SEC brought against St. Louis-based investment advisor R.T. Jones Capital Equities Management for not having cybersecurity policies and procedures in place to stop a breach of the personal indentifiable information of 100,000 individuals, including thousands of the firm’s clients.