SEC v. R.T. Jones shows the SEC has a role in regulating cybersecurity

The federal security laws require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information. SEC v. R.T. Jones Capital Equities Management, Consent Order (Sept. 22, 2015).

  • “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”
  • R.T. Jones violated this “safeguards rule” during a four-year period when it had no such policies and hackers accessed more then 100,000 records of individuals, including its clients. The attack was traced to China; no individuals have reported financial harm.
  • This violated Rule 30(a) of Regulation S-P of the Securities Act of 1933. In settling, R.T. Jones agreed to censure and a $75,000 penalty.

 

2 thoughts on “SEC v. R.T. Jones shows the SEC has a role in regulating cybersecurity

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s