Posts Tagged ‘SEC enforcement’
More Lessons on Cyber Control Failures
We have another glimpse into modern cybersecurity threats and the control weaknesses that allow those threats to happen, courtesy of an enforcement action against a financial services firm that twice was duped by hackers into selling their customers’ assets. The financial services firm is Equiniti Trust Co., a registered transfer agent — that is, a…
Read MoreAnother Round of Messaging Fines
The crackdown on employees’ use of off-channel messaging apps continues! The Securities and Exchange Commission just announced settlements with a whopping 26 financial firms for messaging offenses, and those firms will collectively pay more than $390 million in civil penalties — although three firms that self-reported their offenses will pay much less. By now we…
Read MoreSEC Lawsuit Against SolarWinds Gutted
A federal judge has dismissed a high-profile lawsuit that the Securities and Exchange Commission filed last year against software firm SolarWinds and its chief information security officer, finding that SEC rules requiring companies to have strong internal accounting controls cannot be interpreted to include cybersecurity measures. The SEC filed its lawsuit against SolarWinds and the…
Read MoreUnitedHealth’s Big Cyber Compliance Mess
UnitedHealth filed its latest quarterly earnings report today, complete with an update on the staggering costs of a ransomware attack the healthcare giant suffered earlier this year — and if anyone needs a fresh example of how cyber attacks can tie your company into compliance knots, pull up a chair. The attack itself happened in…
Read MoreInternal Accounting Controls and Cyber Risk
Today I want to return to that recent enforcement action against RR Donnelley, where the Securities and Exchange Commission cited faulty internal accounting controls at Donnelley as grounds to impose a $2.1 million sanction over the company’s poor handling of a cybersecurity incident. What are internal control professionals supposed to make of an enforcement action…
Read MoreExample of Cyber Disclosure Challenges
Radical Compliance is back from vacation, and what better way to catch up on current compliance issues than an enforcement action over poor cybersecurity? Lucky for us, the Securities and Exchange Commission served up a fresh case just last week on exactly that headache. The case involves R.R. Donnelley, provider of business marketing services to…
Read MoreMore on Cooperating With Regulators
Cooperation with regulators is a primary message from the regulatory enforcement world these days. So let’s see what a senior SEC official had to say on the subject lately and what compliance professionals can do to anticipate those cooperation needs. The official in question is Gurbir Grewal, head of the Enforcement Division at the Securities…
Read MoreSEC Talks AI Enforcement Risk
We have more advice this week on artificial intelligence, this time from a top voice at the Securities and Exchange Commission who urged companies to do better at crafting — and implementing — thoughtful policies to govern AI risks. The speech came from Gurbir Grewal, head of the SEC’s Enforcement Division. He gave a speech…
Read MoreSEC Launches ‘AI Washing’ Enforcement
The Securities and Exchange Commission sanctioned two investment firms Monday for making false statements about how they use artificial intelligence in their business operations — the first enforcement actions we’ve seen under a crackdown on “AI washing” that SEC officials had been promising for several weeks. The two firms are Global Predictions Inc., an investment…
Read MoreA Curious SEC Break on Messaging Offenses
The Securities and Exchange Commission has fired off another volley of enforcement actions for employees’ improper use of messaging apps — but this time we have a new twist! The SEC has been quietly granting waivers to the offending firms to keep working on deals when normally their conduct would disqualify them from doing so.…
Read More