On September 26, the Securities and Exchange Commission ("SEC") ordered public administrative and cease-and-desist proceedings against a registered broker-dealer and investment adviser for deficient cybersecurity practices. The SEC found that the company violated the Safeguards Rule by failing to adopt written policies and procedures reasonably designed to protect customer records and information. The SEC also found that the company violated the Identity Theft Red Flags Rules by failing to develop and implement a written identity theft prevention program. The SEC imposed a $1 million civil monetary penalty on the company.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.