SEC Statement on Cybersecurity Reveals EDGAR System Hacked

The SEC announced that its EDGAR system for storing documents filed by publicly traded companies was hacked last year.  The SEC further admitted that the information, which included filings that had not yet been made public, may have been used to trade on inside information.  The information about the hack was buried in an eight page “Statement on Cybersecurity” (the “Statement”) from Chairman Jay Clayton.  In the Statement, Mr. Clayton noted that “In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading.”  This potentially harmful breach was not disclosed by the Commission previously and warranted only five sentences in the Statement which ended with “Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.”

Cybersecurity is an important area for investment advisers and not just for regulatory purposes.  Advisers must protect their data, including client data that they have access to, for business and trust reasons.  It is worth noting, however, that the SEC has not said what they are going to remediate the breach, or for not disclosing the breach for a year or so after they became aware of it.  Yet that is the position that the Commission has taken with some broker-dealers and investment advisers.  We can only hope that the Commission will show the same compassion when looking at the technical compliance oversight of small investment advisers using good faith and best efforts in their compliance programs.

In the meantime, advisers should work with their information technology providers, either internal or third-party, to ensure that the firm is properly protecting data based upon the latest cybersecurity tools and guidance from within and outside the securities industry.  As always, members of MarketCounsel’s compliance management programs can find more information on cybersecurity guidance by going to this article on RIAglass and then searching numerous other cybersecurity articles.

Comments are closed.