Increasingly, hackers are breaking into retail brokerage accounts in order to steal investor assets or make illegal trades. This rise in cyber-generated theft and fraudulent securities schemes and activities has prompted the Securities and Exchange Commission (“SEC”) to begin tracking cyber-related criminal activity more closely. In June 2017, the SEC appointed Stephanie Avakian and Steven Peikin as new co-directors of enforcement.Ms. Avakian has indicated that the SEC has started to see an ‘uptick’ in the overall number of investigations involving allegations of cyber crime. Accordingly, the SEC has begun to gather data and statistics about cyber crimes in order to better confront the problem and spot broader market-wide trends and issues.
On September 25, 2017, the SEC announced two cyber enforcement initiatives designed to directly address cyber threats and, by extension, protect retail investors. Specifically, the SEC will create a ‘Cyber Unit’ to identify and target cyber-related misconduct and, furthermore, will establish a ‘Retail Strategy Task Force’ designed to enforce initiatives that will impact retail investors.
SEC Cyber Unit
The Cyber Unit will seek to enhance the SEC’s ability to detect and investigate cyber threats. In particular, the Cyber Unit will focus on certain cyber-related misconduct, including the following:
- Market manipulation schemes involving false information spread through electronic and social media;
- Hacking activity for the purpose of obtaining material nonpublic information;
- Violations involving distributed ledger technology and initial coin offerings with respect to the crypto-currency arena;
- Misconduct perpetrated using the dark web;
- Intrusions into retail brokerage accounts;
- Cyber-related threats to trading platforms and other critical market infrastructure.
Retail Strategy Task Force
The Retail Strategy Task Force will seek to develop proactive initiatives designed to protect retail investors. Specifically, the task force plans to leverage lessons learned from the enforcement division’s investigations and cases. The team will include enforcement personnel across the U.S., including the SEC’s National Exam Program and the Office of Investor Education and Advocacy.
FINRA’s Prioritization of Cybersecurity for Brokerage Firms
In addition to the SEC’s enhanced scrutiny, the Financial Industry Regulatory Authority (“FINRA”) is also making cybersecurity a top priority for brokerage firms. Specifically, FINRA has recognized that cybersecurity threats remain one of the most significant risks many firms face, and in 2017, FINRA will continue to assess firms’ programs to mitigate those risks.