FINRA and SEC Take Aim at Deficient Cyber Policies and Practices


In a recent Bloomberg BNA article, Orrick partners Mark Mermelstein, Aravind Swaminathan, Daniel J. Dunne and Antony P. Kim provide insight on the recent reports released by the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) regarding cybersecurity issues for brokerage and advisory firms.

The article goes behind the nuts and bolts of how to manage cybersecurity risk and offers some lessons learned from the case studies included within the reports. As both the SEC and FINRA make clear, these recommendations and case studies will likely be considered critical benchmarks for measuring the effectiveness of a firm's cybersecurity program in future investigations and enforcement actions brought by the SEC or FINRA.

Please feel free to forward this alert to colleagues within your organization or other contacts responsible for cybersecurity policies and data protection issues.

To download and view the article, please click here.


Orrick's Employment Law and Litigation Group is comprised of more than 70 lawyers around the globe and known for its representation of significant multinationals in the financial services, retail and technology sectors in high-profile litigation, arbitration and advisory matters. Our cases involve novel issues of law, often having significant effects on the clients within those sectors. In addition, our lawyers are well-known leaders in their field, and we have a deep bench of first-chair trial lawyers who have a strong record of significant wins in court. Our practice was recently recognized for the second time in a row as the "Litigation Department of the Year: Labor & Employment" by The Recorder, American Lawyer's California publication. The award was based on "standout results on [our] clients' most critical matters" Orrick also won this same award in October 2013, the last time The Recorder issued honors in this category.

Orrick's Cybersecurity and Data Privacy Group is an interdisciplinary team with members in the U.S., Europe and Asia. We craft practical solutions across a host of risk management, consumer protection, brand protection, investigatory and litigation contexts. We leverage our relationships with leading privacy and security consultants, domestic and international law enforcement, government, academia and policy groups, so that our clients benefit from multi-angle solutions.