Welcome back to Compliance In Context podcast! On today’s show, we do a deep dive on the new SEC Cybersecurity Risk Management rule proposal for Investment Advisers—what it says and what you can do now to help prepare your firm for the potential updates that may be necessary comply with the new rule. In our Headlines section, we look at two recent interviews from Chair Gensler stating that most cryptoassets are securities, and what the future holds for this growing area of the financial markets and the potential impact on compliance. And finally, we’ll wrap up today’s show with another installment of Outtakes series where a recent SEC and CFTC sweep uncovered “egregious misconduct” related to off-channel business communications for 16 regulated entities, and what are some of the key lessons investment adviser and broker dealer firms should take away in order to avoid suffering the same fate. 

Show

 Headlines

Interview with Amber Allen and Craig Watanabe

Final Segment – Outtakes

Quotes

09:24 - “I think evolution is a good word and I would view this most current proposal (Rule 2064-9) as evolutionary rather than revolutionary. And in your introduction, I really picked up on one key word and I think that really characterizes what the SEC is doing, and that is codify. And I’ll take it one step further: formalize.” - Craig 

12:05 - “Having the potential obligation to disclose an incident within 48 hours of that occurring could be a pretty onerous requirement for the firms, especially when they’re trying to juggle some of the things that go alongside of a data breach.” - Amber 

26:32 - “One of the problems with cybersecurity is that it’s easy to talk about but hard to do. And I will say this, it’s particularly challenging because many compliance officers don’t have a lot of savviness with regard to IT and, in particular, information security.” - Craig