The FISMA Focus IPD

The Security and Exchange Commission’s (“SEC”) recent $1 million settlement with Morgan Stanley Smith Barney LLC (“MSSB”) marked a turning point in the agency’s focus on cybersecurity issues, an area that the agency has proclaimed a top enforcement priority in recent years.  The MSSB settlement addressed various cybersecurity deficiencies that led to the misappropriation of sensitive data for approximately 730,000 customer accounts.

Without admitting or denying the findings, MSSB agreed to settle the SEC’s charges that the firm violated Rule 30(a) of Regulation S-P, also known as the “Safeguards Rule.”  The Rule, adopted in June 2000, requires registered broker-dealers, investment companies, and investment advisers to adopt written policies and procedures that address administrative, technical, and physical safeguards reasonably designed to:  (1) insure the security and confidentiality of customer records and information; (2) protect against anticipated threats or hazards to the security or integrity of customer records and information; and (3) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.