Cybersecurity: SEC Fines Investment Adviser—a Victim of a Cybersecurity Breach—for Failing To Adopt Written Policies and Procedures Reasonably Designed To Protect Customer Records and Information

Sullivan & Cromwell LLP - September 28, 2015

On September 22, 2015, the U.S. Securities and Exchange Commission entered into a settlement agreement with R.T. Jones Capital Equities Management, Inc. relating to its “failure to adopt written policies and procedures reasonably designed to protect customer records and information.”  The SEC censured the investment adviser, ordered that it cease and desist from further violations, and imposed a civil penalty of $75,000.  In connection with the settlement, Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit, noted that firms “need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”