Did the Regulatory Cybersecurity Shoe Just Drop? SEC Enforcement Action in In re R.T. Jones Capital Equities Management, Inc.

Just days after the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued its second round of cybersecurity guidance for its upcoming examinations of registered investment advisers and broker-dealers, the SEC settled an administrative proceeding on cybersecurity issues arising out of a breach at a registered investment adviser, R.T. Jones Capital Equities Management, Inc. (“R.T. Jones”). As a result of the settlement, R.T. Jones was censured and fined $75,000. On the heels of the recent OCIE guidance and following a year of major cybersecurity breaches (especially at financial institutions), this proceeding is instructive on a number of points, especially on the question “What happens when you don’t adopt policies and procedures to safeguard client data?”

View the alert.