ACA Spotlight Blog

GRC Spotlight Blog

Governance, risk, and technology insights from ACA's experienced team

Categories
Critical Vulnerability Discovered in Internet Explorer
April 18, 2019

On April 10, researchers published information on a critical vulnerability in Microsoft’s Internet Explorer® (IE) browser.

Compliance alert
April 17, 2019

On April 16, the SEC's OCIE issued a risk alert detailing compliance issues from recent examinations of investment advisers and broker-dealers pertaining to privacy regulations.

Federal Reserve Bank
April 16, 2019

Michael Held, Executive Vice President of the Legal Group at the Federal Reserve Bank of New York, spoke at the 1LoD Summit in New York on April 2, 2019.

What Boards Need to Know About the SEC’s New Cybersecurity Request List
April 15, 2019

Cybersecurity oversight continues to challenge boards and now the SEC has updated their request list for cyber exams. This updated list combined with previously articulated SEC expectations, provides some directional help for boards as they navigate cybersecurity issues. In this blog, ACA's Jim Pappas shares what boards need to know.

Vulnerabilities Discovered in VPN Applications
April 12, 2019

On April 11, researchers from the Carnegie Mellon Software Institute announced security vulnerabilities in multiple virtual private network (VPN) applications.

April 11, 2019

The coming rules create a new prudential capital framework that is more tailored to the asset management industry – the previous structure was more focused on banks. While the changes will be modest for some firms, others will be significantly impacted by these new rules.

Nine reasons why AML transaction monitoring analytics are essential
April 10, 2019

When it comes to anti-money laundering (AML) transaction monitoring, financial services firms are under more pressure than ever to prove that the approach they are taking is working. Regulators want to see obvious evidence that firms are generating the right level of suspicious activity reports (SARs) for their size, geography, and business types, usually in the form of statistics and reporting. In turn, boards and senior management teams are now demanding to see this same information to be sure the firm is meeting its compliance obligations.

As a result, AML transaction monitoring analytics are in more demand than ever before. Below are nine key reasons why financial services firms are putting AML analytics dashboards and reports in place.

Vulnerabilities Discovered in Verizon Fios Routers Affecting Millions
April 10, 2019

On April 9, researchers discovered three serious vulnerabilities in the Verizon Fios Quantum™ Gateway (G1100) router.

SEC Updates Document Request List for Cybersecurity Examinations
April 9, 2019

The SEC's OCIE recently updated their document request list for cybersecurity examinations. Find out what's new in the document request list and how your firm should prepare for a cyber examination. 

Mobile Workforce and Electronic Communications
April 8, 2019

Business communication continues to evolve. Over the past few decades, there has been a noticeable change in what is seen as an “acceptable” turnaround time. Back in the days of “snail mail” it was weeks, then the introduction of email shortened that time to hours, and now with the growing mobility of employees and clients, the turnaround time has shifted to minutes with the rise of new messaging applications and trends towards the use of text messages.

regtech podcast innovation in compliance with tom fox
April 3, 2019

Highlights and link to the Innovation in Compliance with Tom Fox podcast episode, Nimble and Strategic Compliance: A Conversation with Patrick Conroy. Fox and ACA's Conroy discuss a range of topics related to regulatory technology (RegTech).

The SEC encourages transfer agents to review and strengthen policies, procedures and controls
March 28, 2019

On February 13, 2019, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations ( OCIE) issued a Risk Alert highlighting the concerns and issues associated with certain types of transfer agents (“TAs”) that also serve as paying agents. While the Risk Alert is aimed at certain operational and regulatory requirements, compliance professionals within the mutual fund industry should also consider how certain areas identified by OCIE are compared to their mutual fund company’s in-house or third-party TA and/or sub-transfer agent(s).

Board Oversight of Cybersecurity
March 28, 2019

ACA Compliance Group and ACA Aponix are please to present their newest white paper, Board Oversight of Cybersecurity...In Search of the Rosetta Stone.

SEC OCIE To Launch Cybersecurity Initiative Focused on M&A
March 27, 2019

Missed the 2019 Mutual Fund and Investment Management Conference? ACA's Jim Pappas shares his observations from the keynote session which featured a speaker from the SEC.