December 14, 2018 | Cyber Alert

On December 13, dozens of bomb threats were received at multiple locations across the United States and in several other countries, including Canada, Australia, and New Zealand. The bomb threats were sent by email to universities, courthouses, newspapers and multiple business sites. They threatened that bombs had been planted in the building and would be exploded if payment was not made by the end of the day. The extortion demanded payment by bitcoin.

December 13, 2018 | Compliance Alert, Blog Article

The UK’s Financial Conduct Authority (FCA) is increasing its focus on market abuse at buy-side firms with new publications, activities and potential enforcement actions, according to panellists at an ACA Compliance Group (Europe) briefing held in London in mid-November. Firms need to make sure their approach to market abuse will stand up to this enhanced supervisory scrutiny or risk potential reputational damage and, in extremis, financial penalties. 

December 12, 2018 | Blog Article

As increasing regulatory mandates and investor pressures drive investment management firms to implement new security, governance, and compliance policies and technology solutions, firms are experiencing new business challenges resulting from these implementations. Often, these new policies and systems force employees to operate in new or different ways than they are used to.

December 11, 2018 | Compliance Alert

ACA Europe Digest provides clients with a brief overview of the major compliance developments facing investment managers including issues we have reported on over the last few months, and a look ahead to what’s on the horizon.

December 6, 2018 | Compliance Alert

Back in July, the FCA confirmed the extension of its Senior Managers and Certification Regime (“SM&CR”) to all solo-regulated firms (i.e., those regulated by the FCA alone), with a commencement date of 9 December 2019.

December 6, 2018 | Compliance Alert

The Office of Foreign Asset Control (OFAC) is taking aim at cryptocurrency and recently issued two new frequently asked questions (FAQs) on how to block digital currency and what banks should tell blocked customers.  The FAQs are provided below:  

December 5, 2018 | Blog Article

Chief compliance officers (CCOs) of investment firms are increasingly looking to regulatory technology solutions (RegTech) to help compliance teams – as well as the business – be more efficient, effective, and vigilant. CCOs recognise the need to simplify and streamline workflows in order to free up time and reduce compliance costs, so that compliance teams can undertake other tasks and focus on strategic activities that add value to the organisation.

November 30, 2018 | Compliance Alert, Cyber Alert

In a speech made this week, Megan Butler from the Financial Conduct Authority (FCA) outlined the regulator’s cyber expectations for registered firms. Butler discussed the state of the industry with respect to technology and cybersecurity risk and stated that the FCA will take action if they see “inappropriate responses and inappropriate protection being taken”.

November 29, 2018 | Blog Article

With the holiday season here and year-end looming, the pressure is mounting to cross those final compliance to-do’s off the list and finish the year strong.

2018 has been filled with a number of regulatory updates and industry developments that may impact how year-end compliance tasks are prioritized and 2019 initiatives are set, including:

Regulatory rulings and changes

November 28, 2018 | Blog Article

The year-end brings with it regulation changes and increased demands that last throughout the first quarter of the year. It’s all too easy for many compliance tasks to take a back seat due to lack of staff and bandwidth. Compliance officers and managers need the assurance that they can start 2019 off on the right foot and still have the resources available to fulfill both their regulatory obligations and their fiduciary duty to clients on a daily basis. 

November 21, 2018 | Blog Article

With four months to go until the United Kingdom’s anticipated exit of the European Union, the world braces itself for the final ‘divorce’ arrangements to be agreed, and to understand the subsequent consequences of those decisions.  With questions still unanswered on how Brexit will impact investment firms, we speak with Joe Vittoria*, CEO and Partner, Mirabella, to examine possible marketing and distribution issues post-Brexit.

Q: What is the current outlook on Brexit?

November 21, 2018 | Cyber Alert

On November 19, the National Cybersecurity and Communications Integration Center (NCCIC) of the U.S. Department of Homeland Security issued an alert regarding seasonal scams and malware campaigns.

November 20, 2018 | Compliance Alert

On November 8, 2018, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a National Exam Program Risk Alert announcing its 2019 examination initiatives focused on matters relevant to mutual funds and exchange-traded funds (“ETFs”).1 These initiatives illustrate OCIE’s continued commitment to examining matters important to retail investors, as mutual funds and ETFs are their primary investment vehicles. Here we focus on the ETF initiatives.

November 20, 2018 | Press Release

The RegTech 100 recognizes the most innovative tech companies transforming compliance, risk management, and cybersecurity.

ACA Compliance Group is pleased to announce that ACA has been selected for the RegTech 100 for 2019 by RegTech Analyst, a specialist research firm.

November 19, 2018 | Compliance Alert

On November 8, 2018, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a National Exam Program Risk Alert announcing its 2019 examination initiatives focused on matters relevant to mutual funds and exchange-traded funds (“ETFs”).1  These initiatives illustrate OCIE’s continued commitment to examining matters important to retail investors, as mutual funds and ETFs are their primary investment vehicles. Here we focus on the mutual fund initiatives.

November 16, 2018 | Blog Article
What You Need to Know Before the January 1, 2020 Compliance Deadline

The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. Passed as Assembly Bill 375, the CCPA expands on previous California data privacy laws, effectively producing the most comprehensive data use legislation in the United States and granting California residents “increased control” over their data. Here’s what you need to know to prepare for the compliance deadline.

What is the Purpose of the CCPA?

November 15, 2018 | Case Study, Blog Article

A large OCIO manager needed a technology solution that could address the Form ADV requirement to provide derivatives exposure for investments made via Separately Managed Accounts (SMAs) based on day-over-day data. The client was receiving SMA transparency positions, but their challenge was how to manage the Security Master data for the individual investments in that transparency.

November 9, 2018 | Article, Blog Article

To take control of your risks, you need to understand the risks posed by your company's third-party vendors. However, keeping track of your company’s vendor risks can be a huge undertaking that requires more time and money than you are able to provide. With so many cybersecurity threats out there, not to mention regulations regarding cyber risk and data privacy, keeping a watchful eye on it all can be overwhelming.

November 7, 2018 | Blog Article

Nearly every week, we hear about another security breach where the user data of millions of people is exposed by malicious hackers. There have been several high-profile breaches this year, including Facebook, MyFitnessPal, and Panera Bread.

November 5, 2018 | Compliance Alert

The Enforcement Division (“Enforcement”) of the United States Securities and Exchange Commission (“SEC”) issued its second Annual Report on Friday, November, 2, 2018, covering FY 2018 (“Report”).

“As stewards of the SEC’s Division of Enforcement, our goal is to continue to protect investors, deter misconduct, punish wrongdoers and keep our markets the safest and strongest in the world,” said Stephanie Avakian, Co-Director of the SEC’s Division of Enforcement.

November 5, 2018 | Blog Article

As the 2018 finish line approaches, it is necessary to start looking ahead to how you want to shape your compliance program for the coming year. Last week, we discussed how to build the foundation of your budgeting process. This week, we asked the many former regulators and CCOs on ACA’s staff for their perspective on the most crucial components of building a compliance budget.

Here are some helpful tips from ACA’s former regulators and CCOs:

November 2, 2018 | Blog Article

In today’s regulatory environment, just being affiliated with a person or organization that is a cybersecurity risk could lead to irreparable financial, operational, and reputational damage to your business. Companies need to know and track who and what they are connected to in the course of doing business. This includes assessing third-party vendor risk (TPRM).

November 1, 2018 | Case Study, Blog Article

A private equity firm is considering the acquisition of a company that provides software and solutions to help hospitals maximize revenue and reduce inefficiencies through the revenue cycle process. The firm chose ACA's M&A diligence and advisory services to determine the security of the integrated platform and necessary investment in technology, processes, and personnel to support their investment thesis.

November 1, 2018 | Blog Article

The adoption of RegTech is rapidly becoming business as usual for an increasing number of compliance teams. Nearly 70% of financial services firms reported using automation/ compliance technology, according to the IAA and ACA Compliance Group’s (ACA) 2018 Investment Management Compliance Testing Survey.

November 1, 2018 | Cyber Alert

On October 31, Cisco announced that it has discovered a vulnerability affecting devices running its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability takes advantage of the software’s voice over IP Session Initiation Protocol (SIP) inspection engine.