Authentic8 Blog Author: A8 Team

Interview: SEC Compliance and the Internet

Key Issues for Investment Management Firms

What are the challenges regulated investment management firms are facing when using the internet?

We asked Jane Jarcho, the former Deputy Director of the SEC's Office of Compliance, Inspection, and Examinations (OCIE) and head of the National Investment Adviser and Investment Company Exam program, who recently joined the Promontory Financial Group as a consultant on regulatory and exam issues.

At the OCIE, Jane Jarcho oversaw its program areas, including Investment Adviser/Investment Company (IA/IC), Broker-Dealer and Exchange, FINRA and Securities Industry Oversight, and Clearance and Settlement. Ms. Jarcho also led the IA/IC examination program. Under her leadership, the number of IA/IC examinations increased by more than 100 percent.

The interview was conducted by Chirag Vasavada, Head of Business Operations at Authentic8.

*

Chirag Vasavada: Jane, given your tenure and experience across the SEC's program areas, you're in an ideal position to speak to the challenges faced by regulated entities today. The industry is under

GDPR in the US: After the British Airways Hack

British Airways (BA) announced in September that it had fallen victim to a hack that affected the personal data of 380,000 passengers. The BA hack could be the first prominent test case for the European Union’s General Data Protection Regulation (GDPR) that went into effect in May.

How has GDPR impacted U.S.-based companies so far? Are they prepared for EU regulators cracking down on cross-border data protection failures and privacy violations? The BA attackers exploited a third-party vulnerability in the airline’s digital supply chain, taking a path we recently examined on this blog. What are the lessons to learn from the British Airways data breach?

On our Silo Sessions podcast, Authentic8 Co-founder and CEO Scott Petry discussed these questions as part of his ongoing GDPR conversation with Steve Durbin, Managing Director of the Information Security Forum (ISF).

P.S.: This Silo Sessions episode was recorded before the disclosure of the latest security breach at Facebook, a theft

Interview: Pitfalls of BSA/AML Research on the Web

The pressure on financial services organizations of all sizes to comply with federal Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations is steadily increasing. Banks and investment firms are facing stiff regulatory fines, civil penalties, and industry disbarment for compliance violations.

Industry observers point out that many cases resulting in enforcement action follow a common pattern. Often, the entities found in violation neglected to file Suspicious Activity Reports (SARs) about suspicious transactions.

Then, to make matters worse, during a subsequent investigation they also “failed to promptly produce certain documents” as requested by investigators (PDF).

Online Research as BSA/AML Compliance Bottleneck

Research indicates a direct correlation between the negligence of affected financial institutions to sufficiently investigate, report and document suspicious transactions, and the lack of a compliance-friendly and compliance-ready browsing environment at the disposal of their BSA/AML specialists. Check out the Authentic8 white paper Secure AML Research: Cracking the Efficiency Code (PDF) on this problem and how financial firms are

Silo vs. Chrome Study “Kind of Eye-Opening”

Silo beats Google Chrome as the most secure browser for the enterprise, researchers at Georgetown University found. For our podcast “The Silo Sessions”, Authentic8 Co-founder and CEO Scott Petry spoke with Paul Brigner, Managing Director of the Security and Software Engineering Research Center (S2ERC) at Georgetown University, about the study and its findings.

This transcript has been edited for readability.

*

Scott Petry: Paul, we are going to spend some time talking about your latest research study, so why don't you introduce yourself and give a little background?

Paul Brigner: Thank you very much, it's good to be talking to you about our research at Georgetown University. S2ERC is a partially funded National Science Foundation Research Center, and all of our research is done in conjunction with industry. There’s a specific program at the NSF called the Industry-University Collaborative Research Program, and we
are one of those centers.

Scott Petry: And we, Authentic8, are an industry affiliate. We worked with you and

Inside GDPR: What Does It Mean for U.S.-based Companies?

For our podcast “The Silo Sessions”, Authentic8 CEO Scott Petry spoke with Steve Durbin (Information Security Forum) about the ramifications of the European Union’s General Data Protection Regulation (GDPR) for U.S. organizations.

This podcast transcript has been edited for readability.

*

Scott Petry: I'm joined by a colleague in the information security space, Steve Durbin. Steve, I'll leave it to you to introduce yourself.

Steve Durbin: Hi Scott, thanks very much for having me on. I'm the Managing Director of the Information Security Forum. The ISF is headquartered in London, we’re a not-for-profit organization and we work with many of the world's leading organizations on issues of information security risk management and increasingly, of course, the subject of today's session: what all of that means from a General Data Protection Regulation standpoint.

The GDPR is coming into effect in May of this year.

Scott Petry: Yes, sooner than people expect, I think - although we've had a couple of years