News & Analysis


August 14, 2017 | Newsletter

ACA Broker-Dealer Services ("ACA") invites you to download the latest edition of our newsletter via the link below. This issue highlights:

August 8, 2017 | Cyber Alert

The U.S. Securities and Exchange Commission's (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert on August 7 containing a summary of its observations from their phase 2 cybersecurity examinations conducted in 2015 and 2016. OCIE examined 75 firms, including broker-dealers, investment advisers, and funds registered with the SEC.

August 3, 2017 | Cyber Alert
Threat Summary

ACA Aponix has received numerous notices in recent weeks that attackers have compromised Office 365 logins for staff (most commonly via phishing attacks) and are setting up auto-forward rules to malicious email addresses.

While this is not a new type of attack, Office 365 is typically configured for Outlook Anywhere and various multi-factor authentication bypass mechanisms, which allows attackers to remotely create inbox forward rules.

ACA Aponix Guidance

We recommend taking the following precautionary measures:

July 27, 2017 | Compliance Alert

Identity and Access Management (I&AM) and Privileged Access Management (PAM) include provisioning, recertification, internal transfers and offboarding user access to an organization’s technology resources. Corporate and departmental user groups consist of employees and sometimes include external connectivity to customers and vendors.  As a result, the complexity of account management processes increases depending on the level of risk associated with the particular user role being provisioned.

July 25, 2017 | Compliance Alert

On June 21, 2017, the Government of Puerto Rico Office of the Commissioner of Financial Institutions (“OCFI”) issued Circular Letter Number CIF-CC-17-1 In accordance with the Office of the Commissioner of Financial Institutions Act and the Uniform Securities Act, the OCFI requires every broker-dealer that conducts business in Puerto Rico and maintains a physical branch office location in the State, to file a monthly report disclosing the aggregate sum of

July 20, 2017 | Cyber Alert

This advisory contains information about the appointed senior advisor to SEC Chairman Jay Clayton for Cybersecurity, new cybersecurity rules under the Colorado Securities Act, and vulnerabilities reported in Cisco's software and WebEx browser extension.

July 20, 2017 | Cyber Alert
Threat Summary

A critical wi-fi vulnerability called Broadpwn allows hackers to run code in the main application processor and gain complete access to any Apple device within range.

The vulnerability, discovered by Nitay Artenstein from Exodus Intelligence, was patched by Apple in iOS 10.3.3 released on July 19. The vulnerability is a result of a weakness in the Broadcom BCM43xx family of Wi-Fi chips, which allows attackers to take control of the Wi-Fi chip leading to the main processor.

July 20, 2017 | Article

The following article, written by ACA's Danielle Joseph and Anne Wallace, appeared in the Hedge Fund Law Report on July 20, 2017.

July 19, 2017 | Press Release
New Compliance Testing Survey Also Finds Use of Automation on the Rise
July 18, 2017 | Survey


Click here for the results.

July 17, 2017 | Press Release

With the completion of this acquisition, ACA now offers the largest team of GIPS verifiers in the world.

July 17, 2017 | Compliance Alert

On June 30, 2016, the New York State Department of Financial Services (“DFS”) issued a Final Rule (Regulation 504) requiring regulated institutions to maintain “Transaction Monitoring and Filtering Programs.”  The Final Rule applies to all banks, trust companies, private banks, savings banks, and savings and loan associations chartered under New York Banking Law and all New York-licensed branches and agencies of foreign banks.  The Final Rule requires that regulated institutions have Transaction Monitoring and Sanctions Filtering Programs that are “reasonably desi

July 12, 2017 | Compliance Alert

On 3 July 2017, just hours before MiFID II’s transposition deadline passed, the FCA published its Markets in Financial Instruments Directive II Implementation – Policy Statement II (PS17/14). In this document, the FCA sets out its final position on the conduct of business rules, many of which will significantly impact the way your firm carries out its commercial activities.

June 30, 2017 | Cyber Alert

This advisory contains information about the Federal Bureau of Investigation Internet Crime Complaint Center's (IC3) 2016 Internet Threat report and the New York State Department of Financial Services' (NYSDFS) FAQs regarding their cybersecurity regulation 23 NYCRR Part 500.

IC3 Releases 2016 Internet Threat Report

The IC3 recently released its 2016 Internet Threat report which highlights reported cyber crimes and common complaints. Highlights from the report include:

June 29, 2017 | Compliance Alert

On June 27, 2017, U.S. Securities and Exchange Commission ("SEC") Chairman Jay Clayton presented testimony on the Fiscal Year 2018 Budget Request. During Chairman Clayton’s testimony, he emphasized the SEC’s commitment to protecting the investing public, maintaining fair markets, and facilitating capital formation.