News & Analysis


September 12, 2017 | Article

Following the SEC’s recent commentary on Initial Coin Offerings, some investment adviser firm employees will now need to report the personal trades they make in certain types of virtual currency tokens.

September 8, 2017 | White Paper

The need to implement cyber security and other information security controls has become the new business reality. Organizations that are technology and data dependent, regardless of size, need to evaluate their exposure and formulate an information security program, as well as contemplate their potential breach response. Such a program must include third party service providers, include cloud-based providers, and organizations must recognize that their third party providers’ program in many ways become part of their information security programs.

September 8, 2017 | Cyber Alert
Threat Summary

On September 7, 2017, Equifax announced that personally identifiable information for 143 million customers may have been compromised in a breach that occurred between May and July of 2017. The data includes names, social security numbers, birth dates, addresses, and driver's license numbers. Equifax set up a website so customers can determine whether their data was impacted. The company is also offering free identify theft protection and credit file monitoring services.

September 6, 2017 |

Are you interested in how your firm's approach to valuation of client assets compares to your peers? Ever wonder what controls other private fund managers have implemented around their selection of trading counterparties or allocations of co-investment opportunities?  Are you curious as to what practices or controls peer firms have implemented surrounding conflicts of interest?

August 29, 2017 | Press Release

ACA Technology Solutions, a division of ACA Compliance Group and a leading provider of investment management and regulatory compliance technology solutions, has seen rapid adoption of its ComplianceAlpha platform, signing over 30 new clients in the first six months of 2017.

August 22, 2017 | Compliance Alert
August 22, 2017 | Compliance Alert

The SEC's Boston Regional Office is conducting unannounced examinations of investment advisers.

August 18, 2017 | Cyber Alert
Threat Summary

Locky, which has been one of the first and most successful forms of ransomware historically, has returned with new variants, Diablo and Lukitus. The email-based campaign started earlier this month and thus far has infected tens of thousands of people.

August 16, 2017 | Compliance Alert

The blending of two businesses comes with its own set of unique challenges. From the melding of different company cultures to the adoption of new operational procedures it’s easy to end up with multiple products and platforms that perform the same function.

August 15, 2017 | Cyber Alert

The British government confirmed their intention on August 7 to introduce a new Data Protection Bill which is set to transfer the European Union’s General Data Protection Regulation (GDPR) into UK Law. Digital Minister, Matt Hancock, who is leading the changes has said that the bill will provide the UK with ‘one of the most robust, yet dynamic, sets of data laws in the world’.

August 14, 2017 | Compliance Alert

Last week, the Alternative Investment Management Association (“AIMA”) released the text of a letter it received from Stephen Hanks, Head of Market Policy at the FCA. The letter was dated July 19, 2017, but sent a week ago. The letter is a response to one sent by AIMA back in April, asking the FCA to clarify their position on how MiFID II requirements should be extended to non-European Union ("EU") delegates (e.g., those acting as sub-advisers), including its new rules on paying for research. 

August 14, 2017 | Newsletter

ACA Broker-Dealer Services ("ACA") invites you to download the latest edition of our newsletter via the link below. This issue highlights:

August 8, 2017 | Cyber Alert

The U.S. Securities and Exchange Commission's (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert on August 7 containing a summary of its observations from their phase 2 cybersecurity examinations conducted in 2015 and 2016. OCIE examined 75 firms, including broker-dealers, investment advisers, and funds registered with the SEC.

August 3, 2017 | Cyber Alert
Threat Summary

ACA Aponix has received numerous notices in recent weeks that attackers have compromised Office 365 logins for staff (most commonly via phishing attacks) and are setting up auto-forward rules to malicious email addresses.

While this is not a new type of attack, Office 365 is typically configured for Outlook Anywhere and various multi-factor authentication bypass mechanisms, which allows attackers to remotely create inbox forward rules.

ACA Aponix Guidance

We recommend taking the following precautionary measures:

July 27, 2017 | Compliance Alert

Identity and Access Management (I&AM) and Privileged Access Management (PAM) include provisioning, recertification, internal transfers and offboarding user access to an organization’s technology resources. Corporate and departmental user groups consist of employees and sometimes include external connectivity to customers and vendors.  As a result, the complexity of account management processes increases depending on the level of risk associated with the particular user role being provisioned.