Insights

August 14, 2020

The U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) has issued a risk alert on the COVID-19-related risks, issues, and challenges faced by SEC-registered investment advisers and broker-dealers, including those resulting from the widespread use of telecommuting practices and pandemic-related market volatility.

August 12, 2020

Benchmarking your firm’s cybersecurity program against those of your peers is a smart way to identify the compliance gaps your firm should address. Here are the results of the 2020 NSCP / ACA Aponix Cybersecurity Compliance Programs Survey.

August 06, 2020

Money laundering has become a global concern over the past several years. In response, the U.S., Cayman Islands Monetary Authority and the EU are taking steps to increase AML efforts in their jurisdictions, and it is likely that other countries will follow suit in the coming years.

July 31, 2020

Many authorities are questioning whether mandatory password reset policies are worth the hassle. Get ACA's guidance on when, if ever, you can remove or relax your password reset policy.

July 24, 2020

FINRA issued Regulatory Notice 20-21 on July 1, 2020 providing guidance for complying with FINRA Rule 2210 “when creating, reviewing, approving, distributing, or using” retail communications concerning private placement offerings.

July 22, 2020

As adoption of the GIPS standards has grown over the years, ACA has seen compliance personnel take a much deeper interest in ensuring their firms meet every requirement.

July 22, 2020

Running vendor management or third-party risk management (TPRM) programs can be a complicated process for both consumers and providers of services. Here are some of the current challenges with due diligence and opportunities to improve the process for all parties involved.

July 21, 2020

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert identifying a critical vulnerability affecting all versions of Microsoft® Windows Server® configured with the Domain Name System (DNS) role enabled. The vulnerability could potentially allow a remote attacker to gain control of affected systems.

July 21, 2020

Regulators are placing increasing importance on senior managers taking personal responsibility and accountability for regulatory reporting under SM&CR. We examine what this means for firms in scope of the MiFIR, EMIR or SFTR reporting regime.

July 20, 2020

The Court of Justice of the European Union (CJEU) has determined that the Privacy Shield agreement, a key data sharing agreement that allows signatory U.S. companies to transfer EU resident personal data to the U.S., is no longer valid. Learn what action you may need to take due to this change.