Third-Party Risk Is Becoming a Primary Challenge to Further Reduce the Extended Enterprise Risk

Today organizations in all market segments increasingly rely on an assortment of third-party vendors, suppliers, and partners. We are all aware of the continued growth of the extended enterprise – companies relying on a network of third-party vendors to provide them with organizational services, products, and competitive advantage. Over the past few years, the use … Read more

Cybersecurity and Resiliency Observations – SEC Office of Compliance Inspections and Examinations

Today, Cybersecurity risks originate from many sources, both domestic and from international regions. Most importantly, these cybersecurity risks occur across the array of securities and financial markets. The seriousness of the threats and the heightened concerns to investors, issuers, and other securities market participants, and the financial markets and economy more generally, are considerable and … Read more

Retirement Plan Participant Lawsuit Against Transamerica for Data Breach

In a lawsuit, he alleges the retirement plan service provider did not take steps to protect the personal information of participants in plans it serves. As the level of awareness of Cybersecurity protection of confidential data has increased, however, so has the size and complexity of the cybersecurity problem from the perspective of plan fiduciary. … Read more

DOL Seeks Information From Alight Solutions About Cybersecurity Incidents

Alight has been sued by retirement plan participants whose accounts were hacked, and the Department of Labor is investigating the provider’s practices. Judge John F. Kness of the U.S. District Court for the Northern District of Illinois has ruled that Alight Solutions must comply immediately with a Department of Labor (DOL) administrative subpoena seeking documents … Read more

Modevity Announces New Outsourced Cybersecurity Assessment Services for Retirement Plan Sponsors to Maintain Compliance with the DOL Cybersecurity Guidelines

Modevity, LLC, a leading Commercial Intelligence company established in 2004 specializing in Investigative Due Diligence Research and Vendor Risk Management (VRM) Services, announced today that the company has launched their new Cybersecurity Assessment Services for Retirement Plan Sponsors. The US Department of Labor Guidance regarding Plan Sponsors’ fiduciary responsibilities, states that Plan Sponsors should assess … Read more

DOL Guidance on Cybersecurity: Outline Overview for Plan Sponsors

As noted in the DOL Guidance on Cybersecurity, Plan Sponsors should continuously ask, are my ERISA plan’s assets and participant data protected from cyberattacks?” The Department of Labor’s (DOL) release of cybersecurity best practices for plans covered by the Employee Retirement Income Security Act (ERISA) makes it clear that plan sponsors, service providers, and participants … Read more

NSA Issues Warning on Cyber Weaknesses that allow Hackers Access

On May 17, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the FBI, along with allied nations, published a Cybersecurity Advisory to raise awareness about the poor security configurations, weak controls and other poor network hygiene practices malicious cyber actors use to gain initial access to a victim’s system. “Weak … Read more

SEC Nearly Doubles Crypto and Cyber Enforcement Staff

The Crypto Asset and Cyber Unit will increase to 50 positions; Commissioner Hester Peirce questioned why the commission was ‘leading with enforcement in crypto?’ The Securities and Exchange Commission will expand its Enforcement Division unit focused on crypto assets and cyber violations by 20 positions to 50 in total. SEC Chair Gary Gensler said the move was … Read more

DOL, SEC Cybersecurity Regulations: Divergence or Convergence?

The temperature is rising on the quality of cybersecurity risk for registered investment advisors, whether they are in the DOL space or not. In February, the U.S. Securities and Exchange Commission voted to propose two new rules on cybersecurity: rule 206(4)-9 under the Advisers Act and rule 38a-2 under the Investment Company Act. From a high-level perspective, … Read more

The Benefits of Implementing Investigative Due Diligence Research to an Organization’s Supply Chain Vendor Management Program Initiatives

Most organizations that will be making strategic and critical business decisions, it is imperative to undertake an extensive due diligence investigation. Due Diligence is defined as, “the care a reasonable person exercises to avoid harm to other persons or their property.” Investigative Due Diligence refers to the research and analysis of an individual or organization done … Read more

Trusted partner since 2004.

Other Pages

Quick Links

Get the latest news & updates

Copyright © 2022 All rights reserved.