The Securities and Exchange Commission recently announced that a Des Moines-based broker-dealer and investment adviser has agreed to pay $1 million to settle charges related to its failures in cybersecurity policies and procedures surrounding a cyber intrusion that compromised personal information of thousands of customers. This is the latest SEC action demonstrating that cybersecurity must be tailored to the practices of the business.
The SEC charged Voya Financial Advisors Inc. (VFA) with violating the Safeguards Rule and the Identity Theft Red Flags Rule, which are designed to protect confidential customer information and protect customers from the risk of identity theft. This is the first SEC enforcement action charging violations of the Identity Theft Red Flags Rule.