CFTC Fines Registrant for Cybersecurity Violations
The U.S. Commodity Futures Trading Commission today issued an order filing and simultaneously settling charges against Phillip Capital Inc. (PCI), a registered futures commission merchant for cybersecurity breaches involving unauthorized access to its email systems, customer information, and withdrawal of customer funds. The CFTC further alleged that PCI failed to supervise its employees regarding its cybersecurity and security program policies and procedures.
Congress enacted Title V of the GLBA to ensure that financial institutions protect the security and confidentiality of their customers’ nonpublic personal information. In 2001, the CFTC promulgated its first Title V privacy rules, mandating that covered entities adopt policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.
Cybersecurity has been one of the CFTC’s priorities and will continue to be a focus. Registrants should have proactive policies that are forward-looking, not only in anticipating issues that might arise but in having clear directions and goals. At Kennyhertz Perry, we understand the rigorous regulations surrounding customer data and regularly counsel entities on sound cybersecurity policies, procedures, and practices.
Kennyhertz Perry advises clients on a wide range of commodities and derivatives regulatory matters. Kennyhertz Perry has experience in all types of derivative transactions and design structures to meet clients’ specific trading, financial, and/or credit needs. The roots of the practice are in the commodities markets, where Kennyhertz Perry partner Braden Perry spent time as a Senior Trial Attorney with the Commodity Futures Trading Commission. Our lawyers regularly advise our clients on compliance with the complex laws and regulations governing the securities and derivatives industries, including the Commodity Futures Modernization Act of 2000, the Commodity Exchange Act, the Gramm-Leach-Bliley Act, the Securities Acts of 1933 and 1934, the Investment Company Act of 1940, the Investment Advisers Act of 1940, the SEC and CFTC regulations, the rules of the various derivatives exchanges and clearinghouses and other industry self-regulatory organizations and the “Blue Sky” state securities laws. Keeping abreast of regulatory developments is imperative, and enables our lawyers to guide clients on comment-making about proposed legislation and regulation, provide ongoing operational and compliance counseling, and offer advice on appropriate modifications of transaction structure and documentation.
Clients also benefit from Kennyhertz Perry’s experience in related areas of law, such as litigation, banking, securities, insurance, and its regular practice before the Commodity Futures Trading Commission. Leaders in the financial industry choose Kennyhertz Perry because the firm’s lawyers tailor their advice to the unique issues presented by each matter they handle.
Kennyhertz Perry represents individual and corporate clients faced with the increased use of criminal enforcement to address business practices, particularly as they relate to financial issues. Mr. Perry brings his enforcement experience as well as his substantial prior experience in white-collar criminal defense practice, and as a firm, we represent corporate clients and individual officers and directors at every stage of government investigations and enforcement actions – including white collar criminal matters – initiated by state and federal agencies, including the Department of Justice, SEC, CFTC, FTC, and FINRA.
Kennyhertz Perry’s enforcement practice regularly defends clients against allegations involving a wide array of business contexts in federal and state grand jury investigations, trials, and appeals. In particular, we have represented clients in enforcement matters and related litigation involving a wide range of subject areas including Foreign Corrupt Practices Act (FCPA), consumer financial services, money laundering and Bank Secrecy Act, securities, commodities, options, and derivatives fraud, state and federal RICO laws, False Claims Act, and insurance fraud.
Kennyhertz Perry assists clients with data security needs, blending traditional legal experience in the corporate and litigation arenas with technical acumen.
We assist clients in prevention, developing robust information security programs, including administering internal compliance and risk assessments, which include the development and implementation of corporate policies and procedures required for compliance with state and federal privacy and security laws, and information security best practices; information security policies; records retention and management policies.
In addition to prevention, Kennyhertz Perry can prepare security incidence response procedures, identify, assess, contain, and mitigate privacy and security breaches, and work with law enforcement to assist in the investigation of the incident. Businesses that are the victims of cyberattacks also must determine when and how to cooperate with government agencies during an investigation of an attack, and how best to do so. The lawyers in our privacy and cybersecurity practice, as well as members of our Government Enforcement practice group have deep experience, from both government and private practice, in this area, and help companies navigate the often complicated interactions with government agencies, and can provide both counseling and representation where the threat of prosecution may arise.
Kennyhertz Perry also assists with IT resiliency understanding and engaging at the top management and board level. Traditionally, IT has been misunderstood, and management would not understand the role and responsibility of IT departments. Kennyhertz Perry bridges this gap at all level. At the Board level, directors not only need to be sophisticated with business issues, they also need to be versed in today’s cyber and IT. Translating an understanding of the importance of a proactive IT security policy, and feeling like the company is “on board” with IT security efforts. Many companies have very robust policies and procedures for their business processes, which sophisticated Board members can understand. IT is different. It’s a different language for a business person, and unfortunately most Board members will ignore or defer on issues they don’t understand. So when an IT department presents a robust plan for proactive IT security, it may go ignored or disregarded. This can lead to a reactive plan only that focuses on the “when” as opposed to prevention. IT is a different language. We serve as Board IT/cybersecurity liaison to be the “go between” and translate the IT language into business and vice versa.
Kennyhertz Perry, LLC is a business and litigation law firm representing clients in highly regulated industries. The firm was founded by two veteran Kansas City attorneys, John Kennyhertz and Braden Perry. To learn more about the firm, visit kennyhertzperry.com.
*The choice of a lawyer is an important decision and should not be based solely upon advertisements.