09:37 AM
Compliance Newsflashes: SEC Ruling Allows Broker-Dealers to Continue to Offer Fee-Based Accounts, and more
SEC Ruling Allows Broker-Dealers To Continue To Offer Fee-Based Accounts
On Wednesday, April 6th, the Securities Exchange Commission (SEC) formally exempted broker-dealers that offer fee-based accounts from the Investment Advisers Act of 1940.
The SEC ruling will allow broker-dealers to continue to provide varied investment choices to their clients and allow investors to choose how to pay for the financial services they receive.
The rule, which has its roots in the 1995 Tully Report on compensation practices in the retail brokerage industry, was proposed by the Commission in 1999. Although it was originally designed to promote pricing practices that align the interests of customers with those of brokerages and registered reps, it proved to be highly controversial. In 2004, the SEC adopted a temporary final rule that was scheduled to expire on April 15.
"Placing broker-dealers that offer fee-based brokerage accounts to their clients under an additional, and wholly unnecessary, layer of regulation could have severely limited the availability of these popular accounts," said Securities Industry Association President Marc Lackritz, in a formal statement. "The Commission made the right decision."
Procera Networks Launches OptimIP Compliance Executive
Campbell, Calif.-based compliance systems provider Procera Networks has unveiled the OptimIP Compliance Executive, a non-invasive, wire-speed network appliance designed to help firms reduce compliance costs by automating essential compliance policies and processes. This new release enables IT organizations to block non-sanctioned Internet communications such as Web-based e-mail and instant messaging mirror e-mail and other electronic communications to a centralized storage system, and enable undetectable surveillance of suspicious online activity through an add-on surveillance monitor.
"Corporate and financial governance regulations that mandate compliance with SOX 404 audits and SEC Rule 17 require corporations to implement effective internal controls and archive all electronic communications associated with financial disclosure," said Dr. Anil Sahai, executive vice president and chief technology officer of Procera Networks, in the press release. "By making compliance an inherent part of the network to automate and selectively apply essential compliance processes, a corporation can reduce its total cost of compliance and alleviate much of the labor, pain and risk associated with manual compliance activities."
Application Security Offers Best Practices Policies for SOX Compliance
Application Security, a New York-based security solutions provider, announced the availability of best-practice policies to help organizations meet requirements under the Sarbanes-Oxley Act (SOX) and the Federal Information Security Management Act (FISMA).
Application Security's best-practice policy templates complement the company's application-level vulnerability assessment scanner, AppDetective, and its real-time database intrusion detection and security auditing solution, AppRadar. Both the FISMA and SOX Security Policies for AppDetective consist of a Pen Test policy and an Audit policy. The Pen Test policy tests security strength from an external perspective to ensure confidentiality, integrity and availability by determining susceptibility to privilege escalation, password attacks and other known vulnerabilities. The Audit policy determines vulnerability to insider threats by testing for privilege escalation -- users with limited capabilities attempting to gain enhanced status.
These tests span all application components and include checks for misconfigurations (i.e. using default passwords, disabling/enabling insecure database features/functions), as well as for strong access and identification/password controls. By using these policies, customers can tune their application security to the protections that are most relevant to the corresponding regulatory requirement, thus bolstering compliance.
The policies for AppDetective are available for download from the Application Security Web site at https://www.appsecinc.com/downloads/. Policies for AppRadar will be available later this month.