Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Compliance

09:37 AM
WS&T Staff
WS&T Staff
News
Connect Directly
RSS
E-Mail
50%
50%

Compliance Newsflashes: SEC Ruling Allows Broker-Dealers to Continue to Offer Fee-Based Accounts, and more

SEC Ruling Allows Broker-Dealers to Continue to Offer Fee-Based Accounts, Procera Networks Launches OptimIP Compliance Executive, Application Security Offers Best Practices Policies for SOX Compliance

SEC Ruling Allows Broker-Dealers To Continue To Offer Fee-Based Accounts

On Wednesday, April 6th, the Securities Exchange Commission (SEC) formally exempted broker-dealers that offer fee-based accounts from the Investment Advisers Act of 1940.

The SEC ruling will allow broker-dealers to continue to provide varied investment choices to their clients and allow investors to choose how to pay for the financial services they receive.

The rule, which has its roots in the 1995 Tully Report on compensation practices in the retail brokerage industry, was proposed by the Commission in 1999. Although it was originally designed to promote pricing practices that align the interests of customers with those of brokerages and registered reps, it proved to be highly controversial. In 2004, the SEC adopted a temporary final rule that was scheduled to expire on April 15.

"Placing broker-dealers that offer fee-based brokerage accounts to their clients under an additional, and wholly unnecessary, layer of regulation could have severely limited the availability of these popular accounts," said Securities Industry Association President Marc Lackritz, in a formal statement. "The Commission made the right decision."

Procera Networks Launches OptimIP Compliance Executive

Campbell, Calif.-based compliance systems provider Procera Networks has unveiled the OptimIP Compliance Executive, a non-invasive, wire-speed network appliance designed to help firms reduce compliance costs by automating essential compliance policies and processes. This new release enables IT organizations to block non-sanctioned Internet communications such as Web-based e-mail and instant messaging mirror e-mail and other electronic communications to a centralized storage system, and enable undetectable surveillance of suspicious online activity through an add-on surveillance monitor.

"Corporate and financial governance regulations that mandate compliance with SOX 404 audits and SEC Rule 17 require corporations to implement effective internal controls and archive all electronic communications associated with financial disclosure," said Dr. Anil Sahai, executive vice president and chief technology officer of Procera Networks, in the press release. "By making compliance an inherent part of the network to automate and selectively apply essential compliance processes, a corporation can reduce its total cost of compliance and alleviate much of the labor, pain and risk associated with manual compliance activities."

Application Security Offers Best Practices Policies for SOX Compliance

Application Security, a New York-based security solutions provider, announced the availability of best-practice policies to help organizations meet requirements under the Sarbanes-Oxley Act (SOX) and the Federal Information Security Management Act (FISMA).

Application Security's best-practice policy templates complement the company's application-level vulnerability assessment scanner, AppDetective, and its real-time database intrusion detection and security auditing solution, AppRadar. Both the FISMA and SOX Security Policies for AppDetective consist of a Pen Test policy and an Audit policy. The Pen Test policy tests security strength from an external perspective to ensure confidentiality, integrity and availability by determining susceptibility to privilege escalation, password attacks and other known vulnerabilities. The Audit policy determines vulnerability to insider threats by testing for privilege escalation -- users with limited capabilities attempting to gain enhanced status.

These tests span all application components and include checks for misconfigurations (i.e. using default passwords, disabling/enabling insecure database features/functions), as well as for strong access and identification/password controls. By using these policies, customers can tune their application security to the protections that are most relevant to the corresponding regulatory requirement, thus bolstering compliance.

The policies for AppDetective are available for download from the Application Security Web site at https://www.appsecinc.com/downloads/. Policies for AppRadar will be available later this month.

Register for Wall Street & Technology Newsletters
Video
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.