Regulators are increasingly focusing on the security measures firms are taking to protect their clients' sensitive information. The SEC issued guidance in 2015 on the steps firms should take to address cybersecurity risks, which include assessing the security of the firm's data, wherever it resides. In June 2016, the SEC issued a major U.S. bank a seven-figure penalty for failure to adequately safeguard customer information.
In addition to its new rules promulgated in November 2015, the New York Superintendent of Financial Services announced in September 2016 new proposed rules further requiring firms to engage in annual assessments of all their third party vendors to assure the vendors' compliance with the cybersecurity rules. FINRA issued a cybersecurity checklist in May 2016, following on Chairman and CEO Richard Ketchum's 2015 statement that cybersecurity would be one of FINRA's three key focus areas in 2016. FFIEC also announced a cybersecurity assessment tool in 2015, and the OCC has indicated cybersecurity will be a topic for examinations. The message from the states and regulators is clear: financial services firms are responsible for safeguarding their clients' data and need to take the security seriously.
The Firm has successfully completed numerous information security audits required by its clients, including two Top Five commercial banks, international investment banks, and investment management companies. From state-of-the-art encryption, to secure FTP, to the establishment of TLS email tunnels with firm clients and business partners, we strive to exceed our clients' high standards and expectations relating to data security. The Firm has obtained the stringent International Organization for Standardization ("ISO") 27001 certification for its operations from DEKRA. The DEKRA Certification affords clients the peace of mind that comes with knowing that their data is with an organization that takes information security very seriously. McGonigle, P.C. is capable of hosting almost unlimited volumes of data at a secure state-of-the-art data center compliant with HIPAA/Hi-Tech, PCI DSS, SSAE 16, and SOC1 Type II.
We are members of the Financial Services Information Sharing and Analysis Center (FS-ISAC), a premier forum for collaboration on critical security threats facing the financial services industry. Membership allows us to remain current with regard to all security issues - from what's happening today to what's happening in the next ten years.