The regulatory panel at GAIM Ops Cayman 2016, taking place at the Ritz Carlton on Grand Cayman this week, devoted a significant amount of attention to the complexities of reporting a cyber attack and the challenge presented by the Foreign Corrupt Practices Act.
One of the most frequent questions posed to regulators in the US is whether the victim of cyber attack will come in for any fallout from authorities such as the Securities and Exchange Commission (SEC) or the FBI, if they tell them that an attack has occurred. There is obvious concern that by coming clean about an attack—and the reputational damage that goes along with it—you could be seen as complicit due to lax procedures, rather than simply a victim.
Last September for example, the SEC brought an action against the target of a cyber attack because of its failure to have an adequate policy in place, as well as no encryption or firewall.
“There is a definite risk here,” one panellist said. “The SEC is focused on this issue and wants to know there is a plan in place for cyber security. You will get credit from the FBI for coming forward, but it’s a tough position to be in.”
The regulators also spent some time covering the Foreign Corrupt Practices Act (FCPA), indicating there is a currently a big push by the SEC to take on FCPA cases in the US. This can be a particular problem when dealing with intermediaries and third parties sourcing investments in other countries.
“Funds are behind corporate America in knowing that you can’t bribe people overseas,” commented one panellist.
Companies that have been caught up in FCPA cases have been hit with some very stiff penalties-FCPA fine collections over the past two years have been a major source of revenue.
“Defence attorneys are saying FCPA is the new four-letter word,” commented one official, who said fund managers need to realise it is really quite a straightforward concept.
“If you are giving a stress ball with your logo on as a gift then that’s fine, but if you are giving a Ming vase with your logo on it then that is not fine,” he said.
“We find out what’s happening through whistleblowers and it is usually your competitors that are letting us know.”
GAIM Ops Cayman 2016, Ritz Carlton, Cyber Security, Foreign Corrupt Practices Act, Securities and Exchange Commission, SEC, FBI, Cayman Islands