Our attorneys regularly advise banks, insurance companies, broker-dealers, investment advisers and public and private funds on all aspects of cybersecurity regulation.

Our team members are experts on the entire cybersecurity regulatory structure including Gramm-Leach-Bliley, Regulation S-P, Regulation P, the OCIE 2015 Cybersecurity Initiative, the FINRA 2015 Report on Cybersecurity Practices, and the NIST Framework.

We develop information security programs for our clients, guide them through cyberincidents and represent them in any resultant regulatory inquiry. As a part of this service, we develop and implement access or IAM policies, governance policies, risk analysis policies, vendor management policies, mobile policies, training plans and incident response plans.

We also regularly conduct cybersecurity audits for our clients and have acted as the SEC-appointed independent consultant in cybersecurity enforcement actions.

A member of the firm is currently the Co-Chair of the American Bar Association, Business Section White

Thought Leadership

Publications

Pastore lawyers have written extensively on the regulation of electronic technology in the securities markets.

  • “Cybersecurity in Federal Securities Markets,” Bloomberg BNA Treatise, Securities Practice Portfolio Series, 2014.
  • “Responding to State Breach Notification Requirements,” German American Chamber of Commerce Legal & Tax Newsletter, September 2014.
  • “Regulatory Guidance Informs Best Practices for Cybersecurity,” The Metropolitan Corporate Counsel, May 1, 2013.
  • “Record Keeping and Advertising Chapters,” PLI Broker-Dealer Regulation Treatise, PLI, 2008.
  • “Securities Practice & Electronic Technology,” Treatise, American Lawyer Magazine, 1998.

Panels and Seminars

Pastore lawyers have participated in many panels and seminars on cybersecurity.

  • “The Financial Regulation of the Third Platform—the Cloud, Big Data, Social Media, and Mobile Devices,” Bloomberg BNA Webinar, October 28, 2015.
  • Panelist, “Cybersecurity, Governance, and Data/Network Protection,” IA Summit, Financial Resource Associates, July 2015.
  • Panelist, “Financial Responsibility, Regulation and Examinations,” PLI Fundamentals of Broker-Dealer Regulation Seminar, June 2015.
  • Panelist, “Cybersecurity Panel,” SIFMA C&L New York Regional Seminar, October 2014.
  • “Financial Responsibility, Regulation and Examinations,” PLI Fundamentals of Broker-Dealer Regulation Seminar, Panelist, June 2014.
  • “Cybersecurity in Securities Markets,” Bloomberg BNA Webinar, Panelist, May 14, 2014.
  • “Cybersecurity for Investment Advisers: Threats and Best Practices,” IAA, Panelist, May 1, 2014.
  • “Examination and Enforcement Developments,” ALI CLE, Panelist, January 22, 2014.
  • “Cybersecurity Strategy: Regulatory Guidance and Best Practices to Mitigate Risks,” Commercial Law Web, Adviser, Panelist, September 11, 2013.
  • “Cybersecurity for Investment Advisers and Broker-Dealers,” Panelist, June 2013.

Representative Matters

Litigation

  • In the Matter of LPL Financial Corp., Respondent Admin. Proc. File No. 3-13181 (2008):
    A Pastore lawyer was appointed the independent consultant in an SEC enforcement action settlement against LPL Financial, one of the largest independent broker-dealers in the U.S. This matter involved numerous violations of Reg S-P including the firm’s failure to safeguard its customers’ personally identifiable information. The consultant was required to review the firm’s systems and written policies and procedures relating to Reg S-P; make recommendations and revisions to these and file a report with the SEC concerning these policies and procedures with a view to assuring the firm’s compliance with Reg S-P.
  • Represented broker-dealers and investment advisers in various state regulatory inquiries relating to cybersecurity incidents.

Advisory

  • Advised numerous broker-dealers and investment advisers on the development and implementation of their Cybersecurity Information Security Programs
  • Advised numerous broker-dealers and investment advisers during cybersecurity incidents including an analysis of the ongoing incident, the assessment of PII, the remediation of damage and all communications with regulatory authorities.
  • Advised numerous broker-dealer and investment adviser, on their registration with the SEC and FINRA, including the development of their operational, compliance and cybersecurity procedures.
  • Advised one of the country’s largest insurance companies on its development and implementation of a records management program and an information security program. This involved the review and analysis of numerous operational and record retention systems and the integration of these systems into a single records management program and, for the ISP, the development and implementation of a risk management system, an access policy, a mobile policy, a vendor policy and an incident response plan.
  • Advised one of the largest U.S. online broker-dealers on the development and implementation of its record management program. This involved the review and analysis of numerous back office, trading, e-mail and record retention systems and the integration of these systems into a single records management program.
  • Advised one of the country’s largest broker-dealers in its development and implementation of remedial measures relating to the firm’s failure to comply with the Rule 17a-4 WORM requirement.