Suggestions

Subscribe Now
Dark
Light

SEC accuses communications company of accounting control misstep.

1 min read
20 views
July 3, 2024
by



SEC Charges Communications Company with Accounting Control Failure

TLDR:

SEC charged a communications company with accounting control failure related to cybersecurity incident, leading to a $2,125,000 civil money penalty.

Key Elements:

  • SEC issued a cease-and-desist order against a business communication and marketing service provider for cybersecurity controls violations.
  • Allegations included inadequate controls for reporting cybersecurity incidents and failure to timely respond to alerts of unusual network activity.
  • Respondent relied on a third-party vendor for alert review and escalation without confirming it aligns with expectations.
  • Respondent cooperated with the investigation, reported incident promptly, and enhanced cybersecurity controls.
  • SEC Commissioners disputed the application of Section 13(b)(2)(B) in this case.

On June 18, the SEC issued a cease-and-desist order against a Delaware-based business communication and marketing service provider to settle allegations of cybersecurity controls violations related to a 2021 ransomware attack. The SEC alleged that the respondent did not have adequate controls to ensure cybersecurity incidents were reported to its management and did not respond to alerts indicating unusual network activity in a timely manner. The order also contended that the respondent relied on a third-party vendor to review and escalate alerts but did not confirm that the vendor’s actions aligned with expectations.

The respondent cooperated with the investigation, reported the incident promptly, and took steps to enhance its cybersecurity technology and controls. Without admitting the allegations, the respondent agreed to a $2,125,000 civil money penalty. Notably, the order alleged violation of Exchange Act Rule 13a-15(a) and Section 13(b)(2)(B) of the Securities Exchange Act of 1934, which requires companies to maintain disclosure controls and internal accounting controls.

SEC Commissioners Pierce and Uyeda criticized the application of Section 13(b)(2)(B) in this case, arguing that the requirement for internal accounting controls should focus on corporate transactions involving assets, not cybersecurity incidents. They contended that faulting the respondent’s control failure in a ransomware attack expands the interpretation of what constitutes an asset under this section.


Post Views: 20

Adrian Johnson

Previous Story

Gain insight: Tech skills essential for accounting pros in tough times.

Next Story

Your Daily Accounting Briefing – 2024-07-03

Latest from News

Crypto update: peek into 2024.

TLDR: 2024 has been a dramatic year for cryptoassets, with regulatory approval of spot Bitcoin ETFs, bull run in crypto, and increasing mainstream adoption.