On July 18,2014, the U.S. Securities and Exchange Commission (SEC), Office of Inspector General (OIG), Office of Investigations (01), initiated an investigation on the basis of allegations that SEC information was leaked to Reuters, an international news agency, regarding 10 investment companies under investigation by the SEC for their “High Frequency Practices” practices.

The investigation determined that nonpublic information was included in the July 17, 2014, Reuters article. However, OIG was unable to determine which specific individual(s) improperly disclosed information to Reuters based on the March 24,2014, email regarding SEC’s on-going review of HFT practices.

The Investigation

 Securities and Exchange Commission (SEC) Case #14-ENF-0726-I – Improper Disclosure of Nonpublic Information [18 Pages, 3.7MB]

https://documents.theblackvault.com/documents/SEC/14-ENF-0726-I.pdf

The post Securities and Exchange Commission (SEC) Case #14-ENF-0726-I – Improper Disclosure of Nonpublic Information first appeared on The Black Vault.

On June 9, 201 5, the U.S. Securities and Exchange Commission (SEC), Office of lnspector General (OIG), Office of Investigations, initiated this investigation on the basis of information provided Director Andrew Ceresney , SEC Division of Enforcement NF), alleging that [       REDACTED       ]  was having an ongoing affair with a subordinate  [ REDACTED ] Attorney. After Ceresney and [ REDACTED ] Regional Director [ REDACTED ] became aware of the relations, [ REDACTED ] removed [ REDACTED ] supervisor.

The Investigation

 Securities and Exchange Commission (SEC) Case #15-ENF-0290-I – Inappropriate Relationship With a Subordinate Employee [17 Pages, 3.9MB]

https://documents.theblackvault.com/documents/SEC/15-ENF-0290-I.pdf

The post Securities and Exchange Commission (SEC) Case #15-ENF-0290-I – Inappropriate Relationship With a Subordinate Employee first appeared on The Black Vault.

According to the report:

On September 21, 2015, the U.S. Securities and Exchange Commission (SEC), Office of the Inspector General (OIG), discovered that [ REDACTED ] Office of the Chief Accountant (OCA), may have transmitted nonpublic information from his personal Gmail e-mail account to his official SEC work e-mail account. Specifically, during the course of investigative activities related to OIG Case #15-COM-0419-I, the OIG found [ REDACTED ] forwarded an internal SEC e-mail and attachment dated April 12, 2015, [ REDACTED ]  

It appeared [ REDACTED ] forwarded this e-mail from his personal Gmail address on April 12, 2015. The content in the e-mail attachment included a narrative of highlights of [ REDACTED REDACTED REDACTED ] and recommendations to the Commission. As a result, on January 13, 2016, the OIG initiated a separate investigation concerning [ REDACTED ] improper handling of nonpublic SEC information.

The Investigation

 Securities and Exchange Commission (SEC) CASE# 16-COM-0209-1, Employee Emailed Non Public Information to Personal GMAIL Account [10 Pages, 2.0MB]

https://documents.theblackvault.com/documents/ig/16-COM-0209-I-SEC.pdf

The post Securities and Exchange Commission (SEC) CASE# 16-COM-0209-1, Employee Emailed Non Public Information to Personal GMAIL Account first appeared on The Black Vault.

Although the purpose and scope of this document is exempt from disclosure, I was able to find reference to the handbook to obtain a description of it, and get an idea of it’s purpose.

The following comes from the 2010 Annual FISMA Executive Summary Report:

The SEC has implemented policies and procedures to address Incident Response which are well documented and address the NIST and OMB43 guidance. C5i’s review of the SEC’s Incident Response Capability (IRC) Handbook provided evidence of the SEC’s attributes for its incident response and reporting program. The SEC IRC Handbook was developed to assist in the mission of the SEC Computer Security Incident Response Team. The handbook defines processes and procedures, roles and responsibilities, types of incidents, reporting criteria and timeframes, evidence collection and handling, event categories and incident severity, etc., as well as post-mortem procedures, e.g., lessons learned. The handbook also defines which types of incidents are required to be reported to the United States Computer Emergency Readiness Team (US-CERT) (based on OMB A-130 and FISMA) and which do not. The types of incidents that are not required to be reported are incidents that are self-inflicted, did not result in unauthorized access, or were not a result of attackers’ actions.

Document Archive

 Securities Exchange Commission (SEC) “Incident Response Capability Handbook” – April 2014 [46 Pages, 2.2MB]

https://documents.theblackvault.com/documents/SEC/SEC-IRS-April2014.pdf

The post Securities Exchange Commission (SEC) “Incident Response Capability Handbook” – April 2014 first appeared on The Black Vault.

On August 12, 2014, the U.S. Securities and Exchange Commission (SEC), Office of Inspector General (OIG) discovered that [REDACTED] Senior Counsel, Division of Enforcement (ENF), may have transmitted nonpublic information from his work email to his personal America Online (AOL) email account.

The Investigation

 SEC Investigation: Improper Transmission of Nonpublic Information via E-mail, May 29, 2015 [10 Pages, 1.9MB]

Loading...

Taking too long?

Reload document

| Open in new tab

Download [1.76 MB]

The post SEC Investigation: Improper Transmission of Nonpublic Information via E-mail, May 29, 2015 (CASE# 15-ENF-0273-1) first appeared on The Black Vault.

The purpose of this guidance is to describe the basic processes and procedures for FOIA liaisons and staff of SEC divisions and program offices to assist the FOIA Office staff in processing requests under the Freedom of Information Act (5 U.S.C. 552) and Privacy Act (5 U.S.C. 552 a). The Commissions’ FOIA and Privacy Act regulations, 17 CFR 200.80 and 17 CFR 200.300, may be accessed via the FOIA page on the INSIDER. For your convenience, links to these materials and others can be found in the attachments to this guidance.

NOTE: This guidance document is not an all-inclusive guide to FOIA processing. Rather, it provides the most basic information and guidance needed by all FOIA Liaisons to be able to perform the role within the division or program office. Always contact the FOIA Research Specialist assigned to a request for more information regarding the processing of the request referral.

Document Archive

 Securities and Exchange Commission’s FOIA/PA Work Procedure Manual, August 29, 2011 [29 Pages, 0.8MB]

https://documents.theblackvault.com/documents/foia/SECFOIALiaisonGuidance.pdf

The post Securities and Exchange Commission’s FOIA/PA Work Procedure Manual, August 29, 2011 first appeared on The Black Vault.