Cybersecurity and the Financial Firm


You may have become associated with a broker-dealer or investment adviser because your background was finance. Or marketing.  Or even political science, law, or psychology. Not technology. So why is cybersecurity your problem? 

Because the regulators have said it is.

Starting in 2014, the SEC “launched an initiative to examine broker-dealers and investment advisers’ cybersecurity compliance and controls” and would “continue th[o]se efforts [in 2015] and…expand them….”[a]  Specific to investment advisers, the SEC provided guidance this year that funds and advisers “may wish to consider,” and which includes:

  1. periodic assessments of a firm’s unique information gathering and storage, unique or general cyber threats to the firm and its clients, and technology to mitigate those threats;
  2. “a strategy…designed to prevent, detect and respond to cybersecurity threats”
  3. implementation of that strategy “through written policies and procedures and training that provide guidance to officers and employees concerning applicable threats and measures to prevent, detect and respond to such threats, and that monitor compliance with cybersecurity policies and procedures.”[b]

Likewise, FINRA has made it clear that broker-dealers “should develop, implement and test incident response plans. Key elements of such plans include containment and mitigation, eradication and recovery, investigation, notification and making customers whole.”[c]

The regulators have backed up their admonitions with bite.  As of May 2014, “[t]he SEC and FINRA…brought more than 10 enforcement cases against firms based, at least in part, on cybersecurity­ related failures.”[d]  Those failures included “(1) cybersecurity governance; (2) protection of firm networks and customer information; (3) vendors and outsourcing; and (4) responding to cybersecurity breaches.”[e]  And those violations were costly. The sanctions for those breaches ranged “from … $100,000 to $450,000. The only exception [was] a $27,500 fine imposed against a small firm…for a procedural violation without any customer harm.”[f]


What does a financial firm need to do? For starters, create a protocol to identify cyber risk unique to that firm and then create a process to manage that risk. Recently, a federal agency (the Federal Financial Institutions Examination Council (FFIEC))[g] facilitated that process by publishing its Cybersecurity Assessment Tool.[h]  According to the FFIEC, the Tool helps “institutions identify their risks and determine their cybersecurity preparedness[, and]…provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.”[i]   As such, it provides some reassurance for firms, since the structure of the Tool “confirms regulatory focus on risk mitigation and adequate management of cybersecurity preparedness, not wholesale elimination of all risk of cyber breaches.”[j]

Financial firms may mitigate some future pain by using this tool. “This [FFIEC] guidance may…impact how regulators, or in the event of a problem, courts hearing civil lawsuits, assess both the institution’s level of preparedness and how the company’s directors and officers discharged their responsibilities in creating and maintaining cybersecurity measures.”[k]  And the risk mitigation isn’t just for the financial firms. It is also for their officers and directors:  “FFIEC set forth specific expectations for the boards of financial institutions (as well as their CEOs), signaling not only the importance of governance in enterprise­-wide cybersecurity risk management, but clarifying that future regulatory examinations will focus specifically on whether the Board fulfilled its cybersecurity-related responsibilities.”[l]

Cyber security is now practically old news. Firms should not only have in place written protocols for cybersecurity, but should be tweaking and testing their existing systems and documenting all cyber breaches. Doing so is not only good business, it shows the kind of firm-wide diligence that might reassure the regulators that your firm is “on it.” Cyber threats will only become more sophisticated, and cyber security will continue to be a priority with the regulators, as data breaches and their consequences continue to headline the news. Do what’s necessary. Use the Cybersecurity Assessment Tool, or whatever other tool does the job, to assess the effectiveness of your protocols. Don’t become the subject of a regulatory enforcement referral because you or your firm fell short.


Bohdan S. Ozaruk

Attorney, Jones Morrison, LLP

[a] SEC National Exam Program, Examination Priorities for 2015, at 3, located at

[b] IM Guidance Update, No. 2015-02 (Apr. 2015), at 1-2, located at

[c] FINRA Report on Cybersecurity Practices (Feb. 2015) (“FINRA Report”), at 2, located at

[d] B. Rubin, What To Expect From SEC, FINRA Cybersecurity Enforcement (May 5, 2014) (“B. Rubin, What To Expect”), located at

[e] B. Rubin, What To Expect

[f] B. Rubin, What To Expect

[g] The FFIEC “is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB) and to make recommendations to promote uniformity in the supervision of financial institutions.”

[h] Located at


[j] A. Swaminathan, J. Halper, A.  Kim, H. Ullman, N. Nahabet, New Guidance for Financial Institution Directors and Officers In Cybersecurity Preparedness (Aug. 26, 2015), at 1, located at­and­Publications/Pages/New­Guidance­for­Financial­Institution­Directors­and­Officers­In­Cybersecurity­Preparedness.aspx

[k] A. Swaminathan, J. Halper, A.  Kim, H. Ullman, N. Nahabet, New Guidance for Financial Institution Directors and Officers In Cybersecurity Preparedness (Aug. 26, 2015) (“New Guidance-Cyber”), at 1, located at­and­Publications/Pages/New­Guidance­for­Financial­Institution­Directors­and­Officers­In­Cybersecurity­Preparedness.aspx

[l] New Guidance-Cyber, at 1.


Insurance Law – Eroding Limits Policies


An eroding limits policy is a policy where defense costs are considered part of the loss, and therefore reduce or exhaust, the available limits of the policy to pay damages or settlement costs. Effectively, every dollar spent in the defense of an action under an eroding limits policy is a dollar less that will be available to settle or satisfy a judgment. This can cause conflicts between the insured, the insurer, and counsel hired to defend the action. The types of policies where an eroding limits clause may be included range from commercial lines policies to Professional Liability, Directors & Officers Liability, and Employment Practices Liabilities.

Eroding limits policies have become increasingly common in recent years. They have been held to unambiguously terminate an insurer’s contractual duties once defense costs exceed the stated limits. The issue in most cases is whether the policies actually include the requisite language to enact an eroding limit. In most states, where an ambiguity exists, it is enforced as against the insurer. Therefore, to effectively create an eroding limits clause, explicit language is required.

For defense counsel, the presence of an eroding limits clause places a premium on early resolution, accurate budgeting, advance discussions with the insured and the insurer regarding litigation decisions that will affect the costs of defense and accurate disclosure of the remaining limits as the case continues.

Eroding limits policies have the potential to create bad faith litigation by the insured against the insurer, based on the insured’s failure to adequately control the cost of defense. Bad faith claims often arise out of attorney costs. These disputes usually center on an insurer’s ability to insist on market standard hourly rates, or to limit litigation to necessary activities. It is generally understood that such policies necessitate handling matters differently.  For example, if the value of a claim approaches or might exceed the policy limit, certain investigative costs (observation, site inspections, expert analysis) may not ultimately be in the best interest of the policyholder, as such expenses directly undercut the available policy limit. This creates a strain between the insured, the insurer and the attorney. An attorney, concerned that an investigation may ultimately not reveal any new information, may be hesitant to explore options that could lead to a stronger defense, as the expenses will be viewed as a bad faith activity by the insurer.

To minimize these issues, the insurer and defense counsel must regularly update the insured on all steps taken in the defense of the case. To protect against prospective bad faith suits, the attorney may even seek approval directly from them. Further, the insurer should endeavor to make an early assessment of the case, and take steps to make good faith efforts to achieve a settlement within limits. Settlement becomes a very important function in a defense within limits policy. Evaluating the reasonableness of a potential settlement is fact-sensitive. Early mediation, after some factual groundwork has been established, is an effective tactic in preventing excessive defense costs.

 Dan Morrison

Partner, Jones Morrison, LLP

An Alternative Approach to Divorce


While a couple may only be divorced by a Supreme Court judge in the State of New York, how you proceed with obtaining one is your choice.  It need not be a hard-fought, conflict-ridden battle.

Collaborative law is a voluntary, contractually based alternative dispute resolution (“ADR”) process for parties who prefer to negotiate a resolution, rather than go through the litigation process. The distinctive feature of collaborative law, compared to mediation, is that lawyers represent parties during negotiations. Collaborative lawyers do not represent the party in court, but only for the purpose of negotiating agreements. The parties agree in advance that their lawyers will not continue to represent them in court if the collaborative law process ends without complete agreement.

The basic ground rules for collaborative law are determined in a written agreement, called a collaborative law participation agreement. The agreement generally states that the parties and their attorneys will conduct themselves in a respectful way toward one another. They require that everyone involved be honest and will not take advantage of the other side’s errors or oversights. They mandate that the parties keep all communication during the negotiation process confidential. The parties and professionals pledge to adhere to the spirit of collaboration and agree to end the process if they cannot continue in that spirit. The participation agreement ensures that if a party seeks judicial intervention, or otherwise terminates the collaborative law process, the disqualification requirement takes effect. Parties agree that they have a mutual right to terminate collaborative law at any time without giving a reason.

The goal of collaborative law is to encourage parties to engage in problem-solving, rather than positional negotiations. A positional approach is when the parties use the negotiation process as a contest to be won by one side at the expense of the other. Whereas a problem solving approach involves parties that view the dispute as a joint problem that needs to be solved together.

Collaborative law is often used for family disputes, when the parties will most likely continue to have a relationship beyond the resolution of their dispute. Often non-legal experts will become involved to enhance the collaborative process and help find the best possible solutions that work not only for the parties but, often, for family members who are not parties to the dispute.

All of these protocols are designed to encourage the open exchange of information without the threat of litigation.  Research has found that a problem-solving negotiation approach often is more effective than an adversarial one. The benefit to lawyers is the satisfaction of knowing that your client has been well served not merely legally, but holistically.


Sarah Hechtman

Attorney, Jones Morrison, LLP

Effectively Managing the Collective Wisdom of a Multi-Generational Workforce Drives Business Success in the Information Age


In today’s technologically driven marketplace effectively managing the collective wisdom of a multi-generational workforce is a prerequisite for successfully advancing a strategic corporate vision. As discussed in the article below, a business that implements synergistic mentoring opportunities to promote collective norms and consensus building within its multi-generational workforce would be able to gain a competitive advantage in the information age.

NYSBA Inside Article


Heidi E. Opinsky Joins Jones Morrison, LLP

AAEAAQAAAAAAAAMtAAAAJDVhMzg3YTk3LWJhYjMtNDc2Ny1hZmZjLTY5MjJkZjQ5ODRkZQJones Morrison, LLP is pleased to announce that attorney Heidi E. Opinsky has joined the firm as a Partner. Ms. Opinsky will be practicing out of the firm’s offices in Stamford, CT, Scarsdale, New York and Manhattan. With 30 years experience in family law matters, Ms. Opinsky will focus on counseling New York and Connecticut state residents in resolving their family law, divorce, alimony, child support, domestic violence and property law issues.

“Jones Morrison, LLP has seasoned family law professionals which provides me with a solid platform for my regional practice,” said Ms. Opinsky. “I see the association as a positive step forward in providing excellent legal family law services as a team to clients in an ever-changing and increasingly challenging legal area in the States of Connecticut and New York.”

Prior to joining Jones Morrison, LLP, Ms. Opinsky was a Family Law Partner at Fox Rothschild LLP and McCarter and English, LLP in Connecticut and New York. Ms. Opinsky is admitted to practice in Connecticut, New York and the District of Columbia and the U.S. Eastern and Southern District Courts of New York. Ms. Opinsky is a Co-Chair of the Fairfield County Bar Association Women in Law Committee and Alternative Dispute Resolution Committee.

She is on the New York State Bar Association Committees on Child Custody and Children and the Law. She is a Connecticut Certified Guardian Ad Litem and serves in the Connecticut Superior Court as a Special Master in Family Law. Ms. Opinsky engages in Divorce Mediation and Collaborative Family Law in the States of Connecticut and New York. She is a Member of various State and Local Bar Associations in Connecticut, New York and the District of Columba. She is a member of BNI Edge, Stamford Chapter, Global Networking. She Chaired her past Firm’s Women’s Initiative Steering Committee. Ms. Opinsky has been frequently quoted in Thomson Reuters, and the Connecticut Law Tribune on family issues. Ms. Opinsky is a frequent speaker at local and State Bar Associations.

Contact Heidi at: (203) 965-7700, Ext. 355, or (914) 472-2300, Ext. 355 or by email at

Who Pays for College After Divorce?


Summer is upon us and college admission letters have been received by now. While it is a happy time to celebrate a child’s success and admission to the school of his or her choice, figuring out how to pay for college is often not as pleasant. The question arises: when divorced, who pays for college? The answer to this important question should have been decided during divorce proceedings.

Payment for the costs associated with college, as well as for those associated with college admissions (travel to potential schools, test prep courses, application fees), should be contemplated at the time of divorce. Who pays for what, and how much, ought to be determined long before it is time for your child to apply. Will there be a “cap” on mandatory contributions to college costs at the SUNY level? Will the parents pay for a child until he or she graduates, even if it takes longer than the ordinary four years? Will both parties agree to contribute to graduate school? These are all decisions that should be contemplated, and answered, at the time of divorce to avoid future complications.

Divorce, while often difficult, can also be viewed as an opportunity for a fresh start and a chance to plan for the future. If it has not already been done, it is prudent to set up college savings accounts (“529″ accounts) at the time of divorce, to which both parents are obligated to contribute periodically. When dividing assets, allocating a portion to college costs may be a wise option.

If parents have neglected to provide for college funding in  divorce, who will pay? This depends on a variety of factors, including the child’s wishes and the parents’ ability to pay. A court may order a parent to pay for college, even in the absence of an agreement that obligates him or her to do so. Thus, it is sensible to decide well ahead of the time a child is ready for college how the payment of college costs will be handled.

Jazz at Lincoln Center – at Caramoor!


Caramoor Center for Music and the Arts is delighted to announce an inspiring new collaboration with Jazz at Lincoln Center, led by Managing and Artistic Director Wynton Marsalis. Jazz at Lincoln Center programming will provide audiences the chance to hear world-class jazz from one of the nation’s foremost cultural institutions in Caramoor’s idyllic setting. This new programming collaboration will launch at the 22nd annual Caramoor Jazz Festival (July 18), and will feature events and performances for jazz enthusiasts of all ages, culminating in a performance by the celebrated Jazz at Lincoln Center Orchestra with Wynton Marsalis. As in previous seasons, the festival will take place throughout the historic Caramoor estate: 90 acres of picturesque Italianate architecture and gardens in Katonah, NY, just an hour’s drive from Manhattan, and an oasis for jazz aficionados and newcomers alike. Mark your calendars, jazz lovers, and get ready for a great day of music! Stephen J. Jones, our managing partner, is a member of the Caramoor Board of Trustees.

For more information about Caramoor, visit

Employment Law Issues


If you are a restaurant owner, or any business owner, you should be thinking about employment law issues and how Jones Morrison can help you understand them and implement solutions. Even simple actions, such as posting signs in the workplace about state and federal laws, and ensuring you are in compliance with the New York State minimum wage increase to $8.75 per hour as of January 1, 2015. Our clients (and the federal courts) have seen a dramatic increase in unpaid and underpaid wage and hour and overtime claims. Whether driven by a struggling economy or increased awareness of workers’ rights, employers need to be careful – particularly about the classification of employees as “exempt” from federal and state overtime laws. From helping create a personnel handbook to make sure policies are clearly defined for employees to exploring employment agreements for top managers and executives, Jones Morrison can help avoid future legal issues and allow you to keep your mind on the dinner rush.

It’s Time For Your Annual Legal Checkup

2015 Small Business Jones Morrison Legal Checkup2015 is right around the corner and it’s time for you to schedule your annual legal checkup. Many legal problems that clients encounter can be prevented or minimized by meeting with your attorney yearly to review your insurance coverage, business maintenance, estate planning, retirement planning or investments. The costs of legal checkups can more than pay for themselves, whether it is an analysis of your business or personal matters, or both.

Most small and mid-size businesses do not adopt thorough preventative measures via a yearly legal health report with their attorney – despite not typically having in-house counsel.  The inevitable changes in your business can be planned for, whether they are due to economic shifts, growth of the business, regulatory changes or a change in a business owner’s circumstances.

A legal checkup includes a review of the records and practices of your business, including

  • Loan Agreements
  • Employment Agreements
  • Employee Handbooks
  • Licenses & Permits
  • Regulatory Compliance
  • Corporate Charter
  • Operating Agreements
  • Individual’s Business Risk
  • Financial & Tax Matters
  • Expansion Plans
  • Possible Litigation Issues
  • Insurance, Liability & Indemnity
  • Real Estate & Property Matters

While larger businesses are more likely to need a more thorough review, sole proprietors are just as likely to come up against legal road blocks and have more difficulties managing them both financially and concurrently with the demands of their business.

Long term planning can also be a tool that helps with the growth of your business, not only by making sure it is healthy, but also by putting in place processes that will benefit future growth and expansion.

For some business owners, a legal checkup may also include an analysis of the personal financial risk and implement measures to protect against a failing business or venture.

Just like a yearly medical checkup from your doctor, a legal checkup will monitor your business, put in place protections, and leave you confident in your business for the coming year.

To speak with one of Jones Morrison’s attorneys about scheduling a meeting regarding your business, estate planning, and retirement plans, or personal asset management call us today at (914) 713.9311.

Stephen J. Jones
Direct Dial For All Offices