US Forex broker FXCM Inc (NYSE:FXCM) has just filed its Annual Report (10-K) with the Securities and Exchange Commission (SEC), with the document containing details about the company’s financial metrics for 2015 and the renegotiated deal with Leucadia, developments of which LeapRate has already informed you.
The document is interesting in that it also provides additional information on the cybersecurity incident from October 2015.
Back then, FXCM said it was the target of a criminal cybersecurity incident involving unauthorized access to customer information. In addition to fully cooperating with the FBI, FXCM also launched a full investigation, working with a cybersecurity firm.
In its 10-K filing, FXCM says that the investigation has been concluded. Based on the investigation, the company identified a small number of unauthorized wire transfers from customer accounts but notes that all funds have been returned to the appropriate accounts and the customers have been contacted. The company did not find any evidence of an ongoing intrusion into its network or that additional customer information had been stolen from its network as part of the incident.
Regarding the costs associated with the investigation of the incident, FXCM estimates these at $700,000 at the end of 2015.
The company states:
We have incurred expenses subsequent to the cybersecurity incident to investigate and remediate this matter and may continue to incur expenses of this nature in future periods. Although we are unable to quantify the ultimate magnitude of such expenses and any other impact to the business from this incident at this time, they may be significant. These expenses will be recognized in the periods in which they are incurred. Through the year ended December 31, 2015, we incurred $0.7 million of costs related to investigative and other professional services, costs of communications with customers and remediation activities associated with the incident. We maintain insurance coverage for certain expenses of this nature, however, the coverage is subject to deductibles and may not be sufficient to entirely reduce the exposure to losses relating to this matter.
Meanwhile, the US authorities have been tightening the cybersecurity requirements for the financial services sector. Effective March 1, 2016, the U.S. National Futures Association (NFA) imposed new and more stringent cybersecurity requirements for all of its members, including Forex brokers.
Companies should implement information systems security programs (ISSP), which must contain a number of elements, such as a security and risk analysis and a description of the safeguards against identified system threats and vulnerabilities.
For the full Annual Report (Form 10-K) from FXCM, click here.