When investing in your 401(k) or other retirement savings account, target-date funds, also known as life-cycle funds, are one popular option. You pick a fund that is dated around when you plan to retire, and that fund promises to rebalance as you approach that date.
When it comes to retirement savings, even the most adventurous seniors may consider something routinely described as "plain vanilla": a fixed immediate annuity. With an immediate annuity, the investor pays an insurance company a lump sum in exchange for regular income payments. Both fixed and variable immediate annuities deliver income quickly, but there are differences.
Asset allocation means deciding what portion of your portfolio to invest in different asset classes, like stocks, bonds and cash. Diversification is the spreading of your investments both among and within different asset classes. And rebalancing means making regular adjustments to ensure you are hitting your target allocation. All are important tools in managing investment risk.
Retirement plans like a 401(k) are long-term investments. But that doesn’t mean you should set them up and forget about them until you retire. Schedule an annual 401(k) “checkup” to make sure your plan still meets your needs.
As Senior Vice President – Strategic Regulatory Engagement, Alex Ellenberg is responsible for providing guidance, counsel and analysis to the leadership team and various Market Regulation and Transparency Services (MRTS) groups regarding a wide variety of strategic, operational, regulatory, risk and compliance functions and activities. He also supports and provides strategic risk analysis to the
On June 25, 2024, Progress Software released the MOVEit Transfer Critical Security Alert Bulletin (the Alert Bulletin) for CVE-2024-5806, a newly identified Critical Vulnerability, which was described as an Improper Authentication vulnerability in MOVEit Transfer, Secure File Transfer Protocol (SFTP) module and could lead to Authentication Bypass.
ONNX Store, a Phishing-as-a-service platform (PhaaS), is targeting Microsoft 365 (M365) accounts at FINRA member firms with an advanced social engineering attack known as quishing: a business email compromise (BEC) attack that uses QR codes in embedded PDF documents to redirect victims to phishing URLs.
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the e-mail addresses “[email protected]” and “[email protected]”. The e-mail addresses and domain “data-finra.org” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.
LockBit, one of the most deployed ransomware variants in recent years, continues to impact organizations across the globe, including FINRA member firms. Since November of 2023, FINRA has received reports from several member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents varied in severity from no impact to significant disruptions in firms’ business operations. As a result, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is notifying firms of the increased activity of this threat actor to heighten awareness and visibility of this risk. CAU is also providing a compilation of resources that outline effective practices firms may consider in response to this elevated risk.
FINRA’s Cyber and Analytics Unit (CAU) is highlighting an Okta data breach spanning from September 28 to October 17, 2023 that impacts Okta customer support system users. Okta reported that threat actors downloaded names and email addresses, along with other relevant metadata, of their customer support system users. The information could be leveraged in phishing or other social engineering attacks and potentially lead to the targeting of firm personnel in an Okta administrator or customer support role.
