SEC searches for role in battling cyber threats

Primary risk for wealth managers is when a hacker poses as a client and manipulates accounts

Mar 26, 2014 @ 4:24 pm

By Mark Schoeff Jr.

cybersecurity, hacker, SEC, securities and exchange commission
+ Zoom

Investment advisers are experiencing an increasing number of online attacks, participants in a round-table discussion at the Securities and Exchange Commission told agency officials Wednesday.

David Tittsworth, executive director of the Investment Adviser Association, said the primary risk that wealth managers in his group face is "account takeover," in which a hacker poses as a client and tries to manipulate accounts.

"It seems to have grown in frequency a lot just in the last year or two," he said during the panel discussion.

The Financial Regulatory Authority Inc., the broker-dealer regulator, is in the middle of a cyber-security sweep of a cross-section of member firms, according to Daniel Sibears, Finra executive vice president for regulatory operations shared services.

Preliminary results show that the top cyber risks identified by brokers include operational disruptions, internal attacks by employees, external attacks by hackers, denial of service and phishing attempts.

(Learn which firms are most at risk for cyberattacks.)

The financial advice industry is especially vulnerable to cyberattacks because advisory businesses are based on trust between the financial adviser and a client, said John Reed Stark, managing director at digital forensics firm Stroz Friedberg.

"The risk to investment advisers is particularly scary because one data breach can bring down an investment adviser quickly," he said.

Although small firms have fewer resources to combat online predators, the entire financial services industry faces substantial threats, said John Denning, senior vice president for operational policy integration, development and strategy at Bank of America Merrill Lynch.

"The cyber risk is high for any company," he said. "The key is early warning."

The SEC convened the forum to help it better assess cyber security in the financial services industry and identify ways to protect firms and investors. SEC Chairman Mary Jo White attended the entire five-and-a-half hour meeting, which featured federal and industry officials as well as lawyers and other experts

"There is no doubt that the SEC must play a role in this area," said Luis Aguilar, the commission member who suggested Wednesday's session. "What is less clear is what that role should be."

Mr. Aguilar urged the SEC to set up a cyber security task force that includes staff members from each of the commission's divisions.

"As I explored this issue, it became readily apparent to me that the commission has much to learn about the specific risks that our regulated entities and public companies are facing," Mr. Aguilar said. "Given the extent to which the capital markets have become increasingly dependent upon sophisticated and interconnected technological systems, there is a substantial risk that a cyberattack could cause significant and wide-ranging market disruptions and investor harm."

Cyber security has long been a worry for the U.S. government and business. Its profile increased even more recently following massive customer data breaches at retailers Neiman Marcus, Target and possibly Michaels.

Both the SEC and Finra have made cyber security an examination priority this year. Last year, the SEC approved a rule that requires advisers to implement written identity theft programs.

Round-table participants cautioned the regulators not to come up with cyber security regulations that would force them to follow certain procedures that may quickly be overcome by clever hackers.

"Please resist the urge to impose prescriptive requirements," Mr. Tittsworth said.

Finra will use the results of its cyber security sweep to determine whether to propose rules or issue guidance to its member firms.

"We recognize this is a rapidly changing environment," Mr. Sibears said. "There has to be a component that allows firms to adapt."

Investment advisory firms are a tempting target for hackers, said Javier Ortiz, vice president of strategy and global government affairs at Taasera Inc., a cyber security software company.

Not only do they manage clients' money, they also collect data that can identify them personally.

"Access to that information is what the bad guys really want," Mr. Ortiz said on the sidelines of the conference. "I would like my financial adviser to take great care of their systems that will protect my information."


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

Sep 26


Investing 2017: Industry at a Crossroads

The advice industry is at a unique inflection point, as the way clients are investing has changed dramatically: Technology has evolved, access to innovative products has changed, and the active vs. passive debate continues to rage on. Advisers... Learn more

Featured video


What does the adviser of the future need in their toolbox?

Advisers continue to embrace all of the new offerings and products the fintech space has to offer. But what else can help them improve their business?

Video Spotlight

Are Your Clients Prepared For Market Downturns?

Sponsored by Prudential

Recommended Video

Path to growth

Latest news & opinion

SEC's Clayton says agency is 'pushing' toward a fiduciary rule, working with DOL

While Senate hearing focused on recent cyberbreach, SEC chairman highlighted fiduciary duty as 'a priority for me.'

10 things clients say that make you cringe

Sometimes clients say stupid things. Here are 10 classics.

HighTower faces pressure to let investors cash out

After an IPO planned for last year didn't happen, the company could opt to satisfy its backers with a sale.

Envestnet to buy FolioDynamix

The deal, which is expected to close in the first quarter of 2018, will bring the total assets Envestnet works with to almost $2 trillion.

Jerry Schlichter's fee lawsuits have left an indelible mark on the 401(k) industry

After a decade of litigation, fees are lower and retirement plans are more transparent. But have the lawsuits gone too far?


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print