SEC searches for role in battling cyber threats

Primary risk for wealth managers is when a hacker poses as a client and manipulates accounts

Mar 26, 2014 @ 4:24 pm

By Mark Schoeff Jr.

Investment advisers are experiencing an increasing number of online attacks, participants in a round-table discussion at the Securities and Exchange Commission told agency officials Wednesday.

David Tittsworth, executive director of the Investment Adviser Association, said the primary risk that wealth managers in his group face is "account takeover," in which a hacker poses as a client and tries to manipulate accounts.

"It seems to have grown in frequency a lot just in the last year or two," he said during the panel discussion.

The Financial Regulatory Authority Inc., the broker-dealer regulator, is in the middle of a cyber-security sweep of a cross-section of member firms, according to Daniel Sibears, Finra executive vice president for regulatory operations shared services.

Preliminary results show that the top cyber risks identified by brokers include operational disruptions, internal attacks by employees, external attacks by hackers, denial of service and phishing attempts.

(Learn which firms are most at risk for cyberattacks.)

The financial advice industry is especially vulnerable to cyberattacks because advisory businesses are based on trust between the financial adviser and a client, said John Reed Stark, managing director at digital forensics firm Stroz Friedberg.

"The risk to investment advisers is particularly scary because one data breach can bring down an investment adviser quickly," he said.

Although small firms have fewer resources to combat online predators, the entire financial services industry faces substantial threats, said John Denning, senior vice president for operational policy integration, development and strategy at Bank of America Merrill Lynch.

"The cyber risk is high for any company," he said. "The key is early warning."

The SEC convened the forum to help it better assess cyber security in the financial services industry and identify ways to protect firms and investors. SEC Chairman Mary Jo White attended the entire five-and-a-half hour meeting, which featured federal and industry officials as well as lawyers and other experts

"There is no doubt that the SEC must play a role in this area," said Luis Aguilar, the commission member who suggested Wednesday's session. "What is less clear is what that role should be."

Mr. Aguilar urged the SEC to set up a cyber security task force that includes staff members from each of the commission's divisions.

"As I explored this issue, it became readily apparent to me that the commission has much to learn about the specific risks that our regulated entities and public companies are facing," Mr. Aguilar said. "Given the extent to which the capital markets have become increasingly dependent upon sophisticated and interconnected technological systems, there is a substantial risk that a cyberattack could cause significant and wide-ranging market disruptions and investor harm."

Cyber security has long been a worry for the U.S. government and business. Its profile increased even more recently following massive customer data breaches at retailers Neiman Marcus, Target and possibly Michaels.

Both the SEC and Finra have made cyber security an examination priority this year. Last year, the SEC approved a rule that requires advisers to implement written identity theft programs.

Round-table participants cautioned the regulators not to come up with cyber security regulations that would force them to follow certain procedures that may quickly be overcome by clever hackers.

"Please resist the urge to impose prescriptive requirements," Mr. Tittsworth said.

Finra will use the results of its cyber security sweep to determine whether to propose rules or issue guidance to its member firms.

"We recognize this is a rapidly changing environment," Mr. Sibears said. "There has to be a component that allows firms to adapt."

Investment advisory firms are a tempting target for hackers, said Javier Ortiz, vice president of strategy and global government affairs at Taasera Inc., a cyber security software company.

Not only do they manage clients' money, they also collect data that can identify them personally.

"Access to that information is what the bad guys really want," Mr. Ortiz said on the sidelines of the conference. "I would like my financial adviser to take great care of their systems that will protect my information."


What do you think?

View comments

Recommended for you

Upcoming Event

Apr 30


Retirement Income Summit

Join InvestmentNews at the 12th annual Retirement Income Summit - the industry's premier retirement planning conference.Much has changed - and much remains to be learned. Attend and discuss how the future is full of opportunity for ... Learn more

Featured video


Crossmark's Rentfrow: Why should advisors care about responsible investing?

There are lot of misconceptions when it comes to socially responsible investing. Crossmark's David Rentfrow debunks the myths and discusses opportunities for advisers.

Latest news & opinion

Nontraded BDC sales in worst year since 2010

The illiquid product's three-year decline is partially due to new regulations and poor performance.

Tax reform debate sparks fresh interest in donor-advised funds

Schwab reports new accounts up 50% from last year, assets up 33%.

Nontraded REITs to post worst sales since 2002

The industry is on track to raise just $4.4 billion, well off the $19.6 billion it raised just four years ago, as new regulations hinder sales.

Broker protocol for recruiting a boon for clients

New research finds advisers whose firms have joined the agreement take better care of customers.

Meet our 2017 Women to Watch

Introducing 20 female financial advisers and industry executives who are distinguished leaders, advancing the business of providing advice through their creativity and hard work.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print