Firms, technology vendors mobilize on security standards

Cybersecurity is a major concern for vendors, firms and advisers

Aug 17, 2016 @ 12:01 pm

By Alessandra Malito

Software companies, consultants and financial institutions are mobilizing to create a cybersecurity consortium to forge higher industry standards to avoid hacking attacks.

The group of about a dozen entities is discussing ways to secure the communications between firms and vendors, as well as vendors with vendors, so that client data is more securely protected. There is currently no accepted standard for the industry. The process of choosing, vetting and integrating with third-party companies is long-winded, and needs to be stronger, those involved said.

"There's no real rhyme or reason," said Joel Bruckenstein, co-founder of the Technology Tools for Today conferences and one of the three members leading the consortium's efforts. "Everyone has their own way and own procedure. Everyone has their own vetting process."

Aaron Spradlin, chief information officer at United Planners Financial Services, and Bridget Gaughan, general counsel and chief information security officer at United Planners Financial Services, also are orchestrating the project. After United Planners saw an incident with a third-party vendor involving its clients, though not a breach, the firm realized there was a lack of rules surrounding the relationship between firms and third-party service providers.

"What we learned from that experience is we could wait and see, or we could be more proactive," Ms. Gaughan said.

Cybersecurity is a major concern for the financial services industry, considering institutions house such sensitive information. Breaches happen often to firms, not just internally by employees, but externally through weak passwords and hacked emails. The Securities and Exchange Commission last year urged advisers to create cybersecurity plans.

But a major threat comes from ill-maintained third-party vendors, which was cited as the top challenge for financial services companies, according to a 2016 PricewaterhouseCoopers "Global State of Information Security" survey. More than half of the respondents said they would boost their spending on monitoring these platforms in the next year.

Developing a set of rules by which the entire industry must follow will not be easy. Aside from getting everyone to agree, challenges will be in defining the roles and responsibilities for data integrity and protecting confidential information, Ms. Gaughan said.

Instituting a standard that is effective but not overly intrusive for advisers, or adds extra work for them and their clients, will be another obstacle, said Tony Leal, chief technology officer of PIEtech, the creator of financial planning software MoneyGuidePro, who has listened in on consortium calls.

The industry never had a standard because it's just too hard, consortium members agreed. Though there are protocols for other aspects of maintaining technology, there's never been any general guidance on these issues, said Brad Burgess, chief technology officer at NorthStar Financial Services and Orion Advisor Services. His company is also involved in consortium talks.

"There's no overarching authority that would dictate how things in our industry should behave," Mr. Burgess said. For those listening in on these consortium talks, "we all agreed among ourselves that we do need to come up with a common standard."

The benefits can be substantial, though, Mr. Bruckenstein said, including reducing paperwork, cost and time for vendors and firms, which eventually trickles down to the adviser.

"Most other industries have some common standards and this industry has been resisting it for many, many years," Mr. Bruckenstein said. "It is not viable anymore."

The consortium is also discussing a virtual private network that vendors potentially could be included in once vetted. Unlike each vendor doing their own due diligence, they would have the backing of this network to verify they are secure.

Details are still being discussed, as to who will be managing the network, how it would be paid for and the ways in which vendors would be accepted.

"[The consortium has] identified a methodology that ultimately will provide the industry with a shortcut to be at least secure from the outside world," said Brian Edelman, chief executive of Financial Computer Services, a company that specializes in cybersecurity. "What the consortium is looking to do is eliminate all external threats."

Such a network would be most beneficial for small technology vendors that are pushing the industry forward with their innovations but do not have the resources to implement proper cybersecurity measures, he said.

There are no standards specifically for how vendors choose to work with one another, said Brian McLaughlin, chief executive of client relationship management software provider Redtail Technology, which has been in talks about the consortium. Incorporating an industry-wide standard to act as a seal of approval could quell adviser concerns over their vendors' security measures.


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

May 02


Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in four cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video


Advisers beware: tax law has unintended consequences

Commission accounts could be preferable for some clients, and advisers could be incentivized to move from employee broker-dealers to independent channels.

Recommended Video

Path to growth

Latest news & opinion

Fidelity charging new fee on Vanguard assets held in 401(k) plans

The 0.05% fee is ostensibly a response to Vanguard's distribution model, but may also make the company's funds less attractive due to higher cost.

UBS adviser count continues to decline

Firm to merge U.S., global wealth management units on Feb. 1

TD Ameritrade launches all-night trading for ETFs

Twelve funds now can be traded after-hours, but the list will grow, company says.

Cutting through the red tape of adviser regulation is tricky

Don't expect a simple rollback of rules under the Trump administration in 2018 — instead, regulators are on pace to bolster financial adviser oversight.

Bond investors have more to worry about than a government shutdown

Inflation worries, international rates pushing Treasuries yields higher.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print