Firms, technology vendors mobilize on security standards

Cybersecurity is a major concern for vendors, firms and advisers

Aug 17, 2016 @ 12:01 pm

By Alessandra Malito

+ Zoom

Software companies, consultants and financial institutions are mobilizing to create a cybersecurity consortium to forge higher industry standards to avoid hacking attacks.

The group of about a dozen entities is discussing ways to secure the communications between firms and vendors, as well as vendors with vendors, so that client data is more securely protected. There is currently no accepted standard for the industry. The process of choosing, vetting and integrating with third-party companies is long-winded, and needs to be stronger, those involved said.

"There's no real rhyme or reason," said Joel Bruckenstein, co-founder of the Technology Tools for Today conferences and one of the three members leading the consortium's efforts. "Everyone has their own way and own procedure. Everyone has their own vetting process."

Aaron Spradlin, chief information officer at United Planners Financial Services, and Bridget Gaughan, general counsel and chief information security officer at United Planners Financial Services, also are orchestrating the project. After United Planners saw an incident with a third-party vendor involving its clients, though not a breach, the firm realized there was a lack of rules surrounding the relationship between firms and third-party service providers.

"What we learned from that experience is we could wait and see, or we could be more proactive," Ms. Gaughan said.

Cybersecurity is a major concern for the financial services industry, considering institutions house such sensitive information. Breaches happen often to firms, not just internally by employees, but externally through weak passwords and hacked emails. The Securities and Exchange Commission last year urged advisers to create cybersecurity plans.

But a major threat comes from ill-maintained third-party vendors, which was cited as the top challenge for financial services companies, according to a 2016 PricewaterhouseCoopers "Global State of Information Security" survey. More than half of the respondents said they would boost their spending on monitoring these platforms in the next year.

Developing a set of rules by which the entire industry must follow will not be easy. Aside from getting everyone to agree, challenges will be in defining the roles and responsibilities for data integrity and protecting confidential information, Ms. Gaughan said.

Instituting a standard that is effective but not overly intrusive for advisers, or adds extra work for them and their clients, will be another obstacle, said Tony Leal, chief technology officer of PIEtech, the creator of financial planning software MoneyGuidePro, who has listened in on consortium calls.

The industry never had a standard because it's just too hard, consortium members agreed. Though there are protocols for other aspects of maintaining technology, there's never been any general guidance on these issues, said Brad Burgess, chief technology officer at NorthStar Financial Services and Orion Advisor Services. His company is also involved in consortium talks.

"There's no overarching authority that would dictate how things in our industry should behave," Mr. Burgess said. For those listening in on these consortium talks, "we all agreed among ourselves that we do need to come up with a common standard."

The benefits can be substantial, though, Mr. Bruckenstein said, including reducing paperwork, cost and time for vendors and firms, which eventually trickles down to the adviser.

"Most other industries have some common standards and this industry has been resisting it for many, many years," Mr. Bruckenstein said. "It is not viable anymore."

The consortium is also discussing a virtual private network that vendors potentially could be included in once vetted. Unlike each vendor doing their own due diligence, they would have the backing of this network to verify they are secure.

Details are still being discussed, as to who will be managing the network, how it would be paid for and the ways in which vendors would be accepted.

"[The consortium has] identified a methodology that ultimately will provide the industry with a shortcut to be at least secure from the outside world," said Brian Edelman, chief executive of Financial Computer Services, a company that specializes in cybersecurity. "What the consortium is looking to do is eliminate all external threats."

Such a network would be most beneficial for small technology vendors that are pushing the industry forward with their innovations but do not have the resources to implement proper cybersecurity measures, he said.

There are no standards specifically for how vendors choose to work with one another, said Brian McLaughlin, chief executive of client relationship management software provider Redtail Technology, which has been in talks about the consortium. Incorporating an industry-wide standard to act as a seal of approval could quell adviser concerns over their vendors' security measures.


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

Jun 27


Emerging Market Debt: 5 Forces at Work

When it comes to emerging market debt, there are a series of forces that help you drive better results for your clients. In today's continually changing market environment, it is critical to know the forces at play to help keep your investment... Learn more

Accepted for 1 CE Credit from the CFP Board. Approved by IMCA for 1 CIMA®/CIMC®/CPWA® CE credit. Approved for 1 CFA Credit.

Featured video


How NextGen talent is impacting financial services

Nextgen talent brings a diverse perspective and unique skills to the industry. Find out why two Utah Valley University students are so excited to make a difference.

Video Spotlight

Will It Last As Long As Your Clients Do?

Sponsored by Prudential

Video Spotlight

The Catalyst

Sponsored by Pershing

Latest news & opinion

Brian Block's $4 million bonus was tied to a key metric at ARCP

Prosecution rests case in fraud trial against CFO of American Realty Capital Properties.

Voya's win in 401(k) fee suit involving Financial Engines bodes well for other record keepers

Fidelity, Aon Hewitt and Xerox HR Solutions are currently defending against similar fiduciary-breach claims.

Collective investment trusts getting more attention from 401(k) advisers

The funds are catching on due largely to lower costs and more product availability, but come with some inherent drawbacks.

Vanguard rides robo-advice wave to $65B in assets

Personal Advisor Services, four times the size of its closest competitor, combines digital and human touch.

CFPs, including brokers, may have to adhere to a stricter fiduciary duty

CFP Board revises its standards and aims to beef up fiduciary requirements of certificants.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print