Firms, technology vendors mobilize on security standards

Cybersecurity is a major concern for vendors, firms and advisers

Aug 17, 2016 @ 12:01 pm

By Alessandra Malito

Software companies, consultants and financial institutions are mobilizing to create a cybersecurity consortium to forge higher industry standards to avoid hacking attacks.

The group of about a dozen entities is discussing ways to secure the communications between firms and vendors, as well as vendors with vendors, so that client data is more securely protected. There is currently no accepted standard for the industry. The process of choosing, vetting and integrating with third-party companies is long-winded, and needs to be stronger, those involved said.

"There's no real rhyme or reason," said Joel Bruckenstein, co-founder of the Technology Tools for Today conferences and one of the three members leading the consortium's efforts. "Everyone has their own way and own procedure. Everyone has their own vetting process."

Aaron Spradlin, chief information officer at United Planners Financial Services, and Bridget Gaughan, general counsel and chief information security officer at United Planners Financial Services, also are orchestrating the project. After United Planners saw an incident with a third-party vendor involving its clients, though not a breach, the firm realized there was a lack of rules surrounding the relationship between firms and third-party service providers.

"What we learned from that experience is we could wait and see, or we could be more proactive," Ms. Gaughan said.

Cybersecurity is a major concern for the financial services industry, considering institutions house such sensitive information. Breaches happen often to firms, not just internally by employees, but externally through weak passwords and hacked emails. The Securities and Exchange Commission last year urged advisers to create cybersecurity plans.

But a major threat comes from ill-maintained third-party vendors, which was cited as the top challenge for financial services companies, according to a 2016 PricewaterhouseCoopers "Global State of Information Security" survey. More than half of the respondents said they would boost their spending on monitoring these platforms in the next year.

Developing a set of rules by which the entire industry must follow will not be easy. Aside from getting everyone to agree, challenges will be in defining the roles and responsibilities for data integrity and protecting confidential information, Ms. Gaughan said.

Instituting a standard that is effective but not overly intrusive for advisers, or adds extra work for them and their clients, will be another obstacle, said Tony Leal, chief technology officer of PIEtech, the creator of financial planning software MoneyGuidePro, who has listened in on consortium calls.

The industry never had a standard because it's just too hard, consortium members agreed. Though there are protocols for other aspects of maintaining technology, there's never been any general guidance on these issues, said Brad Burgess, chief technology officer at NorthStar Financial Services and Orion Advisor Services. His company is also involved in consortium talks.

"There's no overarching authority that would dictate how things in our industry should behave," Mr. Burgess said. For those listening in on these consortium talks, "we all agreed among ourselves that we do need to come up with a common standard."

The benefits can be substantial, though, Mr. Bruckenstein said, including reducing paperwork, cost and time for vendors and firms, which eventually trickles down to the adviser.

"Most other industries have some common standards and this industry has been resisting it for many, many years," Mr. Bruckenstein said. "It is not viable anymore."

The consortium is also discussing a virtual private network that vendors potentially could be included in once vetted. Unlike each vendor doing their own due diligence, they would have the backing of this network to verify they are secure.

Details are still being discussed, as to who will be managing the network, how it would be paid for and the ways in which vendors would be accepted.

"[The consortium has] identified a methodology that ultimately will provide the industry with a shortcut to be at least secure from the outside world," said Brian Edelman, chief executive of Financial Computer Services, a company that specializes in cybersecurity. "What the consortium is looking to do is eliminate all external threats."

Such a network would be most beneficial for small technology vendors that are pushing the industry forward with their innovations but do not have the resources to implement proper cybersecurity measures, he said.

There are no standards specifically for how vendors choose to work with one another, said Brian McLaughlin, chief executive of client relationship management software provider Redtail Technology, which has been in talks about the consortium. Incorporating an industry-wide standard to act as a seal of approval could quell adviser concerns over their vendors' security measures.


What do you think?

View comments

Recommended for you

Upcoming Event

Jul 10


Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in four cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video


Behind the scenes at Pershing Insite 2018

What goes on behind the scenes at one of the industry's biggest conferences? Join us for an all-access sneak peek!

Latest news & opinion

Advisor Group acquires Signator Investors and plans on folding it into Royal Alliance

Advisor Group takes 'orphan' broker-dealer off the hands of John Hancock Financial Services.

It's official: DOL fiduciary rule is dead

The 5th Circuit Court of Appeals issued a mandate Thursday making its March 15 decision to strike down the regulation effective.

Supreme Court curbs SEC administrative law judges

'Buckets of Money' adviser Raymond Lucia is entitled to a new hearing, court rules.

Opaque, outdated 401(k) plan disclosures harming investors, advisers

Morningstar report: Lack of data on fees, investments makes advice on rollovers costlier and more challenging for investors.

Mutual funds feel the pinch of platform fees

No-transaction-fee options are a big hit with investors, but funds wind up paying the costs — and passing them on.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print