SEC searches for role in battling cyber threats

Primary risk for wealth managers is when a hacker poses as a client and manipulates accounts

Mar 26, 2014 @ 4:24 pm

By Mark Schoeff Jr.

Investment advisers are experiencing an increasing number of online attacks, participants in a round-table discussion at the Securities and Exchange Commission told agency officials Wednesday.

David Tittsworth, executive director of the Investment Adviser Association, said the primary risk that wealth managers in his group face is "account takeover," in which a hacker poses as a client and tries to manipulate accounts.

"It seems to have grown in frequency a lot just in the last year or two," he said during the panel discussion.

The Financial Regulatory Authority Inc., the broker-dealer regulator, is in the middle of a cyber-security sweep of a cross-section of member firms, according to Daniel Sibears, Finra executive vice president for regulatory operations shared services.

Preliminary results show that the top cyber risks identified by brokers include operational disruptions, internal attacks by employees, external attacks by hackers, denial of service and phishing attempts.

(Learn which firms are most at risk for cyberattacks.)

The financial advice industry is especially vulnerable to cyberattacks because advisory businesses are based on trust between the financial adviser and a client, said John Reed Stark, managing director at digital forensics firm Stroz Friedberg.

"The risk to investment advisers is particularly scary because one data breach can bring down an investment adviser quickly," he said.

Although small firms have fewer resources to combat online predators, the entire financial services industry faces substantial threats, said John Denning, senior vice president for operational policy integration, development and strategy at Bank of America Merrill Lynch.

"The cyber risk is high for any company," he said. "The key is early warning."

The SEC convened the forum to help it better assess cyber security in the financial services industry and identify ways to protect firms and investors. SEC Chairman Mary Jo White attended the entire five-and-a-half hour meeting, which featured federal and industry officials as well as lawyers and other experts

"There is no doubt that the SEC must play a role in this area," said Luis Aguilar, the commission member who suggested Wednesday's session. "What is less clear is what that role should be."

Mr. Aguilar urged the SEC to set up a cyber security task force that includes staff members from each of the commission's divisions.

"As I explored this issue, it became readily apparent to me that the commission has much to learn about the specific risks that our regulated entities and public companies are facing," Mr. Aguilar said. "Given the extent to which the capital markets have become increasingly dependent upon sophisticated and interconnected technological systems, there is a substantial risk that a cyberattack could cause significant and wide-ranging market disruptions and investor harm."

Cyber security has long been a worry for the U.S. government and business. Its profile increased even more recently following massive customer data breaches at retailers Neiman Marcus, Target and possibly Michaels.

Both the SEC and Finra have made cyber security an examination priority this year. Last year, the SEC approved a rule that requires advisers to implement written identity theft programs.

Round-table participants cautioned the regulators not to come up with cyber security regulations that would force them to follow certain procedures that may quickly be overcome by clever hackers.

"Please resist the urge to impose prescriptive requirements," Mr. Tittsworth said.

Finra will use the results of its cyber security sweep to determine whether to propose rules or issue guidance to its member firms.

"We recognize this is a rapidly changing environment," Mr. Sibears said. "There has to be a component that allows firms to adapt."

Investment advisory firms are a tempting target for hackers, said Javier Ortiz, vice president of strategy and global government affairs at Taasera Inc., a cyber security software company.

Not only do they manage clients' money, they also collect data that can identify them personally.

"Access to that information is what the bad guys really want," Mr. Ortiz said on the sidelines of the conference. "I would like my financial adviser to take great care of their systems that will protect my information."


What do you think?

View comments

Upcoming event

Sep 24


Diversity & Inclusion Awards

Attend an event celebrating diversity and inclusion as well as recognizing those who are leading the financial services profession in this important endeavor. Join InvestmentNews, as we strive to raise awareness, educate and inspire an... Learn more

Most watched


Young professionals see lots of opportunity to reinvent the advice experience

Members of the 2019 InvestmentNews class of 40 Under 40 have strategies to overcome the challenges of being young in a mature industry.


Young advisers envision a radically different business in five years

Fintech and sustainable investing are two factors being watched closely by some of the 2019 class of InvestmentNews' 40 Under 40.

Latest news & opinion

New Jersey fiduciary rule: Pressure leads to public hearing, comment deadline extension

Industry push results in chance to air grievances on July 17 and another month to present objections.

InvestmentNews' 2019 class of 40 Under 40

Our 40 Under 40 project, now in its sixth year, highlights young talent in the financial advice industry. These individuals illustrate the tremendous potential of those coming up in the profession. These stories will surprise, entertain, educate and inspire.

Galvin to propose fiduciary rule for Massachusetts brokers

The secretary of the commonwealth is proposing a fiduciary standard in response to an SEC investment-advice rule he views as too weak.

Summer reading recommendations from financial advisers

Here are some books that will keep you informed and entertained during summer's downtime

4 strategies for Roth conversions

There's never been a better time to do a Roth conversion, and here are several ways to go about it.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print