Cybersecurity rules can create compliance challenges

Cybersecurity rules can create compliance challenges
National standards would be preferable to a patchwork of state-by-state rules when it comes to dealing with rapidly evolving cyberthreats
FEB 10, 2020

It is no secret that cybersecurity threats are evolving far more rapidly than the ability of governments and regulators to counter them. Legislators and regulators in the states understand the urgency of this problem and have made admirable efforts to develop protections for consumers and investors.

Unfortunately, in our industry, a side effect of these individual state efforts to strengthen cybersecurity protections has been to create significant compliance challenges for advisers. What we need now is greater coordination to help these various authorities come together behind a principles-based approach to combating cyberthreats.

As one illustration, all 50 states have laws requiring companies to notify consumers about data breaches, but the definitions of a “breach” and “personal information” vary by state. For firms and advisers — most of which work with clients across multiple states — this creates unnecessary complications in developing protocols to follow in the event of a breach.

We are working with lawmakers and regulators to emphasize a commonsense approach to cybersecurity that harmonizes various protections and guards against cyberthreats, while also maintaining operating efficiency and flexibility.

In general, we believe that:

• National standards are preferable to a patchwork of state-by-state rules;

• Where possible, uniform approaches to cyberthreats should be pursued, while also incorporating enough flexibility to allow firms to develop effective solutions for different business models;

• Cybersecurity standards should not place undue burdens on small businesses; and

• All entities, whether private or public, should be held to a common, consumer-friendly data security standard.

We are also taking practical steps to put these principles into action.

First, we support the draft privacy legislation introduced by Senate Commerce Committee Chairman Roger Wicker, R-Miss., in December. While still in its early stages, this bill would establish national rules for handling personal information online, creating uniform federal standards.

We intend to work with Mr. Wicker and other members of Congress to secure national data breach notification requirements — instead of a patchwork of unique approaches — that ensure prompt and effective notice to consumers if their personal information is compromised.

Secondly, we are working to address our members’ concerns surrounding the confidential client information they are required to provide to Finra for the regulator’s Consolidated Audit Trail initiative.

As currently envisioned, the CAT database will be an enormous repository of highly sensitive information, including personal and financial information on advisers’ clients. We are working with regulators to ensure that this vast trove of information is either properly secured — or simply not collected at all, as proposed in the recent request for exemptive relief filed by the CAT NMS Plan Participants.

We also continue to educate regulators on the challenges our members face each day in complying with rules that bear directly on cybersecurity, such as books and records requirements.

While cybersecurity is a large, evolving challenge involving complex and disparate laws and regulations across the country, we are working to bring a coordinated approach to the key legislation and rules that impact our members most.

Dale Brown is president and CEO of the Financial Services Institute.

Latest News

Texas man says SEC and fund could make him pay twice
Texas man says SEC and fund could make him pay twice

A $141M judgment and a federal asset freeze collide over one shrinking pool

Osaic executives Kristy Britt and Greg Cornick to leave
Osaic executives Kristy Britt and Greg Cornick to leave

The firm's CFO and EVP of Wealth Management Solutions are the latest executives to exit the broker-dealer.

Estate planning becomes a client retention issue for financial advisors, survey finds
Estate planning becomes a client retention issue for financial advisors, survey finds

Clients are saying they would consider switching advisors if another professional offered estate planning services, according to a new Trust & Will survey.

Candidly adds AI agents for Trump Accounts, workplace benefits
Candidly adds AI agents for Trump Accounts, workplace benefits

CEO Laurel Taylor says the fintech's composable AI stack helps workers optimize dollars across Trump Accounts, 529s, 401(k)s, and other employee benefits.

BMO adds three advisors in Dallas amid Y'all Street wealth boom
BMO adds three advisors in Dallas amid Y'all Street wealth boom

The bank has swiped three private banking veterans from BNY as the city climbs the ranks of America's fastest-growing wealth hubs.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.