Brokers do a better job at cybersecurity than investment advisers: SEC

Brokers do a better job at cybersecurity than investment advisers: SEC
Brokers do a better job at cybersecurity than investments adviser, according to the SEC.
FEB 26, 2015
Brokers are doing a better job than investment advisers when it comes to cybersecurity, a Securities and Exchange Commission examination sweep shows. The agency, which released the results of its survey of 106 financial advice firms Tuesday, said most brokers and advisers have experienced some kind of data breach. Most breaches involve malware and fraudulent email. The majority of financial advisers have written policies to protect data and periodically assess their ability to defend against cyberattacks, according to the SEC. Also on Tuesday, Finra released the findings of its own examination sweep. The document outlines the best practices that Finra, the industry-funded broker-dealer regulator, culled from its review of a cross-section of member firms. The SEC exams showed most investment advisers and brokers inventory and map their technology systems, software and devices, and almost all of them use encryption. Investment advisers and brokers vary in other aspects of cybersecurity. Although most advisers and brokers have written cybersecurity policies, more brokers than advisers — 89% to 57% — audit them to determine the firm's compliance. Other differences: 71% of brokers put cybersecurity requirements in their contracts with vendors and business partners, while only 24% of investment advisers do. Two-thirds of brokers have a chief information security officer, while only 30% of advisers have a similar official. Instead, advisers give cybersecurity assignments to chief technology officers or another staff member. More than half of brokers have cybersecurity insurance, compared to 21% of advisers. Neither brokers nor advisers do a good job of making clients whole in the case of a cyberattack. Only 15% of brokers and 9% of advisers guarantee to protect them against “cyber-related losses.” The SEC's Office of Compliance Inspections and Examinations put cybersecurity on its priority list again for 2015. “Cybersecurity threats know no boundaries,” SEC Chairman Mary Jo White said in a statement. “That's why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyberthreats has been, and will continue to be, an important focus of the SEC.” The Finra exam report came to a similar conclusion. It said firms should establish policies, procedures and controls for addressing cyberthreats and responding to attacks, regularly assess risks at the firm and with vendors, encrypt data and consider buying cyber insurance. The most important step may be buy-in from the top of the firm. “Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue,” the Finra report states. “What is required is rigorous attention to detail and execution.” The report did not propose new Finra cybersecurity rules. It is meant as a guideline for firms to establish their own policies. “Broker-dealers face a variety of rapidly evolving cybersecurity threats, which require a well-designed and adaptable cybersecurity program,” Susan Axelrod, Finra executive vice president for regulatory operations, said in a statement. “Finra is keenly focused on cybersecurity, and firms must make responding to these threats a high priority.” Advisory firms need to inventory their technology and the data they house and determine what kind of security they need to implement, said David Katz, a partner at Nelson Mullins Riley Scarborough. “They should start that process as soon as possible,” Mr. Katz said. “If they haven’t done that, they’re behind the curve and need to catch up quickly.” Now that both regulators have released the results of their exam sweeps, enforcement action may be next, said Brian Rubin, a partner at Sutherland Asbill and Brennan. “The main takeaway is that this issue is high on the agenda of both regulators,” Mr. Rubin said. “With breaches, it's not a matter of 'if' but 'when.' If firms experience a breach, even though they may be victims, regulators will likely look at their policies, procedures and practices to see if the firms should have stopped the breach from occurring.” In addition to their exam reports, Finra and the SEC issued investor bulletins about cybersecurity. State regulators put out a similar advisory last week.

Latest News

Goldman leads wave of prediction market bans at financial firms
Goldman leads wave of prediction market bans at financial firms

As Goldman Sachs tightens rules on event contract trading, RIAs and hedge funds are weighing their own policies

Advisor moves: Baird recruits $600M veteran pair to director roles in North Carolina
Advisor moves: Baird recruits $600M veteran pair to director roles in North Carolina

Meanwhile, Wells Fargo lures defectors from UBS and JPMorgan to expand in the East Coast, while another bank aligns itself with RayJay's financial institutions division.

AI may be nudging some older workers into early retirement, study finds
AI may be nudging some older workers into early retirement, study finds

New research suggests AI-exposed workers over 55 are leaving jobs more often than before ChatGPT’s rise.

Wall Street banks promoting AI agents from research aids into digital coworkers
Wall Street banks promoting AI agents from research aids into digital coworkers

Agentic AI is landing in trading, treasury and wealth management roles across major banks, with advisory functions as the next frontier.

People moves: FiNet hires former LPL executive Andrew Harpp, Ellevest names new CIO
People moves: FiNet hires former LPL executive Andrew Harpp, Ellevest names new CIO

Wells Fargo affiliate and women-focused wealth firm both promote leadership as they scale advisor support.

SPONSORED Direct indexing webinar targets tax-loss harvesting amid market swings

Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income