SEC exam sweep reveals adviser cyber-efforts

Most advisers are assessing electronic security, but approaches and frequency vary widely.
JAN 28, 2015
Most investment advisers and brokers are ‎assessing electronic security at their firms, but their approach and frequency vary widely, according to preliminary observations from a Securities and Exchange Commission exam sweep. The agency has reviewed cybersecurity policies at 50 investment advisers and 50 brokerages, according to Jane Jarcho, national associate director of the SEC's investment adviser and investment company examination program. The "vast majority" of firms conduct "firmwide inventories” of electronic resources (hardware, software, data), maintain written security policies and conduct periodic risk assessments, Ms. Jarcho said. "Although most do it, it really varies in how they do it and how frequently they do it," Ms. Jarcho told state regulators on Monday at the North American Securities Administrators Association annual conference in Indianapolis. A majority of firms prioritize and protect electronic resources based on their sensitivity and business value, Ms. Jarcho said. But she added that small and midsize firms tend not to do this. Where firms may be falling short is ‎in getting to know their clients' online habits. Ms. Jarcho said more than one-third of advisers with retail clients do not assess their login capabilities and practices. Ms. Jarcho cautioned that her observations were preliminary. "We are really just now starting to analyze the results," she said. Findings will be released through speeches by agency officials in coming months, as well as in an investor risk alert. Advisers don't need to be warned by the SEC that storing client information in the cloud is a risky venture, said Shane Hansen, a partner at Warner Norcross + Judd. "There's lightning in them thar clouds, and things may not necessarily go well," Mr. Hansen said at the NASAA conference. "‎Never put anything in an iCloud that you wouldn't want other people seeing." Advisers must stay aware of evolving technology and adjust their cyb‎ersecurity approaches accordingly. "Advisers have a responsibility to be looking and changing policies as this world of cybersecurity changes," Ms. Jarcho said.

Latest News

IRA assets swell to $19.2 trillion as 401(k) rollovers drive growth
IRA assets swell to $19.2 trillion as 401(k) rollovers drive growth

IRAs now hold nearly twice the assets of 401(k) plans — and most of that money didn't arrive through annual contributions.

Women feel confident about saving, but many still keep cash in low-yield accounts
Women feel confident about saving, but many still keep cash in low-yield accounts

A new survey finds that many women prioritize financial security but continue to leave savings in accounts that may not keep pace with inflation.

SEC seeks comment on prediction-market ETFs after May pause
SEC seeks comment on prediction-market ETFs after May pause

Roundhill, Bitwise and GraniteShares funds remain on hold while the agency weighs how novel ETFs should be regulated.

Dump investment banks, buy alternative asset managers, says Oppenheimer
Dump investment banks, buy alternative asset managers, says Oppenheimer

"Shares of alternative assets managers have lagged this year as investors grow wary of private-credit exposure."

TaxStatus rolls out rules-based tool to flag advice gaps
TaxStatus rolls out rules-based tool to flag advice gaps

The fintech platform is touting a new AI-free Planning Observations feature, which draws on IRS tax records to uncover opportunities for advisors.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.