SEC exam sweep reveals adviser cyber-efforts

Most advisers are assessing electronic security, but approaches and frequency vary widely.
JAN 28, 2015
Most investment advisers and brokers are ‎assessing electronic security at their firms, but their approach and frequency vary widely, according to preliminary observations from a Securities and Exchange Commission exam sweep. The agency has reviewed cybersecurity policies at 50 investment advisers and 50 brokerages, according to Jane Jarcho, national associate director of the SEC's investment adviser and investment company examination program. The "vast majority" of firms conduct "firmwide inventories” of electronic resources (hardware, software, data), maintain written security policies and conduct periodic risk assessments, Ms. Jarcho said. "Although most do it, it really varies in how they do it and how frequently they do it," Ms. Jarcho told state regulators on Monday at the North American Securities Administrators Association annual conference in Indianapolis. A majority of firms prioritize and protect electronic resources based on their sensitivity and business value, Ms. Jarcho said. But she added that small and midsize firms tend not to do this. Where firms may be falling short is ‎in getting to know their clients' online habits. Ms. Jarcho said more than one-third of advisers with retail clients do not assess their login capabilities and practices. Ms. Jarcho cautioned that her observations were preliminary. "We are really just now starting to analyze the results," she said. Findings will be released through speeches by agency officials in coming months, as well as in an investor risk alert. Advisers don't need to be warned by the SEC that storing client information in the cloud is a risky venture, said Shane Hansen, a partner at Warner Norcross + Judd. "There's lightning in them thar clouds, and things may not necessarily go well," Mr. Hansen said at the NASAA conference. "‎Never put anything in an iCloud that you wouldn't want other people seeing." Advisers must stay aware of evolving technology and adjust their cyb‎ersecurity approaches accordingly. "Advisers have a responsibility to be looking and changing policies as this world of cybersecurity changes," Ms. Jarcho said.

Latest News

The 2025 InvestmentNews Awards Excellence Awardees revealed
The 2025 InvestmentNews Awards Excellence Awardees revealed

From outstanding individuals to innovative organizations, find out who made the final shortlist for top honors at the IN awards, now in its second year.

Top RIA Cresset warns of 'inevitable' recession amid tariff uncertainty
Top RIA Cresset warns of 'inevitable' recession amid tariff uncertainty

Cresset's Susie Cranston is expecting an economic recession, but says her $65 billion RIA sees "great opportunity" to keep investing in a down market.

Edward Jones joins the crowd to sell more alternative investments
Edward Jones joins the crowd to sell more alternative investments

“There’s a big pull to alternative investments right now because of volatility of the stock market,” Kevin Gannon, CEO of Robert A. Stanger & Co., said.

Record RIA M&A activity marks strong start to 2025
Record RIA M&A activity marks strong start to 2025

Sellers shift focus: It's not about succession anymore.

IB+ Data Hub offers strategic edge for U.S. wealth advisors and RIAs advising business clients
IB+ Data Hub offers strategic edge for U.S. wealth advisors and RIAs advising business clients

Platform being adopted by independent-minded advisors who see insurance as a core pillar of their business.

SPONSORED Compliance in real time: Technology's expanding role in RIA oversight

RIAs face rising regulatory pressure in 2025. Forward-looking firms are responding with embedded technology, not more paperwork.

SPONSORED Advisory firms confront crossroads amid historic wealth transfer

As inheritances are set to reshape client portfolios and next-gen heirs demand digital-first experiences, firms are retooling their wealth tech stacks and succession models in real time.