SEC searches for role in battling cyber threats

Primary risk for wealth managers is when a hacker poses as a client and manipulates accounts.
JUL 02, 2014
Investment advisers are experiencing an increasing number of online attacks, participants in a round-table discussion at the Securities and Exchange Commission told agency officials Wednesday. David Tittsworth, executive director of the Investment Adviser Association, said the primary risk that wealth managers in his group face is "account takeover," in which a hacker poses as a client and tries to manipulate accounts. "It seems to have grown in frequency a lot just in the last year or two," he said during the panel discussion. The Financial Regulatory Authority Inc., the broker-dealer regulator, is in the middle of a cyber-security sweep of a cross-section of member firms, according to Daniel Sibears, Finra executive vice president for regulatory operations shared services. Preliminary results show that the top cyber risks identified by brokers include operational disruptions, internal attacks by employees, external attacks by hackers, denial of service and phishing attempts. (Learn which firms are most at risk for cyberattacks.) The financial advice industry is especially vulnerable to cyberattacks because advisory businesses are based on trust between the financial adviser and a client, said John Reed Stark, managing director at digital forensics firm Stroz Friedberg. "The risk to investment advisers is particularly scary because one data breach can bring down an investment adviser quickly," he said. Although small firms have fewer resources to combat online predators, the entire financial services industry faces substantial threats, said John Denning, senior vice president for operational policy integration, development and strategy at Bank of America Merrill Lynch. "The cyber risk is high for any company," he said. "The key is early warning." The SEC convened the forum to help it better assess cyber security in the financial services industry and identify ways to protect firms and investors. SEC Chairman Mary Jo White attended the entire five-and-a-half hour meeting, which featured federal and industry officials as well as lawyers and other experts "There is no doubt that the SEC must play a role in this area," said Luis Aguilar, the commission member who suggested Wednesday's session. "What is less clear is what that role should be." Mr. Aguilar urged the SEC to set up a cyber security task force that includes staff members from each of the commission's divisions. "As I explored this issue, it became readily apparent to me that the commission has much to learn about the specific risks that our regulated entities and public companies are facing," Mr. Aguilar said. "Given the extent to which the capital markets have become increasingly dependent upon sophisticated and interconnected technological systems, there is a substantial risk that a cyberattack could cause significant and wide-ranging market disruptions and investor harm." Cyber security has long been a worry for the U.S. government and business. Its profile increased even more recently following massive customer data breaches at retailers Neiman Marcus, Target and possibly Michaels. Both the SEC and Finra have made cyber security an examination priority this year. Last year, the SEC approved a rule that requires advisers to implement written identity theft programs. Round-table participants cautioned the regulators not to come up with cyber security regulations that would force them to follow certain procedures that may quickly be overcome by clever hackers. "Please resist the urge to impose prescriptive requirements," Mr. Tittsworth said. Finra will use the results of its cyber security sweep to determine whether to propose rules or issue guidance to its member firms. "We recognize this is a rapidly changing environment," Mr. Sibears said. "There has to be a component that allows firms to adapt." Investment advisory firms are a tempting target for hackers, said Javier Ortiz, vice president of strategy and global government affairs at Taasera Inc., a cyber security software company. Not only do they manage clients' money, they also collect data that can identify them personally. "Access to that information is what the bad guys really want," Mr. Ortiz said on the sidelines of the conference. "I would like my financial adviser to take great care of their systems that will protect my information."

Latest News

Record growth: Interval funds emerge as key players in alternative investments
Record growth: Interval funds emerge as key players in alternative investments

Blue Vault Alts Summit highlights the role of liquidity-focused funds in reshaping advisor strategies

SignatureFD welcomes M&A veteran Peter Nesvold to board
SignatureFD welcomes M&A veteran Peter Nesvold to board

The $9.1 billion RIA is tapping into Nesvold's decades of leadership, including his time at Silver Lane Advisors and Bear Stearns, for its next leg of thoughtful expansion.

For two-fifths of modern couples, commitment is spelled with joint insurance
For two-fifths of modern couples, commitment is spelled with joint insurance

Survey of renting couples finds joint policies on par with traditional milestones, including moving in together and their first "I love you," as a means to cement relationships.

How pro bono planning creates a practice management edge
How pro bono planning creates a practice management edge

Finding purpose, skills enhancement, and attracting new talent are just a few potential benefits for altruistic planners and the firms that support them.

SEC moves to keep ESG shareholder resolutions off proxy ballots
SEC moves to keep ESG shareholder resolutions off proxy ballots

The agency is reverting to a Trump-era policy that allowed public companies to widely exclude environmentally and socially themed resolutions.

SPONSORED Record growth: Interval funds emerge as key players in alternative investments

Blue Vault Alts Summit highlights the role of liquidity-focused funds in reshaping advisor strategies

SPONSORED Taylor Matthews on what's behind Farther's rapid growth

From 'no clients' to reshaping wealth management, Farther blends tech and trust to deliver family-office experience at scale.