The SEC has been concerned for years about online attacks that could expose financial advisors’ customer data, but the agency’s intensity on the topic is now reaching a crescendo.
In a split vote, the Securities and Exchange Commission released for public comment March 15 a 500-page proposal that would require brokers, clearing agencies, major swaps operations and other entities to establish written policies and procedures to address cybersecurity threats.
At the same open meeting, the entire commission voted to release for public comment a separate proposal that would require broker-dealers, investment companies, registered investment advisers and transfer agents to notify clients and customers of data breaches that could expose them to identity theft or other harm.
The commission also reopened the public comment period on a cybersecurity proposal for registered investment advisors.
A couple of weeks ago, the SEC issued a risk alert stating that its examination staff has found RIA and brokerage deficiencies in safeguarding customer records and information at branch offices. The alert highlights that the SEC again this year has made cybersecurity an examination priority.
“This is the most [SEC] activity we’ve seen in this space to date,” said Amber Allen, executive vice president and general counsel at Fairview, a regulatory consulting firm.
So far, the SEC has taken a “shotgun approach to cybersecurity risk management,” said EJ Yerzak, director of cybersecurity services at Confluence, a regulatory technology provider and consultant.
But by reopening the comment period on the advisor cybersecurity rule and running it concurrently with the public comment period on the broker rule, the agency appears to be attempting to align the two.
“What the SEC is doing is hitting the pause button to allow time to consolidate its approach,” Yerzak said.
That timeout will be welcome by trade associations that have called on the SEC to slow its rulemaking process, which has been criticized as overly aggressive and overlapping.
The comment periods will run for a few more weeks, and it’s difficult to predict how the agency might modify the advisor and broker proposals before they become final rules. But it is clear the agency intends to strengthen cybersecurity requirements, a point that was reinforced by the recent risk alert.
Financial advisors shouldn't wait for new regulations to be put into place before shoring up their internal cybersecurity oversight.
“It’s important for advisors to prepare ahead of the final rules,” Allen said. “It’s clear that investment advisors need to focus on implementing comprehensive cybersecurity policies and procedures. Policies need to cover not only the main office but also branches and remote locations.”
Firms should look for “gaps in policies” that fail to address cybersecurity risks such as vendor oversight, use of mobile devices, data loss and change management, Yerzak said. They also should put an emphasis on cyber testing and training.
Taking those steps is not only necessary to keep regulators at bay, it’s also good for clients.
“It makes business sense to safeguard your customer data,” Yerzak said.
The move to charge data aggregators fees totaling hundreds of millions of dollars threatens to upend business models across the industry.
The latest snapshot report reveals large firms overwhelmingly account for branches and registrants as trend of net exits from FINRA continues.
Siding with the primary contact in a marriage might make sense at first, but having both parties' interests at heart could open a better way forward.
With more than $13 billion in assets, American Portfolios Advisors closed last October.
Robert D. Kendall brings decades of experience, including roles at DWS Americas and a former investment unit within Morgan Stanley, as he steps into a global leadership position.
Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.
Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.