SEC steps up intensity of cybersecurity oversight

SEC steps up intensity of cybersecurity oversight
Investment advisors and brokerages shouldn't wait for final regulations to shore up their cyber defenses, experts say.
MAY 11, 2023

The SEC has been concerned for years about online attacks that could expose financial advisors’ customer data, but the agency’s intensity on the topic is now reaching a crescendo.

In a split vote, the Securities and Exchange Commission released for public comment March 15 a 500-page proposal that would require brokers, clearing agencies, major swaps operations and other entities to establish written policies and procedures to address cybersecurity threats.

At the same open meeting, the entire commission voted to release for public comment a separate proposal that would require broker-dealers, investment companies, registered investment advisers and transfer agents to notify clients and customers of data breaches that could expose them to identity theft or other harm.

The commission also reopened the public comment period on a cybersecurity proposal for registered investment advisors.

A couple of weeks ago, the SEC issued a risk alert stating that its examination staff has found RIA and brokerage deficiencies in safeguarding customer records and information at branch offices. The alert highlights that the SEC again this year has made cybersecurity an examination priority.

“This is the most [SEC] activity we’ve seen in this space to date,” said Amber Allen, executive vice president and general counsel at Fairview, a regulatory consulting firm.

So far, the SEC has taken a “shotgun approach to cybersecurity risk management,” said EJ Yerzak, director of cybersecurity services at Confluence, a regulatory technology provider and consultant.

But by reopening the comment period on the advisor cybersecurity rule and running it concurrently with the public comment period on the broker rule, the agency appears to be attempting to align the two.

“What the SEC is doing is hitting the pause button to allow time to consolidate its approach,” Yerzak said.

That timeout will be welcome by trade associations that have called on the SEC to slow its rulemaking process, which has been criticized as overly aggressive and overlapping.

The comment periods will run for a few more weeks, and it’s difficult to predict how the agency might modify the advisor and broker proposals before they become final rules. But it is clear the agency intends to strengthen cybersecurity requirements, a point that was reinforced by the recent risk alert.

Financial advisors shouldn't wait for new regulations to be put into place before shoring up their internal cybersecurity oversight.

“It’s important for advisors to prepare ahead of the final rules,” Allen said. “It’s clear that investment advisors need to focus on implementing comprehensive cybersecurity policies and procedures. Policies need to cover not only the main office but also branches and remote locations.”

Firms should look for “gaps in policies” that fail to address cybersecurity risks such as vendor oversight, use of mobile devices, data loss and change management, Yerzak said. They also should put an emphasis on cyber testing and training.

Taking those steps is not only necessary to keep regulators at bay, it’s also good for clients.

“It makes business sense to safeguard your customer data,” Yerzak said.

How advisors can use market momentum and volatility to prospect

Latest News

Texas man says SEC and fund could make him pay twice
Texas man says SEC and fund could make him pay twice

A $141M judgment and a federal asset freeze collide over one shrinking pool

Osaic executives Kristy Britt and Greg Cornick to leave
Osaic executives Kristy Britt and Greg Cornick to leave

The firm's CFO and EVP of Wealth Management Solutions are the latest executives to exit the broker-dealer.

Estate planning becomes a client retention issue for financial advisors, survey finds
Estate planning becomes a client retention issue for financial advisors, survey finds

Clients are saying they would consider switching advisors if another professional offered estate planning services, according to a new Trust & Will survey.

Candidly adds AI agents for Trump Accounts, workplace benefits
Candidly adds AI agents for Trump Accounts, workplace benefits

CEO Laurel Taylor says the fintech's composable AI stack helps workers optimize dollars across Trump Accounts, 529s, 401(k)s, and other employee benefits.

BMO adds three advisors in Dallas amid Y'all Street wealth boom
BMO adds three advisors in Dallas amid Y'all Street wealth boom

The bank has swiped three private banking veterans from BNY as the city climbs the ranks of America's fastest-growing wealth hubs.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.