Cybersecurity rules can create compliance challenges

Cybersecurity rules can create compliance challenges
National standards would be preferable to a patchwork of state-by-state rules when it comes to dealing with rapidly evolving cyberthreats
FEB 10, 2020
By  Dale Brown

It is no secret that cybersecurity threats are evolving far more rapidly than the ability of governments and regulators to counter them. Legislators and regulators in the states understand the urgency of this problem and have made admirable efforts to develop protections for consumers and investors.

Unfortunately, in our industry, a side effect of these individual state efforts to strengthen cybersecurity protections has been to create significant compliance challenges for advisers. What we need now is greater coordination to help these various authorities come together behind a principles-based approach to combating cyberthreats.

As one illustration, all 50 states have laws requiring companies to notify consumers about data breaches, but the definitions of a “breach” and “personal information” vary by state. For firms and advisers — most of which work with clients across multiple states — this creates unnecessary complications in developing protocols to follow in the event of a breach.

We are working with lawmakers and regulators to emphasize a commonsense approach to cybersecurity that harmonizes various protections and guards against cyberthreats, while also maintaining operating efficiency and flexibility.

In general, we believe that:

• National standards are preferable to a patchwork of state-by-state rules;

• Where possible, uniform approaches to cyberthreats should be pursued, while also incorporating enough flexibility to allow firms to develop effective solutions for different business models;

• Cybersecurity standards should not place undue burdens on small businesses; and

• All entities, whether private or public, should be held to a common, consumer-friendly data security standard.

We are also taking practical steps to put these principles into action.

First, we support the draft privacy legislation introduced by Senate Commerce Committee Chairman Roger Wicker, R-Miss., in December. While still in its early stages, this bill would establish national rules for handling personal information online, creating uniform federal standards.

We intend to work with Mr. Wicker and other members of Congress to secure national data breach notification requirements — instead of a patchwork of unique approaches — that ensure prompt and effective notice to consumers if their personal information is compromised.

Secondly, we are working to address our members’ concerns surrounding the confidential client information they are required to provide to Finra for the regulator’s Consolidated Audit Trail initiative.

As currently envisioned, the CAT database will be an enormous repository of highly sensitive information, including personal and financial information on advisers’ clients. We are working with regulators to ensure that this vast trove of information is either properly secured — or simply not collected at all, as proposed in the recent request for exemptive relief filed by the CAT NMS Plan Participants.

We also continue to educate regulators on the challenges our members face each day in complying with rules that bear directly on cybersecurity, such as books and records requirements.

While cybersecurity is a large, evolving challenge involving complex and disparate laws and regulations across the country, we are working to bring a coordinated approach to the key legislation and rules that impact our members most.

Dale Brown is president and CEO of the Financial Services Institute.

Latest News

$10B Merit sharpens growth focus with new M&A lead
$10B Merit sharpens growth focus with new M&A lead

With deep experience and wide connections, the top-ranked RIA 's latest hire from Captrust extends its streak of strategic executive recruitments.

Nationwide president and COO John Carter to step down
Nationwide president and COO John Carter to step down

The leading annuity and insurance top executive is stepping down after a distinguished 40-year career in the industry.

Bond heavyweights lead the way in active fixed income comeback
Bond heavyweights lead the way in active fixed income comeback

After a two-year drought, US bond funds saw the most new investment last year, with inflows led by big names like Pimco and Dodge & Cox

Carson Wealth kicks off 2025 deal calendar with $1B Chicago office acquisition
Carson Wealth kicks off 2025 deal calendar with $1B Chicago office acquisition

The latest buyout transaction taps into an industry-wide need for succession-planning options, says Carson Group CEO.

Retirement conundrum: crippling health care costs or start dumping assets?
Retirement conundrum: crippling health care costs or start dumping assets?

Investors fearing unaffordable healthcare may spend-down assets, study reveals.

SPONSORED Three key trends that will drive advisors’ planning in 2025

AssetMark Group CEO explains why the great wealth transfer, succession planning, and personalization will be key for advisors in the new year.

SPONSORED Why RIAs might consider investing more in trust services

A trust delivery model not only increases the value of an advisor and a firm but is also a natural addition to any firm’s succession plan.