Cybersecurity rules can create compliance challenges

Cybersecurity rules can create compliance challenges
National standards would be preferable to a patchwork of state-by-state rules when it comes to dealing with rapidly evolving cyberthreats
FEB 10, 2020
By  Dale Brown

It is no secret that cybersecurity threats are evolving far more rapidly than the ability of governments and regulators to counter them. Legislators and regulators in the states understand the urgency of this problem and have made admirable efforts to develop protections for consumers and investors.

Unfortunately, in our industry, a side effect of these individual state efforts to strengthen cybersecurity protections has been to create significant compliance challenges for advisers. What we need now is greater coordination to help these various authorities come together behind a principles-based approach to combating cyberthreats.

As one illustration, all 50 states have laws requiring companies to notify consumers about data breaches, but the definitions of a “breach” and “personal information” vary by state. For firms and advisers — most of which work with clients across multiple states — this creates unnecessary complications in developing protocols to follow in the event of a breach.

We are working with lawmakers and regulators to emphasize a commonsense approach to cybersecurity that harmonizes various protections and guards against cyberthreats, while also maintaining operating efficiency and flexibility.

In general, we believe that:

• National standards are preferable to a patchwork of state-by-state rules;

• Where possible, uniform approaches to cyberthreats should be pursued, while also incorporating enough flexibility to allow firms to develop effective solutions for different business models;

• Cybersecurity standards should not place undue burdens on small businesses; and

• All entities, whether private or public, should be held to a common, consumer-friendly data security standard.

We are also taking practical steps to put these principles into action.

First, we support the draft privacy legislation introduced by Senate Commerce Committee Chairman Roger Wicker, R-Miss., in December. While still in its early stages, this bill would establish national rules for handling personal information online, creating uniform federal standards.

We intend to work with Mr. Wicker and other members of Congress to secure national data breach notification requirements — instead of a patchwork of unique approaches — that ensure prompt and effective notice to consumers if their personal information is compromised.

Secondly, we are working to address our members’ concerns surrounding the confidential client information they are required to provide to Finra for the regulator’s Consolidated Audit Trail initiative.

As currently envisioned, the CAT database will be an enormous repository of highly sensitive information, including personal and financial information on advisers’ clients. We are working with regulators to ensure that this vast trove of information is either properly secured — or simply not collected at all, as proposed in the recent request for exemptive relief filed by the CAT NMS Plan Participants.

We also continue to educate regulators on the challenges our members face each day in complying with rules that bear directly on cybersecurity, such as books and records requirements.

While cybersecurity is a large, evolving challenge involving complex and disparate laws and regulations across the country, we are working to bring a coordinated approach to the key legislation and rules that impact our members most.

Dale Brown is president and CEO of the Financial Services Institute.

Latest News

SEC Says Game Service Roblox Part of ‘Active Investigation’
SEC Says Game Service Roblox Part of ‘Active Investigation’

Short sellers previously said the company was under investigation, though Roblox denied allegations.

Musk’s DOGE descends on CFPB with intention to shut it down
Musk’s DOGE descends on CFPB with intention to shut it down

The Consumer Financial Protection Bureau is in the crosshairs of the Republican group that is widely attempting to dismantle government agencies.

Advisor fighting Finra banishment loses $17.7 million dispute with old firm
Advisor fighting Finra banishment loses $17.7 million dispute with old firm

National Securities Corp. sued the advisor in 2020, alleging breach of contract and unjust enrichment.

Job numbers, inflation leaving room for Fed to hold rates
Job numbers, inflation leaving room for Fed to hold rates

Recent data support a measured pace by the Federal Reserve for the year ahead.

Private assets remain hot despite surging stock market
Private assets remain hot despite surging stock market

Financial advisors are still adding alternatives despite the surge in publicly traded stock prices

SPONSORED Taylor Matthews on what's behind Farther's rapid growth

From 'no clients' to reshaping wealth management, Farther blends tech and trust to deliver family-office experience at scale.

SPONSORED Why wealth advisors should care about the future of federal tax policy

Blue Vault features expert strategies to harness for maximum client advantage.