SEC urges advisers to draw up and implement cybersecurity plans

SEC urges advisers to draw up and implement cybersecurity plans
Next step could be to hold them accountable for data breaches.
MAY 05, 2015
The Securities and Exchange Commission is pushing investment advisory firms to establish and implement formal, written policies to combat data breaches. “Create a strategy that is designed to prevent, detect and respond to cybersecurity threats,” the SEC Division of Investment Management said in a guidance update released on Tuesday. “Implement the strategy through written policies and procedures and training … [for] officers and employees.” The document recommends that firms conduct periodic assessments of the data it collects, the vulnerabilities of their information systems, the security controls they have in place, the potential consequences of a breach and their plan to manage such an assault. A cybersecurity strategy could include using credentials and authentication to restrict access to firm data as well as encrypting and backing up data. The guidance follows cybersecurity exams that the SEC and the Financial Industry Regulatory Authority Inc., the industry-funded broker-dealer regulator, conducted last year. Both organizations have made cybersecurity an examination priority for the past two years, and the SEC hosted a roundtable on the topic last year. The guidance underscores the fact that the SEC is making cybersecurity a regulatory obligation, said Todd Cipperman, principal at Cipperman Compliance Services. “It puts the whole cybersecurity compliance program on the chief compliance officer's desk,” Mr. Cipperman said. “It means CCOs are going to have to step up their IT game. They don't need to become IT experts, but they do need to become IT competent.” Although the guidance doesn't carry the force of a rule and is not legally binding, it does outline what the SEC will be looking for when it conducts exams. Advisers should take heed, said Brian Rubin, a partner at Sutherland Asbill & Brennan. “They should be thinking long and hard about why their procedures or processes are different from what is suggested,” Mr. Rubin said. “Broker-dealers should review [the guidance], too, even though it does not apply to them.” The next step for the SEC could be cybersecurity enforcement actions, Mr. Cipperman said. The agency also could show up at the door of an advisory firm after a data breach to assess the cyber defense it had implemented. “You ignore this guidance at your own peril,” Mr. Cipperman said.

Latest News

Stifel loses huge $14.2 million arbitration claim linked to star Miami broker
Stifel loses huge $14.2 million arbitration claim linked to star Miami broker

“The evidence in this case was overwhelming,” says an attorney.

$9B Gateway Investment Advisers names Julie Schmuelling president
$9B Gateway Investment Advisers names Julie Schmuelling president

The move marks the culmination of a decade-long journey for the new leader at the Ohio-based RIA and Natixis affiliate firm.

How to help high-net-worth clients save on soaring insurance costs
How to help high-net-worth clients save on soaring insurance costs

A HUB International strategists offers tips for reducing skyrocketing insurance bills.

UBS scores $400M veteran advisor from Merrill
UBS scores $400M veteran advisor from Merrill

The wirehouse's latest addition in Manchester, New Hampshire arrives with more than two decades of industry experience.

Financial literacy gaps create fiscal challenges for half of business owners
Financial literacy gaps create fiscal challenges for half of business owners

Poll of small businesses finds financial concerns become a priority as tax, budget, and cash flow management issues come home to roost.

SPONSORED Leading through innovation – with Tom Ruggie of Destiny Wealth Partners

Uncover the key initiatives behind Destiny Wealth Partners’ success and how it became one of the fastest growing fee-only RIAs.

SPONSORED Client engagement strategies, growth and retention in the down markets

Key insights from Gabriel Garcia on adapting to demographic shifts and enhancing client experience in a changing market