Advisers offer tips for surviving a cybersecurity exam

Firms shouldn't wait for an inspection notice from the SEC to begin fortifying their online systems.
OCT 26, 2016
Investment advisers who have been through a Securities and Exchange Commission cybersecurity examination warned other advisers Tuesday not to wait for an inspection notice from the agency to begin fortifying their online systems. “It's like taking a pop quiz in school without having been to class,” Robert Ross, chief compliance officer at Sontag Advisory, said at the Schwab Impact conference in San Diego. “You have to assume they're coming soon.” Trevor Hicks, director of technology at Wetherby Asset Management, gave the same admonition about getting caught flat-footed. “You can't start preparing soon enough,” Mr. Hicks said. The two advisers participated in a panel and media availability at the conference to highlight what Schwab says is a growing concern among advisers: regulatory scrutiny of cybersecurity. “This is the No. 1 topic on advisers' minds,” said Michelle Thetford, vice president for adviser services, client strategic solutions for Charles Schwab & Co. Mr. Hicks recommended that advisers look carefully at the SEC's 2014 cybersecurity initiative, which, along with a similar one the next year, provided guidance on how the agency would assess preparedness. The agency sent a 37-point document request in advance of the assessment of Mr. Hicks' firm. Six examiners conducted the inspection over the course of one day. For Mr. Ross' firm, the examiners spent five days onsite. It also was the subject of a regular examination around the same time. Information technology staff should participate in a cyberexam, because SEC personnel are rigorous, according to Mr. Hicks. “I was impressed by how knowledgeable they were about how technology works,” he said. The agency basically wants firms to know what kind of sensitive data they have, where it's located and who has access to it, Mr. Hicks said. They also want to see in black-and-white how a firm approaches cybersecurity and responds to breaches. “They were very hung up on written policies and procedures,” Mr. Ross said. Schwab, which provides custody and other services to 7,000 independent investment advisers, offers an online Cybersecurity Resource Center. Advisers can turn to a custodian like Schwab for help with online protections or to a consultant, but they should be wary of pre-packaged products, said Michelle Jacko, chief executive of Core Compliance and Legal Services. “That's where we're seeing deficiency letters,” she said. Firms of all sizes must be able to show they can identify a cyberproblem, mitigate it and conduct ongoing monitoring. If they turn to a third-party provider, they must provide due diligence. “Small firms are held to the same standards,” Ms. Jacko said. The SEC has put cybersecurity on its exam priority list for the last two years and will likely keep it on the roster. “The regulators have high expectations for us to protect client assets,” Ms. Thetford said.

Latest News

Trump says not necessary to fire Powell after getting Fed tour
Trump says not necessary to fire Powell after getting Fed tour

‘To do that is a big move, and I just don’t think it’s necessary,’ Trump says.

Vanilla locks in US patent for estate planning tech, strengthening advisor reach
Vanilla locks in US patent for estate planning tech, strengthening advisor reach

The wealth tech platform says its newly secured patent represents crucial advances in digitizing outdated manual processes.

Wealth managers weigh in on Trump's potential order to open 401(k) plans to alternatives
Wealth managers weigh in on Trump's potential order to open 401(k) plans to alternatives

Financial advisors offer their thoughts on the President's widely anticipated executive order to open retirement accounts to private market assets.

SEC: First Liberty misused fresh investor money in $140 million scheme
SEC: First Liberty misused fresh investor money in $140 million scheme

The SEC says First Liberty lured investors with high-yield promissory notes, then used fresh cash to cover defaults and interest owed to earlier investors.

SEC hits pause on Bitwise ETF offering broad crypto exposure
SEC hits pause on Bitwise ETF offering broad crypto exposure

The agency's decision to stay the approval process just hours after signing off highlights ongoing ambiguity for new crypto-focused ETF offerings.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.