Written by: Brendan Furey
What you need to know
When seeking to act in their client’s best interest, registered investment advisors collect private information from their clients. This information forms the basis for the advice they will provide to their client, whether through consultation or discretionary investment management. Understandably, the advisor is in continuous possession of private client information while servicing a particular client, investor, or related participant.
Section 30(a) of Regulation S-P under the Gramm-Leach-Bliley Act of 1999 requires advisors (along with broker-dealers and investment companies) to adopt policies and procedures that create administrative, technical, and physical safeguards for the protection of customer records and information. These policies and procedures must must be reasonably designed to:
The SEC has said that an RIA’s policies and procedures must include how advisors conduct periodic risk assessments, implement a firewall, encrypt private client information stored electronically, and maintain a response plan for cybersecurity incidents. Advisors are expected to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs. 1 .
Why You Should Care
Identify theft, cyber fraud and high profile security breaches have become common occurrences, especially among commercial merchants and asset managers. Previously, we covered common misperceptions that sometimes stop advisors from properly protecting advisory clients from cyber threats. Since then, the SEC Office of Compliance Inspections and Examinations (“OCIE”) published a series of Risk Alerts announcing a priority for examinations to identify cybersecurity risks and assess cybersecurity preparedness in the securities industry.
The focus of the OCIE during exams will be on the following areas:
To ensure that your firm is keeping up with regulatory requirements and industry best practices in this area AdvisorAssist recommends that the CCO:
AdvisorAssist recently hosted a webinar on this subject: Click here to watch or download the replay .1. See SEC Release No. 4204 published September 22, 2015.