How the SEC will police advisers' lax cybersecurity

The SEC may be refining its approach to spurring good cybersecurity practices in advisers, but its expectations aren't slackening.

There's been "a conscious decision" at the agency to lead through the exam process, rather than enforcement, said David Glockner, regional director of the SEC's Chicago office.

"There've been a handful of enforcement cases in this area," Glockner said, "but if you step back and think about it, there are way more incidents, way more issues that pop up in exams than there are enforcement referrals or enforcement actions."

But even if the commission will discipline advisers sparingly and bring actions in the most egregious cases, officials want advisers to demonstrate that they are taking the issue seriously. Examiners will expect to review a firm's policies and procedures for protecting against data breaches and other threats to sensitive information.

Javvad Malik

Javvad Malik is security awareness advocate at KnowBe4.

9h ago

• Facebook
• Twitter
• LinkedIn
• Email
• Show more sharing options
  Share Show more sharing options

Close extra sharing options

• Facebook
• Twitter
• LinkedIn
• Email

• Diversity and equality
• Racism
• Racial Bias
• Banking
• Mortgages
• Real estate
• Credit unions
• Access Denied: Systematic racism in financial services

Podcast Introducing Access Denied: Systemic racism in financial services

This five-part series is a comprehensive effort to explain the racial discrimination Black Americans face in our financial system.

By Tobias Salinger

11h ago

1 Min Read

• Facebook
• Twitter
• LinkedIn
• Email
• Show more sharing options
  Share Show more sharing options

Close extra sharing options

• Facebook
• Twitter
• LinkedIn
• Email

• Data Analytics
• ESG
• Fintech
• Wirehouse advisors
• Wirehouses
• Invest Insights
• INVEST West 2020
• UBS Wealth Management
• Broadridge

UBS upgrades data and analytics platform for advisors

Refinitv’s Workspace will power the wirehouse’s investment research and risk assessment capabilities.

By Ryan W. Neal

October 23

2 Min Read

• Facebook
• Twitter
• LinkedIn
• Email
• Show more sharing options
  Share Show more sharing options

Close extra sharing options

• Facebook
• Twitter
• LinkedIn
• Email

As a starting point, officials recommend advisers take an inventory of their digital assets to determine the various entry points that hackers could take to infiltrate their systems, including a thorough vetting of all the outside vendors a firm contracts with.

• Regulatory guidance
• Regulatory actions and programs
• Compliance
• Practice management
• Robert W. Cook
• FINRA
• SEC
• OCIE

The 10 most significant FINRA and SEC exam priorities

Regulators have revealed what kind of issues advisors must address if faced with a review.

By Todd Cipperman

1 Min Read

To ensure that personnel throughout the firm are cognizant of the myriad cyber threats, the SEC urges firm leaders to elevate the issue as a business priority, appealing for a tone at the top that prevents cybersecurity issues from being marginalized as simply a matter for the IT department.

But in some firms, there remains a tension between business and cybersecurity concerns, according to Steven Levine, an associate regional director at the SEC's Chicago office.

Levine has warned about the compliance and supervision challenges facing the growing number of advisory firms that have adopted the broker-dealer model of maintaining a home office and multiple branches.

Often, branch managers look to bring in high-producing industry veterans who might resist the firm's cybersecurity policies and procedures, which puts additional onus on the chief compliance officer to lay down the law, Levine says.