House Committee OKs Cybersecurity Bill

Bill gives the Homeland Security Department ‘the tools to secure our nation in cyberspace,’ committee says

More On Legal & Compliance

from The Advisor's Professional Library
  • Client Communication and Miscommunication RIA policies and procedures must specify what type of communications should be retained. The safest course of action is for RIAs to retain all communications—to clients, from clients, and about client accounts.  To comply with fiduciary obligations, communications must be thorough and not mislead.
  • Client Commission Practices and Soft Dollars RIAs should always evaluate whether the products and services they receive from broker-dealers are appropriate. The SEC suggested that an RIA’s failure to stay within the scope of the Section 28(e) safe harbor may violate the advisor’s fiduciary duty to clients, so RIAs must evaluate their soft dollar relationships on a regular basis to ensure they are disclosed properly and that they do not negatively impact the best execution of clients’ transactions.

The House Committee on Homeland Security unanimously approved on Wednesday H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act of 2013.

The bill was sent to the full House for consideration.

The committee said in a statement that the Act “addresses the cyber threat by giving the Department of Homeland Security (DHS) the tools to secure our nation in cyberspace, while protecting privacy and civil liberties and prohibiting any new regulations at DHS.”

The bill codifies several cybersecurity efforts already in progress; beefs up others, like the National Cybersecurity and Communications Integration Center; and focuses on partnerships with the private sector. It is intended to be budget neutral.

H.R. 3696 was introduced in December by Committee Chairman Michael McCaul, R-Texas, and Ranking Member Bennie Thompson, D-Miss., as well as Subcommittee Chairman Patrick Meehan R-Pa., and Subcommittee Ranking Member Yvette Clarke, D-N.Y.

“Cyber attacks on our oil and gas facilities, electric grids, water systems, banks and transportation systems threaten our national security and economy every day,” McCaul said in a statement. “We cannot wait for a major attack to take action, and I am pleased that the committee today unanimously passed legislation that improves DHS’ ability to defend against the many threats to our critical infrastructure.”

Meehan added that with the cyber attacks at Target, Nieman Marcus and the hotel franchise manager White Lodging, "it seems that almost every day we hear news of more American consumers victimized by cyber attack. It’s only a matter of time before our power grids or financial networks are the latest victims of hackers.”

The federal government’s response to the cyber threat, Meehan added, “has so far been haphazard.”

Ken Bentsen, president and CEO of the Securities Industry and Financial Markets Association, said in a statement that “cybersecurity is increasingly a major threat to our financial system. SIFMA members are dedicating significant resources to protect the millions of Americans who use financial services every day and rely on the integrity of our markets."

The Securities and Exchange Commission is now assessing advisors’ cybersecurity policies during exams.

“Examiners will be looking at resources going into information security, policies on cybersecurity risk, what policies are in place to prevent and respond to cyberattacks, lost information and identity threft,” Jane Jarcho, a national associate director at the SEC's compliance exam office, said last Friday at an SEC seminar.

Examiners will also ask about internal and external cyberattacks that may have occurred at advisory firms as well, and will look at a firm’s policies on IT training, vendor access and vendor due diligence, she said.


Check out SEC to CCOs: Don’t Ignore These Issues on ThinkAdvisor.

Reprints Discuss this story
This is where the comments go.