Cybersecurity Tops Advisors’ Compliance Worries: Poll

Cyber breaches at advisory firms have jumped, according to IAA/ACA compliance survey

More than 3,000 financial institutions have applied for a .BANK domain name. More than 3,000 financial institutions have applied for a .BANK domain name.

Registered investment advisors are increasingly implementing cybersecurity policies as the number of cyber breaches against their firms jumps, according to a just-released poll by the Investment Adviser Association and ACA Compliance Group.

Cybersecurity continues to be the top compliance worry for advisors, with nearly 88% of the 474 advisory firms polled in the joint ACA/IAA 2015 Investment Management Compliance Testing Survey identifying “cybersecurity/privacy/identity theft” as the their top compliance challenge this year.

While cybersecurity topped the list, other compliance challenges for advisors include custody of client assets (identified by 18%), advertising/marketing (23%), fraud prevention (13%), disaster recovery (17%) and compliance with the Foreign Account Tax Compliance Act (FATCA) at 12%.

The IAA/ACA compliance survey comes as more than 3,000 financial institutions have applied for .BANK domain names after the general availability period for the domain names began Tuesday.

The Financial Services Roundtable is a lead supporter, investor and founder of the .BANK domain, which is a new online bank community that uses enhanced security requirements and stringent verification standards to provide banks and their customers with a safer place to do online business.

Chris Feeney, president of FSR’s cybersecurity and technology policy division (BITS), says the move by banks “clearly signifies the dedication and importance banks place on improving protections for their customers’ sensitive information from the growing threat of cyberattacks." Feeney said that .BANK online space “has more than 30 enhanced security requirements that are specially designed to create a trusted, verified and more secure location for online banking business.”

As to advisors, the IAA/ACA poll, conducted online from April 27 through May 22, found that more than two in five (43%) report having a formal, written, standalone cybersecurity program, while another 42% have formal cybersecurity policies and procedures that are incorporated into broader programs.

The incidence of cyber breaches has also jumped, with 15% of advisors reporting being the victim of a cybersecurity breach in the past 18 months, up from 11% last year.

The advisory firms also reported increased compliance testing in the following areas: cybersecurity/privacy/identity theft (67.9%); advertising/marketing (43%); personal trading/code of ethics (34%); disaster recovery planning (35%), and best execution (32%).

IAA Assistant General Counsel Sanjay Lamba said in a statement that IAA and ACA believe the Compliance Testing Survey results will help firms “benchmark their compliance practices against other firms.”

As to other compliance priorities, the IAA/ACA survey found that nearly nine in 10 firms (89%) have adopted formal written policies and procedures to govern the use of social media by employees, up from 83% in 2013.

Nearly half (47%) prohibit the use of personal social networking websites for business purposes, down slightly from 49% in 2013.

Also, seven in 10 test compliance with the firm’s social media policy — compared with 63% in 2013 — while 65% review email and electronic communications for all employees, focusing on such areas as violations of firm policies and procedures, insider trading, fraudulent activity and use of nonapproved marketing materials.

Firms are also boosting their chief compliance officer’s role. Ninety-four percent of the firms poll stated they have at least one employee dedicated full time to the legal and/or compliance role, while 42% reported employing from two to five legal and/or compliance professionals.

Twenty percent reported employing more than six compliance pros, while 63% reported that their CCO “wears more than one hat” and is involved in other aspects of a firm’s business operations.

Sixty-five percent said their CCO is a senior executive, while 64% said the CCO has a direct reporting line to the CEO or president.

--- Check out 4 Cybersecurity Tips From the FBI on ThinkAdvisor.

Reprints Discuss this story

Most Recent Videos

Video Library ››