Regulatory issues that aren’t getting the attention they need, “but advisors are moving on them nonetheless because they are smart business decisions,” include cybersecurity, business continuity, succession planning and disaster recovery, argues MarketCounsel CEO Brian Hamburger.
Indeed, while the SEC as well as FINRA have yet to release formal rules regarding cybersecurity, both have released guidance.
In mid-September, the SEC added to its previously issued guidance by releasing a set of questions for advisors and broker-dealers to answer regarding their cybersecurity preparedness, as the agency starts conducting its second round of cyber-related exams this month.
OCIE issued the questions as part of its Risk Alert providing additional information on the areas of focus for the exam division’s second round of cybersecurity exams, which the agency says will involve “more testing to assess implementation of firm procedures and controls.”
The SEC’s Division of Investment Management released cybersecurity guidance in April to help advisors and funds address their cyber risks.
Brian Rubin, partner with the law firm Sutherland Asbill & Brennan in Washington, says that “all firms should carefully review” the SEC’s alert to see how they would answer these questions, even if they think that the SEC won’t be examining them in the near future.
The SEC, he says, “isn’t interested in playing ‘gotcha games.’ They want firms to take the right steps.”