It’s you, dear reader, that the headline is referring to — independent advisors. From relatively humble beginnings in 1969, but with visionary leadership then (under Loren Dunton, founder of the Institute of Consumer Financial Education) and over the ensuing 47 years, independent financial advisory firms are a real force to be reckoned with in the financial services industry. That’s the case even if the great majority of independent advisors don’t approach anywhere near the threshold that the U.S. government holds out as the starting point of small businesses.
At the Financial Planning Association annual conference in September, Pershing Advisor Solutions CEO Mark Tibergien noted that the U.S. Small Business Administration would define any advisory firm with less than $38.5 million in annual revenue as a small business. “We are, fundamentally,” said Tibergien at the Baltimore meeting, “small businesses.” Small by the SBA’s definition, but plenty big enough to be the target of cyber criminals.
In a press conference and a panel discussion at FPA’s conference, a panel of experts explored the findings of an FPA-TD Ameritrade Institutional study on advisors and cybersecurity. Bryan Baas of TDAI said “not a day goes by without” a cybersecurity attempt on advisors, and that while over 80% of advisors surveyed claimed cybersecurity is a “high priority,” fewer than 50% “understand all the risks.” Baas, TDAI’s director of risk oversight and control, called for more training for advisors and advisory firm staff, so that “when the alarm bells go off, they know what actions to take.” Baas also sent a reminder that “the SEC expects advisors to have robust plans to mitigate” cybersecurity risks to client data. Advisors, counseled Baas, “should take the same care to develop cyber policies as they do in building portfolios for clients.”
So why does the Securities and Exchange Commission (and FINRA and the states) care so much about how secure client data is at independent advisory firms? Dan Skiles, an FPA board member and president of Shareholders Service Group, put it well. “We used to say ‘We’re a little cottage industry; nobody will want to hack us.’” However, said Skiles (Investment Advisor’s resident Technology Coach), “that cottage industry no longer exists.”