In today’s world of web-based solutions and mobile devices, it’s more likely that investment advisors will be cyberattacked, than they will be audited by the Securities and Exchange Commission, at least according to research from RightSize Solutions, a provider of cloud-based solutions to the wealth management industry.
“Unlike an SEC audit, which only a small percentage of RIAs face every year — just 13% of SEC-registered firms in 2017, according to the SEC’s FY 2018 Congressional Budget Justification — online attacks occur daily and the scope and severity of their attacks are increasing,” writes Wes Stillman, founder and CEO of RightSize Solutions, in his white paper, The Cyberpolicy Policy Upgrade Imperative for RIAs.
Although SEC Regulation S-P requires RIAs to adopt written policies and procedures on safeguards for the protection of customer data, last year the SEC’s Office of Compliance Inspections and Examinations (OCIE) stated in an alert that although RIAs may have put together documentation on procedures, “what is on file is either woefully inadequate or not being implemented, or both.”
And though RIAs need those to follow those policies, “focusing solely on compliance misses the mark: The most compelling reason for RIAs to implement ironclad policies is to survive cybersecurity attacks and protect firm and client data,” writes Stillman, who has contributed to ThinkAdvisor.
Starts at the Top
SEC Chairman Jay Clayton has said that “focus by senior management on cybersecurity is an important contributor to the effective identification and mitigation of cybersecurity risks.”