The North American Securities Administrators Association recently approved a new information security model rule package to enhance state-registered advisors’ cybersecurity and privacy practices.
The model rule will be delivered to NASAA members soon, according to NASAA spokesman Bob Webster, and states may choose whether to adopt the model rule in their jurisdiction.
The information security model rule package also includes amendments to three NASAA model rules related to cybersecurity.
“The package also provides a basic structure for how state-registered investment advisors may design their information security policies and procedures, which we expect to create uniformity in both state regulation and state-registered investment adviser practices,” Pieciak added.
The three-pronged model rule includes the following:
- an amendment to the existing investment advisor NASAA model recordkeeping requirements rule to require that investment advisors maintain these records; and
- amendments to the existing investment advisor model rules related to failing to establish, maintain and enforce a required policy or procedure to the list of unethical business practices/prohibited conduct.
Andrea Seidt, Ohio securities sommissioner and chair of NASAA’s Investment Adviser Section, noted that “The reputational damage and loss of client trust that often follows an information security breach can be devastating to the bottom line of any business, especially small businesses,” which is “significantly important considering that 80% of the 17,500 state-registered investment advisors are one-to-two person shops.”
State-Registered Advisor Update
NASAA also released Tuesday its annual report, which includes updated information on the state-registered advisor landscape.