Regulators have found an increase in cybersecurity-related infractions among state-registered advisors.
Exams in 41 U.S. jurisdictions during the first six months of 2019 found cybersecurity deficiencies in more than a quarter (26%) of advisory firms, up from 23% during the last series of coordinated exams in 2017, according to the just-released 2019 Investment Adviser Coordinated Exams Report by the North American Securities Administrators Association.
The top five cybersecurity-related deficiencies included: no testing of cybersecurity vulnerability, lack of procedures regarding securing or limiting access to devices, lack of procedures related to internet connectivity, weak or infrequently changed passwords, and no or inadequate cybersecurity insurance, the NASAA report found.
“We encourage state-registered investment advisors to review their cybersecurity practices to ensure compliance and to take advantage of the free cybersecurity checklist offered by NASAA to help gauge their cybersecurity preparedness,” said Andrea Seidt, chair of NASAA’s Investment Adviser Section and Ohio securities commissioner, in a statement on Monday.
Overall, the incidence of deficiencies in just about every category except cybersecurity has decreased since 2015, added Michael Pieciak, NASAA president and Vermont commissioner of financial regulation.
Of the 1,078 exams conducted in 2019, books and records (59%) continued to be the most problematic compliance area for state-regulated advisors, followed by registration (49%), contracts (44%), cybersecurity (26%) and fee-related matters (21%).
NASAA reported the findings at its annual meeting in Austin. The sample data from state securities examiners is collected every two years and reported voluntarily to NASAA’s Investment Adviser Operations Project Group.
— Check out Legendary Ex-Fraudster Frank Abagnale: How Not to Get Scammed on ThinkAdvisor.