Shareholder Thomas D. Giachetti, Chair of the Securities Practice Group, authored the article SEC Clarifies RIAs’ Cybersecurity Obligations, which was published in the November issue of Investment Advisor.
The article explains how the Securities and Exchange Commission’s (SEC) recent cybersecurity focus will affect RIAs. The SEC’s Office of Compliance Inspections & Examinations (OCIE) released a Risk Alert in the spring of 2014, which announced that it would “conduct examinations of more than 50 financial institutions, including RIAs, focused on: cybersecurity governance; identification and assessment of cybersecurity risks; protection of networks and information; risks associated with remote customer access and funds transfer requests; risks associated with vendors and other third parties; detection of unauthorized activity; and experiences with certain cybersecurity threats.”
Most recently, in September 2015, OCIE released a follow-up Risk Alert which better elaborated on the “areas of focus” that would be examined during the cybersecurity process. Some of these areas would include “an RIA’s governance and risk assessment, access rights and controls, data loss prevention, vendor management, staff training and incident response.”
As a result, Mr. Giachetti recommended three steps that RIAs should take immediately in relation to the OCIE’s Risk Alert. This includes consulting with the business’s IT staff or IT vendors to ensure that the highest level of protection is or has been implemented, as well as adopting a proper cybersecurity policy that specifically addresses these recent Risk Alerts.
For more information, read the full article.