Advisers offer tips for surviving a cybersecurity exam

Firms shouldn't wait for an inspection notice from the SEC to begin fortifying their online systems

Investment advisers who have been through a Securities and Exchange Commission cybersecurity examination warned other advisers Tuesday not to wait for an inspection notice from the agency to begin fortifying their online systems.

“It's like taking a pop quiz in school without having been to class,” Robert Ross, chief compliance officer at Sontag Advisory, said at the Schwab Impact conference in San Diego. “You have to assume they're coming soon.”

Trevor Hicks, director of technology at Wetherby Asset Management, gave the same admonition about getting caught flat-footed.

“You can't start preparing soon enough,” Mr. Hicks said.

The two advisers participated in a panel and media availability at the conference to highlight what Schwab says is a growing concern among advisers: regulatory scrutiny of cybersecurity.

“This is the No. 1 topic on advisers' minds,” said Michelle Thetford, vice president for adviser services, client strategic solutions for Charles Schwab & Co.

Mr. Hicks recommended that advisers look carefully at the SEC's 2014 cybersecurity initiative, which, along with a similar one the next year, provided guidance on how the agency would assess preparedness.