On August 12, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert, warning investment advisors and broker-dealers of the continued challenges to protect investors from COVID-19 related risks.[1] Given the ongoing challenges related to the global pandemic, OCIE felt it was necessary to share its observations and recommendations with the public. The Risk Alert identifies six broad categories of challenges: (1) protection of investors’ assets; (2) supervision of personnel; (3) practices related to fees, expenses, and financial transactions; (4) investment fraud; (5) business continuity; and (6) protection of investor and other sensitive information.

The new team, housed within the exam unit, “will proactively engage with financial firms about emerging threats and current market events."

Staff admits that mistakes they have made at work have had cybersecurity repercussions themselves or their company.

Attempts to penetrate financial institution networks through phishing and ransomware are on the rise.

The Securities and Exchange Commission’s exam division is warning advisors and broker-dealers to immediately review their cybersecurity controls, as phishing and ransomware attacks are on the rise. In a just-released risk alert, the agency’s Office of Compliance Inspections and Examinations warns that while recent reports indicate that one or more threat actors have used phishing and ransomware measures to penetrate financial institution networks, OCIE “has observed ransomware attacks impacting service providers to registrants.”

State securities regulators have proposed a sweeping new model law that would require state investment advisors and reps to bring their policies, procedures and disclosures up to Securities and Exchange Commission standards.

The rules would require each RIA policy and procedure to be customized to each state’s advisor requirements, with a code of ethics that aligns closely with SEC rules, to “enhance investment advisers’ abilities to fulfill their fiduciary duties to clients,” the North American Association of Securities Administrators (NASAA) said in its new proposal.

The number of data breaches is skyrocketing. In the first half of 2019 alone, there were 3,800 publicly disclosed record breaches, 4.1 billion personal records exposed and an increase of 54% in the number of reported breaches versus the first six months of 2018. Although all industries have been affected, the volume of sensitive data and information that the financial industry stores makes them a prime target for hackers. For example, one of the most high-profile data breaches of 2019 was with Capital One, resulting in 106 million records being accessed by a hacker. Financial advisors and firms need to be aware of cybersecurity risks, and need to be prepared with a strategy to prepare for these attacks.

An uptick of investment adviser cybersecurity exam deficiencies has fueled concerns among U.S. state financial regulators, in the annual report of the North American Securities Administrators Association (NASAA).

Federal and state regulators are increasing their focus on cybersecurity protocols.

IF THERE WAS EVER AN industry that's required to protect data, it's financial services.

Companies around the world quickly transitioned into remote work after coronavirus started spreading. Thanks to advanced technology, it’s possible to work from home and connect with colleagues. However, the use of technology comes with its set of challenges, especially in cybersecurity. For companies that adjusted suddenly without formal planning, performing thorough risk assessments, and identifying risk management techniques is now more critical than ever. By understanding the security risks associated with remote work, you can choose to either avoid, mitigate, transfer, or accept the risks.