Adviser Domain – New Risk Alert Issued From SEC Includes Cybersecurity

Garrett Baldwin Reviews This Week's Cybersecurity Focus


Dear Reader,

It’s a busy, yet short week for advisers. So, I wanted to provide a brief recap on some of the stories we’ve focused on this year at Adviser Domain. But first – an important update from the SEC.

Last week, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a new risk alert for advisers. Under its latest rule, registered investment advisers must have written polices and procedures “reasonably designed to prevent violation of the Advisers Act by the adviser and its supervised persons.”

Advisers must review policies at least once a year to determine their effectiveness. The rule also requires that advisers designate a chief compliance officer (CCO) to administer these new or existing compliance policies or procedures.

The SEC highlights a few weaknesses and deficiencies that its staff recognized in connection with this rule.

And wouldn’t you know it… cybersecurity falls under the annual review deficiencies. The OCIE said that its team observed advisers who failed to demonstrate evidence of annual reviews, failed to properly identify risks, and failed to provide a review of “significant aspects of adviser’s business.”

The OCIE writes: “Advisers that failed to review significant areas of their business, such as policies and procedures surrounding the oversight and review of cybersecurity and the calculation of fees and allocation of expenses.”

Though there is only a brief mention of cybersecurity in this adviser note – remember that it was still chosen to be a part of this note. It was only three weeks ago that SEC Chairman Jay Clayton warned that cybersecurity threats are present “now more than ever.”

Recapping The Month

In case you missed it, we covered a few critical stories this month.

First, the Financial Planning Association announced a new Certificate Program to help advisers protect client data and comply with recent SEC and FINRA cybersecurity standards. I also highlighted a few comments from the Schwab IMPACT 2020 Conference in October. Cybersecurity expert John Sileo, who lost his fortune to cybercrime, outlined the threats that cybercriminals pose to financial advisers.

Next, we defined Zero Trust in an era of increasing uncertainty. We build on the success an article by Jason Lish, CISO of Advisor Group, and Sid Yenamandra, CEO of Entreda, in ThinkAdvisor. They argued that zero trust is more important than ever. But we wanted to dive deeper to explain what zero trust means today… and what it will mean in the future.

Finally, with COVID outbreaks continuing to surge around the nation and the “Work from Home” trend accelerating, we highlight the new reality for advisers.

The “Adviser Anywhere” trend is here to stay. But OS33 revealed in a new survey that few advisers are taking enough steps to prevent malware and phishing attacks. Be sure to recap the challenges facing advisers right now.  

I’ll be back with more insight next week. Enjoy your Thanksgiving,