Though we’ve known ever since the SEC released its exam priorities for 2018 that cybersecurity would continue, as in years past, to be a priority, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) recently announced a plan for a new cybersecurity sweep.
Of course, if your firm has been taking proper precautions around the issue of cybersecurity, you should have little to worry about. However, there are many firms who still adopt cyber policies but do not following them or still struggle to understand the precautions that need to be taken to mitigate against cyber risks.
What makes this initiative different from years past is the ever-increasing growth of robo-advisers, particularly in Silicon Valley. In addition, we are seeing tremendous popularity with virtual currencies (including cryptocurrencies). More and more, investment transactions are taking place involving such currencies, and as the use of such currencies rise, so too does the potential for fraud. For instance, in 2017 we saw a huge number of cryptocurrency frauds take place in the UK, in Japan, and in the U.S.
Cybersecurity Is More Important Than Ever in the Modern Digital Landscape
The modern digital landscape makes cybersecurity a more important concern than ever before. Many processes that were once exclusively completed using analog methods are now handled digitally. For instance, many firms employ an IT vendor to streamline its business processes through the use of services like Google Drive and Dropbox to store client information, which is something many firms would not have done even 10 years ago.
With the proliferation of new cybercrimes last year and the subsequent damage to large corporations and small businesses alike, it is no wonder cybersecurity is a regulatory focus. Combined with the passage and implementation of legislation to protect consumer data, including the recent implementation of GDPR (General Data Protection Regulation), it’s more important than ever that your firm take cyber threats seriously and put into place policies and procedures to protect both client information and to maintain compliance.
Proper Cybersecurity Requires a Range of Risk Management Precautions
The stark reality of the modern digital landscape is that cyber-attacks are inevitable and cannot be completely prevented by even the most diligent firms. As such, your firm needs to employ a range of risk management precautions to ensure your client’s data (and investments) are protected (and that you remain in compliance).
When a firm maintains a remote office or merges with a new firm, data is put at risk. Beyond simple hackers or identity thieves, cyber criminals can include malicious employees and dishonest vendors or contractors. As part of the National Examination Program’s initiatives, OCIE wants to ensure that your firm is taking all necessary precautions to ensure policies and procedures are in place to mitigate both internal risk and external risk. When even the SEC itself is taking public steps to reveal how it collects and protects data, firms should understand that this is nothing to be taken lightly or put on the backburner.
Is your firm prepared for a cyber-attack? Contact us for more information or Legal Considerations for Your Cybersecurity Program to learn more about the steps your firm should be taking to maintain compliance.