By Arthur D. Postal
WASHINGTON – A majority of broker/dealers and advisors told a federal agency that they have experienced cyber-attacks directly or through one or more of their vendors. More than half of the broker/dealer firms, but only 21 percent of the investment advisors reported that they maintain insurance to cover losses and expenses related to cybersecurity incidents.
In light of this, the Securities and Exchange Commission (SEC) plans to continue its targeted examination of the cybersecurity processes of registered investment advisors this year, an agency official said at a recent conference.
Jane Jarcho, national associate director of investment advisor and investment company exams at the SEC's Office of Compliance Inspections and Examinations (OCIE), said at a recent conference that cybersecurity and retirement issues sit at the top of her division's priority list as examiners survey the advisor and broker markets.
Laura L. Grossman, assistant general counsel of the Investment Adviser Association, said the exams will be a continuation of a program aimed at monitoring how the investment advisor industry addresses the legal, regulatory and compliance issues associated with cybersecurity.
More than 100 investment advisors and broker/dealers were examined last year, but targeted and shorter examinations will be conducted this year, according to Grossman.
Specifically, Grossman said, 49 investment advisor firms and 57 broker/dealer firms were examined in the first round.
OCIE’s National Examination Priorities list said that for 2015, OCIE will continue these examination efforts and will include transfer agents.
Grossman said the second phase will consist of approximately one-day exams beginning this summer or fall, targeting specific areas. Those subject to the exams are likely to be different from the ones targeted last year.
Last month, the SEC issued a risk alert based on the exams, which addressed cybersecurity at brokerage and advisory firms.
The risk alert contains observations based on examinations of more than 100 broker/dealers and investment advisors.
According to the alert, most of the examined firms said that they have been the subject of a cyber-related incident. A majority of the broker/dealers (88 percent) and the advisors (74 percent) stated that they have experienced cyber-attacks directly or through one or more of their vendors.
Grossman said this year’s examinations will focus on oversight of third parties and other vendors, as well as authentication procedures. These will include access provided when employees log in, as well as firewalls, incident response forms, and two or three other areas.
The advisor examinations are part of a broad initiative to have government, companies and individuals focus on cyber security.
The Federal Insurance Office (FIO) is apparently developing underwriting aimed at persuading insurers to offer insurance as a means of serving as a deterrent to cyberattacks.
One report said that the FIO is also looking at cyber coverage or insurance as a risk mitigation solution for cyber hacking crime. This could include a claims database that would help insurance underwriters better develop and price policies for potential risks, according to the report.
The February report by OCIE mentioned this issue. The SEC Risk Alert said that one finding of the report was that more than half of the broker/dealer firms, but only 21 percent of the investment advisors examined, maintain insurance to cover losses and expenses related to cybersecurity incidents.
InsuranceNewsNet Washington Bureau Chief Arthur D. Postal has covered regulatory and legislative issues for more than 30 years. He can be reached at [email protected].
© Entire contents copyright 2015 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.