Cybersecurity has become a growing concern to investors, investment managers, service providers, regulators and the entire country as a whole. Recent large-scale information breaches have raised the awareness of the dangers of corporate cybersecurity and the immediate need of many to assess the quality of their controls currently in-place to protect the data they maintain. The Securities and Exchange Commission (“SEC”) has taken notice as well.
SEC’s Take on Cybersecurity
On January 9, 2014, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced in its 2014 Examination Priorities there will be increased focus on cybersecurity preparedness. On April 15, 2014, OCIE issued a National Exam Program Risk Alert on OCIE’s Cybersecurity Initiative. OCIE’s Risk Alert provided additional information concerning its initiative to assess cybersecurity preparedness and announced that they will be conducted examinations of more than 50 registered broker-dealers and registered investment advisors.
On January 13, 2015, OCIE announced again in its 2015 Examination Priorities they will continue its initiative to examine broker-dealers and investment advisers. Shortly following OCIE’s release of its 2015 Examination Priorities, OCIE issued another Risk Alert on February 3, 2015, providing a summary of its Cybersecurity Examination sweep of 57 broker-dealers and 49 investment advisers. The Examination identified that 83% of examined advisers have adopted written information securities policies. In addition, 79% of examined advisers conducted periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, the SEC noted that few of these firms apply these requirements to their vendors (32% of investment advisers). Most recently, in April 2015, the SEC’s Investment Management Division (“IM Division”) issued a Guidance Update. The Guidance Update highlights the importance of cybersecurity and discusses a number of measures that funds and advisers may wish to consider when addressing cybersecurity risk.
Proactive Cybersecurity Services
Salvatore Faia, President of Vigilant Compliance, LLC, a leader in compliance services to the investment management industry stated,
“Cybersecurity is going to remain a focus of the SEC in the foreseeable future. The SEC has given Mutual Funds and Investment Advisers a good road map of the issues they should be focusing on. Vigilant is performing SEC cybersecurity consulting and advising its Fund and Adviser clients to take definitive steps in response to the SEC’s recent guidance. Vigilant is currently establishing policies and procedures for Investment Advisers and Mutual Fund Boards to assist them in upholding their fiduciary duty to their clients and investors by adequately overseeing and addressing cybersecurity risks.”
Partnership with SSD Technology Partners
Vigilant is pleased to announce that it has partnered with SSD Technology Partners to provide a full service Cybersecurity Solution of testing and analysis for Boards and Advisers. SSD was founded in 1983 as Software Services of Delaware, Inc., and prides itself on its ability to do “everything IT.” From cybersecurity assessment, application integration, business continuity, or disaster recovery, SSD has the experience and resources to not only assess IT infrastructure, but mitigate the risks and implement additional controls in response cybersecurity testing and analysis.
Vigilant Compliance’s Cybersecurity Services
As part of its Cybersecurity Solution, Vigilant and SSD implement a thorough review and risk assessment process designed to make and prioritize recommendations to improve a business’s security. This includes internal and external threat assessments, recommendations for remediation and strategic planning. Risk assessments are conducted through a combination of automated testing, interviews and process reviews. All of the assessments are tailored to the size and needs of your organization. Results of the cybersecurity review and assessment are then compiled and reported back to Mutual Fund Boards and Senior Management of Investment Advisers. In addition, Clients are provided with a written information and security policy and incident response policy tailored to their business and IT infrastructure utilizing industry best practices.
Protect Yourself and Your Business
In summation, as set forth in several press releases over the past year and a half, the SEC is has identified many concerns relating to cybersecurity causing an ever-growing need for SEC cybersecurity consulting services. The majority of the SEC’s concern relates to cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and fund transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats. In order to address many of the concerns of the SEC, Investment Advisers and Mutual Fund Boards will need an expert with a cross disciplined expertise in both Compliance and IT.
A cybersecurity risk assessment is critical to keep you, your customers, and your business safe from threats. Contact one of our experts via phone or fill out a contact form today.