Registered Investment Adviser firms (RIAs) should be checking on the adequacy and reasonableness of their procedures to maintain confidential client information and to prevent a cybersecurity attack. The SEC is reportedly targeting advisers who have inadequate procedures to prevent hacking.
Andrew Ceresney, the SEC’s Enforcement chief, is reported as asserting that there will be more cases against advisers over cybersecurity issues. The SEC brought a surprisingly large enforcement action against a RIA firm earlier this year, fining the firm $75,000 over deficient policies and procedures in this area, after the firm suffered a hacking attack. Despite no report of any customer harm as a result of the breach, the SEC imposed a hefty fine to settle the matter.
We believe that RIA firms, as well as broker-dealer firms too, should assess their internal policies and procedures relating to cybersecurity threats, and work to ensure that the firm can protect confidential client information. We expect to see an increased focus on cybersecurity issues by the SEC, FINRA, and state regulators as well.