The new report also decodes proposed cybersecurity regulations financial advisors must comply with to better protect firm, clients.
GAINESVILLE and TAMPA, Fla. – April 4, 2023 – TradePMR has published a new white paper for Registered Investment Advisers (RIAs) which addresses a critical issue facing the industry: cybersecurity. The report titled, “Understanding Cybersecurity and Mitigating Risk,” discusses the history of cybersecurity regulations, components of an effective RIA cybersecurity program, and the potential impact proposed legislative changes could have on a firm’s cybersecurity responsibilities. The paper was written by industry veterans Joel Bruckenstein, president of Technology Tools for Today, John O'Connell, founder of The Oasis Group, and Brian Edelman, founder and CEO of FCI.
"Cybersecurity incidents can impact firms of all sizes, and can be catastrophic," said Bruckenstein. "RIAs need to take action now to protect their firms, and their clients. Bad actors are becoming increasingly sophisticated – advisors need to follow suit with an equally sophisticated cybersecurity program. We’ve set out to build a cybersecurity resource for RIAs to help ensure that they are protecting their firms and meeting their regulatory responsibilities."
The white paper identifies how different regulatory bodies have historically approached cybersecurity responsibilities for RIAs, including sample cases and related fines. The report also covers cybersecurity best practices, and steps RIAs can take to not only protect client information and assets, but to manage firm liability in the event of a cyber attack.
"Everyday advisors are laser focused on growing their businesses and serving their clients – they are not cybersecurity experts," said Scott Victoria, Chief Operating Officer at TradePMR. “New regulations are coming – regardless if the advisor is prepared or not. It is every RIA’s responsibility as business owners to understand, implement, and maintain a cybersecurity program designed to protect their firm, and their clients."
The SEC has proposed two new cybersecurity rules which could go into effect as early as summer 2023: Rule 206(4)-91 and Rule 206(4)-112 under the Advisers Act, which are intended to improve advisor’s preparedness and vendor management.
The report also highlights the value of a zero-trust cybersecurity program - one that considers software, users, endpoints, and networks to be threats until proven otherwise. This type of program can help to ensure that every point of contact for a RIA’s technology is reviewed and approved before any data is shared.
"Implementing a comprehensive, zero-trust cybersecurity program can make all the difference for RIAs," said O'Connell. "A cyber incident can instantly derail a RIA’s business, leaving them with regulatory headaches and a long road to rebuild client trust, not to mention a potentially massive financial impact. Zero trust programs are an important component in a RIA’s cybersecurity policies and can help to limit exposure and minimize risk of cyber attacks."
Alongside the white paper, TradePMR issued a worksheet which highlights common cybersecurity problems for RIAs. The worksheet also addresses how RIAs can satisfy compliance requirements and meet cybersecurity goals.
“A comprehensive cyber program isn’t just for the biggest RIAs in the industry – every firm needs protection,” continued Brian Edelman. “Without a holistic approach to cybersecurity, RIAs are putting their teams, their clients, and their businesses at risk. I recommend every RIA takes the time to dive into this white paper and worksheet to better understand their cybersecurity risks, responsibilities, and opportunities.”
To download the free white paper and cybersecurity worksheet, visit https://getthere.tradepmr.com/understanding-cybersecurity.
Bruckenstein, O’Connell, and Edelman will lead a cybersecurity panel at TradePMR’s SYNERGY23 conference, May 31 – June 2, 2023 in Tampa, Fla. RIAs interested in attending can learn more by visiting, synergy.tradepmr.com.
For more information on TradePMR, visit www.tradepmr.com.
For more than two decades, TradePMR has worked with growth-minded independent registered investment advisors (RIAs), providing innovative technology tools and support designed to transform their businesses. The privately-held brokerage and custodian services provider (Member FINRA/SIPC), based in Gainesville, Fla., works to streamline fee-only investment advisors' operations through comprehensive custodial, operational, and trading support. For more information, visit www.TradePMR.com.
Joel Bruckenstein, John O'Connell, Brian Edelman, Technology Tools for Today, The Oasis Group and FCI are not affiliated or associated with Trade-PMR, Inc. This information is not intended to be a recommendation. TradePMR makes no representations about any vendor and is providing this material as informational only. Any decision to utilize vendors services is done solely at the discretion of the user. Securities are offered through Trade-PMR, Inc.
1 Fact Sheet Cybersecurity Risk Management, Securities and Exchange Commission. Published April 28, 2022.
2 Fact Sheet Outsourcing by Investment Advisors, Securities and Exchange Commission. Published November 22, 2022.