Fourteen years ago, when thousands of financial and client records were destroyed in the 9/11 attacks on The World Trade Center, the big worry for the financial services industry was how to safely maintain and back up all of the paper copies of their books and records required to be maintained by the rules and regulations under which they operate. In 2015 maintaining required books and records and backups in hard copy format is becoming almost unheard of.
One would think that the digital age would make record keeping easier, cheaper, efficient and safer to maintain all of the records required to be maintained by the Securities and Exchange Commission (“SEC”), the Financial Industry Regulatory Authority (“FINRA”) and all of the state regulatory bodies’ rules and regulations. Typically this is the case. However, one big issues most small investment advisers fail to take into consideration is the safekeeping of all of the electronic records, both those maintained locally and backed up offsite; records that contain confidential, non-public information regarding their clients and the Adviser itself. Theft of these records could cause financial ruin for both the Adviser and its clients.
In a recent blog post we discussed an SEC action against a registered investment adviser for failing to have reasonable policies and procedures in place to protect sensitive client information. Due to the lack of procedures there was an intrusion into the adviser’s network, which left all of its clients’ personal, non-public information vulnerable to theft. Over the past few years these types of intrusions have become quite prevalent. So much so that President Obama has designated October as National Cyber Security Awareness Month. You can find out more about National Cyber Security Month on the U.S. Department of Homeland Security’s website.
One final note; having a cybersecurity policy is only a good start to protecting your and your clients’ personal and confidential information. Designing a cybersecurity policy that provides safeguards that your adviser or broker-dealer will realistically be able to implement AND enforce is the only way to truly keep your electronic data safe.
If you have any questions or need help with your cybersecurity policy, please contact us. Red Oak stands ready to help you.
About Red Oak Compliance Solutions
Red Oak Compliance Solutions is a leading provider of intelligent compliance software, offering a range of AI-powered solutions designed to help firms of all sizes successfully navigate the increasingly complex regulatory landscape. Our suite of 17(a)-4/WORM compliant features offer risk minimization, cost reduction, and process optimization capabilities with features that are designed to evolve with our client’s needs. Our flagship advertising review software enables firms to deliver compliant content to the market with confidence, faster. Our Disclosure Management and Intelligence solution simplifies the management of disclosures, while our Registration Management solution automates and streamlines the licensing and registration process, further enhancing your internal processes.