On April 21, 2021, the North American Securities Administrators Association (NASAA) published a report that reminds state-registered investment advisers of their obligation to guard against cyber-threats. The NASAA 2021 Investment Adviser Section Annual Report emphasizes the importance of cybersecurity, especially in light of the pandemic.
Because of the pandemic, many Registered Investment Advisers (RIAs) and their advisory personnel are working remotely. This has led to an increase in the use of electronic communications, both internally and externally. Furthermore, more advisory firm personnel are accessing networks and communicating with clients using their private devices. They may also be printing sensitive documents from remote locations and emailing them for remote client meetings. NASAA’s report suggested that RIAs may need to provide additional training to deal with pandemic-related issues, such as authentication of trade instructions transmitted via email.
NASAA urged RIAs to assess whether their cybersecurity plan addresses the risks and vulnerabilities that go hand-in-hand with personnel working remotely. This assessment should occur annually.
To assist with this evaluation, RIAs can use NASAA’s Cybersecurity Checklist, which was issued by NASAA and the Cybersecurity and Technology Project Group. The Cybersecurity Checklist is divided into the following sections:
- Identify: Risk Assessments & Management
- Protect: Use of Electronic Mail
- Protect: Devices
- Protect: Use of Cloud Services
- Protect: Use of Firm Websites
- Protect: Custodians & Other Third-Party Vendors
- Protect: Encryption
- Detect: Anti-Virus Protection and Firewalls
- Respond: Responding to a Cyber Event
- Recover: Cyber-insurance
- Recover: Disaster Recovery
The checklist is available HERE.
The NASAA 2021 Investment Adviser Section Annual Report provides a wealth of other valuable information. It contains an updated snapshot of the RIA population in the United States, an updated profile of the average state-registered investment adviser, and a summary of the section’s work during the past year. One of the section’s accomplishments was the approval of a Model Rule for Investment Adviser Written Policies and Procedures.
The Model Rule, if enacted in a state, will require RIAs to establish, maintain, and enforce policies and procedures that address compliance, supervision, proxy voting, physical and cyber security, a code of ethics, handling of material non-public information, and business continuity and succession plans. In addition, an annual review of the firm’s policies and procedures will be required, as will the appointment of a chief compliance officer.
NASAA’s report can be found HERE.
About RIA Compliance Group: RIA Compliance Group is an investment adviser compliance consulting firm based in Delray Beach, Florida. The firm’s mission is to provide affordable, timely, practical, and cost-effective compliance advice. We help investment advisers to comply with the myriad of state and SEC regulations and compliance obligations facing their firms. RIA Compliance Group takes pride in giving personal service and real world compliance advice, not theoretical concepts and legalese. The firm interacts on a daily basis with SEC and state securities regulators.