No financial adviser can afford the reputational damage or loss of client confidence that can result from a serious cybersecurity failure. And no investor deserves to have his or her private data compromised.
As more and more of investors' financial lives migrates online, data security has become top-of-mind for independent financial services firms, independent advisers, regulators and legislators alike. Significant data breaches — relatively rare until recent years — now seem to crop up every few months, with potentially disastrous results for both businesses and their customers.
Working in an industry based on trust, no financial adviser can afford the reputational damage or loss of client confidence that can result from a serious cybersecurity failure. And no investor deserves to have his or her private data compromised.
With more than 100 firm members and more than 37,000 adviser members, FSI is in a unique position to help our industry — and the regulators who oversee it — address this crucial business challenge. In June, we will be kicking off our first FSI Cybersecurity Awareness Month, which will feature a series of webinars hosted by technology thought leaders in the independent financial services industry, as well as the release of cybersecurity white papers from some of our sponsors.
CYBERSECURITY TASK FORCE
In addition, FSI's Cybersecurity Task Force recently convened its first meeting to study the information security challenges confronting independent firms and advisers, and to facilitate discussion among our members on how to tackle this issue.
The task force comprises information technology, operations and compliance professionals from across our membership, as well as third-party experts from our clearing firm, law firm and product provider partners, and will be particularly focused on the needs of small and midsize firms. The task force's expertise and insight will be a tremendous benefit to these firms, which face the same strategic and regulatory imperatives to provide robust data protection for their clients, but frequently operate with more constrained resources.
In order to assist the task force in identifying the areas of greatest need and interest for our member firms and to identify effective data protection practices and solutions, we recently conducted a thorough cybersecurity survey, incorporating detailed questions across six core segments of technology and data security. This survey and other sources of member feedback will help to ensure that the task force is focused on the questions and concerns that can make the greatest positive impact for independent firms and advisers across the country.
With all of FSI's efforts on the topic of cybersecurity, we are pleased to not only help our members respond to a vital business issue, but to assist federal and state regulators in their efforts to improve data security standards for investors, as well.
FINRA FRAMEWORK
In its guidance to independent broker-dealers and other firms in February of this year, the Financial Industry Regulatory Authority Inc. presented a thorough framework of effective cybersecurity principles and practices that firms should look to implement in crucial areas, including governance and risk management, risk assessment, technical controls, incident response planning, vendor management, information sharing and others. Finra sensibly left the specific steps for implementing its recommendations up to the discretion of each firm, since companies' overall risk profile, areas of strength and weakness and available resources vary considerably.
Just as we have played a key role for years in facilitating discussions among our members on questions ranging from how to establish effective compliance and supervisory functions to what to look for in choosing key technology systems, we look forward to acting as a key resource for them in the years ahead, as they explore options for translating guidance from Finra, the Securities and Exchange Commission and state regulators on improving cybersecurity protections into concrete action. We hope to begin a direct dialogue between the task force and federal and state regulators on these issues as well.
Importantly, FSI's Cybersecurity Task Force will also consult closely with our Financial Advisor Council to understand and address the unique cybersecurity needs of individual independent advisers. These hardworking entrepreneurs manage their own stand-alone businesses, each of which comes with its own considerations for remote access, device management, employee credentialing and many more.
SUPPLEMENTING TECHNOLOGY
Although independent firms work very hard to supply the right solutions to their advisers, some advisers will always need to supplement these technology platforms with additional solutions to fit their particular business models.
By establishing strong connections between our Financial Advisor Council and the Cybersecurity Task Force, FSI will be working to ensure that guidance from the SEC, Finra and state regulators on this critical issue filters all the way to the individual adviser level, helping to protect Main Street investors throughout the country, whether their adviser affiliates with the largest national independent firm or a more personalized, smaller firm.
As several high-profile data breaches have shown us in recent years, no company in the digital era can afford to be complacent when it comes to cybersecurity. With our multifaceted approach to facilitating conversations and information sharing among the independent financial services community, while at the same time maintaining a constructive dialogue with federal and state regulators and legislators, FSI looks forward to playing a key role in helping our industry meet this challenge effectively in the years ahead.
Dale Brown is president and chief executive of the Financial Services Institute Inc.
