September 4, 2020
Are your firm’s electronic records secure by SEC standards?
In recent years, the United States Securities and Exchange Commission has heightened its emphasis on cybersecurity requirements for firms. Routine examinations now often involve in-depth requests for information on firms’ cyber and data security practices, which are areas of evolving risk for all market participants.
Most investment advisers and broker-dealers use a cloud-based platform for storage of electronic client and business records. This essential business service can create possible compliance gaps and cybersecurity issues if poorly administered or through misuse of security features.
During routine examinations of investment advisers, the SEC identified several potential risk factors and common compliance errors among firms related to electronic records storage and cloud-based servers.
KEY RISK FACTORS
WHAT DOES THIS MEAN FOR ME?
To strengthen data storage security, it is recommended that your firm conduct ongoing review of storage solutions, adopt guidelines for properly configuring these systems, and implement comprehensive vendor management policies and procedures.
Any area of your firm’s recordkeeping left unsecured can lead to possible deficiencies during examinations or, more importantly, put your client and firm’s data at risk of being exploited by cybercriminals. If you are concerned about your firm’s data security or need assistance drafting and adopting a comprehensive data security plan, Fairview can help. Contact us today for more information about what we can do for your firm.