A series of more than 1,200 co-ordinated examinations of state-registered investment advisors by state securities examiners uncovered nearly 700 deficiencies involving cybersecurity, the North American Securities Administrators Association (NASAA) announced Sunday at its annual conference in Seattle.
The reviews, which covered firms in 37 states, were carried out between January and June of this year.
The top five deficiencies that were uncovered in these reviews included:
- no or inadequate cybersecurity insurance,
- no testing of cybersecurity vulnerability,
- lack of procedures regarding securing or limiting access to devices,
- no technology specialist or consultant, and
- a lack of procedures regarding hardware and software updates or upgrades.
“Cybersecurity is a growing challenge and no investment adviser of any size can afford the loss in client trust — much less financial losses — that will result from a serious cybersecurity failure,” says Mike Rothman, president of NASAA and Minnesota’s commissioner of commerce, in a statement.
Rothman also announced the publication of NASAA’s new cybersecurity checklist to help firms evaluate their preparedness.
Overall, the examinations of state-registered investment advisers found 7,907 deficiencies in 25 compliance areas, which is up from just under 5,000 deficiencies in 2015, NASAA reports.
The increase in deficiencies was largely due to the addition of three new compliance areas, including cybersecurity. Books and records remains the top source of deficiencies (2,625), followed by registration (1,165 deficiencies), contracts (921 deficiencies), and cybersecurity.
“Training and technology have combined to enable state examiners to conduct more examinations and better detect deficiencies,” adds Andrea Seidt, chairwoman of NASAA’s investment adviser section and Ohio Securities Commissioner.
State securities regulators have jurisdiction over investment advisers with assets under management of US$100 million or less.
Photo copyright: beebright/123RF