The investment industry and its regulators are often working at cross purposes, but that can’t be the case when it comes to online security, suggests the head of the North American Securities Administrators Association (NASAA).
Speaking at the group’s cybersecurity conference in Washington, D.C. on Tuesday, NASAA president (and head of the New Jersey Bureau of Securities) Christopher Gerold said that security — for both the industry generally and for the growing financial technology (fintech) sector — are top priorities for securities regulators.
“Cyber attacks show no sign of letting up and regulators, industry and investors all must be vigilant, proactive, and steadfast in our defense against these threats,” he said.
“The reputational damage and loss of client trust that often follows a data breach can be devastating to the bottom line of any business, especially small businesses.”
Earlier this year, NASAA adopted a model rule for data security, which requires state-regulated U.S. investment advisers to adopt policies and procedures on information security, Gerold said, and to provide their privacy policy to clients annually.
The model rule can now be implemented in individual states via regulation.
At the same time, security is a top concern for the emerging fintech sector, he said. In a recent NASAA investor survey, 63% of respondents said data security is their top priority when deciding whether to use technology for banking and investments.
“With a strong and united effort from regulators and industry, we can make a real difference in providing a regulatory framework that enables new technologies to flourish while providing investors with the protections they deserve,” he said.