By Telly Valerie Onu, Contributor, Co-Editor
RIA Review
It is often difficult for advisors to interpret
regulatory changes. We strive to present rich and timely insights to RIAs and
Broker-Dealers. This article is the second part of series on Cyber Protection, Compliance, and RegTech.
RIA’s WITH A STRONG COMPLIANCE CULTURES LOWER CYBER RISKS
As we noted in Part 1 of our article series,
RIAs can experience significant costs if/when firms are complacent with
addressing cyber vulnerabilities and risks for their practices. In this second article, we will look at
the linkage between compliance and cybersecurity as a continuation of our
previous article on the subject.
It takes a team effort! More firms are starting to get the memo on Cybersecurity. The Financial Industry Regulatory Authority (FINRA) noted that firms have generally increased their focus on cybersecurity issues. However, according to the most recent FINRA examination report (December 2017), FINRA highlighted key areas in a firm’s cybersecurity programs which they observed were still deficient.
These include:
Governance & Risk Assessment,
Access Management--controlling system access,
Data Loss prevention,
Branch Office reviews of protocols,
Segregation of duties - delegation of tasks.
It takes a team effort! More firms are starting to get the memo on Cybersecurity. The Financial Industry Regulatory Authority (FINRA) noted that firms have generally increased their focus on cybersecurity issues. However, according to the most recent FINRA examination report (December 2017), FINRA highlighted key areas in a firm’s cybersecurity programs which they observed were still deficient.
These include:
Governance & Risk Assessment,
Access Management--controlling system access,
Data Loss prevention,
Branch Office reviews of protocols,
Segregation of duties - delegation of tasks.
Furthermore, as much as threats maybe more frequent and
sophisticated, it is not surprising that the underlying challenge with
mitigating risks is linked to weak Governance & Risk Assessment frameworks.
The fact remains is that many firms are not putting the necessary policies,
processes and relevant control measures in place. According to a recent study by Dalbar/ThinkAdvisor, “The
State of Authentication in Financial Services,” the
research revealed that 74% of firms have the same practices they’ve had for the
past five years, and only a “paltry” 4% are planning to adopt new practices.
You see advisors generally believe that client assets are safe thanks to the
diversification of their investments, but they forget that it's not only the
assets are being diversified but the third party institutions in their network.
RIAs with broker-dealers and other client asset holding institutions such as
investment firms, insurance companies and record-keepers should be very concerned
about Cybersecurity measures.
As Cory Roberson from RIA REVIEW points out,
the bottom-line is that advisors are going to be called to account if something
goes wrong. Overcoming this challenge all comes down to having an effective compliance program in place. The key thing is not leaving Cybersecurity only up
to the tech guys to deal with as many can be unfamiliar of the context for your regulatory agency's specific cybersecurity protocols. SEC/FINRA cybersecurity provisions are different than general IT compliance that many tech people study. RIAs should take ownership of cybersecurity through polices and procedures review just as you would take ownership of any other compliance requirement.
Keeping laser-focus on implementing
Cybersecurity focused policies, procedures, incident response plans, and
business continuity planning on top of all the other compliance requirements
can be time consuming and sometimes burdensome for any RIA.
By making Cybersecurity an intrinsic part of corporate culture and compliance requirements, this will not only
serve to reduce costs, but also make your firm better prepared for auditors. To this
end, advisors should conduct regular internal cybersecurity risk assessments,
document responses to any identified threats, and engage in regular robust
training.
Following the Cybersecurity Incident plan,
one must have a Disaster Recovery Plan in the event of an attack. Secured and encrypted document storage is also an important element to document firm operations and store client specific files as needed.
As this demands a high level of organization
and automation, one way of simplifying the compliance management process is
through RegTech using compliance software to streamline a number of
key tasks. While there are other compliance software options available, the
challenge with many off the shelf or cloud based compliance management software
products is that many do not consider the underlying business processes which
tend to be unique to each RIA or Broker-dealer practice. Firms must go beyond the "one-size fits all" approach.
When it comes to selecting the right compliance software, one
needs to evaluate options for their ability to design and develop a compliance
program in accordance to each firms processes, workflows and regulatory
needs. One big drawback with having this level of customization, is the costs
and resources needed to make the solution work and most RIA’s do not have
internal IT support with the capability to customize the software installation.
The second major drawback is that some RIA compliance solutions are not
necessarily built with the tacit knowledge of investment adviser rules and
regulations. Some solutions may inadvertently blend SEC or State compliance statues with other regulatory bodies, such as FINRA. This approach doesn't necessary work as well for the RIA only model as it can create a burden on the practice to manually segment the regulatory divergences the software has failed to capture.
One such solution that takes away these pain points for RIAs is
RIA Review, a documentation-based solution to help boutique investment advisors
to maintain an internal compliance program leveraging their ability to tailor
processes. RIA Review is a product of Roberson Venture Group, Inc. Our consulting arm, RIA Consults - Roberson Consults Group, has
served more than 160 SEC & State Registrants in both the US and United
Kingdom, and designed with regulatory knowledge insights removing friction for
RIA firms.
The key benefits of the software include but not limited the
following;
- Cloud-based compliance directory
to store required books/records;
- Review
Center to schedule review of firm policies/procedures;
- Forms/Agreements
to update documentation;
- News
and Updates to customize compliance calendar;
- Annual review required for
some firms.
RIA’s now have the benefit of a one-stop-shop solution to
streamline compliance requirements, reduce the time it takes to prepare
for an audit and most importantly, minimize the impact and cost of some data
breaches through adopting a solid compliance program.
As RIA’s look toward the future—a continual mandate in the
industry—they ought to consider adopting compliance practices which better
align with cybersecurity plans and mitigation initiatives. To succeed in
rallying workforces around compliance and cybersecurity it might go a long way
if change occurs at the very heart of organization—to the holistic culture that
defines them.
Our Mission: “Serving the Investment Community to Make a Social Impact”
Telly Valerie Onu is a Contributor and Co-Editor of RIA Review, a compliance and document management portal (www.riareview.com) - 120+ users and growing. An experienced Digital economist, global strategist, management & development consultant and financial innovator with a focus on Fintech, InsureTech, Wealthtech, a seasoned Blockchain Enterprise Architect, she is a Member of the working group on the Eastern Caribbean Currency Union (ECCU) Payment System and Financial Innovation. She is the founder of Osusulabs, a backend as a service digital financial infrastructure for Financial Institutions, and Businesses. (www.osusutechnologies.com), She is the founder and CEO of QGlobal, a boutique global strategy, venture development and advisory firm, she is also the co-founder and Governance partner of Beyond Capital Markets (www.beyondcapitalmarkets.com) a Global alternative impact investment platform and crypto asset exchange. Graduated from Ecole Polytechnique Federale de Lausanne in Switzerland specializing in Masters in E-Governance (advanced studies in networked governance) and is currently a Fellow at the Frankfurt School of Management and Finance specializing in Climate Adaptation Finance.
Telly Onu is the Co-Author of The InsurTECH Book: The Insurance Technology Handbook for Investors, Entrepreneurs, and Fintech Visionaries published by Wley.
An innovator at heart, she has the passion for enabling emerging market ecosystems through innovative venture development programs through her foundation Innovatethenext, (www.innovatethenext.org) based in St. Kitts and Nevis, in the West Indies.
No comments:
Post a Comment