NASAA’s annual report on state-registered investment advisers notes an uptick in deficiencies related to cybersecurity.
The North American Securities Administrators Association (NASAA) has released its annual report concerning the oversight of more than 17,000 state-registered investment advisers by state securities regulators. Although overall deficiencies fell for this reporting period, coordinated examinations of state-registered advisers in 41 U.S. jurisdictions between January and June 2019 uncovered deficiencies relating to cybersecurity in more than 26 percent of the exams, up from 23 percent during the last series of coordinated exams in 2017, according to the report.
Deficiencies. Of the deficiencies found in the 1,078 coordinated state examinations conducted in 2019, books and records continued to be the most problematic compliance area for state-registered investment advisers, accounting deficiencies in 59 percent of the examinations. This category was followed by registration (49 percent of examinations), contracts (44 percent), cybersecurity (26 percent), and fee-related matters (21 percent). State securities examiners collect this sample data every two years and report it voluntarily to NASAA’s Investment Adviser Operations Project Group.
The top five cybersecurity-related deficiencies included: (1) no testing of cybersecurity vulnerability; (2) lack of procedures regarding securing or limiting access to devices; (3) lack of procedures related to Internet connectivity; (4) weak or infrequently changed passwords; and (5) no or inadequate cybersecurity insurance.
Best practices. Based on the 2019 sample data, NASAA recommends the following "Best Practices" as a guide to assist investment advisers in developing compliance practices and procedures:
- Review and revise Form ADV and disclosure brochure annually to reflect current and accurate information.
- Review and update all contracts.
- Prepare, maintain, and protect all required records, including financial records. Document checks forwarded.
- Prepare and maintain client profiles or other client suitability information.
- Prepare a written compliance and supervisory procedures manual relevant to the type of business to include a business continuity plan and information security policies and procedures.
- Keep accurate and current financials and file timely with the jurisdiction. Maintain a surety bond, if required.
- Calculate and document fees correctly in accordance with contracts and ADV.
- Review all advertisements, including website and performance advertising, for accuracy.
- Implement appropriate custody safeguards, especially for direct fee deduction.
- Review solicitor agreements, disclosure, and delivery procedures.
MainStory: TopStory CyberPrivacyFeed PolicyIndustryPractices Enforcement InvestmentAdvisers NASAANews NewsFeed
Interested in submitting an article?
Submit your information to us today!Learn More
Securities Regulation Law Daily: Breaking legal news at your fingertips
Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on securities regulation legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.