The SEC has issued strict guidelines for financial firms to guard against cyber-attack.
As the Securities and Exchange Commission tries to keep up with the changing and increasing use of the internet for financial purposes, a new concern has cropped up.
Now the SEC has to worry about cyber security.
The SEC hosted a roundtable on March 26. 2014 to address its concerns about the transmission of financial information on a service such as the internet which has continuing problems with security.
“Cybersecurity threats come from many sources: criminal and hired hackers, terrorists, state-sponsored intruders, and even misguided computer experts to see what they are able to penetrate, said SEC chairman Mary Jo White in her opening statements. “Cyber threats also pose non-discriminating risks across our economy to all of our critical infrastructures, our financial markets, banks, intellectual property, and, as recent events have emphasized, the private data of the American consumer.”
The concern among investors is great.
In Spectrem’s Millionaire Corner study Use of Mobile Technology, Tablets, Online Tools and Social Media, 71 percent of Millionaires with a net worth between $1 million and $5 million said they worry about the security of their financial information when used on internet social media sites. Fifty-two percent said they worry that a disaster, a hacker or a terrorist threat could destroy all of their financial information.
The SEC has ramped up interest in cyber security but really began taking the subject seriously in December of 2011 when its Division of Corporate Finance issued guidance to public companies on how to disclose the effects of cyber-risk. The SEC also has a proposed rule requiring certain types of financial firms to run scheduled tests of its automated systems for vulnerabilities, and conduct tests of its disaster recovery plans in the wake of a potential cyber-attack.
The SEC now requires registered investment advisors and broker-dealers to put in data protection and identity theft protection programs, in some cases serving as an extension of existing rules regarding customer data protection.
Upcoming plans include an official SEC examination of the cyber defenses of 50 Wall Street broker-dealers and investment advisors to make certain they are prepared in anticipation of a cyber-attack. The SEC Office of Compliance Inspections and Examinations is in charge of the inspections and will check, among other things, the remote access to web-based material that exists for company officials as well as clients.
The SEC has in place regulations that require but do not demand that Wall Street firms contact the SEC in case of any suspected or realized cyber-attacks.
The guidelines issued by the SEC cover three areas which financial advisors and brokers are asked to be diligent and wary: preparation, reaction speed and monitoring.
Preparation means determining what information is available on their internet access ports and what of that information must be protected. Reaction speed notes that advisor firms must be prepared to react swiftly to any attack in order to limit the financial damage that might be done form such an event. Monitoring is required because the world of cyber-attacks changes almost daily, and firms are requested to have staff or hired consultants who can stay on top of and respond to the changing nature of cyber terrorism.
The “S” in SEC stands for security, and as much as the commission seems to be more about holding back investment firms from accomplishing their tasks, the safety of the American financial system is its primary function. Cyber-risk is one of the greatest problems facing the SEC today, and everyone is on guard.
“As an SEC commissioner, I have become particularly concerned about the risks that cyber-attacks pose to public companies, and to the capital markets and its critical participants, including the exchanges, clearing agencies, transfer agents, broker-dealers, and investment advisers," said SEC commissioner Luis A. Aguilar at the conclusion of the SEC roundtable. "Cyberattacks aimed at these market participants can have devastating effects on our economy, on individual consumers, and on the markets and investors that the SEC was created to safeguard."
Kent McDill is a staff writer for Millionaire Corner. McDill spent 30 years as a sports writer, working for United Press International and the Daily Herald of Arlington Heights, Ill. From 1988-1999, he covered the Chicago Bulls for the Daily Herald, traveling with them every day through the nine-month season. He also covered the Bulls for UPI from 1985-88, and currently covers the team for www.nba.com. He has written two books on the Bulls, including the new title “100 Things Bulls Fans Should Know And Do Before They Die’, published by Triumph Books. In August 2013, his new book “100 Things Bears Fans Should Know And Do Before They Die” gets published.
In 2008, he resigned from the Herald and became a freelance writer. The Herald hired him to write business features and speeches for the Daily Herald Business Conferences and Awards presentations.
McDill also writes a monthly parenting column for the Herald’s Suburban Parent magazine.
McDill is the father of four children, and an active fan of soccer, Jimmy Buffett and all things Disney.