Recent Cyber Meeting(hidden)

Recaps from recent Cybersecurity Compliance Forum


meetings

February 7, 2018 Conference Call

  • Example Policies and Procedures. Vince Martinez, partner at IAA Associate Member K&L Gates, discussed an example set of cybersecurity policies and procedures that K&L Gates put together for IAA members. The set of documents includes an Annual Risk Assessment Checklist, Information Security Policies and Procedures, an Acceptable Use Policy, and a Password Policy. Mr. Martinez noted that he drew from NIST, SEC, FINRA and ISO guidance in developing the documents, which were designed with small- to medium-sized firms in mind. He explained the importance of controls and documentation, tailored to an adviser’s individual vulnerabilities, to demonstrate effective implementation to examiners.
  • Encryption. Forum members discussed what portfolio-related information is deemed personally identifiable information (PII) and therefore needs to be encrypted when included in an email to a client.

May 15, 2017 Conference Call

  • Survey Results Presentation.  Raj Bakhru, partner at ACA Aponix, shared the results from a survey recently conducted by IAA Associate Member ACA Aponix and the National Society of Compliance Professionals to gain insight into cybersecurity compliance programs of investment advisers and other financial services firms.  Findings related to governance, vendor management, technical controls, budgets and breach response were discussed.  In addition, certain best practices and trends were highlighted.
  • Recent Developments. The forum discussed the recent global ransomware attack, including factors that may make a firm vulnerable to a ransomware attack.  IAA staff also updated the forum on state regulatory developments involving cybersecurity laws in New York, Colorado and California.  Finally, IAA staff updated the forum on a cybersecurity risk assessment and policies and procedures template project that K&L Gates is developing for IAA members.

Back to all committees

​​​​