Recent Cyber Meeting(hidden)

Recaps from recent Cybersecurity Compliance Forum

November 2, 2018 Conference Call

  • Independent Contractors. Rick Marshall and David Dickstein, partners of the law firm Katten Muchin Rosenman LLP, and Tim Villano, CIO of IAA Associate Member Artemis Global Security, shared their perspectives on the recent SEC enforcement action involving Voya Financial Advisors Inc. They touched on the safeguards rule and the identity theft red flags rule, policies and procedures, key lessons, and considerations from an IT standpoint.
  • Working Remotely. Tim Villano discussed considerations for adviser-related personnel working remotely, including remote office and home office security; policies and procedures; and secure infrastructure at both a system level and network level.

February 7, 2018 Conference Call

  • Example Policies and Procedures. Vince Martinez, partner at IAA Associate Member K&L Gates, discussed an example set of cybersecurity policies and procedures that K&L Gates put together for IAA members. The set of documents includes an Annual Risk Assessment Checklist, Information Security Policies and Procedures, an Acceptable Use Policy, and a Password Policy. Mr. Martinez noted that he drew from NIST, SEC, FINRA and ISO guidance in developing the documents, which were designed with small- to medium-sized firms in mind. He explained the importance of controls and documentation, tailored to an adviser’s individual vulnerabilities, to demonstrate effective implementation to examiners.
  • Encryption. Forum members discussed what portfolio-related information is deemed personally identifiable information (PII) and therefore needs to be encrypted when included in an email to a client.

May 15, 2017 Conference Call

  • Survey Results Presentation.  Raj Bakhru, partner at ACA Aponix, shared the results from a survey recently conducted by IAA Associate Member ACA Aponix and the National Society of Compliance Professionals to gain insight into cybersecurity compliance programs of investment advisers and other financial services firms.  Findings related to governance, vendor management, technical controls, budgets and breach response were discussed.  In addition, certain best practices and trends were highlighted.
  • Recent Developments. The forum discussed the recent global ransomware attack, including factors that may make a firm vulnerable to a ransomware attack.  IAA staff also updated the forum on state regulatory developments involving cybersecurity laws in New York, Colorado and California.  Finally, IAA staff updated the forum on a cybersecurity risk assessment and policies and procedures template project that K&L Gates is developing for IAA members.

Back to all committees