Finance Industry

How RIAs Can Meet SEC Cybersecurity Requirements

Whether you’re with a large advisory firm or are a sole proprietor, financial and investment advisors in Iowa are now responsible for more than providing guidance and advice. In the shift to moving data and systems online, you now face information-security risks. As a result, the U.S. Securities and Exchange Commission (SEC) has created cybersecurity compliance requirements that registered investment advisors (RIAs) must follow to protect client data.


It’s possible that your firm – regardless of size – could be audited by the SEC for compliance with these requirements. If this happens, they’ll be looking for signs of established policies, appropriate roles, assessment of potential vulnerabilities, correction of possible security flaws, and creation of response plans in case a cybersecurity incident were to occur.

Conducted in late 2016, a TD Ameritrade survey involving 1,000+ financial/investment advisors revealed that only 18% are “very confident” they could pass a cybersecurity exam conducted by the SEC’s Office of Compliance Inspections and Examinations.

Your clients trust you with very important, private information. It’s your responsibility to keep it safe, and out of the hands of unauthorized users. Are you doing everything you can to safeguard their private information?

Why Cybersecurity Matters

Depending on the scope, a breach could be overwhelming to a financial/investment advisory firm. And it could happen in many different ways:

  • Phishing, where an unknown source encourages an employee or client to download an unsafe attachment or click on an unsafe link
  • Unauthorized access to web portals that combine client data (such as bank, credit card, retirement, and investment account information)
  • An unencrypted email sent from an advisor to a client (or vice versa) containing sensitive information that is intercepted

Although they may not be asking specific questions yet, it won’t be long before potential clients (and existing customers) start asking how you’ll protect their data. This conversation should be part of onboarding new clients – and reviewed regularly with established customers.

Although they may not be asking specific questions yet, it won’t be long before potential clients (and existing customers) start asking how you’ll protect their data. This conversation should be part of onboarding new clients – and reviewed regularly with established customers.

Although they may not be asking specific questions yet, it won’t be long before potential clients (and existing customers) start asking how you’ll protect their data. This conversation should be part of onboarding new clients – and reviewed regularly with established customers.

Download the full white paper today!