Do you know where your data is? New SEC guidance requires better cybersecurity documentation and recordkeeping. Ted Wright, Head of Solutions Consulting, dives in.
On February 9, 2022, the U.S. Securities and Exchange Commission (SEC) voted in favor of new rules regarding cybersecurity risk management for registered investment advisers and investment companies.
“The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks.” —SEC Chair Gensler
Among other things, the cybersecurity rules would require:
The proposed new guidance would also set forth further recordkeeping requirements for fund managers. The SEC’s goal: to protect investors and maintain orderly markets by improving the availability of cybersecurity-related information and to help facilitate SEC inspection and enforcement.
Existing SEC guidelines and requirements regarding cybersecurity compliance already touch many components of a fund manager’s business, including:
The new rules only add to the above areas of focus.
In terms of complying with the new cybersecurity rules, investment advisers will need to focus on the details by putting in place a written plan to ensure their team members are following appropriate information security best practices and firm-level protocols across the board.
One way to get ahead of this is for advisers to implement a centralized, secure research management system to serve as a system of record for all sensitive notes, documents, and data.
Here are some questions fund managers should consider.
Fund managers that allow investment teams to use a collage of technology tools — sometimes with little oversight — will have difficulty tracking which of those applications have had any significant cybersecurity incident.
At first blush, cobbling together a mix of “prosumer” tools such as Evernote and Dropbox may seem the path of least resistance, but there are pitfalls regarding security and data ownership with this approach.
Having one platform that provides best-in-class productivity and collaboration tools, across a suite of mobile apps, a web app, and add-in integrations lessens the above risks. Investment teams can capture new ideas and information, manage and share documents with colleagues — all within a single system of record and without asking your team to a sacrifice usability.
Chances are that most companies are reporting significant cybersecurity risks and incidents to their users but there’s the question of knowing which companies’ announcements to follow.
For many clients who have implemented the VerityRMS platform, senior technology and compliance team members have noted they hadn’t always been sure which apps their analysts and PMs were using – they came to Verity to improve front-office workflows, as well as to centralize internal research assets in one easy-to-monitor system.
By giving investment teams the right tools, purpose-built for the investment management industry, investment advisers make sure their technology is providing state-of-the-art infrastructure, including best-in-class hosting and encryption services. At Verity, we leverage Amazon Web Services (AWS) for this purpose and layer-on several advanced access controls if desired. When customers want to host privately, we support that too.
Aside from security incidents, fund managers will need to be able to respond quickly and comprehensively to SEC discovery requests.
Does your process have the necessary cohesion to build the full story of your investment process? If your firm is utilizing a combination of a shared drive, Outlook folders, and a “bring your own” approach to productivity tools, this is going to be difficult and time-consuming.
Advisers will be better prepared, and more ready to respond, if their firms already have a centralized repository of research and data that’s easy to search and/or filter down to just that which is of interest to the regulators at any given time.
New cybersecurity guidance from the SEC will continue to be more stringent and specific. Registered investment advisers need to be increasingly diligent and prepared.
With an intense focus on user experience and driving high adoption rates of the VerityRMS platform, we’re giving analysts and portfolio managers the functionality they need to capture, consume, collaborate, and act on their investment research faster and more consistently. Of course, all the while, fund management technology and compliance professionals have peace of mind that their firms’ most precious assets — their internally generated intellectual capital — is safe and secure.
Schedule your demo today to learn more about how VerityRMS offers: