Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > State Regulation > NASAA

NASAA Seeks Comments on Cybersecurity Model Rule

By Elizabeth Festa

X
Your article was successfully shared with the contacts you provided.

Investment advisors would have to adopt cybersecurity policies, among other new requirements, under a new proposal from the North American Securities Administrators Association, released Monday.

In a request for comment, NASAA proposed a model rule on information security that would encompass both cybersecurity and physical security.

Under this model, investment advisors would have to adopt policies and procedures for information security and share their privacy policy annually with clients.

In proposing the Information Security and Privacy Rule, NASAA stated it had “identified a significant need for more information and tools regarding cybersecurity.”

NASAA said it designed the proposed rule using a principles-based philosophy, but added some compliance-oriented requirements, in keeping with principles-based investment advisor regulations, in general.

The comment period for the proposal ends Nov. 26.

“Information security is an area where compliance-oriented regulations may provide the best outcomes for both investment advisers and the investing public,” NASAA acknowledged. “However, investment adviser regulations are, in general, principles-based. The [proposed rule] is designed to maintain a principles-based philosophy while containing some compliance-oriented features.”

The rule proposal has two other components that amend existing model rules. It contains a proposed amendment to the current Recordkeeping Requirements for Investment Advisers Model Rule to require information security records are also maintained.

The third proposal is an amendment to the existing Unethical Business Practices of Investment Advisers, Investment Adviser Representatives, and Federal Covered Advisers and the Prohibited Conduct in Providing Investment Advice models.

Unethical practices will be expanded to include failure to establish, maintain and enforce a required policy or procedure. NASAA said that the amendment covers all required policies and procedures and would include the new Information Security and Privacy Rule, once adopted.

NASAA said that the results of a pilot survey it conducted back in 2014 revealed that investment advisers were using different technology methods but wanted more guidance on keeping confidential information secure.

While NASAA said it realizes that states can mandate adoption of data security policies through existing state statutes or rules, it wants to help create uniformity through building a basic structure for how state-registered investment advisers can design these information security policies and procedures.

Elizabeth Festa

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.