Skip to main content
NewsInsightsComplianceHome Featured

The High Cost of Minimal Effort: Cybersecurity Risks in Financial Services

By June 4, 2024No Comments

As the number of cybersecurity threats increases, government and regulatory bodies continue to tighten the security requirements for financial institutions. In a recent webinar, Silver’s CEO, Fizza Khan, sat down with Kyle Blair, Director of Financial Services at Egnyte, to discuss how the new regulations aim to fortify defenses, improve response times and make financial services institutions more proactive in protecting sensitive information and customer data.

A video of the full webinar is below, as well as key takeaways from the discussion:

Click to view video

  • The following three key regulatory amendments will usher in a fairly sizeable shift in the way cybersecurity is managed:
    1. Cybersecurity risk management amendment – This was originally proposed in February 2022 and centers on the SEC providing new cybersecurity risk management rules to those firms that are governed by both the investment advisors act and the investment company act. The key takeaway with respect to this proposal is that everyone in the financial services community – investment advisors and registered funds – will need to adopt comprehensive cybersecurity policies and procedures, as well as report significant cybersecurity incidents directly to the SEC.
    2. Regulation SCI – also known as regulation systems compliance and integrity – goes to the heart of technological and operational resiliency and is currently being amended. The amendments would allow for an expansion of this regulation and broaden the scope of the entities covered under it, which would include security-based SWAP repositories, certain broker dealers, and all exempt clearing agencies. As a result, those institutions that normally wouldn’t be under the purview of the SEC as it relates to their cybersecurity and data protection requirements, now by way of this amendment would be. If you are covered by Reg SCI, you need to ensure that you enhance your existing requirements by way of mandating comprehensive policies and procedures, which are meant to capture the entire lifecycle of the management of the firm and what they do in terms of their data and what they are doing in respect to cybersecurity. All of the elements of cybersecurity and data protection need to be interwoven.
    3. Reg SP – This one focuses on the privacy of customer and client information. The proposed amendments would require that customers’ information is not only protected, but they need to be notified if a breach of their personally identifiable information has occurred.
  • Communication is vital – You also want to ensure you can convey to your client and customer base the type of protections you have in place and, most importantly, that you aren’t just superficially adding policies and procedures – it actually has to be implemented and not just on paper.
  • Awareness and training are key. This is a firm wide exercise. Look at where your risks are – this will help you figure out how to implement a program across your firm and navigate the space.
  • Be prepared. The idea is not to disrupt day-to-day business – we want to ensure you are as efficient as possible. But not having some sort of plan in place to address the potential risks associated with cyber-attacks is, in this day and age, akin to walking around without insurance. Hopefully you never need it, but if you do, you will be very grateful you have access to it.

If you have any questions about navigating comprehensive cybersecurity procedures and protocols, or your firm’s compliance program, please reach out to a member of Silver’s Compliance Team at [email protected].