NDBF IDENTIFIES COMPLIANCE, CYBERSECURITY RESOURCES FOR INVESTMENT ADVISERS
DECEMBER 19, 2017 (LINCOLN, NEB.) — The Nebraska Department of Banking and Finance (“NDBF”) draws attention to resources for its state-registered investment advisers available from the North American Securities Administrators Association (“NASAA”), of which it is a member. At its annual conference in September, NASAA released two reports important to state-registered investment advisers.
The 2017 NASAA Investment Adviser Coordinated Examination Report provides information about more than 1,200 coordinated examinations of state-registered investment advisers by 37 state securities regulators, including NDBF. The report identified the top three findings as books and records, registration, and contracts. In particular, examiners found problems with client suitability information, inconsistencies between Parts 1 and 2 of Form ADV, and problems with the fee description in the contract. These findings are consistent with Nebraska’s examination findings.
The exam report identifies 10 best practices to assist investment advisers in developing compliance policies and procedures, including maintaining all required records, maintaining up-to-date suitability information, and reviewing the Form ADV annually. NDBF reminds investment advisers that under new rules, NDBF is requiring all investment advisers to adopt and implement written policies and procedures reasonably designed to prevent violations of the Securities Act of Nebraska on or before June 5, 2018.
During the coordinated examinations, state securities examiners also found nearly 700 deficiencies involving cybersecurity. Cybersecurity is a key priority for NDBF and NASAA. In February 2016, NDBF surveyed its state-registered investment advisers about their cybersecurity practices. The survey found that all firms used passwords on computers used for advisory business and most had created some policies and procedures about cybersecurity. The survey also found that investment advisers could improve cybersecurity readiness by using stronger passwords, maintaining up-to-date anti-virus/anti-malware software and operating systems, and encrypting sensitive client data, particularly on mobile devices. NDBF will conduct a similar survey in February 2018 to gather updated information and identify trends in cybersecurity practices in Nebraska.
NASAA also released a cybersecurity checklist to help state-registered investment advisers gauge their cybersecurity preparedness; identify, protect, and detect vulnerabilities; and respond and recover from cyber events. Cybersecurity is a growing challenge, even for smaller firms, and NDBF encourages investment advisers to review the checklist and prepare for possible cybersecurity events.