OCIE recently released the preliminary results of a set of sweep exams looking at cybersecurity, and Jarcho indicated that a similar initiative is coming in the retirement space, though she emphasized that the effort is still very much under development within the commission.
"As we sat down to think about how to do this, it really turned out to be kind of hard to get our arms around what would be the most efficient and sensible way to do it. And so we decided that we would do it in phases, and then let the next phase sort of inform how we went onward," she said, last week at the
But her team is inclined to begin its probe in the brokerage side of the industry.
"I think the first phase will actually probably look more at broker-dealers and broker-dealers' platforms for those selling retirement products and things like that," she said. "I think we will get that information and use it to inform our next phase."
Jarcho emphasized that the retirement initiative is designed as a long-term effort, and will entail a close coordination between
In January, when the
CYBERSECURITY SWEEP FINDINGS
Cybersecurity also figured prominently in that priorities letter, and Jarcho noted that the sweep exams revealed that most advisors have moved to establish a formal security framework within their practice, but that employee training remains a weak spot.
"We found that firms generally adopted policies and procedures to mitigate and manage cybersecurity risk. We found that firms were in fact generally conducting periodic risk assessments to identify cybersecurity threats and vulnerabilities," she said. "Most customer losses were the result of a firm employee not following procedures, not the failure of firms to have such policies in place."
The exams also found a notable inconsistency within the industry.
"Interestingly, we found that, in general, broker-dealers tended to have better policies and procedures in place than investment advisors did," Jarcho said.
Whereas the first phase of the cybersecurity initiative was more of a broad-based fact-finding expedition, Jarcho explained that the next stage will see a more focused inquiry, with examiners taking a closer look at perhaps five or seven areas that are of the greatest concern.
That second wave of the cybersecurity review will likely get underway this summer, she said. Among the topics examiners are expected to focus on include how advisors and brokers handle security when they partner with third-party vendors, authentication and access, and firms' incident response plans.
"They'll be a little more in-depth on fewer topics," Jarcho said of the coming reviews.
|Copyright:||(c) 2015 Financial Planning. All rights Reserved.|
|Source:||Source Media, Inc.|