NASAA Reminds Investors to Discuss Cybersecurity with Their Financial Professionals (with Lofchie Comment)

The North American Securities Administrators Association ("NASAA") issued an advisory emphasizing the importance to investors of understanding how financial firms protect personal information.

According to the advisory, in September 2014, NASAA found that only 62 percent of the state-registered investment adviser firms that participated in a pilot survey had undergone a cybersecurity risk assessment, while 77 percent had established policies and procedures related to technology or cybersecurity.

The advisory also includes a list of questions that investors should ask their investment professionals regarding cybersecurity.

Lofchie Comment: Firms that could be asked these questions should consider whether they need to take action to improve their responses. They may also wish to prepare answers in writing in a form that can be provided readily to clients. An interesting question asked in the advisory is whether the adviser firm has "insurance." While such insurance is possible to obtain, as with any insurance, the specific terms and value may be complicated, and the direct value of such insurance to the client is not obvious, since the client is not the beneficiary. Perhaps the implication is that an insurance firm would only write insurance for an adviser with sound cyber policies.

See: NASAA Advisory.