By Tiffany Magri – Regulatory Advisor at Smarsh
In this article series, we relive some of the most insightful Smarsh Advance 2022 conversations about the evolving compliance, communication and technological landscapes affecting regulated industries.
As regulatory scrutiny evolves from cybersecurity to cyber compliance, firms need to enhance their cybersecurity posture and integrate cyber compliance processes and procedures to help mitigate risks.
The stakes are even higher for firms engaging third-party vendors. In our Smarsh Advance Session, Cyber Compliance for Wealth Management: Who Owns It?, we explore how traditional compliance and IT departments must share compliance responsibilities.
- Cyber compliance for a remote workforce
One of the most significant contributing factors to the increase in cybersecurity risk has been the recent move from in-office to home-office work. Offices tend to have robust infrastructure and controls in place, but that hasn’t translated into the home office environment.
Firms must ensure their cybersecurity programs have caught up to the new remote work environment. This includes the challenges of understanding the most vulnerable data and how to protect it. Resources should be prioritized for the gaps and vulnerabilities that have the most potential impacts to the firm.
- Bridging the gap
As cybersecurity regulation has grown over the last several years, so has the need for a dedicated CTO or CIO who can work with compliance teams to maintain cybersecurity in a regulated industry.
Cyber compliance at smaller firms is typically a shared role between the compliance and IT departments. Educating senior management on the potential fallout a cybersecurity breach may have on a firm, including regulatory fines, reputation risk, and the firm’s ability to attract talent, is vital.
Taking a proactive approach to cybersecurity and cyber compliance can help mitigate the risk of a breach, reduce regulatory risk, and potentially save the company money in the long term.
Identifying vendors that can assist with cybersecurity and cyber compliance is important in the current regulatory environment. It shows management where the enforcement actions are coming from and how vendors can bridge that gap and help us manage risks.
“The owners of my firm aren’t cyber people — that’s not their specialty. They’re running a firm,” says Steven Trigili, Chief Compliance Officer at Garden State Securities. “I break it down to the most elementary levels. Here are the areas that the regulators are looking for. Here’s where we see enforcement actions from a cybersecurity perspective. And here’s the three vendors that will specifically be able to help us in this regard.”
- Vendor due diligence
However, vendor risk management is lacking regarding cybersecurity. When conducting vendor due diligence, firms must understand how the technology will work and how it is designed to help protect customers and the business.
“Not only do firms need to include questions regarding data protection in their initial due diligence efforts, but also to re-evaluate the vendor at least annually as the cybersecurity landscape is constantly evolving,” says Sander Ressler, Managing Director at Essential Edge Compliance Outsourcing Services, LLC.
“They may be protecting you well today. But two years from now, their cybersecurity could be obsolete and much more vulnerable.” — SANDER RESSLER, ESSENTIAL EDGE COMPLIANCE OUTSOURCING SERVICES, LLC
- Impacts of the Securities and Exchange Commission’s (SEC) proposed cybersecurity risk management rule
Trigili stated that one of his firm’s top concerns is preparing for the SEC’s cybersecurity risk management rule next year. He emphasized going beyond what is reasonable to protect customers’ confidential personal information by building more robust procedures.
It’s crucial that IT and compliance teams can work together when translating cybersecurity into cyber compliance, especially with speaking to regulators.
“My CTO will never be in a room alone with a regulator,” says Trigili. “I will always be there with him, and it’s going to be a dialogue with both of us. While he can speak the cybersecurity vernacular, I will then translate that for the regulators into how it’s incorporated into our compliance program.”
About the author
As a Regulatory Advisor at Smarsh, Tiffany Magri monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.
Need A Regulatory Marketing Compliance Consultant? A Bit More About Us
We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…
You can see our Google reviews here.