Cybersecurity 'Keeps Me Up at Night': SEC's Crenshaw
What You Need to Know
Crenshaw explained the rationale for the agency’s cybersecurity plan for advisors.
IAA intends to submit extensive comments on the cybersecurity rule.
Cryptocurrency is a highly speculative and risky asset class, Crenshaw said.
SEC Commissioner Caroline Crenshaw said Thursday that the top concerns she sees for advisors and investors include cybersecurity, complex products and the growth of private markets, as well as cryptocurrency as an asset class.
The risks of cybersecurity incidents are “different, greater, more serious, in my view, now than they’ve ever been,” Crenshaw said during a question-and-answer session at the Investment Adviser Association’s compliance conference, held in Washington. “Cyber is something that keeps me up at night, across the board.”
Karen Barr, IAA’s president and CEO, questioned Crenshaw, a Democrat, on the securities regulator’s motivation for proposing rules requiring advisors to adopt written policies and procedures that address cybersecurity risks, as well as to report “significant cybersecurity incidents” to the SEC on a new proposed Form ADV-C.
The proposal is designed to “reiterate the importance of the [cybersecurity] issue” and to ensure that investment advisors know “what is expected of them,” Crenshaw responded.
The plan is also designed to ensure investors “receive timely and meaningful disclosures about cyber incidents,” she said, which can create “really broad disruptions.”
Cybersecurity is an area “we have to be constantly vigilant about,” Crenshaw said. “It’s never an area where we can let our guard down.”
IAA’s members “take cybersecurity very seriously; it’s very important to them,” Barr said. “They already believe that the cybersecurity policies and procedures are required under the compliance program rule.”
IAA intends to submit “extensive” comments on the rule, Barr told Crenshaw. Comments are due to the agency by April 11.