On May 12, 2022, Brian Edelman joined AssetMark to present cybersecurity best practices for data protection and regulatory compliance to its financial advisors. Welcomed by “happy to be in-person again” attendees, Brian presented on the state of cybersecurity and recommended actions advisors can take to immediately to improve cybersecurity in their practice.
Focusing on the cybersecurity regulatory requirements for financial services, Brian outlined the difference between regulations as they once were versus how they now exist. Brian shared that “cybersecurity regulations have shifted from a model of attestation to certification” and explained that the new, evidence-based regulatory model, serves to protect even better those who comply. “Regulators have done a great job at identifying risks and implementing requirements to safeguard against them” stated Edelman.
Referencing the New York Department of Financial Services (NYDFS) 23 NYCRR Part 500 cybersecurity requirements made effective March 2017, Brian expressed that compliance is achievable by straightforwardly following each of the parts that make up Title 23 Financial Services regulation.
Brian advised that all firms meet the requirements of the NYDFS cybersecurity regulation, even if they are limited exempt or not obligated to the standards. “The regulations are in existence to ensure that cybersecurity technical controls and policies & procedures are implemented and tested” Edelman informed attendees. He further asserted that “if your firm is regulated by NYDFS and not fully exempt then it is a requirement to file annual Certification of Compliance and you’d better be sure that you are certifying truthfully.”
According to NYDFS, which regulates certain covered entities and licensed persons in the financial services sector doing business in New York, compliance certification is a “critical governance pillar of the cybersecurity programs of all covered entities that demonstrates compliance with the sections of the regulation that apply.” For more information on NYDFS cybersecurity requirements visit: https://www.dfs.ny.gov/industry_guidance/cybersecurity
Brian completed his presentation by describing a true story of an advisor breach to illustrate the importance of adherence to regulations. “If you do what the regulations are asking of you, you can likely avoid the nightmare that is the result of not having proper cybersecurity in place” he emphasized.
The reality of how “at risk” financial advisors are for a data breach made a helpful impression on those in attendance who received an FCI checklist takeaway to guide their cybersecurity strengthening efforts.
About AssetMark Inc.
AssetMark is a leading provider of extensive wealth management and technology solutions that helps financial advisors meet the ever-changing needs of their clients and businesses.