On May 12, 2022, Brian Edelman joined AssetMark to present cybersecurity best practices for data protection and regulatory compliance to its financial advisors.
Focusing on cybersecurity regulatory requirements for financial services, Brian outlined the difference between regulations as they once were versus how they now exist. Brian shared that “cybersecurity regulations have shifted from a model of attestation to certification” and explained that the new, evidence-based regulatory model serves to protect those who comply.
Referencing the New York Department of Financial Services (NYDFS) 23 NYCRR Part 500 cybersecurity requirements, Brian advised that all firms meet the requirements of the NYDFS cybersecurity regulation, even if they are limited exempt or not obligated to the standards.
“If your firm is regulated by NYDFS and not fully exempt, then it is a requirement to file annual Certification of Compliance and you’d better be sure that you are certifying truthfully,” Edelman told attendees.
Brian completed his presentation by describing a true story of an advisor breach to illustrate the importance of adherence to regulations. “If you do what the regulations are asking of you, you can likely avoid the nightmare that is the result of not having proper cybersecurity in place,” he emphasized.