NASAA RELEASES ANNUAL REPORT ON STATE-REGISTERED INVESTMENT ADVISERS

The North American Securities Administrators Association (NASAA) is the oldest international organization devoted to investor protection. NASAA members include 67 state, provincial, and territorial securities administrators in the 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Canada, and Mexico.

Approved Model Rule For Cybesecurity and Technology

The Cybersecurity and Technology Project Group assisted NASAA and the Investment Adviser Committee in developing the Cybersecurity Checklist for Investment Advisers and accompanying Cybersecurity Checklist Guidance for Investment Advisers. This new resource is designed to help investment advisers better understand the meaning, intention, and connectivity of a balanced approach to cybersecurity and develop best practices for addressing a cybersecurity compliance program. To help investment advisers best manage their cybersecurity inventory and exposure, the Cybersecurity Checklist is divided into important sections: Identify, Protect, Detect, Respond, and Recover. Cybersecurity remains a growing concern and integral component of compliance, and the Cybersecurity Checklist will support investment advisers in better protecting their clients and business. The project group participated in several NASAA webinars with topics ranging from cybersecurity, technology, and enforcement. These webinars included Phishing 101, Emerging Technologies Part 1 and Part 2, Analyzing Trade Blotters, Fintech and Cybersecurity Symposium, and the Sweep Bootcamp. In addition to the educational support, the project group assisted the NASAA COVID-19 Enforcement Task Force by providing technological support to the multijurisdictional effort. Created to address fraudulent schemes involving the global pandemic, the Task Force involved 111 investigators representing 44 jurisdictions in the United States, Canada, and Mexico. In total, Task Force members were able to disrupt more than 250 schemes through administrative actions, cease-and-desist orders, and referrals to other regulators and to social media and website hosting companies. The project group will continue to stress that cybersecurity remains a high-risk area for state-registered investment advisers and monitor the industry for trends and developments. In the coming year, the project group will update resources for regulators and registrants to reflect the demands of an ever-shifting landscape of cybersecurity threats.

Cybersecurity and Protection of Client Information The pandemic has led to many firms and personnel working remotely. This leads to an increase in the use of electronic communications both internally within the firm and externally between the firm and its clients. More personnel may be accessing networks and communicating with clients through their private devices; sensitive documents may be printed from remote locations or emailed for remote client meetings; personnel may need additional training; and clients may be more likely to give trade instructions through email, which requires identity authentication. How does your cybersecurity plan address working remotely? If you have not already done so, it is a great time to conduct an assessment to consider the potential risks and vulnerabilities presented from remote work. This assessment should be conducted every year. For more information on forming and implementing a cybersecurity plan, see NASAA’s cybersecurity checklist. You can also contact your state securities regulator about any state-specific resources or training they may have available on cybersecurity topics. MORE