NASAA Members Adopt Investment Adviser Information Security Model Rule Package

NASAA Also Releases Report on State-Registered Investment Advisers

WASHINGTON, D.C. (May 21, 2019) – In a significant step toward enhancing the cybersecurity and privacy practices of state-registered investment advisers, the North American Securities Administrators Association (NASAA) today announced that its membership has voted to adopt an information security model rule package.

“The new model rule requires investment advisers to adopt policies and procedures regarding information security and to deliver its privacy policy annually to clients. I am pleased that the NASAA membership adopted this information security model rule package, which now is available for individual jurisdictions throughout the United States to implement through regulation,” said Michael S. Pieciak, NASAA President and Vermont Commissioner of Financial Regulation.

The adopted information securities model rule package has three components:

  • A model rule requiring investment advisers to adopt policies and procedures regarding information security (both physical security and cybersecurity) and to deliver its privacy policy annually to clients;
  • An amendment to the existing investment adviser NASAA model recordkeeping requirements rule to require that investment advisers maintain these records; and
  • Amendments to the existing investment adviser NASAA Unethical Business Practices of Investment Advisers, Investment Adviser Representatives, and Federal Covered Advisers and NASAA Prohibited Conduct of Investment Advisers, Investment Adviser Representatives and Federal Covered Investment Advisers Model Rule USA 2002 502(b) model rules to include failing to establish, maintain, and enforce a required policy or procedure to the list of unethical business practices/prohibited conduct.

“Through this model rule package, NASAA seeks to highlight the importance of data privacy and security in our financial markets along with the related need for investment advisers to have information security policies and procedures,” Pieciak said. “The package also provides a basic structure for how state-registered investment advisers may design their information security policies and procedures, which we expect to create uniformity in both state regulation and state-registered investment adviser practices.”

“The reputational damage and loss of client trust that often follows an information security breach can be devastating to the bottom line of any business, especially small businesses. This is significantly important considering that 80 percent of the 17,500 state-registered investment advisers and one-to-two person shops,” said Andrea Seidt, Ohio Securities Commissioner and chair of NASAA’s Investment Adviser Section.

Updated data on state-registered investment advisers is included in NASAA’s newly released annual report detailing the landscape of the state-registered investment adviser population and the related regulatory activities of state securities regulators. “This report shows the tremendous amount of activity and resources state securities regulators bring to help these small- and mid-size businesses continue to succeed, and both understand and comply with state securities law,” Seidt said.

For More Information:
Bob Webster | Director of Communications
202-737-0900

Print Friendly, PDF & Email
Current Headlines, Newsroom