October 29, 2019
NASAA 2019 Fintech & Cybersecurity Symposium
Washington, DC

Advances in financial technology and cybersecurity continue to be top priorities for NASAA and its members – the state, provincial and territorial securities regulators in the United States, Canada and Mexico.

Technology touches almost every aspect of our daily life, including how we use financial services. Fintech encompasses a wide range of tools designed to provide consumers and investors with greater convenience – think of mobile banking apps or increasingly popular robo-adviser services designed to help with automating investing activities – as well as innovations like blockchain and cryptocurrencies.

While these new services and products may promise convenience and a greater variety of choices for investors and consumers, they also present risk due to their technological sophistication, complexity, and in some cases, their unpredictability.

When it comes to financial technology, investors place a premium on the security of their information. A NASAA survey of investors conducted earlier this year found that 63 percent of investors said the protection of their information was their most important consideration when thinking about using new technology related to investing and banking. Only 16 percent indicated that “ease of use” was a primary consideration.

As has long been the case, investors benefit when regulators and industry work together to achieve balanced and effective solutions. This approach should be no different when it comes to fintech. The same also can be said for cybersecurity, which continues to challenge the securities industry and securities regulators at all levels.

NASAA continues to make strides on cybersecurity. Earlier this year, NASAA’s members voted to adopt an information security model rule package. This represents a significant step toward enhancing the cybersecurity and privacy practices of state-registered investment advisers.

The reputational damage and loss of client trust that often follows a data breach can be devastating to the bottom line of any business, especially small businesses. This is significantly important considering that 80 percent of the 17,500 state-registered investment advisers work at or are affiliated with one-to-two person shops.

The new model rule requires state-registered investment advisers to adopt policies and procedures regarding information security and to deliver its privacy policy annually to clients. I am pleased that the NASAA membership adopted this information security model rule package, which now is available for individual jurisdictions throughout the United States to implement through regulation.

Cyberattacks show no sign of letting up and regulators, industry and investors all must be vigilant, proactive, and steadfast in our defense against these threats. No securities firm or investment adviser, regardless of size, can afford the loss in client trust or money that result from a serious cybersecurity failure. And no investor should have his or her personal information compromised.

Technology – like fraud – knows no borders. Securities regulators at all levels of government in the United States and elsewhere are stepping up and intensifying regulatory and investor education initiatives around financial technology and cybersecurity.
With a strong and united effort from regulators and industry, we can make a real difference in providing a regulatory framework that enables new technologies flourish while providing investors with the protections they deserve.