For registered investment advisor ("RIA") firms, technology is a non-negotiable part of running a business. From reporting and billing to portfolio management to client experience – not to mention the tech required to allow employees to work and meet with clients remotely – RIAs leverage tech stacks to drive efficiencies, support growth in a cost-effective way, and meet increasing client demands.
But as they say (sort of): with great technology comes great responsibility. When you consider the sheer volume of sensitive financial data RIA firms need to protect, plus increasing SEC cybersecurity compliance regulations, managing RIA technology becomes a colossal undertaking.
According to recent SEC regulations, all RIA firms need to address the following six cybersecurity areas of focus:
- Governance and risk assessment
- Access rights and controls
- Data loss and controls
- Vendor management
- Incident response
- Mobile Security
Beyond preparing for an SEC regulatory audit, there are other timely reasons why RIA cybersecurity is so critical. The White House recently warned the country about “imminent” cyberattacks from Russia due to the escalating situation in Ukraine. According to the White House, companies should harden their cybersecurity defenses immediately. With the responsibility of protecting clients’ sensitive information, that’s a warning you can’t afford to ignore.
The Financial Services Information Sharing and Analysis Center, or FS-ISAC, also released a recent report on cyber threats, indicating that “global tensions could fuel further attacks by state-backed hackers and patriotic hacktivists.”
According to Caroline Crenshaw, Commissioner of the SEC, the risks of cybersecurity incidents are greater and more serious than they’ve ever been.
So how can you ensure your firm and your clients are safe?
Managed Service Providers vs. Qualified Technology Partners
To protect your business and client information, you can choose one of two paths: managed service providers or qualified technology partners.
A managed service provider, or MSP, is an outsourced solution that assumes full responsibility for your IT services, including network, application, infrastructure, and security management.
A qualified technology partner, or QTP, focuses on optimizing RIA IT systems and mitigating dangerous vulnerabilities.
While MSPs are generalists and can serve many industries, QTPs specialize in serving RIAs.
With the uptick in SEC regulations and the increased risk of cyberattacks from both domestic and international threats, RIAs will benefit from a partner like a QTP who understands:
- The RIA business model
- The tools and software applications RIAs use to serve their clients
- The ever-evolving compliance requirements and regulations RIAs face
Most RIAs are not information security or compliance experts, and therefore don’t know what they don’t know – a knowledge gap that could lead to security breaches, fines, reputational hazards and more. Because of their deep industry expertise, a QTP can guide your firm to compliance with best practices and proactively address regulatory changes that affect their technology stack.
Evaluating a Qualified Technology Partner
If you decide to leverage a QTP to manage your technology and cybersecurity needs, you may wonder how to choose the right one? We have a few recommendations:
- Make sure they use accepted operating standards. Every QTP needs operating standards to protect and manage networks for their clients. These standards focus on aligning IT services with business needs, and provide clients with a system of measurement for evaluating the service they receive. The most common standards are NIST, SANS and ITIL. It’s not important which standards your QTP uses, just that they adhere to some form of IT standard.
- Find out how well they understand your business. For your QTP to be the most effective, they need to be intimately familiar with both your business and RIA industry specifications – especially the compliance, cybersecurity and data protection standards regulated by the SEC. Ideally, your QTP will serve RIA firms exclusively – so you’ll know they have deep expertise protecting firms like yours from cyber threats and business continuity problems.
- Ensure they’re up-to-date on the RIA tech landscape. Not only does your QTP need to be well-versed in your business and RIA compliance specifications, but they should also be proactive about keeping updated on the latest technology innovations available to meet evolving RIA challenges. Find out if they attend conferences or events specifically geared toward RIA solutions, such as Schwab IMPACT and T3.
- Determine if they can also serve as an overall technology advisor. Ideally, your QTP won’t just protect your firm and your clients from threats – they’ll act as a true partner to help take your business to the next level. Find out if they can offer software system and tech recommendations to help you streamline operations, meet increasing client demands and future-proof your firm.
Looking for a qualified tech partner solution for your firm? Check out the ĪTEGRIA® Virtual Desktop.