IT Support ServicesThe hallmark of the Visory experience, our dedicated team of professionals provides a high degree of support for all your IT needs
Leading edge solutions that are always working to maintain the integrity of your firm’s IT backbone
Best in class security to protect your firm’s data and technology
Tips, advice, and industry insight from our team of accountants and business owners to yours.
Application HostingBypass the wait time and access Visory’s Obsessive Client Support®
Take your business to new heights with Visory’s flexible QuickBooks hosting solutions
The same Sage you work in every day, only better
An affordable CRM for small- and medium-sized businesses, built to support your sales, marketing and customer service needs
Revolutionize your next tax season with added efficiency and mobility
Access critical applications that are integrated seamlessly into your workflow, conveniently hosted on the same server
Access affordable enterprise-grade hosting solutions with none of the IT burden
Managed ServicesWe’ll help you develop and implement the right cybersecurity policies and protocols to keep your firm secure and in compliance with regulatory guidance
We’re here to manage your firm’s IT activity, safeguarding the integrity of your infrastructure and devices, so you don’t have to
Our dedicated professionals can be your outsourced IT team, so your internal resources don’t have to bear the burden of uptime alone.
CybersecurityWe’ll manage your cybersecurity policies and protocols to keep your firm secure and in compliance
Security that ensures everyone granted access is who they claim to be
Educate and train your most important last line of defense – your people
Protection where people and their machines intersect
Secure access to your data. Reduce the risk of compromise, prevent cyberthreats.
A different approach to protecting emails
Secure single sign-on access for a connected world
Backup your data for business continuity and compliance
Keep everyone on the same page. Any user, every device.
Secure connections for all your users, devices and networks
Get started on a robust security plan with a WISP for your business
Protect your organization with the expertise of our Chief Information Security Officers (CISO) without having to hire a full-time resource
ComplianceIRS 4557 and the FTC Safeguards Rule
Complying with state and federal privacy regulations and more
Get started on a robust security plan with a WISP for your business
Educate and train your most important last line of defense — your people.
Protect your organization with the expertise of our Chief Information Security Officers (CISO) without having to hire a full-time resource
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy
The Securities and Exchange Commission may soon have a heavier hand in registered investment advisor firms’ cybersecurity policies.
The SEC voted last month to propose rules related to cybersecurity risk management for RIA firms and registered investment companies and funds.
The regulator wants to be more prescriptive when it comes to cybersecurity, according to Ivan Barretto, founder and managing partner at consulting firm RIA Compliance Concepts.
“The SEC has always taken that approach where they want you to customize it based on your firm, but now they’re getting down to the nitty-gritty and actually asking for certain things to be done across the board, whether you’re a one-person operation or a 200-person operation,” Barretto said last month at a webinar hosted by cybersecurity and information technology management solutions firm RightSize Solutions.
The regulator wants RIA firms to know their responsibilities, according to Wes Stillman, chief executive officer of RightSize Solutions.
“They’re saying, ‘Hey, your obligation as an RIA is to protect your clients’ interest which includes minimizing risk that could lead to operational disruptions or loss or theft of clients’ personal information,’” Stillman said at the webinar.
If the proposed rules go into effect, RIA firms would likely see their expenses increase, according to RIA Compliance Concepts’ Barretto.
“The biggest thing is cost-wise — the cost of doing a cybersecurity assessment, the cost of procuring cybersecurity insurance premiums and so forth, that’s going to go up,” Barretto said. “The best thing I can advise most firms is start putting something in your budget to address this.”
The specific proposed rule that firms disclose in their brochures and registration statements cybersecurity risks and incidents that occurred in the last two fiscal years could be particularly onerous, according to RightSize Solutions’ Stillman.
“The idea that you have to hang on to these things for a certain timeframe, like five years, that’s going to change some of the processes and policies that you have in place today. One of the big impacts is, ‘Now what do I need to save, and for how long?’ I think the proposed requirement of any cybersecurity event occurring within the last two years implies that you have to save all of that,” Stillman said.
Related Content
February 10, 2022
SEC Proposes T+1 Settlement, Cyber Rules, Adviser Act Changes
Nevertheless, the burden on a firm’s head of compliance may be less than expected, according to RIA Compliance Concepts’ Barretto.
“The compliance person that’s responsible for this, at the very least they have to understand what their infrastructure looks like and what’s being done to protect it, but not necessarily become IT or cybersecurity experts,” Barretto said.
“Vendor management is key and understanding how you’re working with your vendors to do what you need to do to be compliant with this new, amended rule,” he added.
With the rules simply being proposed at this point, Barretto and Stillman agreed that there’s no need for RIA firms to make changes right now.
“It’s good to get on the page of being proactive, but I wouldn’t implement anything until they finalize the rule,” Barretto said.
“It’s just proposed at this point,” Stillman added.
SEC Proposals
The proposed cybersecurity risk management rules would require advisors and funds to:
- Adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks that could harm advisory clients and fund investors;
- Report significant cybersecurity incidents affecting the advisor or its fund or private fund clients to the Commission on a new confidential form;
- Publicly disclose cybersecurity risks and significant cybersecurity incidents that occurred in the last two fiscal years in their brochures and registration statements; and
- Comply with new recordkeeping requirements designed to improve the availability of cybersecurity-related information and help facilitate the SEC’s inspection and enforcement capabilities.
Do you have a news tip you’d like to share with FA-IQ? Email us at editorial@financialadvisoriq.com.
Compliance
Our team of professionals has the right expertise to ensure your technology and cybersecurity complies with the strictest guidance and passes regulatory muster.
Cybersecurity Solutions and Services
Active monitoring and implementation of cybersecurity protocols and procedures using leading edge technology keeps your business and your data safe and secure.
Tax Season Readiness: Implementing the Security Six for CPA Firms
How CPA Firms Can Prepare for the Busy Tax Season
Navigating the IRS WISP and Global Cybersecurity
Cybersecurity for RIAs: Navigating a Shifting Landscape Unaffected by Election Outcomes
Data Breach Survival Guide for Accountants
