In 2014, cybersecurity incidents reported worldwide have reached 42.8 million, an increase of 48 percent from last year according to a PricewaterhouseCoopers survey. When it comes to addressing these threats, what does your firm need to consider?
Cybersecurity was one of the featured topics at KPMG’s Mutual Fund Session recently held in New York. Doreen Norako, Chief Information Security Officer at Brown Brothers Harriman, led a discussion on the changes in the cybersecurity landscape and reviewed the strategic and tactical considerations for an effective cybersecurity program. External data monitoring, perimeter security, and prevention incident response were some of the key components cited for delivering integrated protection. Norako also emphasized training and awareness.
Security awareness plays a large role in Boston Financial’s information security program along with security policies and standards and risk mitigation and assessment. Our risk assessment process includes a detail review of vendors that includes a tier ranking to reflect the level of risk. Norako noted that firms should be reviewing their top service providers and working with auditors and risk groups to create appropriate metrics.
In addition to cybersecurity, the KPMG session also featured a panel on intermediary oversight, which I, along with industry experts from Wells Fargo, Prudential, and a retired partner from Deloitte & Touche participated on.
I’ve written that intermediary oversight continues to be a hot topic in the industry; our panel agreed. One of the topics the panel focused on was oversight procedures and best practices of an effective intermediary oversight program. We emphasized the need to apply a risk based analysis on intermediary agreements. Some of the questions you should be asking include:
- Are payments disclosed adequately?
- Are responsible parties doing services they’re contracted for?
- Are services duplicative of anything contracted for?
- Are distributions related?
The panel also examined the role of the board and their involvement with intermediary oversight. Typical board oversight involvement includes understanding what intermediaries do and what intermediaries are used. Because of the evolving nature of the intermediary and regulatory landscape, boards rely on CCOs and director’s counsel for guidance. Therefore, firms need to have a good grasp of the needs of their boards. Yet, the needs of the boards are often in flux. In this environment, it can be challenging for firms to find the right balance, a topic featured at a recent ICI conference.
The panel also reviewed the results from a recent Boston Financial survey on intermediary oversight. The survey found over 96 percent of respondents thought their fund company’s need to manage financial intermediary oversight will increase over the next three years.
Survey findings also showed that firms don’t rely on one tool and must complement their oversight program with various tools tailored to each intermediary. With the SEC focus on intermediary oversight continuing to grow, boards increasing their education in this area, and intermediary oversight requirements not decreasing, firms must continue to evolve their program.
Thank you to KPMG for inviting me to participate in their Mutual Fund Session. The session facilitated a great exchange of ideas. I have no doubt that cybersecurity and intermediary oversight will continue to be hot topics in 2015.