Colorado is on track to become the first U.S. state to mandate broker-dealers and fund managers to follow certain procedures to minimize the risk of data breaches by cyber-criminals. This development comes on the heels of New York’s cybersecurity requirements for banks, insurance companies, and other financial institutions regulated by the New York State Department of Financial Services, which went into effect this past March.
The sets of state regulations share some similarities, but are also different in various ways. For example, New York requires the financial institutions under its jurisdiction to establish a Chief Information Security Officer position to play a role in executing a written cybersecurity policy, while Colorado will not. Furthermore, as stated above, New York’s regulations don’t apply to broker-dealers and fund managers.
Nevertheless, what we have are two state cybersecurity regulations for companies in the financial services industry which, while similar, are not exactly the same. Wealth management practices and other financial services firms that work with clients and conduct business in both of these states will be responsible for ensuring that the cybersecurity protocols they have in place to protect their systems and clients from cyber-attacks meet regulations in each state. This can be complex, time-consuming and costly for firms, especially if they lack IT expertise and/or teams. If more states follow New York and Colorado, which we expect they will, the compliance process for interstate firms will become even more complicated and costly.
Wealth management firms and other financial institutions may find it easier to comply with different cybersecurity regulations in multiple states if they adopt a turnkey IT solution from a third party, which assumes responsibility for the management, maintenance and security of their entire IT infrastructure across all company-approved devices. For example, our workplace wealth_ offering aggregates all of a wealth management practice’s IT, apps and data into one secure, cloud-based digital hub. As experts in both IT and financial services, we stay on top of changing federal regulations from the SEC and FINRA, as well as the new state-specific rules, rolling out updates as new regulations and cyber-threats emerge. This enables wealth managers and financial institutions to focus on their core business objectives without diverting time and resources to cybersecurity and IT, which they may not be able to manage and monitor internally.
As more states follow the lead of Colorado and New York on cybersecurity regulations, financial services firms that maintain offices in, and do business in, multiple states will find regulatory compliance to be a much more complicated undertaking than ever before. Fortunately, turnkey IT solutions can give financial firms peace of mind that they can continue to operate their businesses while experts in cybersecurity and compliance worry about evolving regulations.