Data breaches bring in big business for regtech

DENTON, Texas — Partnerships between financial services firms have flourished in recent months, opening up vast troves of valuable consumer data to fintechs and mature companies alike.

But an unforeseen casualty from the advent of new data sharing techniques has been compromised data security.

The most recent data leak came from BlackRock. Earlier this month, the firm acknowledged it had inadvertently published the names, email addresses and other information of 20,000 advisors online. While no sensitive information was made public, industry experts and regulators, notably the SEC, have warned RIAs to take extra precautions securing the access to client information.

RIAs have begun to arm themselves against the threat. Close to 70% of firms are now using some form of technology in their compliance programs, according to the Investment Advisor Association’s 2018 compliance survey. And more than half of the 450 firms surveyed believe increases in technology usage and spending are coming in the near future.

The latest such offering from compliance software firm RIA in a Box lets advisors automate documentation sharing and tracking with vendors, including email compliance, data security and cybersecurity policies. Called the Vendor Due Diligence tool, it opens up a digital connection between RIA firms and vendors to share due diligence documentation. Vendors can manage which RIA firms have access and share updated version.

“Cybersecurity continues to be top of mind for the wealth management industry and a trend we see both firms and the SEC focused on in 2019,” says RIA in a Box President GJ King.

Morningstar, Orion and Riskalyze have already signed on as clients, according to the firm. “When advisors are preparing for a SEC audit, confirming vendor cybersecurity compliance is a critical part of the process,” says Aaron Klein, Riskalyze CEO, in a statement.

Orion has also increased data protection for retail investors. Through integrations, Orion is offering advisors credit and identity monitoring, as well as access to recovery services such as identity restoration and identity theft protection, in the event of an unforeseen breach.

The tools are accessed directly through Orion’s Client Portal.

“The risk of data breach and identity theft continues to be a growing threat for firms and the advisors held responsible for protecting clients from exposure,” says Orion CEO Eric Clarke, adding that the cybersecurity world is evolving and advisor should brace for the “unthinkable.”

SEC Chairman Jay Clayton has doubled down on efforts to combat cyberattacks and committed to increasing advisor reviews to respond to media and congressional criticism that the agency needs to enhance industry supervision.

“Cybersecurity protection is critical to the operation of the financial markets,” the agency wrote in a its 2019 examination priorities. “The impact of a successful cyber attack may have consequences that extend beyond the firm compromised to other market participants and retail investors, who may not be well informed of these risks and consequences.”

Launched in 2005, RIA in a Box now has roughly 1,700 RIAs as clients, according to the firm. Its basic package runs $250 per month for state registered firms and $500 per month for state registered firms. The tool is part of the MyRIACompliance software platform.

Data breaches hit a record 1,579 incidents in the U.S. alone in 2017, and financial services firms accounted for 8.5% of all attacks, including banks, credit unions, credit card companies, mortgage and loan brokers and investment firms.

The SEC’s Office of Compliance Inspections and Examinations completed 3,150 examinations in 2018, the most recent data available — a 10% increase over the prior year period. The office is expected to increase the number of firms it will examine in 2019.