When it comes to cybersecurity, independence doesn’t have to mean going it alone

Financial advisors face a barrage of challenges managing risks and making sure they comply with constantly changing regulatory requirements. Staying abreast of cybersecurity trends is one such challenge that’s been making headlines lately thanks to an increase in attacks and moves by several key industry players to step up requirements for protections against cyber threats.

For advisors who choose to operate independently, the increasingly complex security landscape introduces new questions about how to best manage risk without creating an undue strain on the business.

The good news is that independent advisors don’t have to go it alone. If you’re an advisor who wants to maintain your independence but still have access to the compliance resources and scale of a larger enterprise, you have options.

While the Securities and Exchange Commission (SEC) doesn’t mandate that advisors have an errors & omissions (E&O) policy including cybersecurity insurance, it has been actively encouraging advisors to take cyber risk seriously. The SEC issued a Risk Alert in 2020, highlighting an increase in cyber attacks against RIAs and broker-dealers using credential stuffing – a method of cyber attack to client accounts that uses compromised client login credentials, resulting in the possible loss of customer assets and unauthorized disclosure of sensitive personal information. The commission warned that failure to mitigate cyber threats significantly increases risks for financial firms and their clients.

In the absence of a regulatory requirement, some states and large custodians are going one step further and now mandating that advisors have a certain level of E&O protection in place. Just last month, Schwab Advisor Services was in the news for its move to require that its 13,000 RIAs buy E&O insurance. Other large custodians are strongly encouraging advisors to do so, and several states have introduced requirements over the last few years.

The message to all independent advisors is clear: If E&O insurance was previously considered just one option in the arsenal of tools to protect your business… it’s not really an option anymore. While many advisors may still not be required to have a policy, it’s not something to skimp on if you want to protect the business you’ve worked so hard to build.

Clearly, navigating the increasingly complex compliance landscape is becoming more challenging for independent advisors to do on their own. Keeping track of compliance and information security issues presents a burdensome distraction from the day-to-day priorities of running an advisory business and managing client relationships – one that comes at high risk if you don’t get it right.

One option for smaller RIAs is to join forces with another RIA. Indeed, pressures caused by heightened regulatory scrutiny is one of the key drivers of consolidation of smaller firms. These firms are looking to combine their resources to afford a dedicated risk and compliance staff.

The downside to this approach, however, is less control over how risk decisions are made. As regulations are evolving, we will likely see a move away from best practices and strong recommendations into actual requirements handed down to all in a very prescriptive manner.

Other advisors look to lean on trusted partners to help take some of the weight off their shoulders. This can be a good option for advisors who want to maintain independence but recognize that they need dedicated risk and compliance support. Consider a firm that has a deep bench of compliance expertise and resources that can eliminate the need for dedicated specialists on your staff.

One of the barriers to more advisors getting E&O coverage is cost. Comprehensive E&O coverage can cost several thousand dollars a year per producer. Partner with a firm that provides competitive rates for their E&O insurance policy, including additional cybersecurity coverage subject to certain exclusions that standard E&O policies may not cover.

Whatever path you choose, it’s important to take the first step of evaluating how well your business is protected today. Then, you can weigh your options and put a robust plan in place to protect your business and your clients.