Ongoing RIA Compliance Requirements. The Office of Compliance Inspections and Examinations (“OCIE”) issued a risk alert on May 23rd concerning the security risks with storage of electronic customer information on network cloud service providers.
The Summary of Examination Observations includes the following:
- Misconfigured network storage solutions: Registered Investment Advisors and Broker Dealers did not adequately configure the security setting on their network storage solution to protect against unauthorized access.
- Inadequate oversight of vendor-provided network storage solutions: Firms did not ensure that the security settings on vendor-provided network storage solutions were configured to coincide with the RIA or Broker Dealer’s standards.
- Insufficient data classification policies and procedures. Firms policies and procedures did not identify the different types of data stored electronically by the firm and the appropriate controls for each type of data.
How to meet your Ongoing RIA Compliance Requirements?
Review your security settings with your network storage solution to confirm the service is configured in accordance with your firm’s standards. Review your RIA firm’s policy and procedures to ensure they cover data classification, vendor oversight and security features are being met by your cloud based service provider. These steps will help your firm meet its requirements.
