SEC's Cybersecurity Initiative: Technology and Policies Must Line Up

Stark & Stark and Right Size Solutions Collaborate to Help RIAs Demonstrate Risk Preparedness

OVERLAND PARK, Kan., Sept. 11, 2014 /PRNewswire-iReach/ -- Registered Investment Advisors who fail to produce a written cybersecurity policy may find themselves with a deficiency noted during their routine examination process based on new review guidelines from the Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE). A risk alert issued in April by the OCIE notified all registered broker/dealers and investment advisers that cybersecurity preparedness is to be a major focus of impending examinations. The alert included a 7-page appendix of sample questions that address a broad range of issues and technical coverage.

Photo -


"It's not enough just to have secure technology," explained Wes Stillman, Founder and President of Right Size Solutions, an intelligent cloud technology firm providing business and technology management to the financial services sector. "Financial firms need to have the written policies and procedures which demonstrate they are doing what they say they're going to do to combat cybersecurity threats."

Comprehensive Solution

In order to help RIAs meet this new scrutiny, Right Size Solutions turned to the legal leaders in the financial service industry, Stark & Stark Attorneys at Law.

Stark & Stark coordinated with Right Size Solutions to create a Cybersecurity Policy that can be customized to Right Size Solutions' RIA clients' specific requirements. The written policy includes operational procedures that match technology implementation in order to carry out the stipulated policy. Information regarding Right Size Solutions security policies and practices developed to ensure privacy is built into the Cybersecurity Policy.

"We have the technology, reporting and policies built into our platform that will be customized based on the RIA's written policies," explained Stillman. "The RIA and their compliance team must create the actual security policy themselves. However, working with Stark & Stark to prepare the policy makes the process very simple because they have already included our core capabilities into the Cybersecurity Policy and can now modify the policy to meet each client's unique requirements."

The final step in the process is for Right Size Solutions to customize the technology policies to match the RIA's newly written Cybersecurity Policy.

"The Risk Alert is not the end of the world. I believe a well thought out policy is what the SEC is really looking for – not just a bunch of techno-babble about firewalls and such," said Stillman.

Not Scary, Just Overwhelming

Based on the extensive sample requests from the alert, the added burden to RIAs is obvious, according to Stillman. Advisor Fred Cornelius agrees: "We were a bit overwhelmed as to the comprehensive and complicated nature of the SEC requests but also relieved as to the specificity of what is required," said Fred Cornelius, President of Burt Wealth Advisors in Rockville, MD. "It was difficult to know where to start and we have attempted to address many of these issues in a vacuum which has proved difficult."

While additional scrutiny from the SEC is rarely greeted as a happy occurrence, Stillman is confident that clients will find their more comprehensive, big picture solution a rather pain-free means for meeting this new regulatory burden. 

"From a client perspective, I think the integration of the policy with the legal expertise from Stark & Stark and the technology infrastructure solution from Right Size Solutions is a winning combination," said Cornelius. "This is a great value add."

"This is an awesome service that goes above and beyond," says Janet A. Stanzak, 2014 President of Financial Planning Association.


Although there is not yet a formal regulation on this matter, the SEC is sending a clear message:  RIAs need to develop policies and procedures to reduce the risk of cybersecurity breaches.

"While these new regulations are very complex and onerous, I do believe that this is an area of regulation that truly benefits and protects consumers so having a team in place, to not only meet the regulations but also protect your clients, is a best practice," said Cornelius.

About Right Size Solutions, Inc.

Recognizing that the cost of technology is a significant management concern, Right Size Solutions, Inc. provides co-sourced technology and technology staffing services to financial service, health care and professional organizations. They strive to improve the profitability of their client firms by leveraging their technology investment, thereby reducing costs and dramatically improving productivity. Wesley Stillman founded Right Size Solutions in 2002 and serves as the firm's chief executive. Mr. Stillman has 30 years of experience managing technology and technology consulting operations within the financial service, technology and transportation sectors. To learn more, visit:

About Stark & Stark Attorneys at Law

The Securities Practice Group of Stark & Stark represents investment advisers, financial planners, broker-dealers, CPA firms, registered representatives, public and private investment companies, and investors throughout the United States. Tom Giachetti serves as the Chair of the Securities Practice Group at Stark & Stark. Mr. Giachetti is a recognized author and commentator on investment-related legal matters and a frequent lecturer at securities industry compliance events. He also serves as an expert witness in securities litigation/arbitration matters across the country. For more information, visit:

Media Contact: Karen Embry, Impact Communications, 913-649-5009,

News distributed by PR Newswire iReach:


SOURCE Stark & Stark



High Tech Security, Computer Electronics, Banking & Financial Services

Need Help