PLANADVISER - November/December 2021 - 21

New Opportunities
" The good part of this new technology is that it really opens
up the business model for many advisers, " says Mike Shamburger,
head of core markets at T. Rowe Price in Baltimore.
" They're not limited to a specific region. If they get a referral
across the country and build a relationship over Zoom,
we have seen that can be as effective as going across the
country to meet in person. "
The increased efficiency of firms that have completed a
digital transformation has also positioned them for better
scalability and growth in the future.
" These virtual meetings and electronic tools that advisers
have absolutely perfected now set them up to do much more
with the staff they already have in place, " Moseley says. " I am
expecting adviser businesses to grow, and for them not to feel
the same growing pains they might have if they weren't using
these tools. There's simply more time on the calendar. "
Increased understanding and adoption of technology
The Essential Role of Cybersecurity
A
s more plan advisers have moved
their business to the cloud, they
have become, in many cases,
more efficient and better able to meet
their clients' needs. They have also
opened themselves up to a host of new
cybersecurity challenges just as cybercriminals
ramp up their attacks.
" It only takes one breach to change
a whole relationship and to damage
your reputation, " says Ron Lehmann of
Johnson Financial Group. " The reputational
risk of not having that buttoned
up is too high not to take it seriously.
We've had many discussions about the
next level of security and making sure
we're doing everything we possibly can. "
Recovering from a breach can have
significant costs for plan advisers, as
well. A study by IBM and the Ponemon
Institute found that data breaches
in 2020 and 2021 cost businesses an
average $4.24 million in lost revenue
as well as expenses related to crisis
management,
communication
and
post-breach services such as credit
monitoring. Plus, breaches can open
advisers up to lawsuits for failing to
employ proper mitigation efforts.
The retirement industry-and its
regulators-are aware of the growing
threat. Earlier this year, the Department
of Labor (DOL) released new cybersecurity
guidelines for plan fiduciaries. The
list includes recommendations for plan
sponsors, providers and individuals, all
of whom must work together to keep
the data within a 401(k) plan safe. The
Society of Professional Asset Managers
and Recordkeepers (SPARK) has also
issued
recommendations
regarding
cybersecurity best practices and is
developing standards to protect retirement
accounts.
Training and Education
Over 90% of adviser firms with cybersecurity
programs also conduct training
for their staff, according to Charles
Schwab's " 2021 RIA [Registered Investment
Adviser] Benchmarking Study, "
and over three-quarters have cybersecurity
insurance. Nearly half of those
surveyed offer client education as part
of their cybersecurity program.
That training can range from
reminders on the importance of recognizing
phishing emails and protecting
passwords, to best practices for
collecting and protecting participant
data.
" Advisers need to remain incredibly
vigilant on this, " says Adam Moseley of
Schwab Adviser Services. " Some of the
very best practices, however basic, are
incredibly important. "
In particular, it is important for
advisers to double-check any requests
by email to move money, open accounts
or send completed forms.
" We suggest that advisers be really
suspicious about these communications,
and rather than just responding
with an answer, pick up the phone
and call the client, " Moseley says. " If
a fraudster can make their way into
an end investor's email, they can use
that to send [illegitimate] instructions
to an adviser. That's only been made
worse as we've transitioned to everything
virtual. "
Fiduciary Responsibilities
While best practices may have
changed when it comes to cybersecurity,
the responsibility of fiduciaries
has not-they are still bound to
protect their participants' information,
accounts and assets.
Thus, plan sponsors have increased
interest in their own cybersecurity and
that of their service providers. Nearly
three-quarters of advisers recently
told Vestwell that their clients care
more about cybersecurity after the
past year. That likely reflects the fact
that not only are potential hacks up,
but the DOL has also begun auditing
plans to ensure they are following
proper security protocols.
" We've spent enormous resources to
make sure we are doing independent
reviews of all of our systems and any
partners that we use, " Lehmann says.
" We're doing penetration tests of all of
our providers, including ourselves. "
Sponsors are increasingly vetting
their advisers and other providers
based on their ability to deliver-and
document-cybersecurity.
Advisers
can help them with this task.
" We're talking cybersecurity with
all of our clients, " Lehmann says. " It's
another way we can add value. " -BB
planadviser.com November-December 2021 | 21
http://www.planadviser.com
PLANADVISER - November/December 2021

Table of Contents for the Digital Edition of PLANADVISER - November/December 2021
