Vermont’s financial regulator proposed new securities rules on Friday, requiring advisors to adopt increased safeguards around cybersecurity and elder financial abuse. The new rules, based on NASAA (North American Securities Administrators Association) model rules, will affect some 1,000 RIAs under the jurisdiction of the Vermont Securities Commissioner.
Under the new rules, securities professionals must “establish and maintain written procedures reasonably designed to ensure cybersecurity,” according to the 119-page rule proposal. To determine the “reasonableness” of a firm’s policies, the state’s commissioner may consider the firm’s size, third-party relationships, employee training, electronic communications and procedures around reporting lost or stolen devices.
Firms are also required to perform annual risk assessments, use secure email and leverage authentication safeguards for both employees and clients accessing information. Firms also would be required to pay for identity restoration services for affected clients and maintain evidence of “adequate” insurance to cover a cyber breach.
The state also made changes around elder abuse—similar to those proposed by FINRA and NASAA. When advisors suspect a vulnerable adult is suffering financial abuse, they must report the situation to adult protective services and the securities commissioner.
The regulator is also proposing a 15-day “safe harbor” period, where firms would have immunity from any civil or administrative liability if they suspend the distribution of funds or securities from the accounts of vulnerable investors when exploitation is suspected. Under the proposal, firms must notify all parties, including regulators, of any delayed disbursements no later than two days after a request is made.
The proposed rules would replace a set of interim regulations put into place in 2006. Much of the newly proposed regulation is information drawn from existing policy statements and administrative orders, according to John Jascob, an analyst with the Securities group at Wolters Kluwer. Most changes are primarily related to formatting, inserting gender neutrality and placing the rules into “plain English” when possible, as well as ensuring uniformity with rules by NASAA and other states, added Christopher Smith, Director of Capital Markets for the Vermont regulator.
A hearing to review the proposal is scheduled for March 22, 2016, while the deadline for public comment is March 29, 2016.