The Mutual Fund Dealers Association (MFDA) has published a bulletin explaining the steps dealers should take to develop and implement cybersecurity controls.
MFDA bulletin #0690–C was issued on May 19. In it, the regulator says mutual fund dealers need to establish and maintain appropriate cybersecurity procedures in order to protect their networks, computers, programs, and data from attack, damage, and unauthorized access.
Reputational or monetary harm
"Cybersecurity is an important issue for all Members to consider due to the potential for harm to clients, Members, and to the investment industry in general," reads the bulletin. "Such harm can be reputational and/or monetary, and may lead to a major disruption in a Member’s operations."
The bulletin goes on to outline a number of basic and widely used cybersecurity concepts. For example, the MFDA recommends that dealers screen their personnel in order to identify insider threats from new, current, and departing employees and contractors. The bulletin also says that dealers need to consider having “clean desktop” policies. What’s more, fund dealers should have an incident response team, policies on how information breaches will be reported, as well as cyber insurance coverage.
These are just a few highlights from the bulletin. The entire document is available on the MFDA web site.