Print PDF
Colorado Proposes New Cybersecurity Regulations for Investment Advisors and Broker-Dealers - IP Blog

Authored by Shane Olafson

The Colorado Department of Regulatory Agencies recently published a notice regarding proposed changes to the Colorado Securities Act (the “Proposal”).  This Proposal seeks to add two new rules to the Securities Act (Rule 51-4.8 and 51-4.14), each of which impose various cybersecurity requirements on broker-dealers and investment advisers, respectively. A redline showing the proposed amendments can be found here:

As stated in the Proposal: “The general purpose of adding [the new rules] is to clarify what a broker-dealer and investment adviser must do in order to protect information stored electronically. The Rule provides guidance to broker-dealers and investment advisers on what factors the Division will consider when determining if the procedures by the firm are reasonably designed to ensure cybersecurity.”

Among other obligations, the Proposal would require these entities to establish and maintain certain written procedures designed to ensure cybersecurity, to include cybersecurity as part of their risk assessments, and to the extent reasonably possible, to provide for:

  • Annual cybersecurity risk assessments;
  • The use of secure email, including encryption and digital signatures;
  • Authentication for employee access to electronic communications, databases, and media;
  • Procedures for authenticating client instructions received via electronic communication; and
  • Disclosure to clients of the risks of using electronic communications.

A public hearing on the proposed rules is scheduled for May 2, 2017 at the Colorado Department of Regulatory Agencies.

Tags: Data Privacy and Cybersecurity

About This Blog

Lewis Roca is immersed in your industry and invested in your success. We share insights and trends that can affect your business.





Recent Posts

Jump to Page

How Can We
Help You?

By using this site, you agree to our updated Privacy Policy and our Terms of Use.