Oct. 22, 2023
Dear Securities and Exchange Commission, I am writing to provide my public comment on the proposal "Safeguarding Advisory Client Assets." While I appreciate the SEC's efforts to enhance investor protections and address gaps in the custody rule, I have concerns regarding the privacy and security of client assets, particularly in relation to digital assets. First and foremost, the proposal does not adequately address the privacy concerns associated with the custody of digital assets. As technology continues to advance, it is more important than ever to prioritize the protection of sensitive financial data. Allowing numerous third parties to have access to investors' personal information, including social security numbers, raises significant privacy concerns. Without proper safeguards in place, investors' assets are at risk of falling into the wrong hands. Moreover, the proposal fails to sufficiently address the security of digital assets. This is particularly concerning given the increasing prevalence of cyber threats in today's digital landscape. Investment advisers must have robust cybersecurity measures in place to protect client assets from malicious actors. Regrettably, the proposal does not outline specific requirements or standards to ensure the adequate safeguarding of digital assets. This omission leaves a significant gap in investor protection and exposes client assets to unnecessary risks. In light of these concerns, I urge the SEC to consider the following recommendations: Implement stronger privacy protections: The proposal should require investment advisers to adopt strict privacy policies and procedures to protect client information. These policies should include provisions for secure storage, limited access, and encryption of sensitive data. Establish robust cybersecurity standards: The SEC should establish clear and enforceable cybersecurity standards to ensure the protection of digital assets. Investment advisers should be held accountable for implementing comprehensive cybersecurity measures, including regular security assessments, employee training, and incident response plans. Encourage transparency and accountability: The proposal should require investment advisers to disclose their data protection practices to clients, enabling them to make informed decisions about the security of their assets. Additionally, regular audits and assessments should be conducted to ensure compliance with privacy and security regulations. In conclusion, the SEC's proposal "Safeguarding Advisory Client Assets" represents a crucial step towards enhancing investor protections. However, the lack of consideration for privacy and security concerns, particularly regarding digital assets, is concerning. By incorporating stronger privacy protections, robust cybersecurity standards, and greater transparency, the SEC can foster a safer and more secure investment environment for all investors. Thank you for considering my comments. I trust that you will give serious consideration to the issues raised and take the necessary steps to ensure adequate privacy and security safeguards in the final rule. Sincerely, Dennis Marso