Effective January 1, 2022 – All PA State Registered Investment Adviser firms required to submit financial statements must submit them through the DOBS Portal. Please use resources found under 9/3/2021 news update for further instructions and/or access. Do not submit any financial statements to the Resource Account. Financial statements are due 120 days after the end of your fiscal year. Please direct all questions to RA-BNSECURITIESLIC1@pa.gov.
Effective September 7, 2021, all new investment adviser registration requests will be processed through the DoBS Portal.
What is the DoBS Portal?
- The Portal is a web-based, Self-service system designed to perform all the licensing and examination functions you currently perform using paper forms and mail.
- The Portal ensures increased security over all prior methods of delivery.
You must create a Keystone Login to access the Portal
After creating your Keystone Login:
- The DoBS Portal will allow you to access the dashboard that is appropriate for your specific industry. The services and benefits of the DoBS Portal will differ based on industry, license, or registration type.
What can Securities institutions do in the DoBS Portal?
- The Portal can be used to upload supplemental documents as required by the Department during an initial registration, financial review, or examination.
- Broker-dealers, agents, investment advisers, investment adviser representatives, and notice filers will continue to register through the Central Registration Depository (CRD) or the Investment Adviser Registration Depository (IARD).
Securities External DoBS Portal User Guide (PDF)
Securities FAQs (PDF)
Accounting FAQs (PDF)
The Pennsylvania Department of Banking and Securities Reminds
Firms to Contact Regulators with issues Related to Solarwind Breach
The Pennsylvania Department of Banking and Securities (PADOBS) is reminding financial service registrants, state-registered investment advisers and intrastate broker-dealers, to report any known issues or concerns related to the recent SolarWinds cybersecurity incident to their primary securities regulator.
In December 2020, the federal government has reported that SolarWinds, a vendor that provides updating and monitoring software to numerous government agencies and private companies, was the victim of a breach that caused SolarWinds Orion Network Management Products to transmit malware to many of its clients, including federal, state, and local governments, as well as other private sector entities.
The U.S. Department of Homeland Security's Cybersecurity & Infrastructure Security Agency has issued an alert that describes the threat and provides guidance on how to address it. The alert is available here: https://www.cisa.gov/supply-chain-compromise.
The PADOBS is issuing this reminder to raise awareness among state registrants and to provide information and resources to help those affected to recover quickly and protect their clients and colleagues.
Any firm with known malicious versions of the SolarWinds Orion software should contact its primary regulator. State-registered investment advisers and intrastate broker-dealers in Pennsylvania should contact PADOBS at RA-BNSECURITIESLIC1@pa.gov .
Pennsylvania Department of Banking and Securities
Bureau Position on Custody Requirements for Investment Advisers (PDF)
Bureau Postion on the Use of Client Usernames and/or Passwords (PDF)
Modernization and Updates to Securities Regulations
Secretary of Banking and Securities Robin L. Wiessmann announced the modernization and update of rules governing the securities industry in Pennsylvania. These rule changes took effect following their publication in the Pennsylvania Bulletin on January 13, 2018. Read press release here.
The Department continues to work collaboratively with federal regulators, other states financial regulators, and other Commonwealth agencies to address cybersecurity challenges.
Federal Government Principles on Responding to Cyber Incidents
A Presidential Policy Directive (PPD-41) released on July 26, 2016, sets forth principles governing the federal government’s response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, PPD-41 also establishes lead federal agencies and an architecture for coordinating the broader federal government response. Learn more: http://bit.ly/2aeAUtZ