ARLINGTON, Va. -- Brokers' practices are facing increased scrutiny on another front.
SEC examiners are planning to launch a retirement sweep, evaluating how brokers and advisors handle these issues, following President Obama's support of the Labor Department's fiduciary proposal for retirement advisors.
The SEC will also deepen its cybersecurity probe with a second wave of exams.
Jane Jarcho, national associate director of investment advisor and investment company exams at the SEC's Office of Compliance Inspections and Examinations, said that cybersecurity and retirement issues sit at the top of her division's priority list as examiners survey the advisor and broker markets.
OCIE recently released the preliminary results of a set of sweep exams looking at cybersecurity, and Jarcho indicated that a similar initiative is coming in the retirement space, though she emphasized that the effort is still very much under development within the commission.
"As we sat down to think about how to do this, it really turned out to be kind of hard to get our arms around what would be the most efficient and sensible way to do it. And so we decided that we would do it in phases, and then let the next phase sort of inform how we went onward," she said, last week at the Investment Adviser Association's annual compliance summit.
But her team is inclined to begin its probe in the brokerage side of the industry.
"I think the first phase will actually probably look more at broker-dealers and broker-dealers' platforms for those selling retirement products and things like that," she said. "I think we will get that information and use it to inform our next phase."
Jarcho emphasized that the retirement initiative is designed as a long-term effort, and will entail a close coordination between SEC staffers who focus on RIAs and broker-dealer examiners.
In January, when the SEC released its examination priorities for 2015, the commission made plain its concerns about the types of advice and product recommendations advisors are offering to investors planning retirement, warning about complex products, hefty fees associated with rollovers, and suitability and account placement, among other issues.
CYBERSECURITY SWEEP FINDINGS
Cybersecurity also figured prominently in that priorities letter, and Jarcho noted that the sweep exams revealed that most advisors have moved to establish a formal security framework within their practice, but that employee training remains a weak spot.
"We found that firms generally adopted policies and procedures to mitigate and manage cybersecurity risk. We found that firms were in fact generally conducting periodic risk assessments to identify cybersecurity threats and vulnerabilities," she said. "Most customer losses were the result of a firm employee not following procedures, not the failure of firms to have such policies in place."
The exams also found a notable inconsistency within the industry.
"Interestingly, we found that, in general, broker-dealers tended to have better policies and procedures in place than investment advisors did," Jarcho said.
Whereas the first phase of the cybersecurity initiative was more of a broad-based fact-finding expedition, Jarcho explained that the next stage will see a more focused inquiry, with examiners taking a closer look at perhaps five or seven areas that are of the greatest concern.
That second wave of the cybersecurity review will likely get underway this summer, she said. Among the topics examiners are expected to focus on include how advisors and brokers handle security when they partner with third-party vendors, authentication and access, and firms' incident response plans.
"They'll be a little more in-depth on fewer topics," Jarcho said of the coming reviews.
Kenneth Corbin is a Financial Planning contributing writer in Washington.
- 5 Things Regulators Want to Know About the Way You Do Business
- SEC Warns Firm Leaders on Cybersecurity Policies
- SEC, FINRA Warn on Cybersecurity
- SEC Needs to Take Ownership of Fiduciary Duty Question