'Hottest' Issues in Advisor Compliance
July 20, 2015 8:30 AM
'Hottest' Issues in Advisor Compliance
What are advisors thinking about most when it comes to compliance?
Among RIA compliance professionals, cybersecurity remains a leading area of concern -- and more firms are rethinking how they protect their data. Nearly 88% of respondents name issues around security, privacy and identity theft as the "hottest" compliance topics for 2015, up from 75% last year, according to a new study from the Investment Adviser Association, ACA Compliance Group and asset manager OMAM.
While regulators at the SEC and FINRA have been taking a close look at how firms are protecting their information systems and sensitive client data, cybersecurity is just one of a host of compliance challenges advisors are juggling.
Here's a closer look at how advisors are thinking about cybersecurity and other key compliance issues. Page through for highlights from the survey, or click here for a one-page version. --Kenneth Corbin
Among RIA compliance professionals, cybersecurity remains a leading area of concern -- and more firms are rethinking how they protect their data. Nearly 88% of respondents name issues around security, privacy and identity theft as the "hottest" compliance topics for 2015, up from 75% last year, according to a new study from the Investment Adviser Association, ACA Compliance Group and asset manager OMAM.
While regulators at the SEC and FINRA have been taking a close look at how firms are protecting their information systems and sensitive client data, cybersecurity is just one of a host of compliance challenges advisors are juggling.
Here's a closer look at how advisors are thinking about cybersecurity and other key compliance issues. Page through for highlights from the survey, or click here for a one-page version. --Kenneth Corbin
'Hottest' Issues in Advisor Compliance
In a survey of 474 advisory firms, respondents reported they are automating more processes with technology and building out more formal programs around cybersecurity, with the majority of firms citing data security one of the "hottest" compliance issues this year. And yet, many firms still have not set up a standalone security program.
"It is ironic, isn't it?" says Duane Thompson, senior policy analyst at fi360, a fiduciary training firm. "Cybersecurity is probably top of mind for most advisors since it's in the headlines almost daily. However, it may require prodding from the regulators since many of the smaller firms may think the odds of a breach are much less since it's only the big firms in the headlines."
Sanjay Lamba, assistant general counsel at the IAA, counters that the trend line indicates that cybersecurity is becoming an area of increased focus within RIA shops.
"I would point out that the number of firms responding that they have a standalone policy has gone up significantly in just the past year," Lamba says. "So at the end of the day, the results show that an overwhelming majority of respondents have considered and attempted to implement appropriate measures to deal with cybersecurity."
"It is ironic, isn't it?" says Duane Thompson, senior policy analyst at fi360, a fiduciary training firm. "Cybersecurity is probably top of mind for most advisors since it's in the headlines almost daily. However, it may require prodding from the regulators since many of the smaller firms may think the odds of a breach are much less since it's only the big firms in the headlines."
Sanjay Lamba, assistant general counsel at the IAA, counters that the trend line indicates that cybersecurity is becoming an area of increased focus within RIA shops.
"I would point out that the number of firms responding that they have a standalone policy has gone up significantly in just the past year," Lamba says. "So at the end of the day, the results show that an overwhelming majority of respondents have considered and attempted to implement appropriate measures to deal with cybersecurity."
'Hottest' Issues in Advisor Compliance
Cyber liability insurance has been getting more attention within the industry, but a majority of advisors are still sitting on the sidelines.
Only 17.22% of those surveyed have a policy, and another 14.4% are considering buying one. "I would expect this to be a growing trend, especially as advisors become more aware of the types of coverages available," Lamba says.
Only 17.22% of those surveyed have a policy, and another 14.4% are considering buying one. "I would expect this to be a growing trend, especially as advisors become more aware of the types of coverages available," Lamba says.
'Hottest' Issues in Advisor Compliance
Security experts urge firms to think beyond their own systems and policies, and consider all potential access points into their systems. While a majority of firms check how their vendors manage cybersecurity, the survey indicates that many advisors are lax in their vetting of third-party vendors. Thirty-five percent of those surveyed annually conduct due diligence on how key vendors manage cybersecurity while 13.9% do so for new relationships.
"From what I can tell from the SEC and FINRA [security sweep exams], as a rule of thumb, the larger the firm, the more resources are being allocated to all aspects of cybersecurity including reviews of third-party vendors," Thompson says.
"From what I can tell from the SEC and FINRA [security sweep exams], as a rule of thumb, the larger the firm, the more resources are being allocated to all aspects of cybersecurity including reviews of third-party vendors," Thompson says.
'Hottest' Issues in Advisor Compliance
IT is one of the preferred areas where advisors are outsourcing, in many cases with a hybrid effort that involves some internal staff and some outside contractors.
'Hottest' Issues in Advisor Compliance
More firms are conducting mock SEC exams, either internally or by engaging a third party, to ensure they are prepared for an audit. While 30% said they do not do so, another 19% who do not currently do mock exams are planning to in the future.
"I think the survey results show that CCOs consider SEC-type mock exams as another effective tool from the toolbox they can use to improve their compliance programs," Lamba says.
"I think the survey results show that CCOs consider SEC-type mock exams as another effective tool from the toolbox they can use to improve their compliance programs," Lamba says.
'Hottest' Issues in Advisor Compliance
As advisory shops become more technology-driven operations, many firms have turned to automated trade order management systems.
'Hottest' Issues in Advisor Compliance
In the age of email and social media, many advisors are facing new requirements to monitor and archive electronic communications. More than 90% of respondents said they have developed a formal or informal social media policy for their firm. And while nearly half of respondents (47%) say that that type of surveillance has not been "particularly" useful in identifying recent compliance issues, advisors are still holding onto the records.
