RIA Compliance and Practice Management Blog

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on the Securities and Exchange Commission's ("SEC") examination program and forthcoming guidance, the SEC's Regulation Best Interest ("Reg BI") rule, and why RIAs should expect examiners to scrutinize fees. Check back each week for the latest list of top stories.

Sophisticated bad actors looking to gain access to a registered investment adviser ("RIA") firm’s sensitive and non-public information may look to target the firm's individual staff members directly via a cyber attack method called social engineering. In this type of targeted attack, cyber criminals will research an individual staff member online looking for publicly available information that may help them answer the individual's personal security questions, decipher their usernames and passwords, or launch an email phishing attack specifically targeted at that individual based on what information has been discovered. If an RIA firm staff member is not careful, a hacker may be able to find his or her high school mascot, mother’s maiden name, date of birth, childhood street address, place of birth, children’s school, dog’s name, or even best friend’s name. This becomes a lot easier when an individual does not make a concerted effort to protect their own personal information online.

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on the Securities and Exchange Commission's ("SEC") Regulation Best Interest ("Reg BI") rule, brewing state fiduciary-related legislation, and the possible secession of local Financial Planning Association ("FPA") chapters across the country. Check back each week for the latest list of top stories.

On September 26, 2018, the Securities and Exchange Commission ("SEC") Division of Enforcement announced that it settled claims with a registered investment adviser ("RIA") firm that "agreed to pay $1 million to settle charges related to its failures in cybersecurity policies and procedures surrounding a cyber intrusion that compromised personal information of thousands of customers." In particular, the SEC charged the advisory firm with "violating the Safeguards Rule and the Identity Theft Red Flags Rule, which are designed to protect confidential customer information and protect customers from the risk of identity theft." This recent enforcement action is of particular note as it was the first SEC enforcement action to charge a firm with violations of the Identity Theft Red Flags Rule.

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on cybersecurity, regulatory exams for dual registrants, choosing office space when starting an RIA firm, and advisory fees. Check back each week for the latest list of top stories.

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on cybersecurity, the Securities and Exchange Commission's ("SEC'") Regulation Best Interest Proposal ("Reg BI"), and RIA custody rules. Check back each week for the latest list of top stories.

Since 2015, the U.S. Securities and Exchange Commission ("SEC") Office of Compliance Inspections and Examinations ("OCIE") has specifically listed cybersecurity as a registered investment adviser ("RIA") annual examination priority. Most recently, the SEC once again highlighted cybersecurity as a regulatory examination priority for 2019. In particular, the SEC OCIE staff noted, "Specific to investment advisers, SEC OCIE will… continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.” These six areas of focus for information security were first enumerated in a September 15, 2015 SEC RIA risk alert and have remain unchanged since.

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on cybersecurity, the Securities and Exchange Commission's ("SEC'") Regulation Best Interest Proposal ("Reg BI"), and advisor fee strategies. Check back each week for the latest list of top stories.

In 2018, the U.S. Securities and Exchange Commission ("SEC") Office of Compliance Inspections and Examinations ("OCIE") issued a series of registered investment adviser ("RIA") risk alerts. There are four particular risk alerts that are most relevant to traditional retail wealth management investments advisers: fee billing, best execution, cash solicitation, and electronic messaging. Risk alerts are generally issued based upon SEC OCIE staff observations and are designed to help RIA firms better "(i) assess their supervisory, compliance, and/or other risk management systems related to these risks, and (ii) make any changes, as may be appropriate, to address or strengthen such systems."