RIA Compliance and Practice Management Blog

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on the Securities and Exchange Commission ("SEC") exam rate, Regulation Best Interest ("Reg BI") progress, and the pros and cons of mandatory arbitration. Check back each week for the latest list of top stories.

What is Non-Public Information?

Most registered investment adviser ("RIA") firms have access to a variety of personally identifiable financial information for their clients, which constitutes non-public personal information (“NPI”). For investment advisers, the treatment of this information is governed at a federal level by the Securities and Exchange Commission’s Regulation S-P. This encompasses a broad range of data when it comes to a firm's clients, who are generally considered to be “consumers” under Regulation S-P. Advisory firms should be aware that many states have their own regulations governing protection of non-public information and similar data, which are often more protective than the federal requirements.

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on Securities and Exchange Commission ("SEC") regulatory exams, fee disclosures, and fiduciary standards. Check back each week for the latest list of top stories.

Unfortunately, a registered investment adviser ("RIA") firm’s clients may be even more vulnerable to a cybersecurity breach than an RIA firm and or its employees. Hackers continue to more aggressively target high and ultra high net worth individuals as criminals recognize such individuals offer greater potential financial exploitation opportunity. In a recent cybersecurity report, Verizon noted that 76% of cybersecurity breaches were financially motivated. With that primary motivation, brokers’ and investments advisers’ clients are unfortunately a top target. This means that hackers may already be targeting an investment advisory firm’s clients with email phishing and social engineering efforts, often focusing on accessing clients' personal email accounts.

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on the progress of Regulation Best Interest ("Reg BI") and share class selection. Check back each week for the latest list of top stories.

Many registered investment adviser ("RIA") firms haven’t thought about what would happen to their business in the cases of death, being disabled, or even natural disaster. Even if the firm does have a plan, it is often outdated or the designated person(s) of succession are not aware of the decision or don’t have the proper instructions to move forward in the case that the firm experiences an interruption. The objective of establishing a business continuity plan is to hold the firm to their fiduciary obligations and minimize any potential harm to clients due to service interruption. Below we walk through some regulatory and business considerations in regards to business continuity and succession plans, types of firm interruptions, and tips on building your firm's business continuity plan ("BCP").

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on cybersecurity, compliance as the most important back office consideration, and technology selection. Check back each week for the latest list of top stories.

One of our company's longstanding commitments is investing time and resources to make the RIA in a Box service more valuable to the clients we serve. Since launching MyRIACompliance^TM in 2014, we have sought to make our service more efficient and higher quality by combining our human expertise with new tools and features. At RIA in a Box, we release new compliance software features and enhancements on a daily basis. Some of our more notable releases in recent months include a new integration with Morningstar Office Cloud and our new regulatory audit prep tool.

Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on senior clients, robo advisors, mutual fund share class regulatory issues, and cybersecurity. Check back each week for the latest list of top stories.

Sophisticated bad actors looking to gain access to a registered investment adviser ("RIA") firm’s sensitive and non-public information may look to target the firm via a ransomware cyber attack. In a ransomware attack, hackers look to access personal or company data, block the individual or company's access to that information, and hold it hostage until a ransom is paid to unlock the data. In other instances, if the bad actor gains access to potentially embarrassing or sensitive information, the hacker will threaten to distribute the information publicly if the ransom is not paid.

Ransomware is a specific type of malware that when installed on a computer or server, encrypts the data preventing the advisory firm from accessing the data without the decryption key. In other ransomware attacks, access to a staff member's entire computer is locked or their computer is prevented from being able to load. Ransomware malware is often circulated via phishing emails and most commonly installed when a staff member downloads a malicious file via an email attachment or web link or by clicking on a link within a phishing email. Once exploited, the user receives a message on the computer screen with instructions on how to pay the ransom to unlock the data. The Federal Bureau of Investigation generally encourages businesses to not pay such ransoms. And even if the ransom is paid, there is no guarantee that the data will be released.