Each week we’re giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser ("RIA") compliance and regulatory issues. This week's recap focuses on cybersecurity, Securities and Exchange Commission's ("SEC") Regulation Best Interest ("RegBI"), and proposed proxy rule changes.
Here's our top investment adviser compliance articles for the week of January 24th, 2020:
1. SEC Releases Cybersecurity, Data Loss Best Practices (Author - Melanie Waddell, ThinkAdvisor)
On Monday, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a Cybersecurity and Resiliency Observation report detailing its observations from examinations around cybersecurity practices in the areas of governance and risk management, access and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. In this article, Melanie Waddell walks through highlights of the report and security measures of organizations using mobile applications.
2. SEC publishes observations on industry cybersecurity practices (Author- Ryan W. Neal, InvestmentNews)
Ryan W. Neal walks through OCIE’s recently released report of observations related to cybersecurity and resiliency. This report is based on thousands of examinations of SEC-registrants. According to Neal, “OCIE acknowledged that there is no one-size-fits-all approach to cybersecurity and that the approaches highlighted may not be appropriate for all organizations. The observations are meant more as guidelines for firms considering how to improve their cybersecurity preparedness and response procedures.”
3. Cybersecurity means protecting printers, computers, too (Author - Wes Stilman, Financial Planning)
Wes Stilman suggests that while firms focus on their fintech stack, they often neglect to prioritize everyday technology such as printers, personal computers, internet service providers, firewalls, and basic software applications. Stilman offers tips for RIA firms to build an effective cybersecurity and IT policy to protect everyday technologies. This includes building an architected environment, access control, and layers of access protection. “Without access controls for the tech stack, RIAs open up themselves and their clients to phishing scams, data breaches and so much more. They risk exposing their interactions to bad actors who will hack accounts and monitor firm transactions and client engagement,” Stilman states.
As the SEC has finalized its Regulation Best Interest (“RegBI”), Form CRS Rule, and Standard of Conduct for Investment Advisers (“RIA Interpretation”), Fred Reish discusses the SEC’s guidance and offers his comments on the rules. Reish provides specific examples and summarizes the SEC’s guidance on each of the above rules. “For those that haven’t been paying close attention to recent SEC pronouncements and litigation, the SEC is taking the position that investment advisers have at least two broad duties: the duty of care (stated above ‘advice in the best interests of their clients’) and the duty of loyalty (e.g., a duty to fully and fairly disclose material facts about conflicts of interest),” Reish states.
As environmental, social and governance factors become a high priority to investors, the SEC’s proposed proxy voting changes continues to be a topic of debate. According to Ginger Szala, the Investor-as-Owner Subcommittee of the SEC Investor Advisory Committee (“IAC”) stated in its comment letter to the SEC, “In addition to republishing the rule proposals, the SEC should reconsider the guidance actions it took in the summer of 2019. Our review [is] … that the guidance did not achieve what it sought to achieve, i.e., clarity for market participants.” Industry experts including John Hale of Morningstar and Barbara Roper of the Consumer Federation of America weigh in on the issue providing their viewpoints on the IAC’s comment letter.
Don't forget to check out last week's top RIA compliance news articles focusing on SEC exam priorities for 2020, how to create a successful succession plan, and how to handle changing your fee structure.