More On Legal & Compliancefrom The Advisor's Professional Library
- Disaster Recovery Plans and Succession Planning RIAs owe a fiduciary duty to clients to prepare for disasters and other contingencies. If an RIA does not have a disaster recovery plan, clients financial well-being may be jeopardized. RIAs should also engage in succession planning, ensuring a smooth transaction if an owner or principal leaves.
- Conducting Due Diligence of Sub-Advisors and Third-Party Advisors Engaging in due-diligence of sub-advisors isnt just a recommended best practice it is part of the fiduciary obligation to a client. An RIA should be extremely reluctant to enter a relationship with a sub-advisor who claims the firms strategy is proprietary.
Protecting clients and their firms from cybersecurity threats is the top compliance chore for registered investment advisory firms, according to a poll released jointly Thursday by the Investment Adviser Association, ACA Compliance Group and Old Mutual Asset Management.
The groups’ ninth annual Investment Management Compliance Testing Survey — which polled 369 compliance professionals online from April 24 to May 23 — found that 75% of those polled rated cybersecurity/privacy/identity theft as the hottest compliance issue this year.
The survey polled advisory firms’ compliance officers on compliance testing with respect to cybersecurity, custody/identity theft/red flags, valuation, proxy voting policies and procedures, and international regulatory compliance. The survey also polled compliance pros on whistleblowing, directed brokerage and hot compliance topics.
“This year’s survey reveals that an exceptionally large segment of the industry views cybersecurity as a hot compliance topic,” said Laura Grossman, IAA’s assistant general counsel, in a statement. Compliance pros’ heightened awareness of cybersecurity threats is “encouraging,” she said, in light of the Securities and Exchange Commission’s heightened focus on cybersecurity issues. However, Grossman noted, “many advisors still have work to do to develop their cybersecurity programs.”
The survey found that 66% of respondents did not have a standalone cybersecurity policy. Fifty-two percent of respondents indicated that their cybersecurity policy had stayed the same or changed slightly since Jan. 1, 2013, while 34% reported that they were considering or were in the process of instituting a cybersecurity policy.
Seventy-seven percent of firms said they did not have a cybersecurity insurance policy, while 20% had purchased or were considering purchasing a cybersecurity insurance policy.
Eighty percent of respondents also said that they outsourced at least a portion of their IT services.
Compliance testing increased the most over last year’s survey results in the areas of advertising/marketing, cybersecurity/privacy/identity theft, disaster recovery planning, best execution, and personal trading/code of ethics, with 78% of firms indicating that they have not decreased compliance testing in any of these areas, the survey found.
Other hot compliance topics noted by firms were social media, advertising/marketing, custody, valuation, allocation of fees and expenses, disaster recovery and the Foreign Account Tax Compliance Act (FATCA). Hot topics from last year’s survey that experienced the largest declines include regulatory reporting and insider trading, the survey found.
Ninety-three percent of the firms responding said they have at least one employee dedicated full time to the legal and compliance role, while 18% of firms reported employing more than six full-time compliance professionals. Sixty-four percent of CCOs wear more than one hat.
Sixty-four percent of the firms also reported that the CCO is a senior executive, and in 70% of the firms, the CCO has a direct reporting line to the board of directors and/or the CEO/president.
Check out Morgan Stanley Advisors Get OK to Tweet on ThinkAdvisor.