Cybersecurity remains the top concern for registered investment advisors, with 86% of respondents in a just-released poll by the Investment Adviser Association flagging “cybersecurity/privacy/identity theft” as their “hottest” compliance topic for the fourth year.
The 2017 Investment Management Compliance Testing Survey, released Tuesday and conducted jointly by the IAA, ACA Compliance Group, and OMAM, a global multi-boutique asset management company, polled 599 advisors in April and May on their biggest compliance headaches.
Compliance with the Securities and Exchange Commission’s Custody Rule was the second hottest compliance topic (26%) after cybersecurity – which IAA said was “not surprising” given concerns raised by recent SEC staff guidance about the rule.
Twenty-one percent of respondents also noted “regulatory reporting” (e.g., Form ADV) – a big jump in that category from 4% last year.
Deficiencies in required regulatory filings – including disclosures on Form ADV Part 1A or in Form ADV Part 2A brochures – was cited as the second-biggest compliance failure during SEC exams.
Last year, the SEC adopted amendments to Form ADV designed to provide more information regarding advisors, including about their separately managed account business, a method for private fund advisor entities operating a single advisory business to register using a single Form ADV, as well as clarifying, technical and other amendments. The effective date of the Form ADV changes takes place on Oct. 1.
When asked how prepared firms are for the new Form ADV reporting amendments, 35% indicated that they are progressing with their implementation efforts and expect to be ready by the compliance deadline, the poll found, while 30% reported being in the early stages of their implementation efforts.
Disaster recovery planning came in behind regulatory reporting, with 20% of compliance pros polled citing this chore, up from 8% last year.
As to cybersecurity, the poll found that 76% of respondents indicated that their firms increased compliance testing in this area over the past year.
Firms also continue to devote resources to cybersecurity, with 44% having purchased cybersecurity insurance (20% purchasing total coverage of between $1 and $3 million). Eighty-six percent of firms responding said they conduct cyber risk assessments and 72% also conduct network penetration tests.
The SEC also launched in January a multi-branch advisor initiative targeting the “unique risks and challenges” for advisors operating through branch offices geographically separate from their principal place of business.
Forty percent of respondents in the IAA poll reported providing advisory services from multiple locations and 83% indicated that their firm-wide policies and procedures address remote locations. Seventy-three percent said they conduct scheduled on-site visits at their branch offices.
The survey found that the top four compliance costs are: internal personnel (80%); third-party compliance consultants (33%); technology (32%); and outside legal counsel (27%). Most firms (26%) spent between $100,001 and $250,000.