Protecting clients and their firms from cybersecurity threats is the top compliance chore for registered investment advisory firms, according to a poll released jointly Thursday by the Investment Adviser Association, ACA Compliance Group and Old Mutual Asset Management.
The groups’ ninth annual Investment Management Compliance Testing Survey — which polled 369 compliance professionals online from April 24 to May 23 — found that 75% of those polled rated cybersecurity/privacy/identity theft as the hottest compliance issue this year.
The survey polled advisory firms’ compliance officers on compliance testing with respect to cybersecurity, custody/identity theft/red flags, valuation, proxy voting policies and procedures, and international regulatory compliance. The survey also polled compliance pros on whistleblowing, directed brokerage and hot compliance topics.
“This year’s survey reveals that an exceptionally large segment of the industry views cybersecurity as a hot compliance topic,” said Laura Grossman, IAA’s assistant general counsel, in a statement. Compliance pros’ heightened awareness of cybersecurity threats is “encouraging,” she said, in light of the Securities and Exchange Commission’s heightened focus on cybersecurity issues. However, Grossman noted, “many advisors still have work to do to develop their cybersecurity programs.”
The survey found that 66% of respondents did not have a standalone cybersecurity policy. Fifty-two percent of respondents indicated that their cybersecurity policy had stayed the same or changed slightly since Jan. 1, 2013, while 34% reported that they were considering or were in the process of instituting a cybersecurity policy.
Seventy-seven percent of firms said they did not have a cybersecurity insurance policy, while 20% had purchased or were considering purchasing a cybersecurity insurance policy.
Eighty percent of respondents also said that they outsourced at least a portion of their IT services.