MarketCounsel head says the problem with regulations is the regulators.

In a wide-ranging session at the Envestnet Advisor Summit in Chicago in early May, MarketCounsel’s Brian Hamburger addressed many of the big regulatory and compliance issues facing advisors, and argued that one of the main issues is the regulators themselves. The Securities and Exchange Commission “hasn’t been doing its job for a long time. We haven’t had a strong securities regulator in the last 15 years,” he said in a breakout session that included Knut Rostad in the audience, which is why on the fiduciary standard for brokers the SEC has decided they “won’t be able to address this.”

Hamburger said that on the fiduciary issue, “a real battle is being raged here,” with the intent to deliver “overall harmonization” of RIA and broker regulation. “‘Harmonization’ sounds nice—who doesn’t want ‘harmony,’” Hamburger joked, but warned that for RIAs, harmonization is not a good development. It’s also not good for end clients. “Customers are confused,” he said, not knowing if they’re “dealing with a broker or advisor,” and moreover, “don’t know what difference it makes.”

While the fiduciary reproposal from the Department of Labor “gets the headlines,” the harmonization push “is starting to roll a rock down the hill.” If RIAs back a fiduciary standard for brokers, “you have to be ready for” the drawbacks of harmonization. That would include “taking all the rules BDs are subject to and applying them” to RIAs, including a continuing education requirement, reviews of advertising, and books and records requirements. Harmonization, he said, “is not a one-way street.” In fact, he argued that “if you align all of these things, I can assure you that FINRA will reappear quickly” and say regarding RIAs, “‘if they’re all subject to the same rules, it makes sense for us to examine them.’”

By contrast, he said the United Kingdom dealt with this issue “years ago,” to the point that as of this year, each advice giver “must decide whether you’re a broker or an advisor,” and based on that decision, “your registration will be different” as will “your standard of care” toward clients. That makes it easier for end clients to decide whether they “need incidental advice or a more conflict-free form of advice.” That change is now “in the midst of implementation” in the U.K., with “successes and failures across the board.”

On the fiduciary standard for brokers, Hamburger recalled that the original “Merrill Lynch Rule” really wasn’t an SEC rule at all, with the more accurately named broker-dealer exemption proposed by the brokerage industry as a “way to cure churning.” That industry figured out, however, that “since customers wanted advice,” they could charge a fee for their brokerage services that would “look and feel a lot like the way investment advisors charge.” The brokerage industry’s intent was reflected in its advertising at the time: “The ads back then didn’t talk about the quality of their clearing, but about advice.”

As for the Department of Labor’s proposed fiduciary rulemaking under ERISA, Hamburger said the DOL “did an end around since the SEC hasn’t been doing its job for a long time.”

Hamburger then called on Rostad, president of The Institute for the Fiduciary Standard, to voice his take on the prospects for a fiduciary standard being imposed on brokers by the SEC. “The status of fiduciary duty in Washington has gone downhill enormously over the past six years,” Rostad replied, in fact since the Obama administration released its white paper on a regulatory roadmap for financial services. “At the SEC, we’re far weaker than we were,” he continued, while the DOL’s proposal represents a “mixed picture” for fiduciary proponents and the brokerage industry. Over all, the DOL proposal is actually bleak for fiduciary proponents, since DOL’s inclusion of a proposed “best interest contract exemption,” or BICE, is a “loophole you could drive an aircraft carrier through.”

On the DOL reproposal, Hamburger chimed in that it is essentially the DOL’s original 2010 proposal “with a couple of ‘no-action letters’ attached,” and that because of political pressure from the administration, DOL “found themselves having to put something out” before it was ready to do so. He said that nevertheless “it doesn’t take you long to realize that there’s no way” the DOL proposal will be adopted in its current format. “There are way too many holes” in the proposal, Hamburger said, and the brokerage industry is “ridiculously stronger than the RIA” lobby in the nation’s capital, so “they’ll leave their footprint” on the final proposal. He added a final note about rule making: “If you want to predict what’s going to happen, follow the money in Washington.”

State-Registered Advisors and Cybersecurity

As for the state of actual regulation and staying compliant, Hamburger said this is “not a fun time to be a state-registered advisor,” arguing that there’s a “huge disparity” between the regulatory regimes of the states, which he said creates a dangerous situation, especially for fraud. As an example of one of the worst offenders, he cited his home state of New Jersey. The state formally reports to NASAA, the association of state securities regulators, “that they examine 100% of advisors” every year, despite the fact that New Jersey securities examiners “haven’t stepped into an advisor’s office in 10 years.” “Examining” an RIA in the Garden State consists, he said, of the New Jersey Bureau of Securities sending out a questionnaire to RIA firms in the state, who send back their Form ADV.

By contrast, “if you want real guidance, see the state of Massachusetts,” especially when it comes to cybersecurity. The SEC merely sent out a “guidance” from the Division of Investment Management to RIAs and registered investment companies, which in its own words “highlights the importance of the issue and discusses a number of measures that funds and advisors may wish to consider when addressing cybersecurity risks.” That SEC memo, Hamburger said, is taken “almost word for word” from the Massachusetts Securities Division’s guidance, but reflects the SEC’s tendency to express “what they’d like to see” advisors do, such as on RIA succession planning and business continuity, rather than require action. The SEC issues those guidance memos under the regulator’s mandate to require action because “it’s in the best interests of clients.”

The lack of SEC rules on cybersecurity doesn’t mean it’s not a crucial issue to address, Hamburger said, not just for RIAs, but for any firm handling customer data. Writing a data security plan should not focus on legalese, but on an RIA firm’s operations. “It’s not about the technology,” Hamburger said, since there are plenty of cybersecurity “vendors out there.” Instead, “it’s really about protecting the reputation of the firm and training employees. If you haven’t trained your receptionist on data security, you should just burn all that technology.” He has seen passwords on sticky notes pasted to “the side of a monitor” in advisors’ offices, so that’s an obvious threat. Another danger is from “disgruntled former employees who leave with usernames and passwords and want to harm the firm.” He advised focusing on “incredibly low-tech threats,” including those “coming from your own vendors, like your cleaning crews,” and recounted advisors who gullibly responded to emails “requesting client personal data, like Social Security numbers.”

Succession Planning and a Firm’s Depreciation

On succession planning, Hamburger only half joked that the “number of advisors who talk about succession planning is directly correlated with the number of their clients with estate plans.” In his experience, while many advisors might have a business continuity plan on paper, they don’t implement or test them. He suggested testing those plans, which his firm does “all the time.” He also suggested the use of a private Twitter feed for firms, which at MarketCounsel “announces any kind of interruption with our resources,” such as a power or telephone outage. He said such feeds are “far more reliable” than any other internal or external system because of Twitter’s multiple built-in backups.

While Hamburger said that he does expect the SEC to require “at some point” an ongoing succession plan for a firm after the death of the principal or principals, he urged firms to implement short- and medium-term plans immediately, using as an example of a medium-term plan when an advisory firm owner “has a disability, even if it’s not permanent.”

However, he also argued that succession planning is a “business issue, not a regulatory issue,” and one that is important to clients. He warned that a succession plan should be implemented quickly. “An RIA firm could be one of the most rapidly depreciating businesses after the death of a principal,” he said. “If you don’t act quickly, you have no answers for clients, your custodians may freeze your business relationship and you can’t pay employees,” who may well be prompted to set up or join a competing firm. “So after 30 days, a firm worth hundreds of millions of dollars could be worth nothing” without a plan.