When we met in August with the winners of our 25th annual Broker-Dealers of the Year, as chosen by their own reps in balloting conducted in June, we presented the leaders of those firms — Prospera Financial, The Investment Center, American Portfolios and Cambridge Investment Research — with four scenarios to learn how they would respond, or have already responded, to some of the most challenging industry issues.
The final shape of the Department of Labor’s long-debated fiduciary rule is still unknown. That may leave some advisors with a feeling of resignation, but the BDOTY leaders are preparing now for multiple outcomes. The problem, according to Lon Dolber, CEO of American Portfolios, using a geopolitical metaphor, is that the government goes “to war without thinking about what they’ll have to do after the war is over to sustain the region.”
He argued that making the industry “data agnostic” is crucial to managing whatever the DOL sends down the pike.
But the DOL’s aborning rule is not the only challenge to broker-dealers’ status quo. Innovation in the advisory industry and the world at large is also forcing firms to look at how they do business. Cybersecurity is a critical issue for everyone, individuals and businesses alike. Broker-dealers make a lucrative target for hackers, but that’s not the only source of disruption to a firm’s data integrity, as Eric Schwartz, CEO of Cambridge, related colorfully. “We had our first experience in that way when a backhoe backhoed through a fiber optic cable about a hundred miles from our building about eight years ago.”
With technology taking up so much space in businesses’ day-to-day operations, how are the BDOTY winners protecting their operations processes and sensitive data?
A more esoteric risk than overzealous regulators, data thieves and careless backhoe operators is to a firm’s reputation. Jaded reps, unhappy clients and opportunistic law firms can all put a firm’s back against the wall, but who presents the biggest risk and how much does it really matter? The BD leaders suggested that one rep can’t do much damage to a firm’s 20-year body of work, but mudslinging is still bad for your soul.
“We’d probably scream and holler and wring our hands and be very angry about it” privately if a rep bad-mouthed a firm in public, “but publicly we’d take the high road,” said David Stringer, president of Prospera Financial.
Then there are the robo-advisors. The winners of the 2015 Broker-Dealers of the Year are not concerned. As Ralph DeVito, president of The Investment Center, put it, “the rep is the important part here; the value that they have to the client.”
The following pages are an edited transcript of our day-long conversation with the broker-dealer leaders in August. Visit ThinkAdvisor.com throughout the month of September for more extensive discussions of each of these scenarios and video interviews with the leaders of the 25th annual Broker-Dealers of the Year.
Scenario 1: You’re considering adding a robo-advisor platform to help your reps expand efficient service to smaller clients, but your reps are concerned they could lose clients of their own to the new offering. How do you manage client and rep expectations about robo services? What services are you using robo tools for?
Ralph DeVito, The Investment Center, Division II: We’ve had a number of inquiries from reps about robo. Right now I feel that it has its place for this new millennial type person.
We deal with higher-net-worth clients. The purpose of the rep is the important part here; the value that they have to the client. I think if the client’s asking for it, use it.
We’re looking to private label an already existing platform, and we’re staying away from, at least initially, the ones that are all electronic, all run by algorithms and such.
Jamie Green, Investment Advisor: Lon, you know technology pretty well. I think you’ve done some interesting things there.
Lon Dolber, American Portfolios, Division III: I don’t want to live in anybody else’s technology bucket, so we acquired a company called Trustfort. It allows us to control development. If I want to go down the road of offering a robo type of scenario, I’ll be able to do that. To me, to be independent you have to be technology independent.
David Stringer, Prospera Financial, Division I: What we’re seeing here is the commoditization of modern portfolio theory. Advisors, if that’s how they’re making their living, are doing a risk tolerance profile and putting it in a nice pie chart; we now know the value [of that] is 25 basis points.
It requires a higher level of service and value that you provide to your clients. We’re looking at robo-advisors, but we recognize that it is going to probably follow the same pattern as online trading and no-load mutual funds.
Eric Schwartz, Cambridge Investment Research, Division IV: Advisors ask me about this all the time, and I tell them, ‘Look, if you’re 55 or 60 and you’re going to retire in seven or eight years and you want to just ignore this, it’s probably fine. Maybe you lose 2% of your clients to it over the next seven years.’
I think if anybody’s looking forward 25 years or even 10 years, the clients are going to expect a service strategy that includes both considerably more technology than they are expecting today as well as the personal touch.
I see three price models. One is the existing price model [which is] the one-percent, full financial planning, estate planning, whole package but with upgraded technology access for those that want it. Then you have your 25 basis point pricing, which would look similar to what people refer to as robo today. Then you’re going to see some hybrid stuff there.
I think there is room for that, just like you’ve got your Walmart and you’ve got your Neiman Marcus. There are some niche players in the market that may focus on just one of those segments, but I think as you get to our size, you’re looking to offer all that.
DeVito: I think it’s going to morph, like Eric said. There’s going to be that 25 basis point firm out there that’s going to probably survive, just like the deep discounters have survived, and the $7 trades.
Dolber: What happens when the public figures out that they don’t have to pay what they’re paying?
DeVito: We’re going to have to build a worth into it. There’s going to be some value that we bring to the table with it.
Dolber: At some point, though, think of what’s happened. The first hit was against execution. Executions got commoditized. The next hit is against portfolio managers. They’re getting commoditized. The next place is going to be the advisor. The advisor wraps 1% on top of a portfolio manager. The public is going to figure out they do not need to pay 1.5%, 2% for these services.
Stringer: I would say […] the value shows up in a different way. If people are not doing financial planning for a fee, that’s a place.
We now know what the value of a risk tolerance questionnaire with a pie chart looks like, but how do you get paid, as an advisor, for your advice and hand-holding? All the studies that we see are when you get into a bear market, the people who are do-it-yourselfers bail out because they’ve got an emotional override.
One of the things that keeps advisors in business is financial illiteracy among the general public. This is rocket science to them in a lot of cases.
Schwartz: The DOL, which I’m sure we’ll spend some time on later, is a growth business. If you want to make an investment, you invest in regulation.
A lot of how quickly some of this happens will be related to what regulation does. Certainly, in Australia, they didn’t voluntarily say that they were not going to charge any commissions and fees anymore. They just were swept away.
A lot of people have made a lot of money in the last 20 years in this industry. I think people could make a lot of money 10 years from now at 50 or 60 basis points for what they’re doing today at 100. I’m not saying they’re going to do it voluntarily, but if it’s forced on us by enhanced regulation, with the technology that’s available and the sheer size of the dollars out there, I believe that a pricing model that’s 50, 75 basis points would be very achievable versus the 100 now.
Dolber: That’s when I think you’ll see retainer business. It has to come down to where it’s about where a trail is. When you see it at 25, 30 basis points, that’s when the advisors will be more receptive to charging a flat fee or hourly fee. [Regulations] and economics will meet at some point. Then you’ll get the adoption from the advisors.
Green: The prospects that you’re trying to recruit, are they asking, ‘What kind of platform am I going to be working on technology wise, and will I be able to serve the children of my clients with some kind of very low-cost and very highly automated advice?’ Do you hear that at all?
DeVito: On the recruiting point, we hear everything. They want to hear that you have a robo solution, just like they want to hear that you have a succession solution.
Years ago it was account consolidation. Everybody screamed for it. In general, not too many people actually were using it. Now, it’s becoming more and more mainstream.
Dolber: I seem to be getting the same things coming up that have come up for the last 10 years, which is the firm that they were with doesn’t understand their practice. It’s cultural things. ‘They just don’t know who I am.’ I hear that more than anything.
Green: They don’t feel valued.
Dolber: They don’t feel valued. [Their firm is] not really supporting them in their development.
I can’t remember the last time somebody asked me about [whether we had] a robo capability. I hear about succession planning. I do hear about that. I mainly hear about service, compliance and culture.
DeVito: I think that comes down to our discussion before. We have four people in here who are owners of the business, and some of these firms have commoditized themselves. They’re huge. They can’t know every rep, it seems like. There are just too many people in one department that may be piecemealing service to them.
Dolber: That’s a good question, actually. How many customers can you have? Let’s go to the advisor level. How many customers can an advisor really have? This whole notion of A, B and C [customers], I never bought into it. There’s only one customer — the one you want.
I actually have a book of business, which is crazy. I tell advisors, ‘I use the same forms you’re going to have to use.’ Then, I give them an example. I say: ‘I don’t know if some of the executives that run firms today can really decide what the broker dealer future’s going to be, because they’re not users. A good example of this is Steve Jobs. He had a prototype for the tablet, and he went to his first boss at Atari. You know what the CEO says? “There’s no keyboard. Nobody’s going to use that thing. There’s no bloody keyboard.” You know what Jobs’ answer was? “They’ll get used to it.”’
We had hired Ram Charan, who is a well-known consultant. I asked him, ‘How did Jobs know?’ He said, ‘Lon, he had the tablet for a year. He had the prototype. He got used to it.’
Stringer: I would say the same thing. I’m a member of a practice. Three of us own the firm, and we have a pretty robust practice. We eat our own cooking, so we understand. There’s always an advisor at the table when we’re trying to make our decisions. They’re like, ‘You mean you want me to have this disclosure signed by my client?’
We put ourselves in their shoes, saying, ‘How are we going to explain that one? How are we going to do this?’
Schwartz: Coming back to your question, you asked, ‘What about technology?’ When people come in, the main thing they’re looking for is culture. They want to see, ‘Is this the culture that feels comfortable?’
If somebody’s in our office for six hours, they’re definitely spending an hour on technology, and they’ve probably had a demo of another hour before they ever came.
It’s been two years since robo was invented. What you think of as robo, the Wealthfronts or whatever, that’s maybe 2% of their question. It’s really, ‘What can you do for me?’ It’s heavily about how easy is it to open accounts, monitor compliance and manage money. Those are the things they’re looking for in their technology. Then pricing, things like that.
DeVito: Just like it’s a service business and a relationship business for them, it’s a relationship business for us. We don’t spend a heck of a lot of time in the room initially, at least. The technology part and the demo part happen after they almost decide. They come here and it’s about culture: who we are, how we’re going to handle them, how we’re going to talk to them.
Stringer: We went through a Ritz-Carlton service training. We’ve got our five critical success factors. We have to be competitive with everyone, and we’ve got some great competitors. They raise the game.
Culture, employee engagement, clients for life, platform excellence, and they want to make sure we’re financially sound.
Dolber: We recently hired a Six Sigma black belt to institutionalize our service process. We were using Salesforce, and we had metrics, and we can look at the calls and the call rate, all that, but that’s not service excellence.
The first lesson I had by the black belt — I thought it was karate — he said, ‘If any process doesn’t serve the customer, it’s not important.’
Stringer: In my wallet I’ve got my credo card that’s got our 12 service values, our three core values, our motto, our credo.
Dolber: I heard at a Pershing conference former CEO for Ritz-Carlton, Horst Schulze, speak. He said, ‘The most important client is a loyal customer.’
He said, ‘What creates a loyal customer? Only one thing, and that’s trust. What creates trust? Repeated service; that’s the only thing that creates trust.’ […] When you sign up that new rep, I’m not saying they don’t trust you, but they’re neutral. You can’t say they trust you until you prove to them you will do what you said you were going to do, and that takes time.
Scenario 2: One of your vendors discloses they’ve suffered a data breach, potentially exposing your clients to losses. How do you respond with your vendors, reps and clients? Does your business continuity plan include cybersecurity steps — or insurance?
Dolber: [It's] just like business continuity [planning]. You have to be able to do fire drills. If you don’t have a playbook and you don’t do fire drills, you’re not going to know what to do.
Schwartz: You’re pretty much required to do all that stuff by regulators now.
We actually have two different sites outside of our own site. You’ve got to see it actually works. We had our first experience in that way when a backhoe backhoed through a fiber optic cable about a hundred miles from our building about eight years ago.
The bigger issue is a direct hack to your own site versus if it goes to a National or Pershing, say, which many of us clear through. Obviously that’s going to be a big issue, but that’s going to be theirs to fix. We’re not going to be able to do much other than have a plan.
Dolber: I think the bigger risk is with the customers. If you think about it just mathematically, I have 110 employees, 800 advisors — I have 400,000 customers. I have very little control over their systems, but they’re getting compromised and their credentials are getting compromised.
[We send] phishing emails out to our advisors. We fabricate emails like this: ‘Your name was given to me by a close friend. I don’t know if I’m good for you, but I’d like you to take a look at some of my things,’ and there’s an attachment. When they open that attachment it goes, ‘Got you,’ [and] takes them to a training center.
How many of you have turned on two-factor [authentication] for your login for your advisors? Or a better question, how many of you turned on two-factor for the customer logging into NetX360 or logging into Albridge?
Industry-wide, most of us may have two-factor or second-level authentication for a broker logging into our portal, but have you turned that on for the client? Very few firms have.
Green: Sorry, ‘two-factor’ is after you put your password in you say you’re not a robot?
Dolber: It could be a couple of things. First, what we did is if we don’t recognize the IP address or the computer, we are balking and saying, ‘We don’t recognize this computer. We’re going to send you a code that you have to insert.’ […] That’s a second-level authentication. There are other levels.
DeVito: I agree, we all have disaster plans. I have the off-site [location]. I have desks available. We cloud everything as best we can, just to make it more accessible.
But I don’t know that we answered your question. Was your question, ‘If we get hacked, if one of our vendors were to get hacked and all of our 100,000 or more names are out there’ — that was your question, correct?
Danielle Andrus, Investment Advisor: Yes. What do you do?
DeVito: I think it comes back to relationships. We’re going to work with the vendor. If it’s a third party, we’re going to find out exactly which steps they’re going to do. We’re going to convey that to the reps to make them feel [comfortable], whether it’s an email or conference call or individually in our cases.
Dolber: You could ask for their SAS 20 and what they’ve done in each one of those 20 items. That’s simple. If you look at FINRA, they did a release on cybersecurity, a 46-page memo. They gave suggestions like, ‘On your board of directors there should be a cybersecurity discussion in every meeting. You should vet your vendors.’ You don’t have to do a big exhaustive study, but ask them some basic questions about their security level.
Stringer: Based off of that document from FINRA, I think everybody’s got cybersecurity [questions] that they ask of their vendors and anybody who’s got your clients’ and staff’s personal identity information, their PII.
I think, Lon, what you said, though, is pretty accurate. The real penetration from cybersecurity is when one of your client’s email gets hacked and the guy out in Lithuania or wherever is pretending to be your client asking you to transfer some funds.
Dolber: Ten times this year already.
Stringer: We’ve already had several of those.
DeVito: It seems to happen on a regular basis. I don’t know that we can control that. We could try to educate our reps. I think we have to be more concerned about our procedures, our internal ones, too. These big firms are getting hacked, a lot of times, by a disgruntled employee. It has to get personal for them.
Dolber: Personal to the reps.
DeVito: For the reps, yeah. We’re sending out the cases where we get hacked. I had a rep, he’s in the airport, ready to go on vacation, he gets one of those emails that says, ‘Hi, it’s John Smith. Can you send me $8,422?’ He comes up with some benign number that’s not too large, not too odd. He tries to call the client, can’t get a hold of them to do good customer service. The way this happened would have never happened internally, but it was a direct account, maybe a mutual fund. He said, ‘Here’s the wire, here’s the funds,’ and it went out.
Schwartz: We had one of those things as well. Same exact thing: The rep was about to go on vacation. Reps do dangerous things when they are leaving in two hours for vacation because they don’t check as carefully as they should.
Green: What kind of liability insurance do you have?
Dolber: I just took out a $30,000 policy, cybersecurity insurance policy, because you do have expense. You have liability of expense. Some states have rules about having to inform clients of a breach.
DeVito: We might have expenses to set them up with a credit check, [or] you have to put a LifeLock on them. We all have insurance for it.
Schwartz: We have it, too.