Close Close
ThinkAdvisor

Regulation and Compliance > Cybersecurity

C-Suite Survey Reveals Fear of Regulatory Scrutiny: Cipperman

by Melanie Waddell

X
Your article was successfully shared with the contacts you provided.

Executives of asset managers, alternatives firms and broker-dealers fear their firms’ regulatory and cybersecurity practices wouldn’t pass regulatory scrutiny.

According to Cipperman Compliance Services’ fourth annual C-Suite Survey, which polled more than 200 executives (CEOs, CFOs, CCOs and general counsel), 43% of hedge funds and private equity managers, along with 32% of broker-dealers and 25% of asset managers had such fears.

The firm sizes in asset under management were:

Less than $500 million: 25%;

$500 million to $1 billion: 28%;

$1 billion to $5 billion: 28%; and

Over $5 billion: 19%.

The poll found that executives had these concerns even as they devote more time to regulatory compliance. Sixty-one percent of respondents view compliance as a part of doing business, such as meeting regulatory requirements or attracting and retaining clients, up from 43% in 2016.

“These results should be a loud wake-up call to the industry regarding how they’re approaching compliance and exam preparation,” said Todd Cipperman, founding principal of Cipperman, in a statement. “The regulatory pressures from the SEC, FINRA, and large clients require a more professional approach than dual-hatting a busy executive or hiring or appointing an overwhelmed internal compliance officer.”

More on this topic

Todd Cipperman added that “because compliance has become so important to protecting the franchise, firms need to bring in third-party experts in the same way they have traditionally retained outside lawyers and auditors. One bad exam and penalty could do irreversible damage to the reputations these managers have built.”

Cybersecurity also remains a concern, despite increased media and regulatory focus and commensurate spending, Cipperman said.

For instance, only 43% of alternative managers believe their cyber policies would satisfy regulators.

While 72% of asset managers said their cybersecurity and data protection policies meet regulatory requirements, only 51% said they were confident in their firm’s cybersecurity.

The Cipperman study comes on the heels of the Securities and Exchange Commission’s exam division recently issuing a Risk Alert detailing results of its Cybersecurity 2 initiative in which the agency examined 75 firms registered with the SEC to assess how the firms are implementing cybersecurity measures.

The alert found that while advisors, broker-dealers and mutual fund firms have stepped up their cybersecurity preparedness, most notably in crafting written policies and procedures, more steps are needed.

Robert Prucnal, president of Cipperman, added in the statement that “internal compliance officers might not have the comprehensive skills to address the technical requirements of an adequate cybersecurity program. Firms should consider bringing in experts who can take a more objective view of the IT environment.”  

The survey also found that all types of firms polled spend more on legal counsel than they do on compliance – 73% of BDs, 71% of alternative managers and 48% of asset managers.

— Check out FINRA Expels Hallmark Investments, Bars CEO on ThinkAdvisor.