Long-time Alabama Securities Commission Director Joe Borg is back as president of the North American Securities Administrators Association — his third time filling the seat.
What’s on his mind 16 years after giving his first speech as NASAA president? While enforcement against fraud is “the heart” of state securities regulators’ work, Borg noted during his late September inaugural speech at NASAA’s annual conference in Seattle his heightened focus on scams against seniors, advisors’ lack of cybersecurity preparedness, along with “unresolved matters” regarding unpaid arbitration awards.
Borg told me in separate comments at press time in mid-October that cybersecurity preparation for investment advisors is “more of an immediate concern for state securities regulators,” and that state securities regulators need to study the unpaid arbitration awards issue “before we can address it.”
NASAA’s been concerned with the widespread use of mandatory pre-dispute arbitration clauses in customer contracts used by broker-dealers and, most recently, investment advisors, and has advocated for reform in the securities arbitration system.
A study released last year by the Public Investors Arbitration Bar Association on unpaid arbitration awards found that 75 FINRA arbitration awards, or about one-third of the total number handed down in 2013, were unpaid.
Borg told state securities regulators at their annual meeting that he is also “encouraged by the industry’s response” to the NASAA Model Fee Disclosure Schedule, with several broker-dealers recently joining the “growing list” of BDs using a fee schedule based on a model developed by NASAA’s Model Fee Disclosure Working Group to enhance disclosure to investors.
BD Uptake of Model Fee Disclosure
NASAA assembled a working group to develop the Model Fee Disclosure after a survey conducted by the group revealed a “wide disparity” among broker-dealers in how they disclose fees, as well as the fact that BDs are using “questionable practices” in relation to fee charges and markups.
The following firms agreed to use the NASAA Model Fee Disclosure Schedule: Merrill Lynch; Voya Financial Advisors Inc.; Cetera Financial Group; and Ladenburg Thalmann Financial Services Inc.
Borg, who will serve a one-year term, was first elected as NASAA president in 2001, and again in 2006.
Just as the Securities and Exchange Commission recently revealed a cyberattack on its EDGAR system for corporate filings, state securities regulators are raising the red flag on advisors’ cybersecurity preparedness.
NASAA announced recently that a series of more than 1,200 coordinated exams of state-registered investment advisors by state securities examiners uncovered nearly 700 deficiencies involving cybersecurity.
NASAA also announced this it is now providing a cybersecurity checklist for advisors.
“Cybersecurity is a growing challenge and no investment advisor of any size can afford the loss in client trust — much less financial losses — that will result from a serious cybersecurity failure,” Mike Rothman, former NASAA president and Minnesota commissioner of commerce, said when he announced the exam result.
The exams in 37 U.S. jurisdictions took place between January and June, with 2017 being the first year that cyber was tracked.
State examiners found 698 deficiencies relating to cybersecurity, with the top five including:
no or inadequate cybersecurity insurance;
no testing of cybersecurity vulnerability;
lack of procedures regarding securing or limiting access to devices;
no technology specialist or consultant; and
a lack of procedures regarding hardware and software updates or upgrades.
The NASAA Cybersecurity Checklist for Investment Advisers includes 89 areas to help state-registered advisors identify, protect and detect cybersecurity vulnerabilities; and to respond to and recover from cyber events.
NASAA’s 2017 results of the 1,203 reported exams of state-registered investment advisors uncovered 7,907 deficiencies in 25 compliance areas, compared with 4,983 deficiencies in 22 compliance areas uncovered by 1,170 exams in 2015.
State securities examiners collect the data every two years and report it voluntarily to NASAA’s Investment Adviser Operations Project Group.
New compliance areas were included in the 2017 exams — cybersecurity as well as enhanced efficiencies in the state exam process.
“Training and technology have combined to enable state examiners to conduct more examinations and better detect deficiencies,” said Andrea Seidt, chair of NASAA’s Investment Adviser Section and Ohio Securities Commissioner, added in the statement announcing the exam results.
Ranked by number of deficiencies found, books and records (2,625 deficiencies) continued to be the most problematic compliance area for state-regulated investment advisors, accounting for more than twice as many deficiencies found by state examiners as the next highest problem area, registration (1,165 deficiencies).
Contracts (921 deficiencies), cybersecurity (698 deficiencies) and custody matters (364 deficiencies) rounded out the top five leading areas of deficiencies.
Cybersecurity and Fintech the ‘Wild West’
Noting the importance of cybersecurity, Borg said that state securities regulators must also “expand our scope to address a range of issues related to financial technology,” and announced that NASAA President-elect Mike Pieciak of Vermont will head a new board-level NASAA committee focused on fintech.
The fintech team will “keep a finger on the pulse of current and emerging issues in financial technology, including robo-advisors, crowdfunding or alternative investment platforms, and digital technologies and cryptocurrency used in securities transactions,” Borg said.
The committee will also be tasked with providing guidance and making recommendations to NASAA and its Board to address the “regulatory and enforcement aspects of fintech and to provide resources for regulators and industry members to address fintech issues,” Borg explained.
Borg said the committee will hold a Fintech Roundtable in 2018, similar to NASAA’s “successful” Cybersecurity Roundtable. “Stay tuned for details,” he told the crowd.
Cybersecurity and fintech, Borg said, “are the ‘Wild West’ of today. Like the Wild West, there is a rush of individuals looking for their fortunes as new financial products, companies and even currencies continue to launch and evolve with the latest technology.”
Vigilant law enforcement is also “constantly being challenged by new threats — from sophisticated ransomware attacks and hacks of large investment firms, to simple email scams targeting unsuspecting individuals,” he continued.
“And, as in those days gone by, many of the rules and boundaries are still being drawn and defined — but regulators already have an important role to play in protecting citizens.”
NASAA also reported in late September that state securities regulators took more enforcement actions against registered members of the securities industry than non-registered individuals or firms, continuing a trend that began in 2016.
NASAA’s U.S. members brought more enforcement actions against registered firms and individuals (620 actions) in 2017, compared to unregistered individuals and firms (604 actions) in 2016.
In its 2017 enforcement report based on 2016 data, NASAA said that state securities regulators conducted 4,341 investigations last year and took 2,017 enforcement actions overall.
The actions led to more than $231 million in restitution ordered returned to investors, fines of $682 million and criminal relief of 1,346 years, including incarceration and probation.
Senior fraud continued to be an issue, with NASAA U.S. member jurisdictions bringing formal enforcement actions involving more than 1,000 senior victims last year.
Over the past five years, Borg noted in his speech that NASAA member agencies “were responsible for sending criminals away for almost 6,500 years behind bars and having $2.4 billion ordered returned to investors.”