For advisors and broker-dealers, one certainty remains constant from year to year: the challenge of keeping pace with a growing compliance checklist. While the Department of Labor’s fiduciary rule will continue to consume advisors’ time in the New Year despite the recent 18-month delay of the rule’s enforcement provisions, other high-priority items for advisors — and regulators — will be ensuring proper cybersecurity controls are in place, lassoing in troubled brokers, adjusting to an updated exam program and dealing with associated regulatory shifts.

Cybersecurity “is a business imperative,” says David Tittsworth, former CEO of the Investment Adviser Association and now counsel at Ropes & Gray in Washington. “Why would anyone want to deal with a firm if they have reason to believe that the firm is not taking proactive steps to avoid cyberattacks and to protect client information?” he asked.

Industry officials also anticipate Securities and Exchange Commission Chairman Jay Clayton making good on his promise to rein in bad actors in the advisory space through the agency’s newly created Retail Strategy Task Force, as well as a potentially busy rulemaking year for the securities regulator. For Clayton, fiduciary rulemaking and cybersecurity are “two of his priorities” in 2018, Tittsworth says.

For broker-dealers, more changes likely are to be driven by the Financial Industry Regulatory Authority — namely a revamped exam program — as part of the self-regulator’s ongoing top-to-bottom review known as FINRA360. Former SEC Commissioner Steve Wallman, now CEO of online broker-dealer FOLIOfn, characterizes the FINRA360 initiative as “very significant,” and says he’s crossing his fingers that the review will produce “useful results.”

Elliot Weissbluth, CEO and founder of RIA consolidator HighTower, stated at the MarketCounsel conference in December that advisors are constantly dodging “regulatory curveballs.”

A persistent complaint HighTower hears from registered investment advisors — and strives to help them address — is: “‘When I joined the business, I spent 80% of my time with my clients and prospects and I loved doing that, and I spent 20% operating my business,” Weissbluth said. “Today, I now spend 80% of my time operating my business — most of it’s not fun — and only 20% of my time either talking to my clients or prospecting. I’d like to change that balance.’”

The RIA executive added: “With the rate of technology change, the world of investing and the complexities that we have to deal with, the regulatory curveballs that come at these relatively modestly sized businesses … those repeated shocks to a business after a while take a drain on their enthusiasm.”

Investment Advisor turned to some of the top regulatory minds to gauge the main tasks advisors and broker-dealers will be reining in after the New Year. Here’s what they said:

Fiduciary Go-Rounds

While the Impartial Conduct Standards under Labor’s fiduciary rule kicked in on June 9 — and Labor Secretary Alexander Acosta has said DOL is ready to lob enforcement actions for “willful” violations of those standards — Brian Hamburger, head of regulatory consulting firm MarketCounsel, said at the firm’s annual summit in early December in Miami that the 18-month delay of the rule’s “most critical aspects” until July 1, 2019, “may spell the end of the rule.”

Keeping pace with the impartial conduct standards will “cause an uptick in compliance costs and time spent,” says George Michael Gerstein, counsel with Stradley, Ronon Stevens & Young in Washington, who specializes in helping advisors and broker-dealers navigate the Employee Retirement Income Security Act, or ERISA.

On Nov. 27, DOL officially delayed by 18-months the start of the fiduciary rule’s Best Interest Contract Exemption and the Principal Transactions Exemption, and of the applicability of certain amendments to Prohibited Transaction Exemption 84-24 (PTEs), which deals with annuities. While supporters of the delay say that it will give the SEC time to step in, Micah Hauptman, financial services counsel for the Consumer Federation of America — a staunch fiduciary rule advocate — maintains that delaying the exemptions is “really stopping the rule from coming into effect.”

During the extension, DOL said it would “consider public comments” submitted as part of the Department’s July Request for Information and would review the criteria set forth in President Donald Trump’s Feb. 3 Memorandum, “including whether possible changes and alternatives to exemptions would be appropriate in light of the current comment record and potential input from, and action by, the SEC, state insurance commissioners and other regulators.”

During the 18-month delay (the original compliance date was Jan. 1, 2018) Hamburger says the SEC can “finally take on the [fiduciary] issue itself.” Wallman adds that the “delayed conditions of the [fiduciary rule's] exemptions provide the opportunity to further improve and enhance the approach, the rule and the exemptive relief.”

Leadership from the SEC “on fiduciary standards for all investors is the right approach as the DOL regulates retirement plans and individual retirement accounts, representing a large section of all invested accounts, but not all accounts,” argues Wallman.

Both Gerstein and Tittsworth see Labor releasing a revised rule proposal in 2018 — with Tittsworth predicting that Labor will release the report ordered by President Trump in the first quarter and that the report will “provide an outline of potential changes DOL would like to see in its fiduciary rule.”

Later this year, DOL will issue an Administrative Procedures Act rulemaking, Tittsworth opines, “with an opportunity for notice and comment.” He also sees the SEC floating a proposed fiduciary rulemaking during 2018.

In addition, the industry is anticipating a new exemption in the revised DOL fiduciary rule, likely addressing clean shares — which first came via T shares (or “transactional” shares) and then share class Z, or “clean” shares — and were developed to allow level commissions that the broker could charge directly to the customer.

Gerstein says the new class exemption, however it’s labeled, will be “aimed at incentivizing products that reduce conflicts of interest and enhance transparency.”

More Bucking Straps

Labor Secretary Acosta told lawmakers in late November that DOL and the SEC are indeed collaborating on a uniform fiduciary standard rulemaking. However, some confusion surrounds the exact outcome, as each are held to different statutory mandates. DOL “must follow the strict mandates of ERISA, while the SEC must follow the federal securities laws, including the complicated provisions of Section 913 of the Dodd-Frank Act,” Tittsworth explained.

“It’s ironic to me that members of Congress have chided the SEC for not taking the lead in harmonizing SEC and DOL conduct standards but fail to acknowledge the different statutory requirements that Congress created for the two agencies,” he added.

SEC Chairman Clayton indicated at a Securities Industry and Financial Markets Association conference in Washington in late October that the SEC’s fiduciary rule would not “supplant” DOL’s standard. Labor has “their process, we have our process, [and] we have to respect this,” Clayton said, adding that “at the end of the day we’re all going to operate in this” fiduciary space.

“The SEC has a responsibility to be a leader in this space, DOL has a responsibility, and the states have a responsibility,” he explained. “We need to cooperate. Hopefully we’ll end up in a place where the investor is satisfied.”

Wallman of FOLIOfn argues, however, that DOL “can assist and fill in any gaps as needed,” regarding fiduciary standards, “but the SEC should act now to set fiduciary standards in the ‘advice’ industry.”

Leadership from the SEC on fiduciary standards “for all investors is the right approach as the DOL regulates retirement plans and individual retirement accounts, representing a large section of all invested accounts, but not all accounts,” Wallman added.

Coordination among Labor, the SEC and the states also will guard against a “conflicting patchwork” of regulatory obligations, opined Gerstein. “If 2017 taught us anything, it is that these stakeholders going their own way leads to confusion and inefficient allocation of capital.”

Tech Barrels

In 2017, SEC Chairman Clayton announced that the agency’s EDGAR system of public filings had been hacked sometime in 2016, with two individuals’ names, birthdates and Social Security numbers being accessed. In response, Clayton launched a new Cyber Unit as well as an internal review of the hack, and in mid-December took the first step to shore up the agency’s cyber controls by modifying how mutual fund companies electronically file detailed information about their funds via Form N-PORT. (See “Regulatory Texas Two-Step.”)

While the agency will continue to perform due diligence on its cyber practices in the New Year, industry firms can rest assured that SEC exams will zero in on their cyber policies. Indeed, Wallman answered an affirmative “yes” when asked if cybersecurity is his biggest technology fear in the coming year.

“FOLIO maintains a highly aggressive posture on cybersecurity,” he said. “We began as, and remain, an entirely online firm, so cybersecurity has always been top of mind for us. We include our cybersecurity preparedness activities whenever we make changes to our business model, or upgrade our systems or services.”

Cyber-related misconduct in the securities markets “is an incredibly important, and perhaps should be the most important, area of focus for the SEC,” Wallman argues.

“The SEC’s regulatory oversight is critical to individual firms’ efforts to combat criminal cyber activity. Both are necessary to protect investors, as well as an increasingly digital financial services industry,” he explained.

Tittsworth agrees that cybersecurity will continue to be “one of the most important, resource-intensive and time-consuming” issues that asset managers and other industry players must grapple with in the New Year and beyond.

“On the one hand, asset management firms must be cognizant of the SEC’s stated intent to ensure that all registrants take their cybersecurity obligations seriously,” Tittsworth warned.

Given that the SEC’s Cyber Unit is within the Enforcement Division, one looming question is whether the securities regulator “will bring enforcement actions against firms for failing to take reasonable steps to mitigate potential cyberattacks and to protect sensitive client data and to notify clients if and when a breach occurs,” he states.

Wallman believes that the federal government generally — not just the SEC — “must do much more to promote cybersecurity standards and stop cybercriminals. Otherwise, the current state will quickly become far worse for all of us.”

The “technology and potential threats are escalating and changing rapidly and will require substantial, continuing cooperative and dedicated efforts by both government agencies and the private sector,” Tittsworth adds. But he cautions that the SEC “should be very cautious in pursuing any rulemaking that could impose stringent requirements that may be outdated before they go into effect.”

Lassoing in Bad Actors

Brad Bennett, former head of the Financial Industry Regulatory Authority’s enforcement division and now a partner at Baker Botts in Washington, says advisors and broker-dealers should pay close attention to the SEC’s Retail Strategy Task Force. Clayton has stated publicly that he’s stunned by the amount of retail fraud that still exists.

Stephanie Avakian, co-director of the agency’s enforcement division, said during an industry event last year that the task force will use data analytics to root out misconduct “occurring at the intersection of investment professionals and retail investors,” namely mutual fund share class and wrap-fee account abuse.

The retail task force will zero in on “the many ways that retail investors intersect with the securities markets and look for widespread misconduct,” Avakian says, drawing on the agency’s “experience in the retail space and elsewhere to identify strategies that have worked well for us across all kinds of cases, particularly those in which we used data analytics and technology.”

Clayton also announced late last year that the agency is creating a website that will contain “a searchable database of individuals” who have been barred or suspended as a result of federal securities law violations. “This resource is intended to make the prior actions of repeat offenders and fraudsters more visible to investors,” he said.

The database will serve “as a key tool when making decisions about who an investor or a firm should do business with,” according to Wallman. “In our highly regulated world, information is key. We support more information being in the public domain. Most financial services firms aggressively identify and avoid employing or dealing with ‘bad actors.’ A centralized, searchable database will augment their efforts.”

Ryan Parker, CEO of Edelman Financial Services, sees “regulations [as] necessary for maintaining the integrity of financial services, and for weeding out bad actors and bad activities that would otherwise undermine the entire industry.”

FINRA Ropes

Launched last year after FINRA CEO Robert Cook’s listening tour, the FINRA360 initiative has resulted in the self-regulator making new investments in examiner training and offering new compliance tools for broker-dealers, a newly consolidated enforcement program, as well as the delivery of a first-of-its-kind exam findings report.

Cook told lawmakers last year the self-regulator was exploring ways to give investors and research firms access to “bulk data” on broker-dealers that employ brokers with a history of FINRA violations.

The regulatory scheme “that has evolved since the 1970s was built on factual assumptions that do not apply well to today’s world,” said Wallman. “Streamlining, and even eliminating requirements, that can free up firms’ resources to focus on more relevant and timely issues in a fintech-driven marketplace is a win-win for everyone.”

What’s more, “aggressive implementation of the recommendations that could come from such a [FINRA] review will help both investors and financial service firms,” he points out; as an online broker-dealer and fintech company, FOLIOfn sees “firsthand how technology can be a huge game changer for financial-services companies.”

New FINRA360 undertakings in the New Year should include FINRA keeping pace “with the industry on issues such as simplifying disclosure to accommodate a world where investors and advisors do everything on their mobile devices,” Wallman explains.

“FINRA can do this by being a leader on issues such as the role a broker-dealer has in an electronic world and what kind of entities can play in the space with or without broker-dealer registration,” he said. “We think this is particularly critical for small-cap companies and crowdfunding type efforts.”

FINRA should also start to provide investors “with guidance” on Initial Coin Offerings/Blockchain, according to Wallman, describing what they are “and the risks of investing” in them.

As in years past, keeping up with compliance chores — old and new — will consume a great deal of time for advisors and broker-dealers in the New Year. It’s time to saddle up, check the gear and prepare for a wild ride.