Cybersecurity continues to be registered investment advisors’ top compliance challenge, with 81% of advisors polled in a just-released Investment Adviser Association survey placing it at the top of their list, the fifth year cyber has held the spot, and nearly two-thirds indicating that their firms increased compliance testing in this area over the past year.
IAA’s 13th annual poll, the 2018 Investment Management Compliance Testing Survey, conducted jointly with ACA Compliance Group, found that other compliance hot topics include complying with the Securities and Exchange Commission’s Advertising Rule as well as the new disclosures relating to separately managed accounts on Form ADV.
The poll found that advisors are concerned about findings raised in the SEC’s September 2017 Risk Alert, which detailed deficiencies examiners found in Advertising Rule compliance. Advisors are also bracing for the SEC’s potential amendments to the Advertising Rule.
As Sanjay Lamba, IAA’s assistant general counsel noted in a recent legal brief, the agency’s Advertising Rule “has been on the books substantially unchanged for nearly six decades!” The good news, he says, is that the SEC’s regulatory priorities for 2018 include amending the rule to “enhance marketing communications and practices by investment advisors.”
Other areas of concern related to custody, identified by 28% of survey respondents, as well as issues relating to privacy.
Compliance professionals at 454 investment advisory firms participated in the survey.
The survey found that the majority of CCOs (66%) continue to wear more than one hat, with 20% also serving in some legal capacity.
“Among the many key takeaways of this year’s survey is that the job of a CCO is becoming more complex and varied, as demonstrated by the wide range of legal and compliance areas CCOs are responsible for, with new ones being added every year,” said Karen Barr, IAA’s president and CEO, in releasing the survey findings.
Enrique Alvarez, senior principal consultant at ACA, added that “as with previous years, we found that the role of the CCO and compliance in general has continued to grow in complexity. This is mostly due to regulatory changes and the expanding scope of responsibilities that compliance teams have taken on.”
To address this, he continued, “we found that participants are not adding more resources and instead are implementing and using technology and service providers to fill the gaps where needed.”
Other notable findings were:
Cryptocurrency: Despite the SEC’s recent focus on issues relating to cryptocurrency, virtually all survey respondents reported that their firms do not trade in cryptocurrency. A majority of survey respondents reported that their codes of ethics relating to employee trading do not contemplate cryptocurrencies; only 10% require pre-clearance for initial coin offerings.
Cybersecurity: Eighty-three percent of firms reported conducting cybersecurity assessments, including software patches (76%), network penetration tests (73%), and vulnerability assessments (72%). Nearly two-thirds of respondents increased the type, scope and/or frequency of compliance testing in the area of cybersecurity. A common response to how firms have enhanced their cybersecurity program is that they now conduct phishing tests of employees.
Form ADV amendments: When asked about the most onerous part of preparing the new Form ADV, disclosures relating to separately managed accounts (SMAs) came in first — specifically, increased SMA reporting of derivatives and borrowing (37%), determining the classification of investment types held in SMAs (21%), determining what is an SMA for purposes of Form ADV (13%), and disclosures relating to SMA custodians (7%).
ESG: Forty-six percent of respondents do consider environmental, social and governance (ESG) factors in managing client portfolios; 27% of “ESG advisors” signed to the United Nations-supported Principles for Responsible Investment (PRI) Initiative and 10% are considering doing so.
— Check out The Top 10 Phishing Lines Luring Employees on ThinkAdvisor.