Increased cybersecurity threats stand to be the largest concern for RIAs in 2021 — whether they are fully aware of the threat or not — while consolidation and wider use of analytics, artificial intelligence, machine learning and other tech by advisors are among the trends likely to continue into 2021 and beyond, according to Joel Bruckenstein, head of Technology Tools for Today (T3).
“The industry is evolving and it’s evolving at a rather rapid pace,” he told ThinkAdvisor in a recent phone interview. He pointed to the huge increase in advisors using video conferencing, as well as new account openings and client onboardings being done digitally since the start of the pandemic.
“These are major advances that would have happened anyway but might have taken three years,” he said. “That’s significant and there’s no putting the genie back in the bottle … These are structural changes in the industry that are permanent. And that’s a big deal.”
The Cybersecurity Threat
Although the pandemic has ushered in much wider use of tech by RIAs as a result of the shift to remote work, COVID-19 has also invited an influx of bad actors hacking into financial firms’ systems.
The U.S. government just got hacked by Russia. “If that was an advisory firm, [regulators] would be fining them millions of dollars,” Bruckenstein said.
The massive security breach “illustrates that the threats from bad actors are not going away and, if anything, I believe, they’re going to become even more prevalent,” he predicted.
Unfortunately, “most advisory firms are just not as well prepared as they should be to deal with some of these threats,” he said. Larger firms typically have somebody on staff or full-time consultants who are experts at dealing with breaches. When it comes to smaller firms, however, “I’m not sure [they] are even fully aware of just how great the threat is.”
SolarWinds software, which is at the heart of the recent hacking operation, is used by financial services firms, Bruckenstein points out.
“Many firms in the industry have some sort of SolarWinds product that either they are using directly, or that a vendor is using as part of their ‘cyber’ package. Every advisory firm should be asking their vendors about this, but few if any are so far,” he stated.
Meanwhile, regulators are “cracking down on” financial firms that aren’t doing enough to protect their clients’ data, he noted, predicting this will “continue to be an area of concern and focus for regulators over the coming year.”
The Office of the Comptroller of the Currency recently levied a $60 million civil money penalty against Morgan Stanley Bank, N.A., and Morgan Stanley Private Bank, N.A., for 2016 data breaches in two Wealth Management business data centers in the U.S.
Breakaway RIAs may be especially vulnerable, Bruckenstein noted. “When you break away,” the larger firm you left is no longer around to be responsible for security, “so if you are not aware of it and you don’t ask the right questions and you don’t take the proper precautions, you’re at risk.”
Consolidation, meanwhile, has continued through the pandemic. “You’ve seen numerous buyouts of smaller firms over the course of this year” by larger financial firms, according to Bruckenstein.
He pointed to Charles Schwab’s recently completed purchase of TD Ameritrade, as well as Goldman Sachs buying Folio Financial/FolioFN as examples.