If 2022 taught us anything, it’s that compliance is evolving, and your firm better keep up. Investment adviser, broker-dealer, hedge fund and private equity firms have faced a compliance upheaval in the past 12 months. New regulations and new risk creating an increasingly complex environment. And with the number of enforcement action penalties brought down by the Securities and Exchange Commission (SEC) increasing by nearly 40% in 2022, the message is clear: the regulators expect firms to prioritize their compliance program and in doing so, prioritize protecting their clients and investors from potential risk points, whether known or unknown.
Analyzing the current state of regulatory compliance programs
In speaking with compliance professionals across the scope of financial institutions – including registered investment advisers (RIA), broker-dealers, dual registrants, public companies and private equity firms – we found many organizations may not be in a position to scale their compliance program to meet new regulatory and risk-based requirements.
However, many firms did confidently label their compliance program as either very or somewhat proactive, indicating that while the rate of change within the compliance landscape could pose a challenge, firms are preemptively addressing the compliance risk points they believe will have the most significant impact on their firm, its investors and its clients.
Why cybersecurity compliance and cryptocurrency compliance will be a focus area for 2023 regulatory compliance programs
While regulatory compliance programs will likely face a host of new challenges in 2023, both expected and unexpected, we believe two main areas of focus, both from a regulatory and risk-based perspective, will be cybersecurity and cryptocurrency.
Cybersecurity compliance risk in 2023
When speaking with compliance professionals, over one third of respondents indicated they would invest more heavily in their cybersecurity program if given the chance. A statistic which indicates the level of cybersecurity concern, despite the fact only 2% of respondents indicated they had been subject to a cybersecurity breach within the last two years.
And the SEC, it would seem, agrees. With new cybersecurity rule proposals including requirements like a 48-hour reporting time frame for those firms who do experience a breach. So, what specifically should you prioritize in relation to cybersecurity compliance?
The top three regulatory concerns related to cybersecurity and compliance:
- Safeguarding clients: Your firm should be safeguarded enough to make it troublesome for a hacker to breach your clients’ information.
- Training: Make sure your employees are up to date on the latest cybersecurity training. Whether outsourced or internal, you need to hit all points in your cybersecurity manual and address any cyber trends.
- Safeguarding your own data and equipment: Use MFA, VPN’s, encryption, complex passcodes or push notifications to enter your platforms. Proper safeguards for internal controls within your firm are essential to mitigating cyber risk.
Cryptocurrency compliance: adjust your current regulatory compliance program
Cryptocurrency and the decentralized financial ecosystem (DeFi) have created a unique compliance challenge for financial firms. While the appeal of cryptocurrency is widespread among a variety of investor types, many still don’t have an accurate knowledge and understanding of the potential risk points – a factor which can be expected for a currency which, even five years ago, wasn’t on the radar of the majority of investors and financial institutions.
And while only 4% of compliance programs would devote increased budget toward cryptocurrency surveillance solutions in 2022, statistics prove this number will likely jump significantly in the coming months and years.
As priorities shift and digital coins become an increasingly popular form of investment, firms will face a new hurdle: monitoring employee trading of cryptocurrencies. While many firms have already implemented policies to monitor these types of trades, as they would any other security, a majority still do not monitor such trading an activity.
As we end 2022 and look towards the beginning of a new year, we know there will be continued compliance challenges and new regulatory requirements for compliance programs. Read more about the industry outlook and the technology firms are using to combat regulatory compliance risk today and tomorrow.