Each Friday, we are giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser (RIA) compliance and regulatory issues. This week’s recap focuses on direct indexing, phishing attacks which are catching advisers off guard, the Securities and Exchange Commission’s (SEC) risk alert about how firms are protecting themselves from identity theft and anticipated regulations for 2023.
Here are our top investment adviser compliance articles for the week of Dec. 2, 2022.
-
Advisers should brace for the relentless case for direct indexing (Author – Jeff Benjamin, Investment News)
Speaking earlier this week as part of an Investment News webcast, Dana D’Auria, co-chief investment officer and group president at Envestnet Solutions, warned the large institutions are buying up direct indexing platforms, likely soon be flooding the market with access to the technologies which enable extreme portfolio customization.
Beyond just bracing for more and better pitches for direct indexing, D’Auria said advisers would be wise to realize sooner rather than later that direct indexing represents the next key value-added service.
“If you’re not bringing it to the client, somebody else will,” she said.
Cerulli Associates estimates about 12% of advisers are currently using direct indexing platforms to customize client portfolios, but they predict the growth of direct indexing will outpace that of mutual funds, ETFs and separately managed accounts over the next five years.
-
3 new phishing attacks that will catch advisers off guard (Author – Chris Pierson, Investment News)
There are new phishing attacks on the rise which will have a deep impact on the financial industry:
SMS and WhatsApp phishing
One of the most popular of these attacks is “message phishing,” in which the victim will be messaged by an IT admin impersonator about an important change to one of their IT services or accounts, such as Office 365, VPN or a remote access tool, and will require the victim to update or verify their account by logging in through the provided link.
LinkedIn spear-phishing
Hacks will send invites and direct messages to advisers and will attempt to lure them into clicking on a link which redirects them to a malicious website which can steal information or infect their device with malware.
BEC-style attacks on virtual platforms
In a business email compromise (BEC) attack, a hacker will bypass the password needed to access a victim’s virtual collaboration account, like Slack and Microsoft Teams.
To prevent these attacks, advisers should apply basic security rules to all communication channels. This means an adviser should never click on a link or download an attachment unless they’re sure of the person who sent it. They should never share sensitive information on outside proscribed communication channels, like work email. They should also have a strong and unique password and dual-factor authentication enabled on their professional and personal accounts.
-
Crypto regulation is coming, and it’s about time (Author – Mitch Avnet, Wealth Management)
Given the increasing popularity of cryptocurrency, firms anticipate regulators such as the SEC will introduce regulations related to cryptocurrency. Although regulations related to cryptocurrency have been introduced in the past, they were often met with strong opposition.
Those who oppose regulating cryptocurrency argue having too many rules would “violate the decentralized ideal” of the market. Others argue implementing too many regulations would stifle the creativity of not just cryptocurrency but the financial market overall.
Despite the potential pushback regulations might face, given the increasing popularity of cryptocurrency, it seems it would be in the best interest of investors and others who participate in the financial market that such rules exist.
-
Brokers, advisers fall short in protecting clients from identity theft (Author – Mark Schoeff, Jr., Investment News)
The SEC released a risk alert which indicated advisers are not doing their due diligence in protecting clients from identity theft. The risk alert was based on the findings of an examination sweep to monitor firms on their compliance with the Identity Theft Red Flags Rule. The red flag rule requires brokerages and advisory firms to develop and implement an identity theft protection program. The risk alert outlined several deficiencies:
- Firms failed to maintain an updated record of their accounts.
- Firms lacked policies and procedures to identify, detect and respond to red flags relevant to identity theft.
- Firms failed to ensure policies related to identity theft were updated periodically to reflect changes in risks to customers and to the safety and soundness of the financial institution or creditor from identity theft.
- Firms failed to identify relevant red flags for covered accounts and incorporate those red flags into their compliance program.
-
SEC to propose new regulation best execution (Author Melanie Waddell, Think Advisor)
The SEC has plans to consider a new best execution rule, Regulation Best Execution, for client trades. According to a recent report, the new rule would “establish a best execution standard” and require that affected persons, namely brokers, dealers, government securities brokers, government securities dealers and municipal securities dealers, maintain policies and procedures which reflect this standard.
The comment period for this rule is still open, but the proposed rule hasn’t been met with controversy so far.
Ron Rhoades, associate professor of finance at Western Kentucky University and director of its personal financial planning program, has studied the rule and determined it will be a positive change for consumers. He said the rule would provide “greater transparency in how broker-dealers are compensated, along with the elimination of the conflict of interest inherent when brokers receive payment for order flow, would result in greater competition and reduced transaction costs.”
Don’t forget to check out last week’s top RIA compliance news articles which focuses on preventing elder abuse scams, a ComplyConnect spotlight and succession planning.