Each week, we are giving you our weekly report highlighting the top compliance news articles from various industry news publications. We have selected the most relevant and important news articles related to registered investment adviser (“RIA”) compliance and regulatory issues. This week’s recap focuses on the Securities and Exchange Commission’s (“SEC”) cybersecurity regulations, top RIA compliance issues, and SEC regulation of the New Marketing Rule implementation date coming November 2022.
Here are our top investment adviser compliance articles for the week of March 4th, 2022:
1. DOL, SEC Cybersecurity Regulations: Divergence or Convergence (Author – Ed McCarthy, WealthManagement.com)
In recent weeks, the Department of Labor (“DOL”) and the SEC have put more focus on cybersecurity than ever before. With two new cyber rules proposed by the SEC and resources issued by both organizations regarding cybersecurity threats, advisers are wondering what is next. However, many in the industry are wondering whether the DOL and SEC will continue with a united front or part ways when it comes to a final decision on cybersecurity regulation. Chris DiTata, vice president and general counsel at RIA in a Box, says that “while there isn’t necessarily a conflict between the agencies’ guidance and proposed rules, the SEC proposal seems to go into greater depth, particularly with respect to disclosure. The SEC proposal not only wants advisors to adopt internal policies and procedures but al to disclose to the SEC any cybersecurity incidents.”
2. These Compliance Issues Are Top of Mind for Regulators. Are You Ready? (Author –Melanie Waddell, Think Advisor)
Melanie Waddell discusses the top compliance issues advisers should be keeping an eye on throughout the rest of 2022. In addition to the November 4th implementation date for the new marketing rule, the Securities and Exchange Commission (“SEC”) has already issued 11 proposals since the beginning of the year, focusing on cybersecurity, whistleblower, and private fund regulations. Waddell recaps the comments made at the Investment Adviser Association’s (“IAA”) recent conference regarding the several proposals and how many in the industry find them unnecessary. Karen Barr, president and CEO of IAA, spoke to the several new cyber rules proposed, stating that advisers “already believe that cybersecurity policies and procedures are required under the compliance program rule.” Comments regarding the proposals to due to the SEC by April 11th.
3. SEC Promises Not to Play ‘Gotcha’ in Early Days of New Marketing Tule (Author – Mark Schoeff Jr., Investment News)
The implementation date of November 4th is still month away, but the SEC new marketing rule is top of mind for the industry. Many advisers are hoping for more guidance but should not wait to implement practices to reflect the new rule. Last week at the IAA compliance conference, David Kahl, acting director of the SEC Division of Examinations, stated that “the agency won’t come charging out of the gate immediately to ring up advisers for compliance shortfalls. If there are parts of the rule that advisers don’t understand, SEC examiners will work with colleagues in the Division of Investment Management to try and provide some clarity.” This is welcomed news across the industry that even with a set implementation date, the SEC will still work with advisers to fully understand and comply with the rule before serious action is taken.
4. Financial Firms Brace For More Cyber Threats After Trying 2021 (Author – Andrew Martin, Financial Advisor)
The financial services sector should expect more of the same unrelenting fighting off cyber threats. Whether it be geopolitical tensions, or ransomware groups retooling to dodge increased scrutiny. The Financial Services Information Sharing and Analysis Center (“FS-ISAC”) said in its annual report on cyber threats that “global tensions could fuel further attacks by state-backed hackers and patriotic hacktivists.” Increases in cyber threat levels in the past year were due to several factors, including the rapid digitization of financial services, increased entry points for hackers to possibly exploit, and a rise in zero-day vulnerabilities being identified. Third-party hacks remain a threat for the registered investment advisors due to reliance on a great number of providers and suppliers, a potential way to infiltrate organizations and considered adequately hardened to traditional attack methods.
5. New Ways to Communicate are Complicating Compliance (Author – Robert Cruz, Investment News)
When email was the primary form of business communication, many of the current legacy systems could identify, protect and produce information under compressed, high-pressure timelines, during an audit. The emergence of other communication and collaboration tools has made this far more complex, especially through remote work, creating an uptick in the volume and variety of messages occurring at a firm. Each channel is a recipe for a discovery nightmare, with every message, participant, like, edit, attachment or other action considered a separate item. Each of those data points is time-consuming and brutally complicated, involving as many as 100,000 pieces of information. Firms need purpose-built tools to manage their data discovery responsibilities, if failing to update them, it’s an invitation for excessive levels of regulatory exposure.
Don’t forget to check out last week’s top RIA compliance news articles that focus on the possibility of Russian cyberattacks, the Securities and Exchange Commission’s (“SEC”) continued focus on cybersecurity, and the SEC’s recent proposal regarding private equity firms.