Without a Financial Plan, U.S. Workers Grapple With Debt

Meanwhile, the IRI says most workers nearing retirement haven’t saved enough.

Many American workers are carrying thousands of dollars in debt, and most say it impacts their financial security.

A Northwestern Mutual study found that U.S. adults who carry debt hold an average of $23,325, excluding mortgages. Seventy-eight percent of respondents also believe this affects their ability to achieve financial confidence.

For more stories like this, sign up for the PLANADVISERdash daily newsletter.

Because of their debt, 29% of respondents said they delayed making “significant” purchases; 18% delayed saving for retirement; 14% delayed buying a home; 8% delayed having children and 7% delayed marriage.

The findings come as new research from the Insured Retirement Institute (IRI) says most workers nearing retirement in the next decade or two have inadequate savings and are not saving enough to catch up. Surveying 1,000 workers between 40 to 73 years old, the institute found that while three out of four workers are saving for retirement, savings rates are not high enough for even the youngest respondents to grow their nest eggs.

Additionally, only four in 10 workers have attempted to calculate how much they will need to save to meet retirement income expectations, the IRI says.

Instead, workers are focused on paying down their debt. But there is a silver lining: Even as the U.S. and the globe continue to grapple with the financial impacts of the COVID-19 pandemic, the Northwestern Mutual study found that personal debt has dropped more than 20% in the past two years. In 2019, the average amount of debt per year, excluding mortgages, was $29,800, and that decreased to $26,621 in 2020 before hitting $23,325 in 2021.

This drop from the past two years could be attributed to pandemic relief efforts, such as the three stimulus checks released in 2020 and 2021, according to the National Bureau of Economic Research. As a result of the pandemic, 23% of respondents expect to pay their debt off sooner, yet 34% say it will take them longer than anticipated to settle their debt.

Organizing a timeline can help those who are struggling pay down debt, Northwestern Mutual says in its study. According to the report, 66% of those with some debt say they have a specific plan to pay it off. Of those with a plan, 45% say they expect to be in debt for one to five years; 20% say for the next six to 10 years; 14% say between 11 to 20 years; and 9% say for the rest of their lives.

In fact, most experts encourage people who are dealing with debt to create a plan—whether that means they set up an emergency savings account or a budget—to organize and determine debt.

“First, you really want [participants] to create a budget or spending plan,” Samuel Moroni, a senior wealth strategy associate for UBS Financial Services, said during a panel at the 2021 virtual PLANSPONSOR National Conference (PSNC) in June. “This will help them achieve their financial goals by giving them a road map and prepare them for those emergency savings and other roadblocks.”

Plan sponsors and participants should establish a proper savings and spending plan, he added. Plan sponsors should ask participants what their financial priorities are, and then establish benefits that can help in achieving those financial goals, such as health savings account (HSAs), debt management education and automatic features, Moroni said.

SEC Makes Good on Cybersecurity Enforcement Pledge

Earlier this year, the agency published a list of 2021 examination priorities that prominently featured issues pertaining to cybersecurity, and now it has sanctioned eight firms for related cybersecurity failures.

Back in March, the U.S. Securities and Exchange Commission (SEC) published its 2021 examination priorities list

Likely unsurprising to most who follow the SEC and the U.S. Department of Labor (DOL), one of the top priorities on the list was making sure firms are complying with Regulation Best Interest (Reg BI) and the related DOL fiduciary rule. Perhaps more surprising—or at least a newer development—was the division’s enhanced focus on climate change and issues pertaining to cybersecurity.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

The priorities list warned that the SEC’s enforcement division “will continue to evaluate whether [regulated] entities have established, maintained and enforced written [cybersecurity] policies and procedures as required.” The priorities list indicates areas of focus will include “IT [information technology] governance, IT asset management, cyber threat management/incident response, business continuity planning [BCP] and third-party vendor management, including utilization of cloud services.”

Now, several months later, the SEC has announced a series of sanctions against eight registered advisory firms for failures in their cybersecurity policies and procedures that resulted in what the agency describes as “email account takeovers” which exposed the personal information of thousands of customers and clients at each firm.

The SEC says the eight firms, some of which operate collectively, have agreed to settle the charges. The firms are the Cetera Advisor Networks LLC; Cetera Investment Services LLC; Cetera Financial Specialists LLC; Cetera Advisors LLC; Cetera Investment Advisers LLC; Cambridge Investment Research Inc.; Cambridge Investment Research Advisors Inc.; and KMS Financial Services Inc. All of these entities were SEC-registered as broker/dealers (B/Ds), investment advisory firms or both.

The SEC’s order against the Cetera entities alleges that, between November 2017 and June 2020, cloud-based email accounts of more than 60 firm personnel were taken over by unauthorized third parties, resulting in the exposure of personally identifying information (PII) of at least 4,388 customers and clients. According to the SEC, none of the taken-over accounts were protected in a manner consistent with the Cetera entities’ stated policies and procedures.

The SEC’s order also finds that Cetera Advisors LLC and Cetera Investment Advisers LLC sent breach notifications to the firms’ clients that included misleading language suggesting the notifications were issued much sooner than they actually were after discovery of the incidents.

The SEC’s order against the Cambridge entities finds that, between January 2018 and July 2021, cloud-based email accounts of more than 121 Cambridge representatives were likewise taken over by unauthorized third parties. In this case, the breaches resulted in the PII exposure of at least 2,177 Cambridge customers and clients. The SEC’s order finds that, although Cambridge discovered the first email account takeover in January 2018, it failed to adopt and implement firm-wide enhanced security measures for cloud-based email accounts of its representatives until 2021. The SEC says this failure resulted in the exposure and potential exposure of additional customer and client records and information.

According to the SEC’s order against KMS, between September 2018 and December 2019, cloud-based email accounts of 15 KMS financial advisers or their assistants were taken over by unauthorized third parties, resulting in the PII exposure of approximately 4,900 KMS customers and clients. The SEC’s order further finds that KMS failed to adopt written policies and procedures requiring additional firm-wide security measures until May 2020. Further, the SEC says, the firm did not fully implement the additional security measures firm-wide until August 2020, placing additional customer and client records and information at risk.

Technically, the SEC’s orders against each of the firms finds that they violated Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which is designed to protect confidential customer information. The SEC’s order against the Cetera entities also finds that Cetera Advisors LLC and Cetera Investment Advisers LLC violated Section 206(4) of the Advisers Act and Rule 206(4)-7 in connection with their breach notifications to clients.

Without admitting or denying the SEC’s findings, each firm agreed to cease and desist from future violations of the charged provisions, to be censured and to pay a penalty. The Cetera entities will pay a $300,000 penalty; Cambridge will pay a $250,000 penalty; and KMS will pay a $200,000 penalty.

«