Cybersecurity Is RIAs’ Biggest Compliance Concern

This is the fifth year in a row they have identified cybersecurity as their No. 1 concern.

For the fifth year in a row, cybersecurity is the biggest compliance concern at registered investment adviser (RIA) firms, with 81% pointing to it as the “hottest” compliance topic and nearly two-thirds saying that their firm has increased compliance testing in this area in the past year. The findings are based on a survey of compliance professionals at 454 investment adviser firms, conducted jointly by the Investment Adviser Association (IAA) and ACA Compliance Group.

“Now in its 13th year, the survey continues to be an invaluable resource for compliance professionals for identifying compliance trends and benchmarking their practices against other firms in the industry,” says IAA President and CEO Karen Barr. “Among the many key takeaways of this year’s survey is that the job of a CCO [chief compliance officer] is becoming more complex and varied, as demonstrated by the wide range of legal and compliance areas CCOs are responsible for, with new ones being added every year.”

RIAs’ second biggest compliance concern is the Securities and Exchange Commission’s (SEC’s) Advertising Rule. Their third biggest concern is custody, followed by issues related to privacy.

The survey also found that nearly 70% use some form of technology in their compliance program, with the most common usage involving personal trading/code of ethics, gifts and entertainment, political contributions and client guidelines.

Eighty-eight percent test fee calculations, with 55% testing them on a periodic sample basis. As to what they are testing for, 47% are checking that expenses are consistent with advisory contracts or fund offering documents (41%) and that the expenses billed to clients are explicitly disclosed in the firm brochure (45%).

Forty-six percent of firms consider environmental, social and governance (ESG) factors in managing client portfolios.

Sixty-seven percent of firms do not use trading data analytics to monitor trading activity. Among those that do, half use third-party software and the other have use internal trading data surveillance.

The top three concerns related to safeguarding client assets are conducting background and credit checks on access employees (55%), providing custodians with a list of authorized employees (52%) and limiting employees who are authorized to transmit trade orders (51%).

The vast majority of survey respondents (88%) evaluate best execution with respect to the following types of transactions: equities (81%), fixed income (44%), derivatives (18%) and foreign currency transactions (17%).

While 29% of respondents said that their firms do not engage full-service broker/dealers and do not receive proprietary research, 39% do receive proprietary research and 29% receive outside research from independent providers.

The most common controls related to advertising are requiring formal pre-approvals by CCOs (67%) and requiring pre-clearance with interactions with the media (54%).

The majority of survey respondents provide advisory services to individual clients, and most (59%) meet with their clients at least once a year. One-third meet with them each quarter. Virtually all reported that they do not trade in cryptocurrency.

Eighty-three percent of firms conduct cybersecurity assessments. Eighty-percent of firms have adopted pay-to-play policies.