For the sixth year in a row, cybersecurity has been the biggest compliance concern at registered investment adviser (RIA) firms, according to the 2019 Investment Management Compliance Testing Survey, conducted jointly by the Investment Adviser Association (IAA) and ACA Compliance Group. Eighty-three percent of RIA firms said that cybersecurity is their biggest compliance concern, and 70% said that their firm has increased compliance testing in this area in the past year.
The survey also found that 66% of chief compliance officers (CCOs) handle other functions, with 18% acting in some legal capacity.
“Now in its 14th year, our survey continues to be a valuable resource for compliance professionals to benchmark their practices against others in the industry,” says IAA President and CEO Karen Barr. “Among the many key takeaways of this year’s survey—beyond the continued importance of cybersecurity—is that firms continue to strengthen their compliance programs.”
Following security, 28% of compliance professionals said that issues related to advertising and marketing are important. IAA and ACA Compliance Group say this is not surprising, given the fact that the Securities and Exchange Commission (SEC) has said it might amend its Advertising Rule. Compliance professionals’ next concern is data privacy, with 23% citing this issue.
As to how they oversee advertising and social media, 71% of firms require their CCO to approve this content before publishing it. Ninety-three percent of firms have written rules regarding advertising and social media policies. Seventy-six percent of firms review their firm’s website, and 65% review newly created documents.
In response to the SEC’s guidance on custody in 2017, 26% of firms have adopted additional controls. However, 57% said they have not had to change disclosure as a result of the guidance.
As for the SEC’s position on trading practices that are not processed or settled on a delivery versus payment basis, 24% have maintained a list of authorized personnel who can give instructions on the movement of client money. Twenty-three percent have separated personnel responsibilities, 22% have kept their custodians informed of authorized persons, and 17% periodically reconcile transfer activity.
Eighty-eight percent of RIA firms evaluate best execution with respect to equities (88%), fixed income (51%), derivatives (19%), mutual funds (18%) and foreign currency (15%). Although 63% do not recommend mutual funds, among those that do, 18% look to see if a lower-cost share has become available.
As to how they maintain their code of ethics, 77% have someone other than the CCO to review the CCO’s trading activity. Sixty-eight percent certify that the firm received all trading information on a quarterly basis, and 57% use electronic data feeds.
Eighty-five percent have rules on gifts and entertainment in their code of ethics, with the most common thresholds being $100 and $250.
Nearly half of respondents said they do not manage or look to manage state or local money. Thirty percent restrict activities to avoid lobbying registration requirements.
The full results of the survey can be viewed here.