Now that you’ve seen what ACA Insight has to offer, don’t be without it. Subscribe now!

The weekly news source for investment management legal and compliance professionals

Current subscribers - please log in to the website in the upper right-hand corner

News July 23, 2018 Issue

Cybersecurity Again Top Adviser Compliance Topic

A recently released nationwide survey provides numbers behind what should not be a surprise conclusion for most asset management professionals: Cybersecurity remains far and away the hottest topic among investment advisers, dwarfing other concerns like advertising, custody, privacy and fiduciary duty.

The 2017 Investment Management Compliance Testing Survey, now in its 13th year, is a joint venture of ACA Compliance Group and the Investment Adviser Association. It found that 81 percent of respondents listed cybersecurity as a hot topic, compared to 29 percent doing so for advertising/marketing, 28 percent for custody, 27 percent for privacy, and 22 percent for fiduciary duty. Other topics that rated "hot," but which garnered lower percentages, included MiFID II, GDPR, social media, valuation and regulatory reporting.

The "hot" rating for cybersecurity represented a slight dip from the 2017 survey results, when 86 percent of respondents listed it that way, and from the 2016 and the 2015 survey results, when 88 percent of respondents listed gave it their highest rating in both years. In the 2014 survey, 75 percent listed cybersecurity as hot. Prior to that year, it was not rated particularly high, with only 14 percent rating it that way in 2013, and 15 percent doing so in 2012.

The Investment Management Compliance Testing Survey provides information beyond respondents’ judgment as to which topic they find the most concerning. The survey, which garnered views from 454 advisory firms, also provided key findings in areas like fees and expenses, investment mandates, data analytics, custody, best execution, soft dollars, advertising and social media, individual clients, cryptocurrency, pay-to-play and Form ADV.

Making use of the survey

"This year’s survey has been another great opportunity for participants to compare themselves to their direct and indirect peers," said ACA Compliance Group senior principal consultant Enrique Alvarez. "There is obvious value to comparing like firms, but I think the survey gives participants a unique opportunity to see how their indirect peers may be doing something that might improve their own process in a way that was not contemplated in the past."

"Since the demographics of the participants are materially similar to previous surveys," he added, "comparing results to previous years provides participants the opportunity to see how the industry has (or has not) changed over time."

"One thing that has really been demonstrated by this year’s results is that while the role of the chief compliance officer and compliance in general has continued to grow in complexity (mostly due to regulatory changes and expanding the scope of services by the participants), participants are generally not getting more internal resources and instead are using technology and/or service providers to help fill in the gaps," Alvarez said.

"The survey allows compliance professionals to benchmark their testing practices against other firms and get ideas on how they can improve their compliance programs," said IAA assistant general counsel Sanjay Lamba. "It also provides a sense of how the current regulatory initiatives can impact firms, particularly with respect to their compliance activities."

In addition to the role of the CCO becoming more complex and varied, he said that the top takeaway from this year’s survey is that technology continues to have a big impact on firms. "The use of technology in all aspects of your business is on the rise, whether it’s social media or tools to fight cyber (threats) or using automated compliance and recordkeeping systems."

The results

Among the findings from the survey in which advisers are likely to be most interested, apart from cybersecurity being listed as hot by the largest number of respondents, are the following:

  • More than 77 percent of firms have not decreased compliance testing, while the most significant increase in compliance testing is in cybersecurity;
  • Close to 70 percent of respondents use some form of technology in their compliance program, with the most common usage being for guidelines, gifts, and the code of ethics;
  • More than half of those who responded believe that an increase in technology is coming;
  • More than half the firms do not accept directed brokerage, and more than 20 percent set limits on directed brokerage;
  • More than half of firms do not consider environmental, social and governance factors;
  • "Virtually all" respondents do not trade in cryptocurrencies, ACA and the IAA said, and the majority don’t contemplate doing so;
  • Eighty-six percent use written policies and procedures as advertising controls, while 67 percent require pre-approvals from chief compliance officers;
  • Social media is not used by 32 percent of firms, and firms that do use it do so on a very limited "business card" basis;
  • Eighty percent of firms have pay-to-play policies and procedures, with 79 percent of respondents reporting no changes in this area; and
  • Seventy-one percent of respondents reported finding separate managed account reporting to be the most onerous on the new Form ADV.

Compliance testing results

Forty-three percent of respondents in the 2018 survey said that they had taken part in a mock SEC exam, compared to 32 percent in 2017. Seventeen percent in this year’s survey said that they plan to take part in a mock SEC exam, but have yet to do so. That compares to 35 percent who said in last year’s survey that they planned to do so, but had not yet done so.

Here are the top 10 areas of increased testing reported by respondents to the 2018 survey, and as compared to respondents’ increased testing in these same areas in 2017:

  • Cybersecurity: Sixty-five percent reported increased testing in 2018, compared to 76 percent in 2017;
  • Advertising/marketing: Thirty-nine percent reported increased testing in 2018, compared to 40 percent in 2017;
  • Custody involving material breaches: Thirty-five percent reported increased testing in 2018, compared to 27 percent in 2017;
  • Fee calculation/billing: The 2018 results show that 32 percent reported increased testing in this area, compared with 28 percent doing so in 2017;
  • Disaster recovery planning: While 38 percent reported increased testing here in 2017, that percentage dropped to 31 percent in this year’s survey;
  • Best execution: Twenty-nine percent reported increased testing in 2018, compared to 30 percent in 2017;
  • Personal trading/code of ethics involving material breaches: Twenty-seven percent reported increased testing in this area in 2018, compared to 24 percent reporting increased testing in 2017;
  • Electronic communications surveillance: The 2018 results show that 22 percent of respondents reported increased testing here in 2018, compared to 29 percent in 2017;
  • Books and records involving material breaches: This year saw 21 percent reporting increased testing in this area, compared with 22 percent last year; and
  • Social media: Twenty percent reporting increased testing in 2018, compared with 21 percent reporting so in 2017.

Who took the survey

Of the 454 advisory firms that responded to the survey, established firms (those in business for five to 25 years) comprised 52 percent, while those with more than 25 years in business constituted 38 percent. New firms – those in business for 1 to 5 years made up 10 percent of respondents.

In terms of respondent size as measured by assets under management, it broke down as follows:

  • 17 percent had less than $500 million,
  • 13 percent had from $500 million to under $1 billion,
  • 45 percent had from $1 billion to under $10 billion,
  • 11 percent had from $10 billion to $20 billion, and
  • 14 percent had more than $20 billion.

In terms of services provided, respondents broke out in the following way:

  • 39 percent served retail individuals, with a typical account size of $1 million or less;
  • 70 percent served high-net-worth individuals, with a typical account size of $1 million or more;
  • 29 percent served family offices;
  • 66 percent served institutional clients;
  • 55 percent served clients with ERISA assets or who were pension consultants;
  • 35 percent served registered investment companies;
  • 47 percent served private funds, such as private partnerships, hedge funds or private equity funds; and
  • 8 percent served other clients, among them foundations, or those involved with wraps or UCITS.