The IAA cites data and information security as top compliance concern

12 firms pay FINRA $14.4 million for WORM-less books and records
February 22, 2017
SEC budget cuts don’t necessarily mean less enforcement
March 8, 2017
Show all

The IAA cites data and information security as top compliance concern

Safeguarding critical information remains the top compliance concern for federally registered investment advisors. That’s according to the 11th annual Investment Advisor Association (IAA) survey of members. In fact, 88 percent of respondents surveyed identified “cybersecurity/privacy/identity theft” as their “hottest” compliance topic for the third year in a row.

Anti-Money Laundering /Anti-Bribery and Corruption  (AML/ABC) was also important to compliance professionals despite the fact that most investment advisors rate their AML risk as “low.” Advertising/Marketing was also rated highly (19 percent of respondents), but slightly less important than the AML/ABC exposures.

Compliance officers at a record 730 investment adviser firms participated in the IAA survey as follows:

  • 34 percent manage less than $1 billion;
  • 43 percent manage $1 billion to $10 billion; and
  • 23 percent managing more than $10 billion.

Two-thirds (66 percent) of responding firms reported having 50 or fewer employees.

What concerned respondents most?

  1. Data and Information Security
  • Concerns about data and information security remain paramount – identified by nearly nine in 10 respondents. Nearly three-quarters – 72 percent – reported having a formal, written, standalone cybersecurity program, up significantly from 43 percent last year. Another 21 percent reported having cybersecurity policies and procedures that are incorporated into broader programs.
  • 18 percent reported being a victim of a cybersecurity breach in the past 18 months. Another seven percent said they did not know whether their systems had been breached.
  • One-third (33 percent) have purchased specific cyber insurance, while another 15 percent are considering purchasing insurance.
  1. Anti-Money Laundering (AML)
  • While the Treasury Department’s FinCEN is poised to finalize new regulations that will make SEC-registered investment advisers subject to the Bank Secrecy Act’s Anti-Money Laundering regime for the first time, the vast majority of survey respondents – 88 percent – believe their firms’ AML risk is low. Nevertheless, 76 percent have already adopted AML policies and procedures, and 40 percent believe their policies and procedures will satisfy the proposed AML requirement for advisers.
  1. Anti-Bribery and Corruption (ABC)
  • 88 percent of respondents also believe that their ABC risk level is low. Yet, 78 percent have adopted general policies to address the ABC risks associated with their business; 63 percent periodically review the policy to ensure that it appropriately addresses ABC risks; 59 percent restrict gifts or corporate hospitality to comply with their policy and relevant local regulatory requirements; and 49 percent train all employees on at least an annual basis on the ABC policies.
  1. Costs of Compliance
  • Nearly half of respondents – 48 percent – said their firms spend between $100,000 and $500,000 annually on compliance-related Twenty percent put their compliance costs at under $100,000; 25 percent reported compliance costs of $100,000 to $250,000; 22 percent said their compliance costs are between $250,000 and $500,000; 14 percent reported compliance costs over $1 million but less than $5 million; and three percent put their compliance costs at $5 million or more.
  • Fully 59 percent of respondents reported hiring a third party to conduct compliance reviews of their firms, and 40 percent of those reviews were mock SEC-type examinations. Most respondents (38 percent) paid third parties between $10,000 and $30,000 while 33 percent paid between $20,000 and $50,000.
  1. Compliance Testing
  • Most respondents also reported that their firms have increased the amount of compliance testing, particularly in these areas:
    • Cybersecurity/Privacy/Identity Theft (74 percent)
    • Advertising/Marketing (40 percent)
    • Personal Trading/Code of Ethics (34 percent)
    • Disaster Recovery Planning (32 percent)
    • Best Execution (30 percent)
  • Nearly four in five respondents – 77 percent – indicated they have not decreased testing in any compliance area.
  1. Social Media
  • The vast majority of respondents – 90 percent – said their firms have adopted formal written policies and procedures to govern the use of social media by employees. Nearly four in 10 or 37 percent – prohibit the use of social networking sites for business purposes, down from 47 percent in 2015.

Are you ready?

The regulators are coming. Will you be ready? And how can you be compliant cost-efficiently and cost-effectively? Noncompliance can be costly. But, compliance doesn’t have to break the bank. Patrina is offering a 90-day, FREE trial of its comprehensive 8-module compliance solution. And that’s just the tip of our iceberg!

Let’s talk (212-233-1155). Ask about Patrina’s comprehensive compliance solutions and compliant data capture, file storage, and compliant records archiving specifically designed for the financial services community.

Let’s talk.