Regulation Best Interest, Cybersecurity Top Concerns at IAA 2019 Compliance Conference

The Investment Adviser Association (IAA) represents the interests of investment advisers in Washington D.C., and the IAA Investment Adviser Compliance Conference 2019 was a forum for the discussion of future potential rulemaking. Cybersecurity and Fiduciary Rule considerations were headline topics, with custody and marketing right behind. The following is a summary of key issues discussed during the two-day event:

The Fiduciary Rule: Regulation Best Interest (BI)

During a fireside chat that formally kicked off the event, SEC Commissioner Robert Jackson, Jr. expressed that Regulation BI is designed to make clear throughout the industry that financial service providers must place the interests of investors above their own interests. He further noted that the “cost of conflicted advice is high” and that we need more evidence on the subject. Although he voted to move the rule proposal ahead, Commissioner Jackson does not support the current proposal as final because the SEC’s “economic analysis was not a serious attempt” to evaluate the effects of the rule.

Cybersecurity and Privacy

Cybersecurity remains a complex and evolving issue in the advisory world, with Commissioner Jackson expressing a belief that cyber crime is a “war against our lifestyles.” Conference attendees agreed in a poll, ranking cybersecurity as the greatest compliance challenge for 2019. Commissioner Jackson noted that he believes that public companies need a bright-line rule regarding when to report cyber breaches in 8-K’s.

In a private equity session, panelists agreed that cyber reviews should be a standard part of the due diligence of portfolio companies. It is crucial for PE firms to determine evaluation strategies for portfolio companies as well as how active they need to be to establish privacy and security programs both at the beginning and throughout the relationship. Commissioner Jackson offered reassurance that the SEC does not punish firms trying to do the right thing. OCIE Chief Counsel Daniel Kahl also indicated that the industry could expect future risk alerts pertaining to Regulation S-P and regulation S-ID, but Sharanya Mitchell, Senior Global Regulatory Counsel and Chief Privacy Officer of Cohen & Steers Capital Management, does not believe new federal legislation will happen in this area before the adoption of the California Consumer Protection Act.

Custody

Division of Investment management Director Dalia Blass stated that the SEC is “reviewing the Custody Rule holistically” and looks forward to more industry input. This echoes back to her 2018 appearance at the same conference, where she acknowledged “there are so many big questions in the custody space.”

Marketing

Director Blass also reiterated that marketing is on the Commission’s short-term agenda, as we had learned in SEC Chair Jay Clayton’s year-end Reg Flex update. She indicated that the staff anticipates presenting the Commission with recommendations in the near future. The rule adopted in the early 1960s predated the internet, and the “current regime does not sync well with the current real-world environment.”

“When I go to Amazon I review ratings by others,” she added, saying that the prohibition on testimonials presents challenges and is “not in line with how folks currently live their lives.”

Overall, there was not a lot of detail about what the rules will say but in totality, it represents a forewarning that compliance will have more changes ahead.


Ascendant/CSS offers a broad service program designed to ensure strong cyber practices at portfolio companies, including our powerful cybersecurity solution, Shield. Additional solutions include our trading surveillance and compliance software, Sentry; and our regulatory reporting and filing platform, Consensus, which handles filings including Form PF, Form ADV, Form N-Port, and more. Contact us to learn more.


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Loading form...

Latest Content

How Can a Small Advisory Practice Economically Be as Cyber-Secure as Possible?

Cybersecurity is a risk that applies to firms both large and small without discrimination. Even very small advisory firms, which I’ll define as having one to five staff for purposes of this discussion, have a wealth of information worth safeguarding. Cybercrime is often a crime of opportunity. Hackers are metaphorically going door to door (computer … Continued

Will We See Liquidity Risk Management Programs in Europe Soon?

In an article posted by Ignites Europe, the Commission de Surveillance du Secteur Financier (CSSF) in Luxembourg declared that it has “stepped up its supervisory focus on the liquidity aspects that are related to the recent developments” of Neil Woodford’s flagship fund and H2O Asset Management, an affiliate of Natixis Asset Management. In the U.S., … Continued