SEC Continues to Emphasize Cybersecurity Protection
The SEC continues to emphasize that cybersecurity protection is critical to the operations of financial markets.
In its recently released National Exam Program Examination Priorities, the Office of Compliance Inspections and Examinations (OCIE) reiterated that the Commission is focused on working with firms to identify and manage cybersecurity risks by continuing to prioritize cybersecurity in each of its examination programs and continue to focus on governance and risk assessment, access rights and controls, data loss prevention, vendor management, training and incident response.
This is consistent with SEC’s new Chairman, Jay Clayton’s recent statements that he views cybersecurity as a critical part of the infrastructure underlying the capital markets and continues the Commission’s multi-year focus which was launched with a 2014 initiative to assess cybersecurity preparedness in the securities industry. Continued scrutiny by securities regulators on cybersecurity was also prompted by recent high-profile data breaches leading to compromised personally-identifiable nonpublic information for millions of individuals. Thus far, OCIE’s examinations have focused, in part, on the following aspects of a cybersecurity program:
- Identification of risks and cybersecurity governance, including review of physical devices and systems, software platforms and applications, firm’s networks and associated connections and logging capabilities;
- Protection of firm networks and information, including security architecture and processes, regular system maintenance, information security policy and training, security of removable and mobile media, protection against Distributed Denial of Service (DDoS) attacks, data destruction policies, functionality of backup systems, and use of encryption;
- Risks associated with remote customer access, including authentication of customer identities and detection of anomalous transaction requests;
- Risks associated with vendors and third parties, including initial and ongoing vendor due diligence, incorporation of requirements relating to cybersecurity risk into firm’s contracts with vendors and business partners, and segregation of sensitive network resources from resources accessible to third parties; and
- Detection of unauthorized activity, including monitoring, assignment of specific responsibilities, and reporting suspected unauthorized activity.
National Regulatory Services (“NRS”) offers a full cybersecurity solutions package to assist broker-dealers and advisers in this growing and expanding area of concern. NRS’ services include a maturity assessment of a firm’s cybersecurity program, cybersecurity policy and procedures development and improvement, support, review and testing, as well as due diligence review and monitoring of a firm’s vendors/service providers. Find out more here.
A refresher on the Investment Advisers Act of 1940
The Advisers Act is the primary federal law regulating investment advisers. The SEC regulates investment advisers under the Advisers Act and the rules adopted under the statute. The Advisers Act, the rules thereunder, and the numerous interpretations of the SEC and its staff impose a substantial number of requirements on the operations and activities of investment advisers.
While the Advisers Act might not be the most exciting read, the Act enumerates compliance requirements and responsibilities – a valuable “textbook” for investment adviser compliance professionals. Perusing the Advisers Act also reminds compliance professionals of historical situations and financial conditions that drive current daily compliance activities.
For example, the compliance programs rules, effective in 2004, addressed the need for increased investor protection by requiring the appointment of a chief compliance officer as well as written policies and procedures that need to be reviewed and assessed for effectiveness of implementation. Similarly, the codes of ethics rules, adopted in 2004, also addressed the need for increased investor protection by restraining unethical behavior in the financial markets. The political contribution rule in 2010 followed a period of unfavorable activity whereby the rule was adopted to help “curtail the corrupting influence of “pay to play” practices by investment advisers.” (SEC Chair Mary Shapiro 06-30-10 SEC Press release)
Looking back to the origin of the Advisers Act, we note the Act’s flexibility to be amended as time passes and conditions change. On the occasion of the 75th anniversary of the Advisers Act and the Investment Company Act, U.S. Securities & Exchange Commission Chair Mary Jo White stated (09-29-15): “For 75 years, these Acts have served as a strong foundation for the Commission’s regulation of the asset management industry. Their flexibility has enabled the Commission to develop rules and regulatory responses to protect investors as the industry and markets have evolved.”
Also notable, the Investment Adviser Association (IAA) was founded in 1937 and played a major role in the enactment of the Investment Advisers Act of 1940. Is it a coincidence that the IAA is the co-sponsor of the NRS Investment Adviser Certified Compliance Professional (IACCP®) program, a professional education program developed with the Advisers Act as its foundation and its guide for investment adviser compliance? We think not.
Become a Compliance Frontrunner
As a compliance professional, you are on call as a trusted guard, helping to protect the firm and its employees and investors. You are faced with the challenges of today’s compliance environment and now, you could be in a position to elevate your knowledge and career.
Become a Compliance frontrunner and gain industry-wide recognition for your knowledge and skills by earning the NRS Investment Adviser Compliance Professional (IACCP) designation. Find out more here.
SEC Launches Mutual Fund Share Class Selection Procedure
The SEC has long been concerned with a “widespread” practice by investment advisers of failing to disclose to investors the conflict of interest involved when an adviser receives compensation for selecting a more expensive mutual fund share class for a client, including receiving 12b-1 fees, when a less expensive for the same fund is available and appropriate.
Using a carrot and stick approach, the SEC initiated the Share Class Selection Disclosure Initiative (SCSD Initiative) whereby the SEC Division of Enforcement agrees not to recommend financial penalties against investment advisers who self-report violations of the federal securities laws relating to certain mutual fund share selection issues and promptly return money to the harmed clients. Investment advisers who want to take advantage of this offer, must notify the Division of Enforcement by June 12, 2018 by email to SCSDinitiative@SEC.gov.
The SEC’s stick is its promise to “continue to proactively seek to identify and pursue investment advisers that fail to make the necessary disclosures, pointing out that it has charged nine firms with failing to disclose these conflicts of interest.
Prepare yourself for a successful SEC Examination
Test the soundness of your compliance program by engaging NRS in conducting a Mock SEC Examination for your firm. Our mock exam will evaluate the ability and preparedness of your firm’s key personnel, processes and records to determine if your firm’s policies and procedures are compliant enough to ensure a successful outcome.
Find out more here.
Avoiding the “Knew-or-Should-Have-Known” Pitfalls of Discretionary Trading Supervision
Representatives who are granted discretionary trading authority by a client must understand the gravity of trust and responsibility bestowed upon them. Supervisors and their representatives must operate on a heightened level because of the inherent conflict of interest that exists in a discretionary relationship within a traditional broker/dealer account.
This month’s FIRE article, “Using Exception Reports to Monitor Discretionary Accounts,” is an excerpt from our newest course, Discretionary Trading & Supervision. The article highlights considerations that should be given to the common types of exception reports available to most firms. These reports and the data they contain could point out red flag activities that warrant further investigation. The newsletter also discusses review and follow-up procedures as well as supervisory documentation and record retention requirements.
Click here for your copy of “Using Exception Reports to Monitor Discretionary Accounts”
About the Course
Our Discretionary Trading & Supervision course helps define what it means for registered reps to have discretionary trading. Lesson 1 discusses the various types of discretionary trading along with their advantages and disadvantages. Lesson 2 takes a look at sales practices that must be followed to a “T” in discretionary accounts. Lesson 3 offers a supervisory perspective for discretionary accounts, while emphasizing the importance of written authorization and followiang firms’ written supervisory procedures. Case studies and scenarios illustrate how the rules are meant to protect a firm’s most valuable asset — its clients.
Other Key Updates
In 2018, FIRE is releasing several new Firm Element CE courses and new FINRA e-Learning courses as they became available. For further information, consult our catalog using this link.
Getting ready to sit for your Licensing Exam? FIRE’s new Mastery Exams test your knowledge of the concepts that will be covered on your FINRA exam. They closely replicate the actual exam experience in terms of content, format, questions and difficulty. Learn more here.
For further information, contact your FIRE sales rep or firstname.lastname@example.org.