The Compliance Roundtable – Austin, TX: Top Ten Take-A-Ways
March 6, 2018
Top Ten Take-A-Ways
- Vendor governance and 3rd party vendor due diligence is a significant challenge for wealth management firms. Firms are committing significant resources, with the goal of adhering to the FINRA Cyber Security Practices recommendations, NIST Cyber guidelines, and NYS Cyber Security Requirements. Adhering to the collective and growing set of requirements is a big body of work for wealth firms to interpret, implement, train, and monitor.
- Firms have a fiduciary responsibility to protect clients’ data from outside “bad actors.”
- Assessing the competence of Senior advisors is a challenge that demands established “known” processes. Succession and Transition planning are a start, but more focus is needed, and some firms have created Succession Resource Groups.
- More wealth firms are taking zerp tolerance positions on reps that warrant “heightened supervision.”
- The majority of advisors are ill-equipped to mitigate cyber security risks within their professional entities. Key areas that are challenges include risk associated with: Encryption, cookies, device exposure and vendor security. Wealth firms are publishing vendor white/approved hardware, software, and solution provider lists to aid advisors.
- Wealth firms are seeing the number of customer complaints decline, but arbitrations are up, and increasing. This trend raises the idea that the efforts are all about how to get the money.
- Consolidated Statements continue to be a grey area that are tripping up wealth firms with the regulators. Greater black and white clarity is needed from FINRA in this area and applicability of FINRA rule 2214B for other tools.
- Based on feedback, FINRA is now moving to risk-based and annual broker-dealer audits rather cycle-based audits.
- The majority of advisors are not aware of their overall cyber exposure, or are they adequately insured to cover a “data breach” event that occurs in their practice.
- Compliance officers would like to see an elevation in suitability and surveillance software that bring to the surface risk trends specific to the firm, OSJs and individual advisors. Examples include: home office – individual security/sector exposure; OSJs – single investment management strategy for their advisors; and single security or behavior focus by advisors. Additionally, a desire to benchmark trends and apply them versus firm, OSJ and advisors is desired.