Cybersecurity Continues to Top “Hot” Compliance Concerns, New Survey Finds

June 22, 2015

2015 Compliance Testing Survey Finds Advisers Focusing on Self Reviews, CCO Role

Washington, DC (Thursday, June 18, 2015) – Cybersecurity continues to top the list of compliance concerns for federally registered investment advisers – with nearly 88 percent of respondents in a new survey identifying “cybersecurity/privacy/identity theft” as the “hottest” compliance topic for 2015.

The 474 firms participating in the 2015 Investment Management Compliance Testing Survey placed cybersecurity far above other compliance “hot” topics, such as custody (identified by 18 percent), advertising/marketing (23 percent), fraud prevention (13 percent), disaster recovery (17 percent) and FATCA (12 percent).

The Compliance Testing Survey has been conducted annually by the Investment Adviser Association (IAA), ACA Compliance Group and OMAM since 2006.

The 2015 survey was conducted online from April 27 through May 22. Respondents were compliance professionals representing a wide range of SEC-registered investment advisers. Survey results are publicly available on the IAA website and the ACA Compliance Group website.

Key findings include:

  • Concerns about cybersecurity/privacy/identify theft continue to grow – identified by nearly 88 percent of respondents, up from 75 percent a year ago. More than two in five (43 percent) reported having a formal, written, standalone cybersecurity program, while another 42 percent have formal cybersecurity policies and procedures that are incorporated into broader programs. Fifteen percent reported being the victim of a cybersecurity breach in the past 18 months, up from 11 percent last year.
  • Firms are putting a greater focus on self- reviews – including independent third party reviews and SEC-type mock examinations. More than half – 52.41 percent – conduct mock exams, either through internal staff or a third party. And firms reported increasing the amount of compliance testing in the following areas: cybersecurity/privacy/identity theft (67.9 percent); advertising/marketing (42.95 percent); personal trading/code of ethics (34 percent); disaster recovery planning (35 percent), and best execution (32 percent). Fully 80 percent of firms reported they have not decreased testing in any area.
  • Almost nine in 10 firms (89 percent) have adopted formal written policies and procedures to govern the use of social media by employees – up from 83 percent in 2013. Nearly half (47 percent) prohibit the use of personal social networking websites for business purposes – down slightly from 49 percent in 2013. Seven in 10 test compliance with the firm’s social media policy – compared to 63 percent in 2013. And 65 percent review email and electronic communications for all employees, focusing on such areas as violations of firm policies and procedures, insider trading, fraudulent activity and use of non-approved marketing materials.
  • The role of Chief Compliance Officers is expanding: 94 percent of firms have at least one employee dedicated full time to the legal and/or compliance role; 42 percent reported employing from two to five legal and/or compliance professionals, while 20 percent reported employing more than six; 63 percent reported that the CCO “wears more than one hat” (that is, is also involved in other aspects of a firm’s business operations); 65 percent reported that the CCO is a senior executive, and 64 percent said the CCO has a direct reporting line to the CEO or President.

“Our hope is that the results of our Compliance Testing Survey will help firms benchmark their compliance practices against other firms,” said IAA Assistant General Counsel Sanjay Lamba. “The findings should give firms a strong sense of the compliance topics and concerns they may want to focus on, as well as a sense of how current regulatory issues can impact their operations.”

“In past surveys we have been able to pinpoint trends based on asset size, number of employees or types of accounts under management. We are seeing that is no longer the case,” commented Lynne M. Carreiro, Managing Director of ACA Compliance Group. “Advisers are taking a very customized approach to their compliance programs and addressing the risks present without regard to their demographics.”

”Once again the survey results offer a view into an industry that self-polices itself well and takes its compliance responsibilities very seriously,” observed Amy Yuter, Senior Compliance Manager for OMAM. “The industry stands with its regulators with the same focus areas top of mind and dedication of resources appropriately aligned with perceived risks.”

About the survey organizers:

ACA Compliance Group
ACA Compliance Group ("ACA") is a leading global provider of regulatory compliance products and solutions, cybersecurity and technology risk assessments, performance services, and technology solutions to the financial services industry. Founded in 2002 by former SEC examiners and state regulators, ACA develops and provides its products through a world-wide team of former SEC, FINRA, FSA, NYSE, NFA, and state regulators, as well as former senior in-house compliance professionals and technologists from prominent financial institutions. ACA serves a diverse base of leading investment advisers, private fund managers, commodity trading advisors, investment companies, and broker-dealers. ACA’s products include standard and customized compliance packages, cybersecurity and technology risk assessments, GIPS® verifications and other performance services, and a wide variety of technology solutions for financial services firms. For more information, please visit
www.acacompliancegroup.com.

Investment Adviser Association
The Investment Adviser Association (IAA) is the leading trade association representing the interests of SEC-registered investment adviser firms. The IAA’s more than 550 member firms collectively manage assets in excess of $16 trillion for a wide variety of institutional and individual investors. For more information, visit www.investmentadviser.org or follow us on LinkedIn and Twitter.

OMAM
OMAM is a global, multi-boutique asset management company with $224.0 billion of assets under management as of March 31, 2015. Its diverse Affiliates offer leading, alpha generating investment products to investors around the world. OMAM’s partnership approach, which includes equity ownership at the Affiliate level and a profit sharing relationship between OMAM and its Affiliates, aligns the interests of the Company and its Affiliates to work collaboratively in accelerating their growth. OMAM’s business model combines the investment talent, entrepreneurialism, focus and creativity of leading asset management boutiques with the resources and capabilities of a larger firm. For more information about OMAM, please visit the Company’s website at www.omam.com.