Data and Information Security Continues to Top Compliance Concerns
New Survey Also Finds Majority of Investment Advisers Rate their AML Risk as “Low”
Safeguarding critical information continues to top the list of compliance concerns for federally registered investment advisers – with 88 percent of respondents in a new survey identifying “cybersecurity/privacy/identity theft” as the “hottest” compliance topic for 2016.
While data and information security topped the list for the third year in a row, Anti-Money Laundering /Anti-Bribery and Corruption has taken on greater importance with compliance officers. AML/ABC was the second hottest topic, cited by 24 percent of respondents – triple last year’s eight percent.
Other areas of concern identified by respondents were Advertising/Marketing with 19 percent (down from 23 percent last year); Custody, with 10 percent (down from 18 percent); and Fraud Prevention, with 9 percent (down from 13 percent).
Compliance officers at a record 730 investment adviser firms participated in the 2016 Investment Management Compliance Testing Survey, a joint project of the Investment Adviser Association (IAA), ACA Compliance Group and the asset management holding company OMAM. Firms of all sizes responded, with 34 percent managing less than $1 billion, 43 percent managing $1 billion to $10 billion, and 23 percent managing more than $10 billion. Two-thirds (66 percent) of responding firms reported having 50 or fewer employees. The survey is now in its 11th year.
Key findings include:
Data and Information Security
- Concerns about data and information security remain paramount – identified by nearly nine in 10 respondents. Nearly three-quarters – 72 percent – reported having a formal, written, standalone cybersecurity program, up significantly from 43 percent last year. Another 21 percent reported having cybersecurity policies and procedures that are incorporated into broader programs.
- Eighteen percent reported being a victim of a cybersecurity breach in the past 18 months.
- Another seven percent said they did not know whether their systems had been breached.
- One-third (33 percent) have purchased specific cyber insurance, while another 15 percent are considering purchasing insurance.
Anti-Money Laundering (AML)
- While the Treasury Department’s FinCEN is poised to finalize new regulations that will make SEC-registered investment advisers subject to the Bank Secrecy Act’s Anti-Money Laundering regime for the first time, the vast majority of survey respondents – 88 percent – believe their firms’ AML risk is low. Nevertheless, 76 percent have already adopted AML policies and procedures, and 40 percent believe their policies and procedures will satisfy the proposed AML requirement for advisers.
- Two-thirds of respondents (66 percent) reported that they periodically review their AML policies, while 56 percent said staff responsible for AML matters at their firms have sufficient seniority and experience. Nearly half – 49 percent – said they train all employees on their firms’ AML policies on at least an annual basis.
Anti-Bribery and Corruption (ABC)
- While 88 percent of respondents believe that their ABC risk level is low, 78 percent reported having adopted general policies to address the ABC risks associated with their business; 63 percent periodically review the policy to ensure that it appropriately addresses ABC risks; 59 percent restrict gifts or corporate hospitality to comply with their policy and relevant local regulatory requirements; and 49 percent train all employees on at least an annual basis on the ABC policies.
Costs of Compliance
- Nearly half of respondents – 48 percent – said their firms spend between $100,000 and $500,000 annually on compliance-related costs. Twenty percent put their compliance costs at under $100,000; 25 percent reported compliance costs of $100,000 to $250,000; 22 percent said their compliance costs are between $250,000 and $500,000; 14 percent reported compliance costs over $1 million but less than $5 million; and three percent put their compliance costs at $5 million or more.
- Fully 59 percent of respondents reported hiring a third party to conduct compliance reviews of their firms, and 40 percent of those reviews were mock SEC-type examinations. Most respondents (38 percent) paid third parties between $10,000 and $30,000 while 33 percent paid between $20,000 and $50,000.
- Most respondents reported that their firms have increased the amount of compliance testing, particularly in these areas:
- Cybersecurity/Privacy/Identity Theft (74 percent)
- Advertising/Marketing (40 percent)
- Personal Trading/Code of Ethics (34 percent)
- Disaster Recovery Planning (32 percent)
- Best Execution (30 percent)
- Nearly four in five respondents – 77 percent – indicated they have not decreased testing in any compliance area.
- The vast majority of respondents – 90 percent – said their firms have adopted formal written policies and procedures to govern the use of social media by employees. Nearly four in 10 –37 percent – prohibit the use of social networking sites for business purposes, down from 47 percent in 2015.
“The results of our 2016 survey should give investment advisers a strong sense of the compliance areas they may want to focus on,” said IAA Assistant General Counsel Sanjay Lamba. “Our hope is that our findings will assist firms in benchmarking their compliance practices against other firms.”
“The most striking aspect of the survey results is the continual improvements in controls and best practices adopted year over year by the respondents, as well as the nexus, or lack thereof, between those areas identified as posing the highest risk by the regulators versus the areas deemed to be higher risk by industry practitioners,” said Lynne Carreiro, Managing Director, ACA Compliance Group.
Added OMAM’s Senior Compliance Manager Amy Yuter: “The survey continues to demonstrate the significant commitment that advisers have made to continually enhance their compliance programs in an ever-evolving regulatory environment.”
About the survey organizers:
ACA Compliance Group
ACA Compliance Group ("ACA") is a leading global provider of regulatory compliance products and solutions, cybersecurity and technology risk assessments, performance services, and technology solutions to the financial services industry. Founded in 2002 by former SEC examiners and state regulators, ACA develops and provides its products through a worldwide team of former SEC, FINRA, FSA, NYSE, NFA, and state regulators, as well as former senior in-house compliance professionals and technologists from prominent financial institutions. ACA serves a diverse base of leading investment advisers, private fund managers, commodity trading advisors, investment companies, and broker-dealers. ACA’s products include standard and customized compliance packages, cybersecurity and technology risk assessments, GIPS® verifications and other performance services, and a wide variety of technology solutions for financial services firms. For more information, please visit www.acacompliancegroup.com.
Investment Adviser Association
The Investment Adviser Association (IAA) is the leading trade association representing the interests of SEC-registered investment adviser firms. The IAA’s approximately 600 member firms collectively manage assets in excess of $19 trillion for a wide variety of institutional and individual investors. For more information, visitwww.investmentadviser.org or follow us on Twitter, LinkedIn, and YouTube
OMAM is a global, multi-boutique asset management company with approximately $218 billion of assets under management as of March 31, 2016. Its diverse Affiliates offer leading, alpha generating investment products to investors around the world. OMAM’s partnership approach, which includes equity ownership at the Affiliate level and a profit sharing relationship between OMAM and its Affiliates, aligns the interests of the Company and its Affiliates to work collaboratively in accelerating their growth. OMAM’s business model combines the investment talent, entrepreneurialism, focus and creativity of leading asset management boutiques with the resources and capabilities of a larger firm. For more information about OMAM, please visit the Company’s website at www.omam.com.
For the IAA: Herb Perone, 202.507.7215, email@example.com
For ACA: Lynne Carreiro, +44 (0)20 7042 0500, firstname.lastname@example.org
For OMAM: Amy Yuter, 610.578.1387, email@example.com