800-646-0700         LOG IN        CONTACT US        FREE TRIAL
Cloud Technology Blog for RIAs and Broker-Dealers

Regulators Are Coming For Your Firm, And They’re Looking At Your Data

9/14/16 8:34 AM / by Robin Brown

MarketCounsel’s Brian Hamburger says internal reviews must accompany external vigilance.


On Sept. 19, Brian Hamburger of MarketCounsel will speak at External IT’s inaugural Wealth Management Technology & Cybersecurity Summit in New York. This event gathers industry leaders and influencers for a day of collaboration and networking on the most crucial matters impacting their businesses.  This blog is the fourth in the series of profiles of speakers for the upcoming summit.

If your wealth management firm is looking for some groundbreaking combination of software and hardware that has a surefire way of keeping regulators from complicating your life, think again, warns Brian Hamburger of MarketCounsel.

The founder of the regulatory and compliance consultancy for entrepreneurial investment advisors notes that when properly implemented, managed and controlled, technology can be of great assistance in abiding rules. He also acknowledges that computer programs excel at many features humans do not, such as tracking communications, scheduling recurring meetings, conducting operating system audits, and running reports that identify questionable client account transactions.

But, Hamburger says, “This still requires advisors to apply their own substantive human analysis alongside these tools. We don’t yet have technology that fully identifies regulatory issues and resolves all of them on its own. Advisors must continue to monitor the efficacy of technology.”

Financial Repercussions

RIAs that assume portfolio management and CRM software can eliminate every rule violation may fail to revise their written policies and procedures to remain relevant to current regulatory issues. That could lead to more than a Securities and Exchange Commission fine. For instance, if an automated trading platform does not detect fraudulent activity, the firm could suffer lasting brand damage, clients could leave and new business could dwindle.

Therefore, RIAs would do well to bring on an independent third party that specializes in conducting objective reviews to pinpoint the firm’s regulatory and compliance blind spots. Hamburger sees three prominent developments RIAs should get ahead of: the Department of Labor’s fiduciary rule, the SEC’s proposal to demand formal business continuity plans of RIAs, and maintaining the privacy of clients’ personal information.

Fiduciary Rule

In June, the DOL’s fiduciary rule became a reality for financial professionals giving advice on retirement-related accounts, although practitioners have until April 2017 to start abiding many of its restrictions on everything from mutual funds to insurance products. Despite a wide-ranging host of lawsuits against the rule, and significant opposition from some quarters of Congress, Hamburger says advisors should prepare for the rule to exist largely intact.

This means advisors must be explicitly clear with clients and prospects about compensation and the nature of services offered, and that evidence of such communication should be documented. To the extent a firm’s software can facilitate this documentation and disclosure, all the better. Doing so is especially necessary when engaging in gray areas.

For example, if an investor tells an advisor he will rollover assets from his retirement account to a non-retirement account, and the investor seeks guidance only on which investments to use during that process, this interaction may not merit falling under the fiduciary rule. However regulators may disagree, depending on the exact circumstance.

Business Continuity

Also in June, the SEC proposed a rule requiring RIAs to adopt and implement written business continuity and transition plans, with the goal of mitigating significant disruptions to a firm’s operations. These plans would have to be tailored to the firm’s particular risks and would have to address system maintenance and data protection, alternate physical locations, communications, reviewing third-party vendors, and how to transition in case the advisor cannot stay in business. 

Hamburger points out that many RIAs have long possessed business continuity plans as a natural course of being fiduciaries, but that the current proposal is more specific about what these plans must entail. Interestingly, one footnote in the proposal contains this passage: “Smaller advisers [sic] may address data backup and recovery by outsourcing storage to a service provider through cloud software.”

Client Privacy

Both the DOL’s fiduciary rule and the SEC’s business continuity proposal address protecting sensitive client data. As more and more data is stored digitally, firms must guard against all the evolving ways their clients’ personally identifiable information could fall into the wrong hands. That’s where strong technology such as anti-malware and user-access control programs can be useful.

Even so, as Hamburger insists, technology alone is not enough. Consider RIAs that share only the most relevant client data with custodian banks and turnkey asset management programs. In practical terms, RIAs have little control over what employees at third-party vendors do with the RIA’s client data.

But RIAs could be held legally responsible if client data becomes exposed to hackers as a result of giving it to third-party vendors. Consequently, all vendors ought to be vetted. “At the end of the day, advisors must make a choice about whether it is part of their core values to run a firm that achieves regulatory compliance mandates,” says Hamburger.

Want to learn more about compliance and MarketCounsel, register here to attend the Summit.

Topics: Financial Services, Cybersecurity, Technology

Robin Brown

Written by Robin Brown

Robin Brown is VP of Marketing for External IT. Her expertise includes brand strategy and execution, marketing strategy and execution, product and services positioning and marketing, field marketing and demand generation, on-line and social media, public relations, corporate and internal communications.