Cybersecurity is the focus of the future, according to panelists at the annual meeting of the American Bar Association’s Business Law Section. Protection of information and system security is more difficult than ever before, and the financial industry must take steps to address potential problems before they arise, especially issues identified by the SEC’s Office of Compliance Inspections and Examinations, the panelists explained. In addition, with the Department of Labor’s ongoing fiduciary rule process and the potential for repeal and reform of numerous Dodd-Frank Act provisions, the industry needs to keep an eye on the political climate and be prepared to respond with appropriate compliance procedures and system changes, they stated.
OCIE priorities. OCIE Deputy Director Jane Jarcho provided insight on OCIE’s priorities coming up for the new year. While OCIE’s official priorities are a few months from final, Jarcho highlighted a continued focus on where money is flowing and how the industry itself is changing, particularly with regard to growth in the number of investment adviser branch offices and related supervision concerns and changing operations coupled with new platforms and devices. While multimanager structures and retail investors’ investments in exchange-traded funds (especially those outside of the "plain vanilla" structure) will likely remain at the forefront, she noted, the real question is whether a product, service, or activity hits "buttons" with OCIE. Ultimately, the staff will see what it sees and then determine if it needs to spend more time. The Washington and regional offices working together more often on these questions has enhanced efficiency, and cooperation always results in a better product, she stated.
Fiduciary rule, SEC standards. Jarcho also noted OCIE’s particular interest in the dramatic movement of assets from active to passive management and the importance of narrowing down the risks involved with this change. The panelists agreed that the primary cause of this shift was the DOL’s now-delayed fiduciary rule. K&L Gates partner Lori Schneider acknowledged the long-time need to address investor confusion surrounding hiring broker-dealers or investment advisers, but Sullivan & Cromwell partner Donald Crawshaw highlighted the big changes following last November’s election. While it is important to balance the need for investor protection with the burden of additional regulations, the panelists concurred, many concerns with the DOL’s rule remain. Even with the new rule, Michael Shaw of Semmes, Bowen, & Semmes explained, different standards enforced by different regulators still apply to different people, and practitioners will continue to use varying titles to describe their work. Moreover, even with the delay of the rule, accounts are moving from brokerage to fee-based, products offerings are evolving, and many service providers are changing the overall way they do business, which, in some cases has resulted in orphaned accounts, he explained.
The panelists suggested that, in connection with the delay of the DOL’s rule, the SEC may have the opportunity to weigh in and impose a new standard for broker-dealers. In discussing his and the Commission staff’s past attempts to get a uniform standard for broker-dealers and investment advisers in place, former Investment Management Director Andrew Donohue noted that, in order to impose a uniform standard or separate yet equivalent standards, other issues need to be addressed. The fiduciary standard for advisers is a concept flowing from enforcement proceedings and case law, and it is not always clear how to define "personalized investment advice" about securities, he explained. In the case of equivalent standards, it is also possible that additional rules for broker-dealers governing advertisements, performance discussions, and other issues could need to be adopted. The issue is bigger than it looks, Donohue opined.
The DOL rule faces an uncertain future and the actual meanings of "best interest" and "suitability" will always involve a muddy difference, the panelists agreed, but the industry has already started to move in response to the rule. Even if it ultimately does not survive, the changes made will likely stay in place, they explained.
Cybersecurity. The panelists also discussed the ever-increasing importance of cybersecurity, particularly with regard to constant changes in technology. Jarcho noted that OCIE’s focus is primarily on the existence of policies and procedures designed to prevent breaches and address fallout in cases in which attacks cannot be prevented. In the course of examinations and inspections, she said, OCIE has sent out document requests and gathered a variety of information and published findings for industry participants to consider when developing their internal approaches.
Some issues will be addressed by the SEC’s investment company reporting modernization rulemaking, but the panelists noted that, as technology evolves, new problems could arise. According to Schulte Roth & Zabel partner Marc Elovitz, one of the biggest challenges facing the industry now is texting and social media. Some younger advisory professionals conduct business using non-email platforms to work faster, he explained, and this can cause internal control and books and records problems and may raise encryption and related cybersecurity concerns. Policies and procedures must be in place to address these issues, he stressed.
The industry is also interested in how the SEC is protecting its own information, including the myriad confidential and proprietary data provided by the industry in regulatory filings and ongoing reporting. Donohue noted that, as a result of reporting modernization, the SEC will be gathering a substantial amount of new data and needs to make sure it does not get hacked. Crawshaw agreed that most industry concerns surround the portfolio information to be provided on new Form N-PORT (which will involve a great deal of sensitive information), noting the Investment Company Institute’s move for a delay to consider the ramifications of modernization and to provide registrants using third-party vendors to implement new systems adequate time to ensure both compliance and security. Jarcho assured the panelists that the Commission and its staff are doing everything they can to protect data and explained that OCIE staff thinks about cybersecurity when conducting exams and will often look at documents without taking possession of the originals or copies to address concerns. The addition of a new Senior Advisor for Cybersecurity will also help in coordinating cybersecurity efforts across the agency and assessing cyber-related risks, the panelists concluded.
Dodd-Frank. Panelists also considered the Dodd-Frank Act and whether it will stay in place in the current political climate. Illinois Securities Department Director David Finnigan noted that Dodd-Frank came into existence in response to bank failures, mortgage issues, and various industry collapses—a wide variety of concerns that ultimately led to the breadth of the legislation. In its vastness, however, lie a number of highly particularized provisions, "the ants and mosquitos on the ark" that could be removed in the case of reform, he said. Ethan Levisohn, special counsel at Covington & Burling, addressed Dodd-Frank’s creation of the Consumer Financial Protection Bureau and ongoing concerns that the organization’s structure as an independent agency with a single director violates separation-of-powers requirements. The CFPB director has a lot of power and can shift the organization politically, he noted.
With the change of administrations and shift in legislative balances, these items, along with broader provisions, are now the focus of the CHOICE Act, the panelists noted. The legislation would repeal many Dodd-Frank Act provisions, impose limits on financial regulators’ ability to adopt new regulations, significantly revise bank capital requirements, and change the structure of the CFPB, according to the panelists. Although some alterations to Dodd-Frank made their way into Congress’ recent appropriations bill, the question of whether Dodd-Frank Act will stay or go involves a definite "maybe," the panelists concluded.
MainStory: TopStory CyberPrivacyFeed DoddFrankAct FedTracker Securities FiduciaryDuties InvestmentAdvisers InvestmentCompanies SECNewsSpeeches TrumpAdministrationNews
Interested in submitting an article?
Submit your information to us today!Learn More
Securities Regulation Law Daily: Breaking legal news at your fingertips
Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on securities regulation legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.