Regulation Best Interest, Cybersecurity Top Concerns at IAA 2019 Compliance Conference

Regulation Best Interest, Cybersecurity Top Concerns at IAA 2019 Compliance Conference

The Investment Adviser Association (IAA) represents the interests of investment advisers in Washington D.C., and the IAA Investment Adviser Compliance Conference 2019 was a forum for the discussion of future potential rulemaking. Cybersecurity and Fiduciary Rule considerations were headline topics, with custody and marketing right behind. The following is a summary of key issues discussed during the two-day event:

The Fiduciary Rule: Regulation Best Interest (BI)

During a fireside chat that formally kicked off the event, SEC Commissioner Robert Jackson, Jr. expressed that Regulation BI is designed to make clear throughout the industry that financial service providers must place the interests of investors above their own interests. He further noted that the “cost of conflicted advice is high” and that we need more evidence on the subject. Although he voted to move the rule proposal ahead, Commissioner Jackson does not support the current proposal as final because the SEC’s “economic analysis was not a serious attempt” to evaluate the effects of the rule.

Cybersecurity and Privacy

Cybersecurity remains a complex and evolving issue in the advisory world, with Commissioner Jackson expressing a belief that cyber crime is a “war against our lifestyles.” Conference attendees agreed in a poll, ranking cybersecurity as the greatest compliance challenge for 2019. Commissioner Jackson noted that he believes that public companies need a bright-line rule regarding when to report cyber breaches in 8-K’s.

In a private equity session, panelists agreed that cyber reviews should be a standard part of the due diligence of portfolio companies. It is crucial for PE firms to determine evaluation strategies for portfolio companies as well as how active they need to be to establish privacy and security programs both at the beginning and throughout the relationship. Commissioner Jackson offered reassurance that the SEC does not punish firms trying to do the right thing. OCIE Chief Counsel Daniel Kahl also indicated that the industry could expect future risk alerts pertaining to Regulation S-P and regulation S-ID, but Sharanya Mitchell, Senior Global Regulatory Counsel and Chief Privacy Officer of Cohen & Steers Capital Management, does not believe new federal legislation will happen in this area before the adoption of the California Consumer Protection Act.


Division of Investment management Director Dalia Blass stated that the SEC is “reviewing the Custody Rule holistically” and looks forward to more industry input. This echoes back to her 2018 appearance at the same conference, where she acknowledged “there are so many big questions in the custody space.”


Director Blass also reiterated that marketing is on the Commission’s short-term agenda, as we had learned in SEC Chair Jay Clayton’s year-end Reg Flex update. She indicated that the staff anticipates presenting the Commission with recommendations in the near future. The rule adopted in the early 1960s predated the internet, and the “current regime does not sync well with the current real-world environment.”

“When I go to Amazon I review ratings by others,” she added, saying that the prohibition on testimonials presents challenges and is “not in line with how folks currently live their lives.”

Overall, there was not a lot of detail about what the rules will say but in totality, it represents a forewarning that compliance will have more changes ahead.

Ascendant/CSS offers a broad service program designed to ensure strong cyber practices at portfolio companies, including our powerful cybersecurity solution, Shield. Additional solutions include our trading surveillance and compliance software, Sentry; and our regulatory reporting and filing platform, Consensus, which handles filings including Form PF, Form ADV, Form N-Port, and more. Contact us to learn more.