Marketing and Advertising Dos and Don’ts in a Digital World
When it comes to advertising, processes, procedures, and disclosure matter. Not everyone in a firm will understand the importance of the “details” in regard to the various pieces to advertising, and in particular performance advertising. Don’t be afraid to question processes that are outside your responsibilities and stand up for ensuring your firm is putting out the best and most compliant marketing pieces possible.
Those were the key takeaways of “Can You Really Say That? Marketing Dos and Don’ts in a Digital World,” a pre-conference workshop held at the recent Ascendant/CSS conference in San Diego.
Each esteemed member of the panel discussion focused on various themes:
- Amy Jones, Principal, Guardian Performance Solutions LLC – The newly proposed GIPS 2020 standards should be welcomed by the industry as it’s an attempt to make the GIPS standards more relevant for various types of firms. They’ll be more relevant and targeted, resulting in firms being able to focus their efforts and hopefully not have to spend more time on complying with the standards.
- Rick Marshall, Partner, Katten Muchin Rosenman – With the advent of artificial intelligence and automated trading systems like robo-advisers, the possible mistakes can be much quicker and far-reaching than when performed by humans. And when things go wrong, there’s often the question of disclosures, disclaimers, and ultimately, who’s to blame. As such, firms should be keeping an eye out for red flags, and developing methods for identifying them. Compliance professionals aren’t expected to be experts, but there is an expectation that they surround themselves with experts.
- Jack O’Brien, Partner – Morgan, Lewis & Bockius LLP – Social media continues to be a large area of risk as it’s a moving target in terms of platforms and number of users. Approximately 85% of firms use social media, and 80-90% have reported positive experiences from it. Because the platforms are constantly evolving and the features continually changing, firms should ensure that training isn’t just once a year, but periodically highlighted. Additionally, policies and procedures should be kept simple, ideally limited to one page to increase the likelihood that employees will actually read and understand.
- Dan Haynes, Consultant, Ascendant Compliance Management – Marketing and advertising is very broadly defined under the general anti-fraud rule in the Advisers Act. Firms should really focus on what the purpose of the communication is; if it’s to secure new business or keep current business, it’s likely advertising. Also, when in doubt, firms should treat the piece as advertising! The biggest key to staying out of trouble with marketing is to have a strong process in place. Ensuring there’s one person/group that’s in charge of reviewing, documenting such reviews, and providing education to the entire firm will help bolster an adviser’s Compliance Program.
Compliance officers simply cannot be experts in every area of the firm. Aside from surrounding yourself with very knowledgeable people, compliance officers should learn to ask questions. Don’t just rely on someone else to create/review performance advertising materials, but question the data. You don’t have to have all the answers, but being inquisitive will help uncover potential red flags and head off problems down the road.
To register for our upcoming spring 2019 conference in Miami, click here.
Race to the Top – States Push to Broaden Breach Reporting Requirements
Facebook just reported a massive data breach impacting over 50 million user accounts. And while most investment advisers are not likely to experience a breach of that scale, what is likely is that a cyber incident will occur at some point. Consequently, state regulators continue to expand the protections they require for their residents through increasingly strict data breach reporting requirements, in some cases coming very close to the international requirements imposed by the European Union’s General Data Protection Regulation (GDPR).
During a panel discussion, “State of the Data Breach: Legislative Changes and the Impact of GDPR,” at the recent CSS compliance conference in San Diego, Andrew Hartnett, Officer at Greensfelder, Hemker & Gale, P.C., Ronan Brennan, Chief Product Officer at CSS, and E.J. Yerzak, Director of Cyber IT Services at CSS brought attendees on a legislative journey of all that has changed in 2018 on the breach reporting front – from Alabama and South Dakota becoming the 49th and 50th states to enact data breach laws to various states including Colorado and California amending theirs. Cynthia LaRose, Chair of the Privacy and Data Security Practices at Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C., supplemented the discussion with some helpful materials about GDPR myths and misconceptions compared to the reality of the regulation.
Mr. Brennan highlighted the operational challenges firms face in complying with GDPR, such as mapping a comprehensive inventory of data and data flows as well as the importance of vendor management.
The session concluded with Mr. Hartnett reminding attendees that despite all of the changes we have seen recently in data breach laws in 2018, at the end of the day what is really important is not to memorize the nuances of all 50 state breach laws and GDPR but rather to focus on improving our cybersecurity programs (policies, procedures, testing, and training) from the outset to hopefully avoid a breach from occurring in the first place. Lining up legal and forensics support in advance to assist with the breach investigation and reporting can help firms to save their energy and efforts for maintaining an effective cybersecurity program throughout the year.
For more information on the CSS Shield cybersecurity solution, or to set up a demo, click here.
Getting Smart About Cyber
Recognizing the Risk
When it comes to managing cybersecurity risk, investment advisers are in a tough position. As the frequency and variety of cybersecurity risks mount, IT budgets and staffing do not always follow suit. Compliance and IT professionals are often asked to do more with less, which can seem overwhelming given an ever-expanding list of regulatory and business requirements as well as increased scrutiny of firms’ cybersecurity controls by third parties.
For years, smaller advisers in particular, and private fund advisers who did not process wires or maintain much personally identifiable information about natural persons, seemed to evoke a sense of invincibility in the face of growing cybersecurity threats, perhaps believing that their firms were sufficiently off the radar of hacker groups. Unfortunately, as headlines and anecdotes reveal, ransomware does not discriminate. Cyber incidents caused by negligent employees know no limits, and clients, third-party service providers, or portfolio companies may be the ultimate end targets for hackers simply using the adviser’s systems as a jumping-off point. Hopefully, advisers now are past the point of thinking they are not at risk for a cyber incident.
Why Should a Big Hedge Fund Use a Compliance Consultant?
Time is Money…
All of us have limited resources in terms of time. In a nutshell, the outside compliance consultant has their ear to the ground on a full-time basis. It is his or her job to be aware of the latest regulatory developments while an in-house person focuses on the day-to-day challenges of their firm’s business. An outside compliance consultant also has the advantage of insight into how a range of firms, often a large segment of the market of peers and competitors, implement best practices. Even finding the time to attend an industry conference can be a challenge. For every in-house counsel or compliance officer that finds the time to attend, there are dozens more who may not be able to break away from their offices. The outside compliance consultant can fill in the blanks for those who cannot make it themselves, and offer help by filling in knowledge gaps. In effect, it’s almost like being in two places at once.
The second reason is effciency. How many times have you needed to find a template for a new policy required to adapt to a change to your business activity? Or maybe you need to know the industry best practice for mitigating a specifc conflict of interest that’s arisen. Rather than trying to Google the right answer or attempting to guess which of your peers might have had a similar experience, outside compliance consultants have collective knowledge within their firm. You’ll fnd the speediness of a response to your issue invaluable.
How to Build an Effective Service Provider Oversight Program in Three Easy Steps
Investment advisers of all sizes face new and growing challenges in today’s competitive and evolving environment. As the investment management industry becomes more consumer-focused, individual investors are pressing advisers for more innovative products and a personalized client experience. Further, the growth of passive strategies has created fee pressure across the spectrum, leading to contracting margins. Outsourcing certain critical functions can be an effective tool for advisers looking to focus on more strategic goals.
Organizations cite several reasons for pursuing outsourcing arrangements. While cost-cutting is often the primary factor mentioned, the ability of a firm to focus on its core business functions, solve capability issues and enhance service quality are also important considerations. Third-party service providers can efficiently deliver critical services, technology and infrastructure, and continue to evolve and innovate to meet the adviser’s changing needs. However, advisers are still responsible for the performance of its service providers, creating a duty of oversight. Thus, firms must ensure that critical functions are being performed correctly and that sensitive information is being handled and protected.
Firms that have been successful at executing effective service provider relationships tend to devote a significant amount of time to the RFP and selection processes, have well-defined service level arrangements, and have a developed process for ongoing vendor management and oversight.
With that in mind, the following are three key steps in implementing an effective oversight program:
- Identify and prioritize providers
- Monitor the performance of providers
- Implement a governance structure
Why an Integrated Approach to RegTech is Key
At CSS, creating a strategic approach to regulatory obligations is in our DNA. It’s the very reason the company was created.
The advantages are numerous; investment managers who opt for a strategic response to regulation often choose a vendor partner who can create reporting efficiencies and offer broad expertise. In addition, a strategic response often saves money; our analysis shows the incremental increase in cost associated with a traditional, tactical response that individually handles each regulation is as high as 40 percent.
With successive waves of financial regulation imposing new reporting obligations on financial services firms, it’s time for firms to re-think their approaches. CSS President John Lee and Chief Product Officer Ronan Brennan champion the merits of the strategic response to meeting reporting obligations in a special section published in The Sunday Times. An excerpt:
“Vendor risk is top of mind for regulators, concerned as they are about single points of failure. There are inherent dangers in adopting regulatory compliance solutions in isolation.” Why? Because such an approach makes a single point of failure more likely. “There are a lot of single or dual-product vendors that are de facto the weakest link in your compliance architecture,” says Mr Lee.
The private equity backing that underpins CSS enables it to invest in building out its global platform, while establishing synergies between different solution sets and broadening the markets it covers. “The single vendor offers a tactical solution,” says Mr Lee. “We’re offering a strategic partnership that helps a client identify where it is weakest in delivering on its compliance requirements and enabling it to strengthen those aspects of its approach.”
For more, read the story by clicking here or explore our solutions.