Nearly 40% of compliance professionals across asset management, investment adviser, and private markets firms remain unprepared for the cybersecurity risks posed by AI, reveals the 2024 Cybersecurity Benchmarking Survey.

The Financial Industry Regulatory Authority (FINRA) has fined Osaic Wealth, Inc., formerly known as Royal Alliance Associates, Inc. and Securities America, Inc.

Registered Investment Advisors (RIAs) contended with a 213% frequency increase in total errors and omissions liability claims paid by their insurers in 2023, as they faced a sharp uptick in investor complaints due to 2022’s broad market slump, according to proprietary data from Golsan Scruggs, the corporate insurance brokerage firm serving the financial services industry.

The Securities and Exchange Commission, the Financial Industry Regulatory Authority and other regulators are focusing in 2024 on some new areas — like artificial intelligence — as well as putting increased pressure on advisors and broker-dealers to step up their compliance with others, according to regulatory experts at ACA Group.

Incomplete incident-response plans, insufficient training and a lack of visibility into branch offices’ practices are among the most common cybersecurity-related shortcomings of Financial Industry Regulatory Authority member firms, according to executives at the industry self-regulator.

The investment advisory industry is bracing for a hectic compliance year, as the Securities and Exchange Commission gears up for what looks to be another year of fast-paced rulemaking.

Technology probably the most expensive route, says NCA director

Creating a strong cybersecurity posture needs to be seen as a “three-legged stool” that includes people, process and technology, according to Lisa Plaggemier, the executive director of the National Cybersecurity Alliance (NCA).

Like many other industries, Registered Investment Advisers ("RIAs") have dealt with significant regulatory, technological, and systemic change in recent years. Compared to FINRA-regulated entities, RIAs often face these changes with less frequent or significant touchpoints from their primary regulator, the Securities and Exchange Commission (SEC). The SEC's method of regulating RIAs is typically principle-based rather than prescriptive-based, which the industry generally favors, but this approach certainly has its own pitfalls.

On October 16, 2023, the Securities and Exchange Commission (SEC) Division of Examinations (Division) announced its examination priorities for 2024. As it has done every year since it first began publishing its annual priorities in 2013, the Division enumerated the areas that will be a focus for the next fiscal year including: (i) investment advisers’ fiduciary duties and compliance programs, (ii) investment company compliance and governance practices, and broker-dealer practices, (iii) cybersecurity and resiliency, (iv) crypto assets and FinTech products and services, and (v) anti-money laundering (AML) programs.

Concerns about regulatory risk and trade errors are also among top RIA concerns.

Registered investment advisors (RIAs) are more concerned about their liabilities for a cyberbreach or theft of data than any other potential business exposure, according to the 2023 RIA Risk Survey from insurance brokerage Golsan Scruggs.