Contact Bates Today

Bates Group is with you every step of the way. Contact us today for more information on how our End-to-End Solutions can help your firm.

Get My Solution Started

Bates Group Logo

We’re looking for talent! Interested in a career at Bates Group? Visit our Careers page.

Bates News, Bates Research  |  10-04-18

NASAA Update: New Leadership, Cybersecurity Model Act for IAs and Heightened Supervision for BDs

{image_1}

{image_2}

On September 25th, Michael S. Pieciak, Commissioner of the Vermont Department of Financial Regulation (pictured above), took the reins as the 101st president of the North American Securities Administrators Association (“NASAA”). That same day, NASAA’s Investment Adviser Section proposed a model rule that would require investment advisers to adopt policies and procedures regarding information security. NASAA also published the results of a series of “coordinated examinations of broker-dealer firms” that reviewed the heightened supervision plans of firms for registered representatives. Here’s a closer look at these developments.

New Leadership and Priorities

At the 2018 Annual Meeting in Anchorage, Michael S. Pieciak began his one-year term as president of NASAA. Mr. Pieciak, who formerly served as president-elect and chair of the organization’s Corporation Finance Section and Fintech and Capital Formation Committees, announced NASAA’s new leadership team which includes Past President Joseph Borg, Director of the Alabama Securities Commission, and President-elect Frank Borger-Gilligan, Assistant Commissioner of the Tennessee Department of Commerce and Insurance.

In his remarks, Mr. Pieciak set forth his priorities. He stated that cybersecurity, cryptocurrency, financial technology, multi-jurisdictional enforcement matters, standards of care and senior financial fraud would remain primary concerns.

He noted, however, that recent member survey results found that the “preservation of state authority stood head and shoulders above all others as the top priority for our members.” He said that such a concern is well placed, given “broad preemption legislation in recent decades, and renewed threats in recent months.” He pledged to pursue “modernizing our association and promoting uniformity” as the most effective ways… to fight preemption and preserve our authority.” He acknowledged that “determining the most effective strategies… will take considerable thought, time, collaboration and discussion.” As a result, one of his first acts was to direct the NASAA Board to establish a Strategic Planning Committee to review bylaws, committee structure, policies and procedures.

Mr. Pieciak, NASAA’s first millennial president, also voiced his commitment to “focus on millennial investor education, awareness and protection.” He emphasized its importance and tasked NASAA’s Investor Education Section “to expand its ongoing generational outreach initiatives to include resources specifically designed for this younger generation.”

New Proposed Model Rule on Information Security

Also on September 25, NASAA released a new model rule that would require state-registered investment advisors to adopt new policies and procedures regarding information security. The proposal references findings from NASAA’s 2017 Coordinated Investment Adviser Examination Report as well as recent education initiatives, specifically the 2017 Cybersecurity Checklist. The Checklist was intended “to provide direct guidance on ways the [investment adviser] firms can identify, respond, and recover from cybersecurity weaknesses and/or breaches.”

The proposal has three parts. First, the “Proposed Information Security and Privacy Rule” would impose new requirements related to both the physical security of information as well as require the annual delivery of a firm’s privacy policy to clients. Second, a “Proposed Recordkeeping Rule Amendment” would amend the existing NASAA model recordkeeping rule to require that investment advisers maintain the additional records required by the new information security rule. Third, the “Proposed Unethical Business Practices (‘UBP’) Rules Amendment” would amend the existing UBP Model Rules to add to the list of prohibited and unethical conduct a failure to establish, maintain, and enforce a required policy or procedure. The comment deadline is November 26.

NASAA states that the Rule Proposal has three objectives: (i) to address the “need for investment advisers to have policies and procedures” to deal with data privacy and security issues; (ii) to provide a “basic structure for how state-registered investment advisers may design their information security policies and procedures;” and (iii) “to create uniformity in both state regulation and state-registered investment adviser practices.”

New Guidance for Broker-Dealers on Heightened Supervision

In another significant development, NASAA released the findings of examinations of broker-dealer firms on their heightened supervision plans for high-risk registered representatives. NASAA conducted 165 exams of 121 broker-dealers. The results, contained in the Coordinated Examination Report, suggest that firms have more work to do to address the issue.

Nine of the firms had no policies or procedures related to heightened supervision. Thirty-four firms had not established criteria for assessing whether heighten supervisions would be appropriate for new hires and or current associated representatives. About half of the firms that did have heightened supervision procedures did not have policies and procedures in place for removal of a representative from heightened supervision. Among other findings, NASAA representatives said that “less than 25 percent of the examined firms maintained supervisors on site who were responsible for enforcing heightened supervision plans” and “about 20 percent of firms (both large and small) failed to enforce the procedures they had developed.”

As a consequence of these findings, NASAA advised broker-dealer firms to (i) designate individuals with the necessary experience and authority to enforce the plan; (ii) ensure appropriate written documentation that evidences the “representative’s awareness of the conditions of the plan and the supervisor’s awareness of his responsibilities;” (iii) provide periodic review to ensure the effectiveness of any plan; and (iv) ensure that removal procedures are in place. In addition, NASAA recommended that a firm should design its plan so that it would address any underlying conduct subject to review, ensure that the representative’s records are incorporated into any review, and establish the frequency of reviews.

Conclusion

President Pieciak pledged his commitment to fight federal preemption and preserve the authority of state securities regulators. The findings contained in the 2017 and 2018 examination reports suggest how important a role NASAA has in understanding the current state of play at investment adviser and broker-dealer firms. The timing and proposed model rule on information security for investment advisers and the new guidance on heightened supervision for broker-dealers provides a strong indication of how active NASAA intends to be as it asserts its authority within the regulatory framework. Bates will continue to keep you apprised of both state and federal developments.