F2 Strategy, Crescent Grove Advisors And Smarsh Share Insights On What’s Coming For Wealth Management Firms In The Year Ahead
Where exactly are wealth management compliance and regulatory trends headed for advisors in 2024? Judging by the enormous amount of change that’s unfurled this year – across cybersecurity, communications, artificial intelligence, advisor-client best interest and agency priorities – next year may see just as much if not more momentous upheavals.
Market participants remained wary of reconnecting their computers to the Industrial and Commercial Bank of China (ICBC), weeks after hackers conducted a ransomware attack in early November that hindered trading in the $26 billion U.S. Treasury market.
Since December 2021, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) have doled out over $2.75 billion in fines to financial services firms due to failures with their recordkeeping and oversight responsibilities regarding digital communications tools through apps, text messages, emails and phone calls.
In late October, President Joe Biden announced new proposals on requirements that recommendations to purchase any investment product must be in the savers’ best interest. This would cover advice to roll assets out of an employer-sponsored plan like a 401(k), in addition to advice to plan sponsors about which investments to make available as options in 401(k)s and other employer-sponsored plans. If implemented, it’s unclear how this would impact pre-existing rules by the SEC and Department of Labor.
That same month, the SEC released its 2024 Examination Priorities Report. Topping the list for advisors are high cost, complex and illiquid products and unconventional strategies; processes for determining that investment advice is provided in clients’ best interest; economic incentives that an advisor and its financial professionals may have to make recommendations; as well as disclosures made to investors.
And so far this year, a plethora of generative artificial intelligence breakthroughs have hit the wealth management space. Morgan Stanley and J.P. Morgan are developing ChatGPT-like AI tools. Orion Advisor Solutions and FMG have AI-powered software for independent advisors. And Morningstar uses the Microsoft Azure OpenAI Service, while its “Mo” AI personality resembles a video game-like young man.
To get a sense of what’s coming next, WSR spoke with industry leaders from the wealthtech consultancy F2 Strategy, the wealth management firm Crescent Grove Advisors and the regtech and compliance provider Smarsh. Here are their insights.
Jaci Stanton, Managing Director, F2 Strategy
Agility will be the name of the game in 2024. Hybrid advisors and broker-dealers face increased scrutiny on known topics like fees, online advice and communications, protection of client information and best interest standards. They also face scrutiny on new topics such as crypto, alternatives and AI. It is a lot to balance, and it pays to be proactive.
Dedicate resources to identify gaps. Center on the client. Connect with industry peers and share best practices. Implementing and automating risk tolerance questionnaires and financial plans inside a new client workflow is an example of best practices.
Scott Lamont, Director, F2 Strategy
RIAs, especially the smaller ones, face an ongoing challenge of balancing flexibility and experience with control and privacy. Regulators and compliance teams (internal and external) will be increasingly focused on the security of the client data, as well as whether technology like machine-learning and generative AI are being properly used to deliver insights to clients leveraging that data.
Advisors value the insights and opportunities that data can create and will push for more tools and easier access to that information. The push/pull will escalate the challenge between protecting the data and using it for analytics and value-add experiences for clients.
Elizabeth A. Watkins, COO & CCO, Crescent Grove Advisors
In my opinion, among the compliance and regulatory obstacles facing RIAs today is the SEC’s rapid-fire approach to rulemaking. This has created an environment where firms are drinking from a firehose as they attempt to address the many rule changes, which are complex and sometimes conflicting. Then, add to this the many technology advances that have created new and unexpected challenges for both regulators and firms to manage.
One new area that compliance is still sorting out is the use of AI in financial services. While there hasn’t been significant rulemaking here yet, the SEC has signaled that RIAs utilizing AI are expected to ensure that their algorithms and models are transparent, explainable and comply with regulatory requirements. The SEC may scrutinize the use of AI to ensure that it doesn’t compromise investor protection or market integrity. As with any new area, we won’t really see meaningful rulemaking until something goes wrong.
Cybersecurity also remains a top concern for RIAs. The SEC has been emphasizing the importance of robust cybersecurity measures to protect sensitive client information for years. RIAs need to implement comprehensive cybersecurity policies, conduct regular risk assessments and stay updated on best practices to mitigate cyber threats. Testing remains the most vigilant way to keep up with the evolving methods and manner of potential breaches.
Robert Cruz, Vice President, Regulatory & Information Governance, Smarsh
We are seeing firms react to the current enforcement climate by doubling down on the governance processes to determine if the benefit of supporting new tools is worth the cost and risk. This is key as the use of prohibited communications tools typically pull clients away from platforms they are comfortable and familiar with, enable greater productivity and faster decision-making, and are used by employees attempting to avoid detection.
Firms must assess whether demand for such communication tools is widespread or one-off and understand if there is a safe and reliable means of capturing the benefits of using these platforms. Once a clear, articulable benefit is determined, a larger group of stakeholders must assess any risks presented by compliance, security, privacy, IP and technology. I believe we will see more of these governance “councils” across the industry to help RIAs and IBDs protect themselves as they strive to remain competitive.
There have been a variety of cybersecurity rule updates, primarily from the SEC, that have been directed at broker-dealers and public corporations. Many protections required by these new rules have been implemented within cybersecurity programs that focus on malware, ransomware and threats of internal information leaks.
Firms are already investing in addressing two areas: meeting breach notification requirements within the timeframe outlined by SEC proposals and determining new roles to define, test and report – like handling written supervisory procedures (WSPs). Both are not without their challenges. The first has drawn attention to defining what is an incident to outline system readiness improvements. The second may prove to be a hurdle for smaller resource-constrained compliance teams.
Chris Latham, Managing Editor at Wealth Solutions Report, can be reached at firstname.lastname@example.org