Unclaimed property. Blue Sky administration. Information security. You don’t have to be a compliance guru to know these terms. They represent some of the key regulatory initiatives impacting the financial services industry in 2014. They were also some of the “hot topics” addressed at Boston Financial’s Chief Compliance Officer (CCO) Forum last month.
Just a few years ago, these topics probably weren’t on most people’s top 10 list. Why are they impacting the industry and our clients so deeply today?
For starters, perpetual change is the new norm in today’s regulatory environment. You only have to turn to the deluge of “proactive” rulemaking for evidence. And so the shifting nature of priorities and demands isn’t surprising. Another factor is the magnitude of the rulemaking: Every aspect of our business is now impacted by regulatory requirements at both the federal and state levels.
With this backdrop in mind, here is a deeper look at some of the “hot topics” discussed at Boston Financial’s recent CCO Forum.
Unclaimed Property and Blue Sky Administration: The aggressiveness of the states around regulatory enforcement and why was a recurring theme. Our industry panelists noted that maintaining compliance is challenging given the inconsistency of state laws.
Within the unclaimed property arena, firms also have to contend with varying definitions of “contact” and the disparate treatment of accounts by the states. Industry initiatives include working with individual states to get clarity around their laws, defining “contact” and developing systems to track it.
Similar challenges exist for Blue Sky administration, but there is also the added complexity of dealing with omnibus accounts. Our presenters recommended best practices relative to exemptions, minimizing expense, and oversight of the process.
Information Security: It’s not a matter of if your firm will experience a breach, but when was the prevailing view among our group of information security experts. They emphasized that the policies, plans, and practices a company has in place both prior to a breach and after a breach are a critical part of the firm’s information security program. Pre-incident planning needs to include a written security management and incident response plan.
Mike Rizzo, chief information officer at Boston Financial, noted that Boston Financial’s information security program is predicated on the following framework: identify, detect, protect, respond, and recover. Major elements of our program include risk assessment, security awareness, security policies and standards, and risk mitigation.
Other best practices identified by the group were prioritizing risks, conducting regular security assessments to identify potential vulnerabilities, and educating and training employees on information security. When responding to a breach, employing a variety of techniques that include forensics and preservation was another best practice cited at the Forum.
I had the opportunity to close out the Forum and noted that the industry must continue to be holistic and vigilant in its approach to risk mitigation and ensuring a strong control environment. Standard of care in the regulatory space is at an all-time high; even the smallest oversight can have devastating results. For a firm to be successful today, its business strategy must align within a compliance framework.