Products October 14, 2015

Schwab Unveils Adviser-Friendly Managed Accounts

Discussing a new managed account-type service with PLANADVISER, Schwab Retirement Plan Services says the offering helps advisers play a deeper role in delivering effective QDIAs. 
Reported by

Schwab Retirement Plan Services has introduced the new Advisor Managed Accounts program, aimed at bringing affordable, adviser-driven managed account services to the mid-sized and large plan market.

Steve Anderson, executive vice president and head of Schwab Retirement Plan Services, tells PLANADVISER the new capability leverages Morningstar managed account technology to build series of customized investment portfolios for retirement plans with $20 million or more in assets and a dedicated retirement specialist adviser.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

Retirement plan consultants who are registered investment advisers will now be able to build and manage customized investment portfolios for the plans they support, integrating recordkeeping services from Schwab Retirement Plan Services and managed account technology from Morningstar Associates, Anderson explains. He suggests the new approach “greatly expands the capabilities of consultants who serve as registered investment advisers and investment managers for retirement plans and the participants in those plans.”

According to Schwab, many employers rely on their retirement plan consultant in multiple areas, such as guiding plan design, recommending and monitoring plan investments, and helping the employer fulfill fiduciary, regulatory and compliance requirements. With the introduction of the Advisor Managed Accounts program, consultants serving in a 3(38) investment manager role can provide customized investment portfolios to participants in the plans they serve.

Brock Johnson, head of retirement solutions for Morningstar, observes that “flexibility and scale” are the key principals in the service being delivered in partnership with Schwab. The new managed account program will allow advisers “to reach more people and help them save effectively for retirement,” he says.

Since 2012, Schwab Retirement Plan Services has made managed account services available from two independent investment advisers through its retirement plan platform as the intended qualified default investment alternative (QDIA). With this new QDIA approach, all plan participants are enrolled into the managed account and can choose to stay in the advice program or manage their investments on their own from the core menu.

NEXT: A different take on managed accounts 

“We have seen that when advice is built into a 401(k) plan so that participants start off with it and are free to opt out, 87% remain in the advice program,” Anderson says. “With traditional managed accounts, where the participant has to search out the option and actively invest in the managed account, the uptake tends to be below 5%.”

Anderson says extensive discussions with employers and consultants who advise on plan investments led Schwab Retirement Plan Services and Morningstar to develop and integrate the necessary technology and participant support services for this new capability.

“Now employers seeking managed accounts customized for their plan have a new choice. We anticipate the first 401(k) plan will implement this approach early next year,” Anderson says.

Under the terms of the program, advisers, in their fiduciary role as 3(38) investment managers, “can create up to 101 customized plan-level portfolios based on their investment and plan expertise,” Anderson explains. “They also determine the participant portfolio assignment methodology for each plan they serve.”

With this setup, Morningstar’s technology platform will analyze each participant’s individual information and, using the investment manager’s instructions, assign each participant a specific portfolio in real time created by the investment manager. Participant portfolio assignments typically will be based on 10 or more distinct data points including age, salary, savings rate and account balance. Portfolio assignments are evaluated on a quarterly basis through the technology platform and participants may have their portfolios rebalanced or adjusted as appropriate. 

This differs somewhat from a standard managed account, which instead sees changes made within a client portfolio, rather than having the client move between portfolios. However, like in a standard managed account, participants can share additional details about their financial situation, such as retirement assets outside the plan or a spouse’s retirement savings, to further refine their investment strategy. They can do so through an interactive website and over the phone with a Schwab advice associate who can help them input information online to generate the managed account recommendation.

Retirement plan consultants who want to learn more should call the Schwab Retirement Plan Services Consultant Support Center at 877-783-4372. 

In Practice October 14, 2015

Practical Tips for SEC Cybersecurity Exams

Completely insulating a business from cybersecurity risk is probably a pipedream in the modern world, but retirement plan advisers will be on the hook if, or when, a client data breach occurs.
Reported by

It’s hard to grasp the sheer scope of cyber risk exposure in the financial services industry, but George Michael Gerstein, associate in the fiduciary responsibility group at Groom Law Group, says advisers can take heart from the fact that the Securities and Exchange Commission (SEC) has been clear about what security measures it expects.

“One important step in understanding the SEC’s stance on cybersecurity is to carefully review the appendix to the 2015 Risk Alert publication from the Office of Compliance Inspections and Examinations [OCIE], which summarizes quite nicely their ongoing cybersecurity initiative,” Gerstein tells PLANADVISER. “The appendix pretty much gives a play-by-play for how advisers should be dealing with cybersecurity issues.”

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.

Because of the rapidly changing nature of cyber threats, Gerstein says the OCIE will clearly continue to focus on cybersecurity for some time to come, certainly beyond the end of 2015 and the formal examination initiative. If advisers haven’t taken proactive action to batten down the hatches against a cyber breach, now is the time to do so, he suggests.

Another place to look for practical tips and guidance for dealing with SEC cybersecurity reviews is the recent settlement action announced against a St. Louis-based investment adviser. In that case, the adviser agreed to settle various charges, including that it failed to establish required cybersecurity policies and procedures.

According to SEC officials, the failures occurred in advance of a data breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including but not limited to thousands of the firm’s clients. An SEC investigation found that R.T. Jones Capital Equities Management violated basic safeguard rules during a nearly four-year period when it failed to adopt any written policies and procedures to reasonably ensure the security and confidentiality of sensitive client information and protect it from anticipated threats or unauthorized access.

According to the SEC’s order instituting a settled administrative proceeding, R.T. Jones stored sensitive PII of clients and others on its third party-hosted web server from September 2009 to July 2013. The firm’s web server was subsequently attacked in July 2013 by “an unknown hacker who gained access and copy rights to the data on the server,” rendering the PII of more than 100,000 individuals, including thousands of R.T. Jones’s clients, vulnerable to theft.”

NEXT: Consider yourself warned 

Gerstein suggests advisers should review the actual cease-and-desist letter from the R.T. Jones case, which is available online “and should be illuminating” for anyone running an advisory practice.

“In the document, the SEC accuses this firm of lacking anything close to adequate controls for a variety of sensitive areas,” he explains. “SEC investigators indicated that there has been no apparent financial loss to the individual clients involved, but they did identify serious shortcomings and found the advisory firm liable for certain damages. None of the particulars should be surprising for those of us who think about this kind of thing regularly.”

Gerstein observes some of the shortcomings cited “are as simple as lacking a sufficient firewall and encryption protocols for sensitive client data.”

“The R.T. Jones case has been the one significant action I have seen at this point,” he explains, “but given the wider trends it is likely this type of regulatory action will increase, I think. The advisory firm community can look to and carefully consider the R.T. Jones matter and the Risk Alert announcing the initiative and get a pretty clear picture of what the SEC expects.”

The SEC appears to be particularly interested in sound vendor management, Gerstein adds.

“For example, the SEC noted in its initial Risk Alert that a lot of the recent cyber issues we have seen have involved third-party platforms and lax vendor management,” he says. “The SEC has stressed they will be looking closely at how advisory firms consider these things.”

Gerstein feels advisers can turn to their existing expertise meeting the requirements of the Employee Retirement Income Security Act (ERISA) for further guidance on meeting cybersecurity risks head on.  

“In the end, cybersecurity exposure is similar to ERISA liabilities in that you can’t just expect to hire someone and then wash your hands of liability because you put them in charge of certain money or data,” Gerstein concludes. “If you would otherwise have to do something and you delegate that work to someone else, you are still responsible for choosing an appropriate partner and monitoring that partner."

«