Compliance August 31, 2021

SEC Makes Good on Cybersecurity Enforcement Pledge

Earlier this year, the agency published a list of 2021 examination priorities that prominently featured issues pertaining to cybersecurity, and now it has sanctioned eight firms for related cybersecurity failures.

Reported by

Back in March, the U.S. Securities and Exchange Commission (SEC) published its 2021 examination priorities list

Likely unsurprising to most who follow the SEC and the U.S. Department of Labor (DOL), one of the top priorities on the list was making sure firms are complying with Regulation Best Interest (Reg BI) and the related DOL fiduciary rule. Perhaps more surprising—or at least a newer development—was the division’s enhanced focus on climate change and issues pertaining to cybersecurity.

For more stories like this, sign up for the PLANADVISERdash daily newsletter.

The priorities list warned that the SEC’s enforcement division “will continue to evaluate whether [regulated] entities have established, maintained and enforced written [cybersecurity] policies and procedures as required.” The priorities list indicates areas of focus will include “IT [information technology] governance, IT asset management, cyber threat management/incident response, business continuity planning [BCP] and third-party vendor management, including utilization of cloud services.”

Now, several months later, the SEC has announced a series of sanctions against eight registered advisory firms for failures in their cybersecurity policies and procedures that resulted in what the agency describes as “email account takeovers” which exposed the personal information of thousands of customers and clients at each firm.

The SEC says the eight firms, some of which operate collectively, have agreed to settle the charges. The firms are the Cetera Advisor Networks LLC; Cetera Investment Services LLC; Cetera Financial Specialists LLC; Cetera Advisors LLC; Cetera Investment Advisers LLC; Cambridge Investment Research Inc.; Cambridge Investment Research Advisors Inc.; and KMS Financial Services Inc. All of these entities were SEC-registered as broker/dealers (B/Ds), investment advisory firms or both.

The SEC’s order against the Cetera entities alleges that, between November 2017 and June 2020, cloud-based email accounts of more than 60 firm personnel were taken over by unauthorized third parties, resulting in the exposure of personally identifying information (PII) of at least 4,388 customers and clients. According to the SEC, none of the taken-over accounts were protected in a manner consistent with the Cetera entities’ stated policies and procedures.

The SEC’s order also finds that Cetera Advisors LLC and Cetera Investment Advisers LLC sent breach notifications to the firms’ clients that included misleading language suggesting the notifications were issued much sooner than they actually were after discovery of the incidents.

The SEC’s order against the Cambridge entities finds that, between January 2018 and July 2021, cloud-based email accounts of more than 121 Cambridge representatives were likewise taken over by unauthorized third parties. In this case, the breaches resulted in the PII exposure of at least 2,177 Cambridge customers and clients. The SEC’s order finds that, although Cambridge discovered the first email account takeover in January 2018, it failed to adopt and implement firm-wide enhanced security measures for cloud-based email accounts of its representatives until 2021. The SEC says this failure resulted in the exposure and potential exposure of additional customer and client records and information.

According to the SEC’s order against KMS, between September 2018 and December 2019, cloud-based email accounts of 15 KMS financial advisers or their assistants were taken over by unauthorized third parties, resulting in the PII exposure of approximately 4,900 KMS customers and clients. The SEC’s order further finds that KMS failed to adopt written policies and procedures requiring additional firm-wide security measures until May 2020. Further, the SEC says, the firm did not fully implement the additional security measures firm-wide until August 2020, placing additional customer and client records and information at risk.

Technically, the SEC’s orders against each of the firms finds that they violated Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which is designed to protect confidential customer information. The SEC’s order against the Cetera entities also finds that Cetera Advisors LLC and Cetera Investment Advisers LLC violated Section 206(4) of the Advisers Act and Rule 206(4)-7 in connection with their breach notifications to clients.

Without admitting or denying the SEC’s findings, each firm agreed to cease and desist from future violations of the charged provisions, to be censured and to pay a penalty. The Cetera entities will pay a $300,000 penalty; Cambridge will pay a $250,000 penalty; and KMS will pay a $200,000 penalty.

Data & Research August 31, 2021

Old Dogs, New Tricks: Training for Veteran Advisers Pays Off

A new case study suggests even advisers with decades of industry experience can attain measurable growth improvements with the short-term addition of training, coaching and peer accountability.

Reported by

A new case study published by the Kelley Group, aptly titled “The Coaching and Training Impact Study on Advisor’s Client Acquisitions,” argues that even experienced financial advisers should consider updating their sales training and client acquisition strategies.

As explained by Brooke Kelley, co-founder of the Kelley Group and a co-organizer of the study, the main goal of the research was to ascertain if seasoned financial advisers, defined as those with 10 or more years of experience and a robust client roster, could experience measurable growth with the short-term addition of training, coaching and peer accountability.

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.

Kelley says the results of the study were “conclusively” positive, as advisers participating in the case study averaged double-digit percentage growth in client acquisition and subsequent new assets for management. For reference, the study trained and tracked participating advisers over a four-month period between December 2020 and April of this year. Kelley adds that the study was “commissioned by a major Wall Street firm” seeking insight on whether periodic training would be beneficial for its experienced staff of brokers and advisers.

As part of the study, the 15 participating financial professionals (all drawn from the sponsoring brokerage firm after an extensive screening process) were trained in “innovative client acquisition” strategies that sought to deal with a variety of relevant business development hurdles. These include the continued increase in technology designed to screen or block cold communications and the growing ability of prospects to opt into a do-not-call, -email or -market lists.

“The need for innovation in client acquisition has become critical for service-based professionals, specifically the financial services industry,” Kelley adds. “We brought innovation to the group, along with the training and coaching to help participants apply this innovation in a structured way.”

During the study, metrics tied to adviser rankings for new client acquisition and growth in assets under management (AUM) were evaluated in December 2020 and again in April 2021. On average, the members of the sample group experienced a sizable increase in their firm-wide rankings for net acquired asset growth during that period.

According to a study summary, the advisers saw a 303% average increase in requests for introductions to prospects from existing relationships; a 329% average increase in referral introductions received from existing relationships; and a 198% average increase in assets received.

Sarano Kelley, co-founder of the Kelley Group and a co-organizer of the study, says a key finding in the case study is that “accountability is key.”

“Where most people fail is not sticking to their plan,” he proposes. “Accountability is the key to reaching and, more importantly, maintaining, top levels of success across any industry, financial included.”

The study describes processes and procedures aimed at instilling accountability and strategic innovation, with an emphasis on creating systems to define, track and socialize growth goals. For example, the study emphasizes the importance of weekly team interactions and reporting on goal progress, and the importance of ensuring daily interactions with an accountability partner. The report says another critical element of success is for experienced advisers to embrace metrics-based accountability to stakeholders—for example by sharing asset-growth goals (and deadlines) with family, friends, clients and team members.

“This really does illustrate that no matter where an individual is in the course of his career, even at the top, training and coaching can be effective,” Sarano Kelley says. “What really makes the difference is … a formalized system of accountability. This ensures advisers work to incorporate any new processes and procedures they’ve learned into their daily routines and remain focused and committed to reach the personal and professional goals they have set.”

As explained in the study report, during the 12 weeks of active training and plan execution involved in the study, advisers did such things as videotape themselves in key communications scenarios related to the training to establish a baseline to benchmark their progress and to heighten awareness of unconscious nonverbal behaviors that undermined their message. Participants in the study also worked to hone virtual communication skills to purvey a professional and interactive message that encouraged feedback. They also learned the often-misunderstood signs of whether or not participants are actively engaged.

According to the management of the research-sponsoring firm, on average, advisers in the study moved up 47 positions in success rankings compared with their peers based on “net acquired asset growth.” The management deemed the results as superior when compared with nonparticipating advisers over the four-month time period.

The study report concludes by distilling some key lessons learned:

  • Ongoing communication skills training is a necessary strategy, even for the most seasoned of advisers, for an effective relationship-prospecting approach to client acquisition;
  • In the short term, a relationship-marketing approach is comparable to and often exceeds the results from other marketing methods, including cold calling; and
  • Advisers who are held accountable for rigorously tracking outreach and engagement statistics have a greater ability to stay on task and control the outcome.

«