Lofty statements, technical terms, and jargon that’s incomprehensible to the average retirement plan participant can leave advisory clients feeling confused and frustrated.
Do advisers use phrases that should be translated into plain
English? Some people think so, among them Alexandra Taussig, senior vice president for marketing
and business strategy at Fidelity Investments. She notes that women have very
strong feelings about the language used in talking with financial advisers.
Women often think about investing differently than men, Taussig
tells PLANADVISER, and their focus tends to be on goals, not performance. Can
they retire when they want, can they put their children through college? Advisers
should put things in those terms, rather than pointing to esoteric concepts, such as “how energy is doing,” she
says. The word “planning” may sound better than “investing” to some women, Taussig adds.
Jeff Snyder, vice president, senior consultant at Cammack Retirement Group,
thinks that male plan participants also may prefer some terms over others. Plan participants
are smart, Snyder says, but they don’t do finance for a living. He believes advisers should avoid technical language in order to engage the average
American. Don’t forget, Snyder warns, “most people are doing eight things at
once.” Best to avoid making things sound complex or more mysterious than they
really are.
Take our survey and share your thoughts on the words and
phrases that will best reach participants—or “savers” or “employees,” as they
are likelier to think of themselves. Thank you!
By using this site you agree to our network wide Privacy Policy.
A Securities and Exchange Commission review of the financial services industry’s cybersecurity preparedness shows the vast majority of examined broker/dealers and advisers have adopted written information security policies.
According to the Securities and Exchange Commission (SEC)’s Office
of Compliance Inspections and Examinations (OCIE), which recently examined the
cyber-risk management capabilities of nearly 60 broker/dealers (B/Ds) and 50
registered investment advisers (RIAs), most broker/dealers (89%) and the majority of advisers
(57%) conduct periodic audits to determine compliance with formal information
security policies and procedures.
OCIE’s cyber-risk audit findings are explored at length in a
recently published Risk Alert. Among the key findings of the nearly year-long
auditing effort, OCIE says, is that financial services firms appear more and
more aware of the extensive cyber-risk they face. To this end, most written policies and procedures for both the broker/dealers (82%) and the advisers (51%) discuss
mitigating the effects of a cybersecurity incident and/or outline a formal plan to
recover from one.
However, few written
policies and procedures directly address how firms determine whether they are
responsible for client losses associated with cyberincidents, OCIE says. This can prove problematic for advisers and broker/dealers accused of leaving client data or funds exposed to cyber-risks.
“The
policies and procedures of only a small number of the broker/dealers (30%) and
the advisers (13%) contain such provisions,” the Risk Alert observes. “And even
fewer of the broker/dealers (15%) and the advisers (9%) offered security
guarantees to protect their clients against cyber-related losses.”
One positive sign of improving cybersecurity is that many firms are turning to external standards and other resources to model their information
security architecture and processes. Most broker/dealers (88%)
and many advisers (53%) reference published cybersecurity risk management
standards, such as those from the National Institute of Standards and
Technology, the International Organization for Standardization, and the Federal
Financial Institutions Examination Council.
Other risk assessment results show broker/dealers outstrip advisers when it comes to cybersecurity. Only about a
third of the advisers (32%) examined require cybersecurity risk assessments of
vendors with access to their firms’ networks. Most broker/dealers (84%), on the other
hand, require this type of assessment of vendors accessing their data networks.
Few firms can afford to be complacent in reviewing their cyber-risk preparedness, OCIE continues. Strikingly, most of the examined firms
reported that they have been the subject of a cyber-related incident. A
majority of broker/dealers (88%) and advisers (74%) stated that they have
experienced cyberattacks directly or through one or more of their vendors. Most of the cyber-related incidents are related to malware and fraudulent
emails, OCIE points out.
Over half of the broker/dealers (54%) and just under half of
the advisers (43%) reported receiving fraudulent emails seeking to transfer
client funds. More than a quarter of those broker/dealers (26%) reported losses of more than $5,000,
related to fraudulent emails; however, no single loss uncovered
by OCIE exceeded $75,000. One adviser reported a loss in excess of $75,000
related to a fraudulent email, OCIE says, for which the client was made whole.
Critically, one-quarter of the broker/dealers with
losses related to fraudulent emails noted that these were the result of
employees failing to follow the companies’ identity-authentication procedures. The one
adviser that reported a loss also said that its employees had deviated from
its identity-authentication procedures, OCIE says.
Almost two-thirds of the broker/dealers (65%) that received
fraudulent emails reported the emails to the Financial Crimes Enforcement
Network (FinCEN) by filing a suspicious activity report, but only 7% of
those firms reported the fraudulent emails to law enforcement or other
regulatory agencies. With the exception of the investment adviser loss in
excess of $75,000 related to a fraudulent email, as alluded to above, advisers generally
did not report incidents to a regulator or law enforcement.
Turning to internal cyberthreats, many firms identified
misconduct by employees and other authorized users of the firms’ networks as a
significant concern, but only a small proportion of broker/dealers (11%)
and advisers (4%) actually reported incidents in which an employee or other
authorized user engaged in misconduct resulting in the misappropriation of funds,
securities or data.
In a positive sign, almost all the examined broker/dealers (98%) and
advisers (91%) make use of encryption in some form. Many examined firms also provide
their clients with suggestions for protecting their sensitive information, OCIE
adds.
The office concludes the Risk Assessment by noting that its staff is
still reviewing the cyber-audit information to discern correlations between the
examined firms’ preparedness and controls, and their size, complexity or other
characteristics. As noted in OCIE’s 2015 priorities, the office will continue to
focus on cybersecurity using risk-based examinations.
“The staff welcomes comments and suggestions about how the commission’s examination program can better fulfill its mission to promote
compliance, prevent fraud, monitor risk and inform SEC policy,” the Risk Alert
says.
Advisers or broker/dealers suspecting or observing activity that may
violate federal securities laws or otherwise harm investors are encouraged to
notify the SEC here.