That’s not the same as being cautious or timid. And it is not just understanding the probabilities of unplanned events that bring negative or harmful consequences. It’s weighing those probabilities by the severity of the outcomes. Advisors understand this: A small probability risk with a devastating outcome is more dangerous than a higher probability risk of minor consequence.
In that light, I admit I’ve always been skeptical, and a bit bored, when talk turns to cybersecurity. Important, yes, and we should take due precautions. But how real is the threat? I’m reminded of the Warren Buffett rule: Never ask a barber if you need a haircut. The answer won’t surprise you. The people who shout the loudest about the dangers are usually the people who are selling you a solution.
Still, I was surprised to learn, in Rob Burgess’ feature on cyber fraud insurance in this issue, that among advisors, service providers and regulators, there is no collective understanding of the undeniably growing threat of bad actors who can wreak havoc by hacking into your digital ecosystem, stealing data, getting access to accounts, or even demanding a ransom to keep your data private and intact. We know it happens; it just doesn’t happen to us, or to anyone we know. It’s a low probability event.
Yet the Securities and Exchange Commission, which doesn’t have any deeper understanding of the threats than anyone else, wants to treat you all the same. In their proposed cybersecurity rules for advisors, they think your money is best spent on putting “policies, procedures and processes” in place to prevent cybercrime and disclosing cyber breaches, regardless of the damage done.
Security is important, of course. But every RIA is unique. Imposing useless rules, costly system upgrades and box-checking mandates is a big blanket solution to bespoke problems, and a headache for you.
I agree with the advisor whose critical comment letter to the SEC suggests an alternative: Simply mandate cyber fraud coverage. The free market will quickly, and accurately, price the risk. Coverage would be astronomical for advisors that have subpar cybersecurity, and reasonable for those who take appropriate precautions given their individual situation and exposure. Competition between carriers would keep costs in line.
No one likes to buy insurance, but it’s possible they would be far better at understanding your risk and protecting your clients than the SEC and likely at a lower cost.
Another group of stakeholders that are quickly learning the nuances of the independent wealth management business are private equity investors, whose industry presence has grown over the past decade and whose money fuels much of the consolidation taking place. Diana Britton and Ali Hibbs profile the main players here, even get some notoriously tight-lipped managers to reveal a bit of their thinking. Unanswered is how much leverage is driving the activity, and what happens to those funds when the investments roll over into higher interest rates. Stay tuned.
Also worth watching: The legal shots being fired at FINRA by a small broker/dealer, Alpine Securities. The b/d is challenging the constitutionality of the SRO, an argument that years ago would have gained no traction. But according to Patrick Donachie’s article here, the courts have changed, and justices sympathetic to Alpine’s arguments, including some sitting at the highest court in the land, may turn the tide. The ramifications would be profound.
Other highlights here: Larry Swedroe on the accuracy—or lack thereof—of market forecasts, the standoff between buyers and sellers in the real estate market, highlights from our own research on advisors growing use of alternative investments, and a reading list, recommended by advisors, to get you through the remaining weeks of summer.