On 21 February 2017, the SEC’s Division of Investment Management released a new no-action letter in relation to custody and standing letters of authorization (“SLOA”). The Investment Adviser Association (IAA) previously sent a letter to the Division requesting clarification that an investment adviser does not have custody as set forth in Advisers Act Rule 206(4)-2 (the “Custody Rule”) if it acts pursuant to a SLOA or other similar asset transfer authorization arrangement established by a client and qualified custodian. This letter also requested no-action relief under the Custody Rule and surprise custody examination as required by the Custody Rule. Continue reading Clarification on Custody and SLOA Arrangements
What is Supplemental Information?
Most firms familiar with the GIPS® standards will also have familiarity with the term supplemental information. What you may not know is that there are proposed changes to supplemental information guidance that will impact every firm claiming compliance.
Historically, the general idea has been that certain performance-related information must be labeled as “supplemental information” and reference the compliant presentation (i.e. the GIPS Page that includes the required annual statistics and disclosures). Your pitch books likely have “supplemental information” footnotes on a variety of their pages. For a primer on supplemental information, find the current Guidance Statement on the GIPS website and also review the Q&A under the Supplemental Information category (specifically keyword search “booklet” for the reason your pitch books have this disclosure throughout). Continue reading New GIPS Guidance to Change Marketing Practices, Increase GIPS Requirements
By Alan Jackson, CISSP
In recent years, the SEC has started to ask firms if they are performing regular vulnerability and/or penetration tests. This has caused confusion in the investment advisory industry, stemming from the fact that computer professionals have different definitions of what constitutes a vulnerability or a penetration test. Some testers describe penetration tests as an engagement where they attack a network persistently until they gain access, while some might target specific applications. Vulnerability tests could be described as purely automated scans or as live social engineering exercises where a person tries to trick an employee into giving the tester access. It is no wonder that investment advisors are confused. In order to give more clarity on this subject, I am going to define three terms that may help you select a vulnerability or penetration tester. Continue reading Can Someone Pick Your Lock?
On 27 September 2016, the Canadian Securities Administrators (CSA) issued a notice stating that they “expect Market Participants to take steps to protect themselves against cyber threats.” But what does this mean for you? We frequently field confused questions from investment professionals who don’t understand what they should be doing to address cyber security threats. Many professionals don’t even know what the real threats are. This confusion is compounded by the myriad of regulatory agencies, standards, and laws that investment firms need to comply with. Continue reading Cyber Security Expectations Continue to Increase for CSA Registrants
By Alan Jackson, CISSP
A recent attack within the “Internet of Things” (IOT) made me think about a commonality between me and Bill Gates. When Bill Gates built his house more than 25 years ago, he incorporated very sophisticated technologies into each room. Visitors to his house were encoded into a computer system and the system automatically adjusted the lights, temperature, and music in each room to the tastes of the occupants. This technology was way ahead of its time, but over the years home management networks have become more and more common. In fact, I have many devices in my house that are directly connected to my home network. These devices allow me to remotely adjust the temperature, check to see if the lights are off, stream stored videos, and keep track of my grocery needs. These devices are part of the IOT and they include network-connected thermostats, nanny-cams, and smart refrigerators. The IOT also includes industrial controls systems, smart cars, copiers, fax machines, and manufacturing robotic systems. All of these devices have tiny computers in them and a malicious person could take over the computer. Some of you may be thinking, “C’mon Alan, be serious. You have watched The Terminator and The Matrix too many times.” Well it has happened. Continue reading Danger on the “Internet of Things”
Ashland Partners Educational Conference: Fundamentals of Performance Measurement & Attribution
February 27-28, 2017
Join Ashland Partners and Carl Bacon, CIPM, renowned performance measurement specialist and one of the founding members of GIPS, for a two day interactive course on critical concepts of performance measurement and attribution. Click here for more information.
Location: The City Club of San Francisco
Stock Exchange Tower
155 Sansome Street
San Francisco, CA 94104
Ashland Partners’ Client: $1,595
Non-Ashland Partners’ Client: $1,795
Organizations that register 2 or more individuals qualify for 50% off registration for the second attendee.
By Richard Kemmling, CPA, CIPM, CGMA
2016 will definitely go down in history as a historic year for our country and world. Sentiments around the globe are favoring a change in direction from the ideas and governance of the past several years. This has been met at times by fear and also by jubilation. In the UK, they are finding that Brexit may take longer than expected given its complexities with Europe. In the US, President-elect Trump, while initially seeming unprepared for the transition of power, has been ahead of his predecessors in picking his team and lobbying for his agenda. Careful preparation is setting the table for change around the world. Continue reading With Change Comes New Challenges and New Opportunities