When Joe Borg first headed the North American Securities Administrators Association in 2001, online protection of client information was not a major issue. As he takes the NASAA helm for the third time, a potential cybersecurity regulation is prominent on his agenda.
Mr. Borg, Alabama securities director, was elected NASAA president on Sept. 26 at the state regulators' annual meeting in Seattle. In his inaugural speech, he said that NASAA would consider a model cybersecurity rule for investment advisers.
In the past couple weeks, the Securities and Exchange Commission has been at the epicenter of cybersecurity, announcing an attack on its corporate filing system that occurred last year.
Cybersecurity also is a key issue for the advisers that states regulate — those with $100 million or less in assets under management. A NASAA report released during the Seattle meeting showed nearly 700 deficiencies related to cybersecurity.
In an interview, Mr. Borg said that smaller advisers hold a trove of investor information, and they should protect it.
"We think it's important for them to have the cybersecurity, and we think it's part of our job to help them get there," Mr. Borg said. "Look, a lot of these folks are small. They're not Merrill Lynch. They don't have the anti-invasion task force in the IT department that does nothing but prevent hackers."
There's no timeline to propose a rule. Some of the elements could come from NASAA's cybersecurity check list.
FILLING A VOID
"It's something we're going to be working on pretty quickly," Mr. Borg said. "I'd like to get something in toward late 2018. A lot depends on how much cooperation we get from partners in the industry. There's nothing we do in a vacuum. I do want to get industry buy in. I do want to get other regulators."
If NASAA develops a model cybersecurity rule, it would overtake the SEC and the Financial Industry Regulatory Authority Inc., the industry-funded broker-dealer regulator, neither of whom has proposed a cyber regulation. Both the SEC and Finra do include cybersecurity measures as part of their firm examinations, however.
"It's a great idea," said Todd Cipperman, principal at Cipperman Compliance Services. "In this area, a model rule would be very helpful and might influence what the SEC ultimately does."
SEC inaction on a cyber rule could create a void for state regulators to fill.
"If the SEC's not going to wade into it, the states might decide they should," said Ira Matetsky, a partner at the New York law firm Ganfer & Shore. "They ought to coordinate with the SEC, if they're both going to be active, to avoid the potential for inconsistent regulation that raises the costs for everyone."
Another new NASAA agenda item is an exploration of unpaid arbitration claims, an issue that has vexed Finra for years. Mr. Borg cited a study by the Public Investors Arbitration Bar Association that revealed that in 2013, arbitration victors were unable to obtain $62 million in awards.
"It's something we need to pay attention to," Mr. Borg said. "If this is a real problem, we need to get a handle on it. I want to begin the discussion. I want to do it with the industry, with Finra, with the plaintiffs bar."
A Finra spokeswoman was not immediately available for comment. Earlier this year, the Finra board authorized a rule that would reform part of the arbitration process, and Finra president and chief executive Robert W. Cook has said that the board will continue to address unpaid awards.
Another goal for Mr. Borg is to have more states adopt a NASAA model rule on elder financial abuse. Alabama was the first state to implement it, although a couple others already had similar regulations in place.
Mr. Borg, 64, is eager to lead NASAA again.
"I love the organization," he said. "We've done great things over the years. I thought this would be the right time, given politics the way it is."
He said that he helped convince lawmakers to revise a House bill overhauling the Dodd-Frank financial reform law so that it did not encroach on state regulators' turf.
"We're in a good position to do that," Mr. Borg said. "I've been around Washington and Capitol Hill for a while."
The garrulous and media friendly Mr. Borg has a propensity to make headlines — whether it's through high-profile enforcement cases or by cruising Alabama country roads on his Kawasaki motorcycle.
"I like Joe; he's a character," said Steve Thomas, chief operations officer at SGL Financial and former South Dakota chief compliance examiner. "He's a very passionate regulator who puts consumers' rights at the top of his list, and he's a fierce advocate for state regulatory jurisdiction. If anyone has the connections to get things done, Joe would have them."
It's more challenging now to be a securities regulator than when Mr. Borg became Alabama securities director in 1994. Back then, he didn't have to deal much with alternative investments. Now, he has to know them inside out.
"The entire financial industry has become much more complex," Mr. Borg said. "To bring an enforcement action, I have to understand what it is I'm bringing against."
That might mean that he'll continue to blow off steam on his bike.