Oct. 14, 2023
The SEC's proposed operational resilience requirements, while well-intentioned, could hamper the global competitiveness of U.S. investment advisers by diverting focus and resources from serving clients. The prescriptive rules would force advisers to allocate significant time, staff and budget to compliance activities like risk assessments, penetration testing and maintaining a CISO. While cybersecurity is critical, this diverts resources from developing innovative products and services - key competitive differentiators in a global financial marketplace. Firms' growth and profitability may suffer. Meanwhile, international rivals not subject to such strict regulatory compliance costs can focus squarely on improving investment offerings. This may incentivize assets to move offshore, eroding U.S. firms' client base and market share. Smaller advisers may be hit especially hard, lacking resources to comply. The requirements could thus stifle competition and industry diversity, ultimately harming U.S. leadership in financial services. Rather than a one-size-fits-all approach, a principles-based framework with flexibility better balances resilience and competitiveness. Firms can tailor cybersecurity to their business model and scale of operations. The SEC should seek to empower advisers to implement robust yet nimble cyber defenses, while devoting resources to enriching client services and expanding market reach. Overly rigid regulations often have unintended consequences. In our globally connected economy, policies promoting both resilience and competitive edge are crucial to maintain America's standing as the world's premier financial hub. With tweaks to the proposed rules, the SEC can achieve both objectives. Kraig Hotelling