Oct. 27, 2022
October 27, 2022 To Whom It May Concern, I wish to register my strong objection to the idea that Advisors must vet and periodically evaluate software providers without the SEC establishing safe havens where the rule would not apply, or a specific set of check boxes that satisfy the proposed requirement. Advisors have very little in the way of ability to evaluate the risks of using Amazon AWS, Microsoft AZURE, Google CLOUD, etc. and none of these companies provides any information that could be reasonably used to provide vetting of the risks involved in using their services, nor would Advisors be qualified to evaluate those risks even if they did. Some entities should be designated safe havens - for example, if an Advisor is using Microsoft Dynamics the onus should be on Microsoft to protect the security of the platform and to demonstrate such security to regulators as required. Additionally, there should be some base level requirement that specifies the minimum qualifications a 3rd party software solution should offer. Fo r example, Wealth Box, a popular CRM for small Advisors that is much easier to use than Google Copper or Microsoft Dynamics, relies on Amazon AWS to run its software and features bank level encryption and two factor authentication to provide security. In other words, there should be set boxes to check and if the provider services check those boxes, that's as far as the Advisor is required to go. 256K Encryption, Check. Two Factor Authentication, Check. Platform run on AWS, AZURE, GOOGLE CLOUD, Check. Done. Realistically, small to medium Advisors cannot build their own CRM, and do not have the technical capability to know whether or not what we are told by Microsoft/Amazon/Google/Salesforce/WealthBox/Blueleaf/etc. is accurate, safe, or reliable. So, that means if the rule is passed, Advisors would have to hire a VERY expensive 3rd party to evaluate the 3rd parties. As a small advisor, the time and costs to meet regulatory requirements keep mounting, while fee margins keep co mpressing, and new rules, while they seem like good ideas, do very little if anything to curb consumer risk. If put into force, this rule must have a simple, inexpensive, and easy method for Advisors to satisfy the requirement as suggested above, with certain providers accepted as meeting the requirement. This is another step on the road to forced consolidation where true fiduciaries have to accept offers from non-fiduciary brokers in order to stay ahead of costs and regulatory demands beyond the ability of their budgets to sustain. This is punitive for small to medium Advisors and the clients they serve.