Statement at the Meeting of the Asset Management Advisory Committee
July 16, 2020
Good morning, and thank you all for convening this meeting of the Asset Management Advisory Committee. Further thanks to Ed [Bernard] and to the Commission staff who helped prepare today’s agenda and finalize all of the logistics to produce a virtual event that allows us to have a robust discussion despite the fact that we cannot meet in person. As in this Committee’s past meetings, the agenda today will focus on topics that are important and timely: improving diversity and inclusion in the asset management industry, and issues relating to data protection and the impact of technology on investment advice.
With respect to the first topic for discussion, I would be remiss if I did not start by recognizing the focus and attention given by Pam Gibbs, Robert Marchman, and the team in the SEC’s Office of Minority and Women Inclusion (“OMWI”) to help guide SEC-regulated entities’ self-assessments of their diversity policies and practices. To the extent those listening today are not familiar with the SEC’s Diversity Assessment Report or the Joint Standards issued by the SEC and other federal financial regulators, I encourage you to review them on SEC.gov or reach out to OMWI for more information. I would also like to thank Peter Henry and his team in the SEC’s Office of Equal Employment Opportunity for their work to help promote diversity and inclusion within this agency.
The fact of the matter is that minority- and women-owned asset managers make up a small fraction of the overall $70+ trillion of assets under management. I would like to hear your thoughts on why this is the case, and what efforts are being taken to improve upon the status quo. I also hope this Committee will discuss areas where hiring and advancement may be dependent on paths that are less accessible to certain candidates. At the beginning of the pandemic, as the SEC switched to working remotely full-time, one excellent leader inside the agency offered some unsolicited advice to me and other SEC managers: Remember your whole team—don’t reactively rely on the same go-to staffers. In other words, it’s easy for managers to repeatedly give work to the few team members that have come through for them before; but this can close out others to advancement opportunities, even though they may be ready, willing, and able to get the job done (and done well). To me, this advice extends beyond the context in which it was offered, raising questions about go-to hiring processes, go-to candidate pools, and go-to networks for career help. How many of these are accessible to the full array of people who could get the job done? I look forward to your ideas on the many facets of these complex issues and thank you for your willingness to engage in this dialogue.
Regarding the second panel today, the pandemic has also given us reason to refresh our thinking on how to best protect data and technology. In the past few months, many (if not most) financial industry participants have moved their operations entirely online. They have executed these dramatic operational changes quickly, with many firms relying much more heavily on newer technology products than they had ever intended. I worry that these circumstances have introduced new vulnerabilities into our financial system—interconnected as it is—and created new opportunities for bad actors to compromise valuable information. Just last week, the SEC’s Office of Compliance Inspections and Examinations published a cybersecurity risk alert, focusing on ransomware attacks following recent reports that threat actors have orchestrated campaigns designed to penetrate financial institution networks.
I have long been a proponent of principles-based rules, which allow firm leaders who know their own businesses best to take appropriate actions to accomplish the requirements of a given rule. In the context of data, technology, and cybersecurity, are asset managers comfortable that they have the necessary knowledge base or access to those who do? How often do such firms update and test their playbooks to ensure resiliency if they are the victims of a cyber-attack? Throughout this industry, regulators and market participants share a common interest in protecting data and technology. I am interested to hear your views on how we can better leverage the resources already dedicated to this purpose throughout our markets, including through private ordering or new regulation.
Thank you again to the Committee for taking up such challenging issues. I look forward to the discussions.
 Department of the Treasury, Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Bureau of Consumer Financial Protection, Securities and Exchange Commission, “Final Interagency Policy Statement Establishing Joint Standards for Assessing the Diversity Policies and Practices of Entities Regulated by the Agencies,” Release No. 34-75050 (May 27, 2015), available at https://www.sec.gov/rules/policy/2015/34-75050.pdf.
 Office of Compliance Inspections and Examinations, “Cybersecurity: Ransomware Alert” (July 10, 2020), https://www.sec.gov/files/Risk%20Alert%20-%20Ransomware.pdf.