Schwab Advisor Services informs its 13,000 RIAs — including legacy TD Ameritrade


The Westlake, Texas, custodian is cracking down at a time when state mandate errors and ommissions policies, RIAs get bigger, more complex and phishing attacks increase in volume and sophistication.

Schwab Advisor Services is mandating substantial errors and omissions (E&O) insurance for more than 13,000 RIA clients – including TD Ameritrade (TDA) practices–in the face of a growing threat from cyber attacks. 

RIAs must also have a comprehensive policy covering phishing, theft by hacker incident and theft by employees.

Kerstin Österberg
Kerstin Österberg: ‘Schwab believes that insurance is a vital component to managing risk.’

Phishing, also known as social engineering, involves online deceptions that sucker RIAs into divulging confidential or personal information that can use to commit frauds.

The Westlake-Texas broker, with $7.5 trillion in assets, told its advisors this week that new advisors must purchase the policies, with a combined $1 million of coverage, within 90 days of signing on with Schwab, says Kerstin Österberg, outside PR counsel with The Neibart Group, who spoke on Schwab’s behalf.

“TD Ameritrade advisors will need to have insurance in place as part of their transition to the Schwab platform and more details will be provided to them closer to conversion,” Schwab added in an email. See: Why RIAs may not be adequately covered against lawsuits

When asked when TDA advisors would be transitioning to the platform, spokesman Peter Greenley cited the company’s stated goal of 30- to 36-months from October 2020 when Schwab finalized its purchase of TD Ameritrade. 

Existing RIA clients have more leeway on the insurance deadline, but they are on notice that they need to comply with the mandate during the next year as part of a phased rollout. 

Rival Fidelity Institutional doesn’t require E&O insurance, “but we strongly encourage clients to obtain coverage,” Fidelity spokeswoman Nicole Abbott said.

The Boston firm, however, announced last month a new tool against cyber attacks on behalf of RIAs.

Fidelity Institutional will provide custodial clients with a third-party email security offering provided by cybersecurity company Armorblox. Email account compromise was the top cybercrime reported to the FBI in 2020, the company said. 

Vital component

The turnabout from decades when RIA custodians ignored the inner workings of RIAs is being done to protect RIAs, clients and the company, according to Schwab.

“Schwab believes that insurance is a vital component to managing risk at Schwab and in advisors’ businesses and is consistent with the commitment to being a fiduciary for clients,” Österberg wrote in an email.

Independent broker-dealers have always shared liability with their affiliate advisors and spend heavily to make sure reps are compliant — a cost that gets passed along to the advisors in custody fees.

At the InvestmentNews RIA Summit yesterday (Oct. 6), Schwab RIA custody chief Bernie Clark said Schwab does not plan to levy custody fees.

Tallying costs

Schwab’s actions reflect its concerns about multiple exposures, says Brian Cavanaugh, director and wealth management practice leader at Willis Towers Watson, a compliance firm.

“Schwab is trying to protect themselves,” he says.

 “It’s a B-to-B concern for the custodians. They want to make sure they’re doing business with a firm that thinks about compliance in the right way. They also want to do business with a firm that is taking affirmative measures for any potential issues that may arise.”

Last year, the Securities and Exchange Commission (SEC) issued a “risk alert” reportingh an increase in cyber-attacks against registered investment advisers and broker dealers.

In some cases, cyber attacks have resulted in the loss of customer assets and unauthorized access to customer information, the agency said. 

Only about 20% to 30% of advisors currently take out the policies on their own, Cavanaugh says.

Prices for E&O insurance vary dramatically based on factors including firm AUM, the mix of investments and the history of the firm.

A solo RIA practice with $100 million in assets and no previous negative history could expect to pay anywhere from $10,000 to $20,000 annually for a comprehensive policy, he says. 

It can be dramatically lower, too. Some online advertisements tout advisor E&O policies in the $2,000 range annually, he adds. 

Preemptive strike

The push for E&O insurance comes as some states are enacting statutory rules requiring RIAs to have coverage, Cavanaugh says.

Bernie Clark reiterated this week that RIAs will not pay custody fees at Schwab.

For instance, RIAs in Oregon were required in 2018 to have at least $1 million in E&O insurance, according to the state’s website. In Oklahoma, E&O insurance has been required since last November, according its website.

It’s very possible Schwab wanted to jump ahead and protect itself from states imposing regulatory requirements on the custodian, Cavanaugh says.

“My guess is this push is probably to pre-empt any sweeping legislation by the states. They don’t want the states to allege that RIAs are failing, and Schwab should have known because there is an element of supervision.”

When asked what prompted the new policy, Österberg says that as independent advisors have grown in the industry, so have their risks.

“This complexity, combined with rising industry fraud, cybercrime and trading volatility, means it is critical for advisors to evaluate how well their firm is protected.”

Targeted attacks

Phishing and cyber attacks “are increasing in volume and scale and all financial institutions (large and small) are at risk of suffering significant financial losses,” according to a Willis Towers Watson blog post.

The average organization is targeted by over 700 social engineering attacks each year and nearly 80% target employees outside of financial and executive roles, states a new Barracuda study.  

The average CEO receives 57 targeted phishing attacks each year, and IT staffers get an average of 40 targeted phishing attacks annually, the study states.

Cavanaugh says most general E&O policies will cover an RIA executive or employee involved in actual or alleged error, misstatement, misleading statement, act, omission, neglect, or breach of duty or criminal activity. 

The SEC reported an uptick in attacks involving what’s called “credential stuffing”—a method of cyber-attack to client accounts that uses compromised client login credentials. 

Hackers carry out an automated attack on web-based user accounts, as well as direct network login account credentials, where cyber attackers obtain lists of usernames, email addresses and corresponding passwords from the “dark web.”

The attackers then use automated scripts to try the compromised usernames and passwords on other websites, such as a registrant’s website. 

Marshalling resources

Schwab has crafted resources to help advisors learn about the different types of insurance available, benefits of each as well as a list of third-party insurance providers, Österberg says. 

She also adds that Schwab is also currently working with a selected group of insurance providers to snag preferred pricing for Schwab RIAs. The company expects to release more details about these deals in November.

Cavanaugh predicts that coverage prices will drop if more advisors are purchasing it. 

“This is a good thing for so many reasons. Insurance carriers operate in the law of large numbers and if more advisors are insurance then they’ll be more profitable and in turn, the costs to be insurance will go down.” 


Read More:Schwab Advisor Services informs its 13,000 RIAs — including legacy TD Ameritrade