Good morning. It is a real pleasure to be here to welcome you all to the inaugural meeting of the Asset Management Advisory Committee (AMAC). I appreciate your willingness to make the considerable investment of time and talent to participate on this committee. You will provide us an invaluable perspective as we sort through problems and potential regulatory solutions. The breadth of experiences represented by the Committee’s membership will no doubt provide the Commission with much needed insight as we consider the many challenges facing asset managers as they seek to serve the investing public.

As today’s Committee’s agenda evidences, you are set to tackle some of the thornier issues that the industry will be facing in the coming years, from the evolution of public and private securities offerings, to the globalization of asset management. An important part of the role that you can play is to draw our attention to the issues that are consuming your attention. Along those lines, if I may, I would like to suggest that you add to your list of topics the various issues surrounding customer privacy and data protection, and the unique and pressing challenges these matters pose to asset managers. One of the aspects of my role as a Commissioner that I enjoy and appreciate the most, is the opportunity to speak with a cross-section of market participants. The difficulties of complying with the ever-increasing obligations associated with customer privacy and data protection are on the minds of asset managers all over the country. This is not surprising.

Not only do asset managers have to grapple with the implications of Europe’s General Data Protection Regulation (GDPR), at last count, nearly a dozen states have implemented, or are in the process of formulating, customer privacy and/or data protection legislation. The most prominent of these new statutes is the California Consumer Protection Act (CCPA), which went into effect at the turn of the year, and affects, among others, businesses with more than $25 million in annual gross revenue. Among other things, the CCPA grants consumers the right to request that their personal information be deleted upon receipt of a verified request, the right to opt out of having their data sold or shared, and provides for a private right of action should there be a data breach. The CCPA could change; upwards of ten bills are being considered in Sacramento that could further alter the CCPA – so a state of flux and uncertainty is likely to continue for asset managers for some time.

Privacy regulations of this sort can be very difficult for investment advisers and others in the financial services industry who are also subject to extensive federal regulation. While it is true that some of the CCPA’s obligations, as well as those found in the host of other state initiatives, are preempted under Reg S-P and Gramm Leach Bliley, asset managers are still faced with the cost and potential liabilities associated with determining just where, and how, they are to comply with a growing multitude of overlapping regulatory regimes. As the Commission continues to consider how best to protect privacy and data security, having a greater understanding of what challenges asset managers and other market participants face will be invaluable.

Your insights on these and other issues are very welcome. I look forward to following your discussions in person or by video. Thank you to the Division of Investment Management, particularly Mark Uyeda, Christian Broadbent, and Sirimal Mukerjee for making this committee a reality.