The SEC Division of Examinations recently released its 2022 Division of Examinations “Priorities.” The 2022 Priorities provide critical insight into what the Division of Examinations (the “Division”) considers the most significant and highest potential risk areas for investors, and provides guidance for regulated entities on where to focus their compliance efforts.
Author: David W. Porteous
FINRA Wades into the Controversial Deep-End of CCO Supervisory Liability
The lack of specific guidance regarding failure to supervise liability for chief compliance officers (“CCOs”) has been a controversial and opaque topic that both FINRA and the SEC have struggled with for well over a decade. Back on September 30, 2013, the SEC’s Division of Trading and Markets issued guidance with “FAQs” entitled “Frequently Asked Questions about Liability of Compliance and Legal Personnel at Broker-Dealers under Sections 15(b)(4) and 15(b)(6) of the Exchange Act.” These FAQs focused on the potential supervisory liability of compliance personnel. Just over two years later, on November 4, 2015, the then Director of the Division of Enforcement gave the keynote address at the 2015 National Society of Compliance Professionals, National Conference, in which he described a limited number of categories regarding the infrequent circumstances in which the SEC would consider charging a CCO. Despite these and other historical attempts at clarifying guidance, just this past year we have seen additional attempts to seek and obtain more regulatory clarity for this high-risk area. On June 2, 2021, the New York City Bar issued a Committee Report entitled “Framework for Chief Compliance Officer Liability in the Financial Sector.” Most recently and earlier this year, the National Society of Compliance Professionals (“NSCP”) offered a “Firm and CCO Liability Framework.” (More information on this can be found on NSCP’s website.) In this “Framework,” NSCP proposed that regulators consider CCO liability contextually in reference to resources made available to CCOs in the first instance.
Continue reading “FINRA Wades into the Controversial Deep-End of CCO Supervisory Liability”
The SEC Sues Investment Advisory Firm in Connection with Alleged Failure to Disclose Revenue Sharing and Other Financial Conflicts, as Well as Converting Clients to Wrap Accounts Without Considering Whether it is in Clients’ Best Interests
In recent years, the SEC has been conducting a nationwide and industry-wide “sweep” of investment advisory firms, pursuant to which it has opened investigations and brought enforcement actions against a multitude of investment advisory firms related to their disclosures and practices concerning revenue sharing and other alleged financial conflicts.1 We have previously blogged about litigated disclosure cases2 and given the fact that litigated decisions are the true test of enforcement theories, compared to settlements that may pose untested legal theories regarding potential violations, contested proceedings should be followed closely.
In one of the most recent of these actions, on March 1, 2022, the SEC filed an action against Cambridge Investment Research Advisors, Inc. (“CIRA”), a registered investment adviser.3 The SEC alleges CIRA failed to adequately disclose conflicts of interest and failed to seek best execution in connection with its receipt of revenue sharing from client investments in no-transaction fee mutual funds (“NTF mutual funds”) and money market sweep funds (“sweep funds”), its conversion of client accounts to wrap account programs, and its investment adviser representatives’ receipt of compensation of forgivable loans in exchange for meeting certain investment criteria. These undisclosed investment practices, the complaint alleges, also allowed CIRA to avoid paying millions of dollars in transaction fees. In addition, according to the complaint, CIRA converted hundreds of accounts to its more expensive wrap account program without adequate disclosure and without analyzing whether doing so was in its clients’ best interests. The complaint further alleges that CIRA failed to disclose that its investment adviser representatives received compensation in the form of forgivable loans in exchange for meeting certain criteria such as maintaining certain asset levels and tenure with CIRA.
SEC Proposes New Cybersecurity Risk Management Rules for Registered Investment Advisers and Funds
On Wednesday, the Securities and Exchange Commission announced proposed new cybersecurity risk management rules and amendments for investment advisers and investment companies. The proposed rules are designed to address concerns about advisers’ and funds’ cybersecurity preparedness and incident response in an effort to strengthen client and investor protection. The proposed rules include the following:
Ubiquitous Use of WhatsApp and Other Unrecorded Internal Communications Result in Substantial Penalties in Recent SEC, CFTC Actions
The SEC has, for many years, used broker-dealer and associated persons’ failure to create and maintain books and records as a basis for the imposition of serious penalties. In recent actions, it appears to be continuing—and upping the ante on—its enforcement in this area.
Simply stated, it is increasingly imperative for broker-dealers and investment advisory businesses, among other entities, to develop and maintain policies and procedures to ensure that their records are properly created, maintained, and produced to the appropriate agency upon request—including that employees’ communications related to their business should be made only through approved channels, and approved and monitored devices, such that those communications can be maintained and preserved for production as required by federal securities laws and regulatory authorities, and in any pending or threatened litigation.
Robinhood’s $70 Million FINRA Penalty: Growing Pains, Reliance on Technology and Push to Offer New Products
Robinhood, “an introducing broker-dealer that provides commission-free trading to retail customers through its website and mobile applications,” recently agreed to pay a record-setting amount of $70 million — consisting of a $57 million fine and more than $12.5 million in restitution to 2,832 customers — to resolve a myriad of FINRA rule violations dating back to 2016. While the lengthy Letter of Acceptance, Waiver, and Consent No. 2020066971201 (“AWC”) reads like a final exam in a corporate compliance and securities regulation course, there are two key takeaways that merit particular emphasis. First, an overreliance on technology without sufficient safeguards or personal verification can create substantial liability. Second, making claims about new, nontraditional products being offered directly to customers can be deceptive or misleading and in violation of FINRA Rules 3110 and 2010, if FINRA determines the communications lack sufficient disclosures.
SPAC Attack: The SEC Charges a SPAC for Failure to Launch
On July 13, 2021, the SEC announced charges against Stable Road Acquisition Company (“Stable Road”), its sponsor, SRC-NI, its CEO, Brian Kabot, Stable Road’s proposed merger target Momentus Inc.(“Momentus”), and Momentus’s founder and former CEO Mikhail Kokorich (“Kokorich”) for “misleading claims about Momentus’s technology and about national security risks associated with Kokorich.” All parties except Kokorich are settling with the SEC, paying total penalties of more than $8 million, amongst other remedies. The SEC’s litigation will proceed against Kokorich in the U.S. District Court for the District of Columbia. The Complaint seeks permanent injunctions, penalties, disgorgement plus prejudgment interest, and an officer-and-director bar against Kokorich.
Continue reading “SPAC Attack: The SEC Charges a SPAC for Failure to Launch”
“Independence-Day” Malware and Managing the (Beach) Risks of Jaws
In the spirit of our previous Holiday film blogs, we present for your viewing pleasure (and background research) the following Independence Day films for your (re)viewing pleasure. Both deserve renewed attention in light of:
- The SEC’s recent Solar Winds-Cybersecurity-related events, regarding disclosure of material weaknesses or material cyber security risks related to the Solar Winds compromise;
- The re-opening of offices and recent announcements of certain businesses explaining employees should be back in the office or else.
We offer the following Independence Day Weekend themed film streaming recommendations that relate to each of the above and therefore count as background research.
Continue reading ““Independence-Day” Malware and Managing the (Beach) Risks of Jaws”