In a pair of settlements announced on July 28, 2020, the SEC charged VALIC Financial Advisors (the “Firm”) with two separate sets of violations that allowed the Firm to obtain millions of dollars in fees without providing adequate disclosures about their practices and without having adequate compliance policies and procedures to disclose or protect against conflicts of interest presented by these practices. In total, the Firm agreed to pay approximately $40 million to settle both administrative proceedings. The SEC’s cases arise out of its initiatives:
Is the Names Rule effective in preventing misleading or deceptive fund names? The Securities and Exchange Commission (SEC) is seeking public input from funds, investors and other market participants on Rule 35d-1 under the Investment Company Act of 1940 (Names Rule). The SEC identified several fund developments and challenges to applying the Names Rule since it was adopted in 2001 and issued a request for public comment.
Over the last year, the SEC has continued to intensify its focus on disclosures from investment advisers on Forms ADV regarding several issues, including—but not limited to—revenue sharing arrangements. Last week, the D.C. Court of Appeals handed down a decision that will likely have significant ramifications for investment advisers and the SEC’s Division of Enforcement (“Enforcement”). In Robare Group, Ltd., v. SEC, the D.C. Circuit upheld the SEC Commission’s decision that the use of the word “may” in a disclosure regarding an investment adviser’s conflicts of interest pertaining to revenue sharing violated the negligence-based fraud provision of Section 206(2) of the Investment Advisers Act of 1940 (“Advisers Act”).
On appeal, The Robare Group, Ltd., a Texas-based investment adviser, argued that the evidence presented by Enforcement in an administrative proceeding did not support the Commission’s ruling, upon review, that their disclosures regarding conflicts of interest relating to a revenue sharing agreement were inadequate. Sections 206(2) and 207 of the Advisers Act were at issue on appeal.
Robare used Fidelity Investments for execution, custody, and clearing services for its advisory clients. Robare entered into a revenue sharing arrangement with Fidelity Investments in 2004. Through that arrangement, Fidelity paid Robare when its clients invested in certain mutual funds offered on Fidelity’s platform. Robare received nearly $400,000 from Fidelity from 2005 to 2013 as a result of the arrangement.
Robare had modified its Form ADV disclosures in December 2011, after Fidelity advised Robare that it would cease making payments if the arrangements were not disclosed. Robare’s disclosures then stated that certain investment advisers “may receive selling compensation” due to “the facilitation of certain securities transactions on Client’s behalf” through certain broker-dealers, or “may also receive compensation resulting from the sale of insurance products to clients.” Robare further revised its disclosures to state, “Additionally, we may receive additional compensation in the form of custodial support services from Fidelity based on revenue from the sale of funds through Fidelity. Fidelity has agreed to pay us a fee on specified assets, namely no transaction fee mutual fund assets in custody with Fidelity. This additional compensation does not represent additional fees from your accounts to us.”
In 2014, Enforcement filed charges against Robare and its principals alleging that Robare had failed for years to disclose to clients and the SEC that it received shared revenue from Fidelity and the conflicts of interest that consequently arise therefrom. Enforcement alleged that Robare’s conduct violated Sections 206(2) and 207 of the Advisers Act. In 2015, an administrative law judge dismissed the charges. Enforcement appealed, and the Commission saw the situation differently. In the Commission’s opinion, it found that Robare negligently failed to adequately disclose said conflicts and willfully failed to provide enough information in its Form ADV filings.
In last week’s ruling, the D.C. Circuit agreed with the Commission and Enforcement that Robare’s disclosures “did not disclose that [Robare] had entered into an arrangement under which it received payments from Fidelity for maintaining client investments in certain funds Fidelity offered.” It further found that the Form ADV “in no way alerted its clients to the potential conflicts of interest presented by the undisclosed arrangement.” The D.C. Circuit agreed with Enforcement that Robare and its principals should have known that their disclosures were inadequate and, therefore, acted negligently in violation of Section 206(2).
The Section 207 charge as alleged, however, requires willful conduct. The SEC has steadfastly maintained over the years that “willful” under the federal securities laws simply means “intentionally committing the act which constitutes the violation” and not that “the actor [must] also be aware he is violating one of the Rules or Acts.” See Wonsover v. SEC, 205 F.3d, 408, 414 (D.C. Cir. 2000). The DC Circuit rejected Enforcement’s arguments that the challenged Section 207 negligent conduct constituted “willful” conduct and explained that “[t]he statutory text signals that the Commission had to find, based on substantial evidence, that at least one of [Robare’s] principals subjectively intended to omit material information from [Robare’s] Form ADV” to prove a violation of Section 207. It was established that Robare’s conduct was negligent, not willful, and the two are mutually exclusive. As a result, Robare was not found to be in violation of Section 207.
To be sure, the Robare decision bolsters the SEC’s longstanding position that disclosures using “may” are not sufficient when the adviser “is” receiving fees or “is” engaging in other practices that create a conflict of interest.
On the other hand, the Robare opinion and ruling with respect to “willfulness” is likely to significantly impact the SEC’s charging decisions with respect to Section 207 and certain other provisions of the federal securities laws, and the SEC’s ability to obtain certain remedies for which willfulness is required.
The SEC’s OCIE recently issued a Risk Alert focusing on compliance issues related to Regulation S-P, the primary SEC rule governing compliance practices for privacy notices and safeguard policies for investment advisers and broker-dealers. The Risk Alert summarizes the OCIE’s findings from two-year’s worth of issues identified in deficiency letters to assist investment advisers and broker-dealers in adopting and implementing effective policies and procedures for safeguarding customer records and information pursuant to Regulation S-P.
On March 11, 2019, the SEC announced and released settlements against 79 self-reporting registered investment advisers (RIAs), touting $125 million being returned to investors. The actions stem from the SEC’s Share Class Selection Disclosure Initiative (SCSD Initiative). The SCSD Initiative incentivized RIAs to self-report violations resulting from undisclosed conflicts of interest, to promptly compensate investors, and to review and correct fee disclosures. Specifically regarding Rule 12b-1 fees, the SEC’s orders found that the RIAs failed to adequately disclose conflicts of interest related to the sale of higher-cost mutual fund share classes when a lower-cost share class was available.
SEC Chairman Jay Clayton commented: “I am pleased that so many investment advisers chose to participate in this initiative and, more importantly, that their clients will be reimbursed. This initiative will have immediate and lasting benefits for Main Street investors, including through improved disclosure. Also, I am once again proud of our Division of Enforcement for their vigorous and effective pursuit of matters that substantially benefit our long-term, retail investors.”
While the SEC and its Division of Enforcement may be pleased, the various industry reactions during the course of the SCSD Initiative included frustration–and at times reasonably so. Tempering that frustration, is that the SEC’s focus on RIA conflicts of interest and disclosures continues. First, there is an expectation that the SEC will announce more settlements in the future for additional SCSD Initiative participants and that this may involve a grouping of a “second wave” of settlements. Second, Enforcement’s Asset Management Unit has already opened investigations into RIAs who did not self-report. Lastly, these investigations included requests for documents and information regarding revenue sharing practices and disclosures.
In conclusion, it is expected that the SEC’s aggressive enforcement efforts regarding RIA conflicts of interest and disclosures to Main Street investors will continue and has already expanded to include revenue sharing.
On January 28, 2019, FINRA released its Regulatory Notice 19-04 announcing its 529 plan self-reporting initiative. This initiative is part of FINRA efforts to have broker-dealers promptly remedy potential supervisory and suitability violations related to recommendations of share classes for 529 plans.
To encourage self-reporting, for a limited time FINRA will offer favorable settlements where violations are found. These terms include no fine and no designation of “statutory disqualification.” However, the deadline to give FINRA notice that you intend to engage in the 529 plan self-reporting initiative is 12:00 a.m. Eastern time on April 1, 2019. Therefore, time is of the essence. This initiative is further detailed in the Drinker Biddle Client Alert linked below.
Pursuant to their fiduciary duties, investment advisers have certain obligations to seek out “best execution” for client transactions. The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently issued a Risk Alert identifying deficiencies found during examinations of investment advisers’ compliance with their best execution obligations.
In this alert, partner Jim Lundy and associate Kellilyn Greco outline OCIE’s findings, including background on best execution, notable deficiencies, and recommended best practices.
On April 24, 2018, the Securities and Exchange Commission (SEC) announced its most significant case ever filed against a respondent for one of the world’s largest data breaches. Albata, Inc., f/d/b/a Yahoo! Inc., (“Yahoo”) settled with the SEC to charges of violating Section 17(a)(2) and 17 (a)(3) of the Securities Act of 1933 (“Securities Act”), amongst other charges, and agreed to various remedies, including a $35 million penalty.
In summary, the SEC alleged that in December of 2014 Yahoo’s information security team learned that Russian hackers stole what was referred to internally as the company’s “crown jewels”: usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers for more than 500 million users. Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors. In addition, the SEC found that Yahoo did not share information regarding the breach with its auditors or outside counsel in order to assess the company’s disclosure obligations in its public filings.
The breach was not disclosed to the investing public until more than two years later, when in 2016 Yahoo was in the process of closing the acquisition of its operating business by another company. This disclosure caused a $1.3 billion fall in Yahoo’s market capitalization and a reduction in the acquisition price by $350 million.
As a result, the SEC’s order found that in Yahoo’s quarterly and annual report filings during the two-year period following the breach, the company failed to disclose the breach or its potential business impact, legal implications, and other potential ramifications. Finally, the SEC’s order finds that Yahoo failed to maintain disclosure controls and procedures designed to ensure that reports from Yahoo’s information security team concerning cyber breaches, or the risk of such breaches, were properly and timely assessed for potential disclosure.
In conclusion this SEC action provides several takeaways:
– This may be one of the first, but it will not be the last data breach case by the Division of Enforcement’s Cyber Unit created in September of 2017.
– The SEC charged Yahoo with fraud, but not with Rule 30(a) of Regulation S-P of the Securities Act. Historically, the SEC used the latter statute as the primary charge for data breaches. While these fraud charges against Yahoo are more aggressive, Section 17(a)(2) and (a)(3) are non-scienter based charges.
– Notably, the SEC did not charge any individuals.
– A study of the findings in the SEC’s order coupled with the Commission Statement and Guidance on Public Company Cybersecurity Disclosures announced on February 21, 2018, provides guidance for public companies and registrant firms to consider when assessing their cybersecurity programs, controls, policies and procedures, and disclosure obligations.