As the world is navigating through COVID-19 and as we are focused on our health and well-being as we self-quarantine and engage in social distancing to do our part to stop the spread, our markets remain open, active, and volatile, and the U.S. Securities and Exchange Commission (“SEC”) has recently made clear that they will continue to be an active overseer.
The SEC, through its Office of Compliance Inspections and Examinations (“OCIE”), recently issued its most detailed cyber guidance to date. OCIE had previously issued several cybersecurity risk alerts over the past few years. This most recent release, however, offers much more than a risk alert. OCIE’s “Cybersecurity and Resiliency Observations” goes into significantly more detail than OCIE’s prior risk alerts in this area and is fashioned in a vastly different and more user-friendly format. Thus, it is required reading for SEC regulated entities because, rest assured, it will be closely followed and applied by OCIE staff conducting cyber examinations, as well as by the Division of Enforcement’s “Cyber Unit.”
On August 29, 2019, the SEC filed a complaint against a registered investment adviser alleging failures to disclose four categories of conflicts of interest and seeking disgorgement of $10 million in undisclosed compensation. This litigated action was filed within a month of the SEC filing a litigated complaint against another firm alleging failing to disclose material conflicts of interest related to revenue sharing, despite that advisory firm having self-reported pursuant to the SEC’s Share Class Selection Disclosure Initiative (“SCSD Initiative”).
Based on these litigated actions (and despite the SCSD Initiative being over 18 months old), the SEC’s Division of Enforcement continues to focus its investigative and litigation resources on “Main Street” and to aggressively pursue registered investment advisory firms for disclosure violations involving actual or potential conflicts of interest.
In this most recent litigated action, not surprisingly, the SEC’s allegations with respect to share class selection conflicts and disclosure violations are consistent with the guidance released with the SCSD Initiative. This firm, however, did not fail to self-report its 12b-1 fee purported violative conduct. Rather, this alleged violative 12b-1 fee conduct was apparently uncovered during an examination by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”). The SEC also alleged disclosure violations related to revenue sharing, a longstanding priority for the SEC that has continued to expand since the SCSD Initiative.
The SEC’s ongoing efforts on disclosure violations about share class selection and revenue sharing have been discussed widely in the financial press and by industry groups.
The latter two alleged disclosure theories, however, have not received similar attention, but provide information and insight into other legal theories that OCIE and Enforcement may now be prioritizing in their examination and enforcement programs. Specifically, the third group of alleged disclosure violations relate to the adviser’s receipt of administrative service fees. While Enforcement has brought cases using similar fee disclosure theories in the past, the number of cases focused on the disclosures and conflicts for these types of fees, as opposed to 12b-1 fees and revenue sharing, pales by comparison. Lastly, the SEC also alleged that the adviser failed to disclose compensation that it received in the form of non-transaction-based mark-ups on charges imposed by the clearing firm. The first time that we observed the SEC charge this type of undisclosed mark-up theory was just within this past year, in December 2018.
For both of these recent SEC actions, the advisers have apparently chosen to litigate and fight the SEC’s ever expanding efforts to regulate specific disclosure language, despite the D.C. Circuit’s ruling in Robare. The D.C. Circuit’s ruling, while troublesome for the SEC as it related to “willfulness” and that aspect of the opinion, supported and favored the SEC’s disclosure theory relating to the use of general disclosure terms such as “may” when, in fact, the adviser “was” receiving compensation. Interestingly though, the SEC chose to not file these two recent matters as administrative proceedings. Doing so would have allowed for the D.C. Circuit’s Robare opinion to serve as precedent. The SEC instead chose to file these as civil complaints in U.S. District Courts outside of the D.C. Circuit. Thus, potentially opening the door for the defendants to attempt to minimize that aspect of Robare by arguing that this opinion is not precedential in those appellate circuits, but only persuasive.
We will continue to follow these litigated matters and report back on any developments likely to impact the industry.
The SEC’s OCIE recently issued a Risk Alert focusing on compliance issues related to Regulation S-P, the primary SEC rule governing compliance practices for privacy notices and safeguard policies for investment advisers and broker-dealers. The Risk Alert summarizes the OCIE’s findings from two-year’s worth of issues identified in deficiency letters to assist investment advisers and broker-dealers in adopting and implementing effective policies and procedures for safeguarding customer records and information pursuant to Regulation S-P.
Pursuant to their fiduciary duties, investment advisers have certain obligations to seek out “best execution” for client transactions. The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently issued a Risk Alert identifying deficiencies found during examinations of investment advisers’ compliance with their best execution obligations.
In this alert, partner Jim Lundy and associate Kellilyn Greco outline OCIE’s findings, including background on best execution, notable deficiencies, and recommended best practices.
Over the last two weeks, the SEC has put robo-advisers on notice that they are on the staff’s radar. First, on February 23, 2017, the SEC’s Division of Investment Management, along with the SEC’s Office of Compliance, Inspections, and Examinations, issued a Guidance Update for robo-advisers. The term “robo-adviser” refers to registered automated investment advisers that provide investment advice that uses computer algorithms. Robo-advisers generally collect information about a client’s financial goals, income, assets, investment horizon, and risk tolerance by way of an online or electronic questionnaire. With limited human interaction, robo-advisers use this information to create and manage investment portfolios for clients. Robo-advisers are often more economical than traditional investment advisers. Robo-advisers, which began as an appeal to millennials, are now widely becoming popular with all age groups and types of investors.
The Guidance Update focused on in three unique areas of the investment relationship: (1) the substance and presentation of disclosures to clients about the robo-adviser and the investment advisory services it offers; (2) the obligation to obtain information from clients to support the robo-adviser’s duty to provide suitable advise; and (3) the adoption and implementation of effective compliance programs reasonable designed to address particular concerns relevant to providing automated advice.
This Guidance Update specifically encourages robo-advisers to keep clients well-informed with respect to their use of algorithms to manage client funds. Robo-advisers must be diligent in their disclosures to clients of the risks and limitations inherent in the use of algorithms to manage investments. For example, an algorithm may not address prolonged changes in market conditions and investors need to know that. The Guidance Update also reminds robo-advisers that because of the limited human interaction with the client, issues, like disclosures, would most likely be done online. As such, communications, including written disclosures, should be effective, not hidden or indecipherable. Finally, the Guidance Update highlighted that for robo-advisers, compliance with the Advisory Act of 1940 may require more written documentation than regular investment advisers must provide. For example, robo-advisers should consider documenting the development, testing, and backtesting of the algorithms, the process by which they collect client information, and the appropriate oversight of any third party that develops or owns the algorithm or software utilized by the robo-adviser.
In addition to the Guidance provided to robo-advisers, the SEC Office of Investor Education and Advocacy also issued an Investor Bulletin on the subject of robo-advisers to alert potential clients to specific areas when dealing with a robo-adviser would be different from a more traditional adviser. Such areas include (1) the minimized level of personal interaction a client would receive, e.g., do you ever speak to a human?; (2) the standard information a robo-adviser uses to formulate recommendations, e.g., are the robo-advisers asking all the pertinent questions in their questionnaires?; (3) the robo-adviser’s approach to investing, e.g., are the robo-advisers using pre-determined portfolios or can you customize your investments?; and (4) the fees and charges involved, e.g., could you be charged penalties or fees if you want to withdraw your investment? Investors should consider using robo-advisers because of the economic advantages but must be aware of the differences inherent in this new 21st century version of the investment advisor.
The SEC requires robo-advisers to be registered and makes them subject to the same substantive and fiduciary obligations as traditional investment advisers. In addition to the Alert and the Guidance Update, the SEC staff also addressed robo-advisers at SEC Speaks on February 24, 2017. At the Office of Compliance Inspections and Examinations (“OCIE”) panel, the office’s senior leadership put the audience and industry on notice of OCIE’s “Electronic Investment Advice Initiative.” Specifically, OCIE advised that it will be dedicating staff and resources to prioritize examining robo-advisers for this SEC fiscal year. Due to OCIE applying a risk-based approach to its examination program, they will likely focus on robo-advisers with large platforms or business models that OCIE believes pose potential risks to investors. For robo-advisers to prepare, we recommend that firms review the February 23, 2017 Guidance Update and the Office of Investor Education and Advocacy Investor Bulletin described above to proactively plan to be in compliance with this guidance. This way, firms examined as part of the Electronic Investment Advice Initiative, can attempt to avoid significant deficiencies or enforcement referrals from OCIE’s increased scrutiny of robo-advisers.
Last week, the Securities and Exchange Commission (SEC) Acting Chairman, senior leadership across Divisions and Offices, and former SEC Commissioners spoke at the “SEC Speaks” Conference 2017. Senior leadership from the SEC’s Office of Compliance Inspections and Examinations (OCIE) used its panel and workshop to provide guidance on the reshaping of its examination programs that it began in 2016. Below we outline the revamped OCIE.
OCIE’s Reorganization & Reallocation of Resources
The OCIE panel included OCIE’s Acting Director and its Deputy Director. The commentators for the panel were former SEC Chairman Hon. Harvey L. Pitt and former SEC Commissioners Hon. Paul S. Atkins and Hon. Daniel M. Gallagher. At the beginning of the presentation, OCIE’s Acting Director reminded the audience that OCIE’s mission is to protect investors, ensure market integrity, and support responsible capital formation through risk-focused strategies that: 1) improve compliance; 2) prevent fraud; 3) monitor risk; and 4) inform policy. The panel explained that OCIE monitors and assesses its various programs to align with OCIE’s mission and strategies. The panel described that OCIE had developed and implemented a plan to revise its programs to better align with the evolving nature of the various registrants subject to its oversight.
The Investment Adviser / Investment Company Program
This past year, OCIE re-allocated 100 broker-dealer staff examiners to the Investment Adviser / Investment Company (IA/IC) Program, which increased the total number of OCIE staff in the IA/IC Program to over 600. OCIE’s Deputy Director reminded the audience that the investment management industry lacks a self-regulatory organization and that the number of investment advisers registered with the SEC continues to grow. For example, since January 1, 2017, approximately 200 additional investment advisers have registered with the SEC. Thus, the SEC and OCIE determined that a re-allocation of staff was necessary to manage the SEC’s responsibility as the sole inspection and examination authority for this industry. One of the goals of this reallocation appears to be to address the number of examinations per examiner, if feasible, from last year’s high of 4.91 per examiner. Following up on a proposal to the Commission last fall under Chair Mary Jo White, Commissioner Gallagher encouragingly questioned whether OCIE needs to consider the use of non-SEC, third-party examination firms. Although OCIE senior leadership did not seem enthused about this possibility, they replied that they would be willing to work with whatever ideas and initiatives the new Commission may have to assist with OCIE’s resource constraints, in particular with the continuing expansion of the investment advisory industry.
The Broker-Dealer, FINRA and Securities Industry Oversight, and National Broker-Dealer Exchange Group Programs
For the above three programs, OCIE has restructured its examination oversight of the brokerage industry and for certain other registrants. First and foremost, OCIE’s Broker-Dealer (BD) Program – as the industry has known it for the past few decades – no longer exists. Second, in addition to the reallocation of 100 examiners from the BD Program to the IA/IC Program, OCIE senior leadership outlined the creation and responsibilities of two new programs: the FINRA and Securities Industry Oversight (FSIO) Program; and the National Broker-Dealer Exchange Group (BDX) Program. While the BDX Program will maintain some broker-dealer examination staff, as explained below, this will be a significantly reduced number of examiners who will be focused on targeted examinations in coordination with FSIO’s oversight responsibilities.
FSIO is a national program with staff in the SEC’s home office and across various regional offices. OCIE created FSIO for several reasons, including avoiding the duplication of efforts and resources that sometimes occurred with FINRA. FSIO’s primary responsibility is the enhanced oversight of FINRA. FSIO also will oversee the Municipal Securities Rulemaking Board (for purposes of this blog, we focus on FINRA). While FSIO will maintain oversight responsibility, OCIE senior leadership emphasized that the plan is to work collaboratively with FINRA, as appropriate. FSIO’s Program will oversee FINRA in two ways; with programmatic and oversight examinations. The former will focus on FINRA’s programs and operations to provide guidance and recommended improvements, while the latter will involve specific FINRA examinations of member firms that FSIO will sample, examine, and provide feedback to FINRA.
The BDX Program has a broader mandate, including responsibility for: exchanges; transfer agents; the clearing and settlement program; (only) municipal advisors; the Securities Investor Protection Corporation; and the Public Company Accounting Oversight Board. BDX is also a national program with staff in the SEC’s home office and regional offices. As mentioned, the BDX Program also includes a limited number of broker-dealer examination staff to conduct targeted examinations and coordinate with FSIO regarding FINRA oversight examinations.
Conclusion / Takeaways
OCIE’s reallocation of staff resources to the IA/IC Program, dissolution of the BD Program, and creation of the FSIO and BDX programs reflect an SEC Office that is attempting to keep pace with the increasing and evolving registrant populations for which it is responsible by restructuring programs and targeting its limited resources. These efforts will likely have unintended (or intended) consequences for the investment management and broker-dealer industries. First, OCIE appears to be making its oversight of the investment management industry its main focus. This is the continuation of a multi-year effort, as this industry presents the greatest risk to OCIE and its understaffed IA/IC Program. That said, with a staff increase of 100 and the continuing emphasis on this program, the number of significant deficiencies and enforcement referrals generated by the IA/IC Program will correspondingly increase, as the quantity and frequency of examinations increases. With respect to OCIE’s BD, FSIO, and BDX Programs, with FINRA’s evolution and increased resources to examine the broker-dealer industry, it is not too surprising that the SEC, via OCIE, ceded responsibility to FINRA and dissolved the BD Program. A collateral result for the broker-dealer industry, however, will likely be an empowered FINRA that may seek to increase the assertiveness of its examination and enforcement programs. In conclusion, while the IA/IC Program and FINRA appear poised to enjoy increased authority, OCIE’s efforts are laudable in reorganizing itself to better allocate its limited resources to manage its responsibilities over its evolving registrant population.
On February 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert discussing the five most frequent compliance topics identified in OCIE examinations of investment advisors. The Alert was compiled based on deficiency letters from over 1,000 investment adviser examinations completed during the past two years. The top five topics are: (1) the Compliance Rule; (2) Regulatory Filings; (3) the Custody Rule; (4) the Code of Ethics Rule; and (5) the Books and Records Rule.
The Compliance Rule
The Compliance Rule requires: (1) written and policies and procedures reasonably designed to prevent violations of the Advisers Act; (2) annual review of the policies and their implementation; and (3) a chief compliance officer who monitors the policies and procedures. Examples of common Compliance Rule problems included:
- Advisers did not follow their compliance policies and procedures;
- Annual reviews were not performed or did not address the adequacy of the adviser’s policies and procedures;
- Compliance manuals were not reasonably tailored to the adviser’s business practices; and
- Compliance manuals were not current.
OCIE frequently cited advisers for failing to make timely and complete regulatory filings, such as Form ADV (as required by Rule 204-1 under the Advisers Act), Form PF (as required by Rule 204(b)-1 under the Advisers Act), and Form D (as required by Rule 503 under Regulation D of the ’33 Act) on behalf of an adviser’s private fund clients. Timely, accurate, and appropriately amended regulatory filings, especially for these three forms, should be a priority for all advisers.
The Custody Rule
The Custody Rule, which applies to advisers who have custody of client cash or securities, is designed to safeguard client assets from unlawful activity or financial problems of the adviser. OCIE identified the following common deficiencies or weaknesses with respect to the Custody Rule:
- Advisers did not recognize they had “custody” due to: (1) having online access to client accounts, or (2) having other authority over client accounts (such as having power of attorney or serving as a trustee of client trusts); and
- Surprise examinations by independent accountants were not actually a surprise, and advisers failed to fully disclose custody lists during surprise examinations.
The Code of Ethics Rule
The Code of Ethics Rule requires that advisers adopt and maintain a code of ethics that meets certain minimum requirements, and which is described in Form ADV and made available to clients or prospective clients. Deficiencies or weaknesses regarding the Code of Ethics Rule were often found because:
- Advisers failed to identify all of their access persons;
- Codes did not specify review of the holdings and transactions reports, and did not identify specific submission timeframes;
- Submission of transactions and holdings were untimely; and
- Advisers failed to describe their code of ethics in Form ADV.
The Books and Records Rule
The maintenance of books and records as dictated by SEC requirements is another frequent problem area according to OCIE. Some advisers had contradictory information within separate sets of records, while other advisers either maintained inaccurate records or failed to update their records in a timely fashion. Worse still, other advisers simply failed to maintain all of the records that the Books and Records Rule requires them to keep.