Articles Posted in Books and Records

Earlier this month the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued two related risk alerts on the subjects of Form CRS and Regulation Best Interest (Reg BI). The purpose of the risk alerts was to provide investment advisers and broker-dealers information regarding the anticipated scope and content of the examinations OCIE will conduct following the compliance date for Regulation Best Interest, and the filing deadline for Form ADV, Part 3. In this post, we summarize the risk alert relating to Reg BI.

The initial broker-dealer examinations will focus on whether firms have established policies and procedures reasonably designed to comply with Regulation Best Interest’s for distinct obligations: the duty to disclose; the duty of care; the duty to avoid or disclose conflict of interest; and the duty to adopt compliance procedures. In addition to assessing whether a registrant has adopted policies and procedures reasonably designed to comply with Regulation BI, the examinations will also assess the operational effectiveness of those procedures.

Continue reading ›

In our previous post, we described the SEC’s announcement of examination priorities in 2020 for the Commission’s Office of Compliance Inspections and Examinations (OCIE).  In that post, we discussed areas of examination that will apply to a large percentage of registered investment advisors and other regulated entities.  In this post, we focus on another priority, namely robo-advisers.

Otherwise known as automated investment platforms, “robo-advisers” have come under increased scrutiny by OCIE.  The number of these advisers has increased substantially over the last four years.  OCIE intends to focus on issues such as the eligibility of the robo-adviser to register with the SEC, marketing practices engaged in by robo-advisers, the ability to comply with fiduciary duty, the adequacy of the adviser’s disclosures, the effectiveness of the adviser’s compliance program, and the firm’s cybersecurity policies, procedures and practices.

Advisers Act Rule 203A-2(e) permits “internet only advisers” to register with the SEC, provided certain conditions are met and maintained.  Specifically, the adviser must provide investment advice to all clients exclusively through an interactive website and maintain records demonstrating that it does so.  Under the rule, an adviser may provide investment advice through means other than the internet to up to fourteen clients during any twelve-month period. Undoubtedly there are some firms that registered on this basis who were either not eligible at the time or, through the evolution of their business, have strayed from the conditions required to remain eligible for registration.

Continue reading ›

Earlier this week, the U.S. Supreme Court declined to take up a lower court ruling upholding the SEC’s authority to adopt and enforce FINRA’s Pay-to-Play rule, Rule 2030. That rule, which became effective in 2017, followed and was patterned after Rule 206(4)-5 under the Investment Advisers Act of 1940.  Adopted in 2010, the Advisers Act Pay-to-Play rule prohibits investment adviser firms and certain of its executives and employees, including representatives, from providing advisory services to government clients within two years after the firm or those covered employees make contributions to elected officials relating to the client.  Additionally, the rule prevents an adviser from directly or indirectly paying any third party to solicit advisory business from any government entity, with certain exceptions.  Finally, the rule prevents an adviser from coordinating or soliciting contributions for certain government officials or candidates in situations where the adviser is either seeking the business of the government entity or providing advisory services.

In 2016 FINRA adopted Rule 2030, which is substantially similar to the Advisers Act rule.  One of the chief motives for the adoption of the FINRA rule was to foreclose the possibility that registered representatives or FINRA member firms could circumvent the Advisers Act Rule, where the firms were dual registrants. Both rules have de minimis exceptions of $350.00 per election in contributions to any one official or candidate if the contributing associate was entitled to vote for the candidate, and $150.00 per official per election, to candidates for whom the associate is not entitled to vote.  Both rules also have recordkeeping requirements.

Both the SEC and FINRA have enforced their respective rules through administrative enforcement actions.

Continue reading ›

The North American Securities Administrators Association—also known as “NASAA”—a cooperative association consisting of the chief securities regulators for each of the 50 United States, as well as Canadian and Mexican jurisdictions, has recently voted to adopt a model information security rule. NASAA’s new model information security rule could—if widely implemented by the individual NASAA Member jurisdictions—ultimately have a broad impact on the compliance programs of state-registered investment advisers.

Among its many roles as a confederation of individual regulators, NASAA frequently drafts and circulates “model rules” to its Members, who eventually vote on and adopt these draft rules for use by the various Member jurisdictions. A “model rule” is a familiar regulatory tool, which essentially provides a template upon which laws, rules, and other regulations can be drafted. For example, many of the individual states’ securities acts are variants of the Uniform Securities Act of 2002, a model act created by a group of legal scholars, regulators and veteran attorneys. NASAA’s new model rule is just such a template for regulators. Individual states and other jurisdictions may—at their discretion—adopt it in whole, in part, or not at all. That said, we believe that, especially given the growing importance of cybersecurity issues, it will be used more likely than not as the states come around to developing rules to parallel those already in place at the federal (SEC) level.  Continue reading ›

In its latest Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) heeds advisers and broker/dealers to take a fresh look at their policies and procedures in the area of electronic customer record storage in light of shortcomings discovered by OCIE’s staff as part of recently-conducted regular examinations. These shortcomings include weak or misconfigured security settings on a network storage device that, in the worst-case event, could result in unauthorized access to customer information.

OCIE Risk Alerts are highly useful resources for compliance professionals to consider as these published notices serve as a window into not only the recent experiences of OCIE staffers out in the field, but also the thinking of OCIE management as to where it will be directing its staff to focus on in future examinations. In other words, if the management of OCIE warrants it important enough to publish a Risk Alert on an particular topic, registrants can be assured that future exams will likely focus on deficiencies in that area.

This most recent Risk Alert zeros-in on deficiencies uncovered by examiners with respect to how advisers and brokers are protecting their customers’ electronic records—specifically, records kept in the “cloud” or on other types of networked storage solutions. OCIE defines cloud storage as the “electronic storage of information on infrastructure owned and operated by a hosting company or service provider.” Obviously, such storage systems may be especially vulnerable to hacking or other nefarious activities, and as such, warrant robust protections. Continue reading ›

With annual compliance reviews in full swing this time of year, we write today to remind advisory firms to be sure to assess the sufficiency of their policies and procedures in the ever-developing area of electronic messaging.  Our note comes on the heels of a recent Risk Alert on this topic issued by the SEC’s Office of Compliance Inspections and Examinations or “OCIE,” which exhorts advisory firms to take a fresh look at their current compliance policies in light of the particular risks of non-compliance posed by the firm’s usage of electronic messaging.

“Electronic messaging,” as discussed in OCIE’s Risk Alert, refers to such mediums as text/SMS messaging, instant messaging, personal email, and personal or private messaging, but specifically excludes firm-wide email.  Notably, OCIE’s exclusion of firm email from analysis in the Risk Alert should not be read as diminishing an adviser’s compliance obligations to capture, store, and periodically review firm email communications.  Rather, as OCIE explains, “firms have had decades of experience complying with regulatory requirements with respect to firm email” and it is not as problematic from a compliance standpoint as compared to some of the newer technologies that run on third-party applications or platforms.  Continue reading ›

Following its publication of a Risk Alert in late 2017 detailing findings from examinations of municipal advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE) continues to examine municipal advisers in 2018.  In 2014, OCIE established the Municipal Advisor Examination Initiative to perform an examination on municipal advisers who recently registered for the first time.  OCIE performed over 110 examinations in the course of the Initiative and found that many municipal advisers did not have adequate knowledge of regulatory requirements for municipal advisers.  As a result, many municipal advisers were found not to be in adequate compliance with regulatory requirements pertaining to registration, recordkeeping, and supervision.  OCIE hoped that in publishing the 2017 Risk Alert, municipal advisers will be compelled to evaluate their policies and procedures to find possible areas for improvement.

Municipal advisers are obligated to register with the SEC pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”).  The SEC established its municipal adviser registration rules in September 2013, and the rules became effective in July 2014.  The Dodd-Frank Act also established the Municipal Securities Rulemaking Board (“MSRB”), which exercises regulatory authority over municipal advisers.  OCIE’s examinations of municipal advisers covered “compliance with regulatory obligations including registration, statutory fiduciary standard of care, fair dealing, recordkeeping, and supervision, among other things.”  OCIE discovered that the most common deficiencies among municipal advisers related to registration, books and records, and supervision requirements. Continue reading ›

On April 13, 2015, the North American Securities Administrators Association (“NASAA”) adopted a model rule concerning business continuity and succession planning for investment advisers. The model rule is intended as guidance for state-registered investment advisers to determine how to develop succession planning policies and procedures. Investment advisers without business continuity and succession plans face serious risks if the adviser is temporarily or permanently unable to service its clients. Included with the model rule are scenarios to help illustrate when business continuity plans are important for an investment advisory firm and many questions to help determine how to craft the plan properly.

Many different types of disasters can strike an investment advisers’ business. From naturally occurring disasters such as hurricanes and snow storms to unnatural disasters like terrorist attacks or a sudden death, it is important to have thought about and created a succession plan to ensure that your clients’ interests are not harmed. A business continuity and succession plan allows the adviser to safeguard critical business functions so that your firm can continue as long as needed when a disaster strikes.
Continue reading ›

In August of this year the Securities and Exchange Commission (“SEC”) settled an administrative proceeding that related to statements an investment adviser made during the SEC’s on-site examination. The adviser at issue, Parallax Capital Partners, LLC, is a registered investment adviser that focuses primarily on mortgage-backed bonds and other similar fixed income securities. Parallax also advises a private fund in addition to providing advisory services to individuals and other entities. During an examination of Parallax that the SEC conducted in April 2011, the firm’s Chief Compliance Officer represented to the examination staff that he had performed and documented the annual compliance review required by Adviser’s Act Rule 206(4)-7 for the year 2010. The CCO further represented that the review and documentation had been conducted in February 2011, and provided the examination staff with a memorandum purportedly documenting the compliance review for 2010 that stated: “This memo documents that I have performed the review and reported significant compliance events and material compliance matters.”

The SEC examination staff was able to determine, by a review of the metadata attached to the compliance memorandum, that it had not been drafted in February 2011 as the CCO had represented, but instead that it had been created and completed in April 2011, just three days prior to the onsite examination and after Parallax received notice of the impending examination.
Continue reading ›

Parker MacIntyre attorneys Steve Parker and Bryan Gort attended the 2015 annual conference of the North American Securities Administrators Association (NASAA) held last week in San Juan, Puerto Rico. As usual, the conference provided valuable guidance and updated information on areas of importance to state-registered investment advisers, as well as federal notice filed broker-dealers and SEC registered investment advisers.

Of interest to state-registered investment advisers are proposed amendments to Part 1B of Form ADV that would attempt to capture an RIA’s use of social media and information on the use of third-party compliance professionals.

NASAA also presented the findings of its 2015 coordinated investment adviser examination review, compiled from the results of over 1100 investment adviser examinations. Once again, books and records deficiencies was the leading category, with 78% of all examined entities having deficiencies in that area. Within that category the failure to maintain adequate client suitability data was the leading deficiency, accounting for 10% of the deficiencies noted within the books and record category.
Continue reading ›

Contact Information