Articles Posted in Compliance

Recognizing the “swiftly developing” digital asset marketplace—a loosely defined sector encompassing cryptocurrencies, virtual coins or tokens (including Initial Coin Offerings or “ICOs”), and other blockchain-related financial assets—the SEC’s Division of Investment Management (the “Division”) has commenced an open-ended request for public comment on how such crypto-assets impact its decades-old Advisers Act Custody Rule (Advisers Act Rule 206(4)-2). The Division’s request for comment comes in the form of a March 12, 2019 letter to the Investment Adviser Association (“IAA”), a lobbying/trade group representing the investment advisory industry.

By way of background, the Custody Rule sets up a number of requirements for SEC-registered investment advisers that have “custody” of a client’s funds or securities. Custody is defined as “holding, directly or indirectly, client funds or securities, or having any authority to obtain possession of them.” Notably, custody includes, among other things, any arrangement under which the adviser is authorized to withdraw client funds or securities, as well as acting as general partner, or in a comparable control position, for an investment fund. The four primary obligations of an adviser having custody are that the adviser must: (i) maintain those funds or securities with a “qualified custodian;” (ii) notify the client in writing of the qualified custodian’s name, address, and the manner in which the funds or securities are maintained; (iii) have a “reasonable basis” for believing that the qualified custodian sends an account statement, at least quarterly, to each client, identifying the amount of funds/securities and setting forth all transactions in the account; and (iv) arrange for an independent public accountant to conduct an annual surprise examination in order to verify the safekeeping of the client’s funds and/or securities. The Custody Rule provides a number of exemptions to some of the above requirements; most notably, one that allows investment fund advisers to avoid the surprise exam requirement so long as audited financial statements are distributed within 120 days of the end of the fund’s fiscal year.

In an effort to “further inform our consideration of how characteristics of digital assets impact the application of the Custody Rule,” the Division’s request for comment seeks public comment on a wide array of trenchant queries, including the following:

With annual compliance reviews in full swing this time of year, we write today to remind advisory firms to be sure to assess the sufficiency of their policies and procedures in the ever-developing area of electronic messaging.  Our note comes on the heels of a recent Risk Alert on this topic issued by the SEC’s Office of Compliance Inspections and Examinations or “OCIE,” which exhorts advisory firms to take a fresh look at their current compliance policies in light of the particular risks of non-compliance posed by the firm’s usage of electronic messaging.

“Electronic messaging,” as discussed in OCIE’s Risk Alert, refers to such mediums as text/SMS messaging, instant messaging, personal email, and personal or private messaging, but specifically excludes firm-wide email.  Notably, OCIE’s exclusion of firm email from analysis in the Risk Alert should not be read as diminishing an adviser’s compliance obligations to capture, store, and periodically review firm email communications.  Rather, as OCIE explains, “firms have had decades of experience complying with regulatory requirements with respect to firm email” and it is not as problematic from a compliance standpoint as compared to some of the newer technologies that run on third-party applications or platforms.  Continue reading

On February 4, 2019, the Commissioner of Securities of the State of Georgia and the Office of the Secretary of State announced its intent to amend the rules governing examination requirements for registered representatives of a broker-dealer and investment adviser representatives.  According to the Commissioner, the primary purposes of these amendments are to harmonize Georgia’s rules with the Financial Industry Regulatory Authority’s new rules implementing the Securities Industry Essentials (“SIE”) Exam and to update the requirements regarding examinations to applicants.  The SIE Exam, which tests a FINRA registration applicant’s knowledge of securities-related topics, was launched to simplify FINRA’s qualification examination program after the program’s efforts to address new securities products and services resulted in FINRA offering multiple exams with immense content overlap.  FINRA also launched the SIE Exam in order to provide greater consistency and uniformity to the securities industry application process.

The State of Georgia requires applicants for registration as a registered representative of a broker-dealer and/or an investment adviser representative to take certain prerequisite examinations.  Georgia Rule 590-4-5-.02 details the examination requirements for registered representatives, while Georgia Rule 590-4-4.09 details the examination requirements for investment adviser representatives.

The proposed amendments to Rule 590-4-5-.02, detailing registered representative examinations, would require an applicant applying for registration as a broker-dealer to present proof to the Commissioner that its personnel have passed at least one of a list of specified examinations within a two-year period preceding the date of the application.  The amendments also eliminate the Series 87 Research Principal Examination as a potential examination that could be passed.  The amendments also would provide that an applicant who is applying to be a registered representative would need to present the Commissioner with proof that he or she has passed the required examinations within either a two-year period immediately preceding the application date or a four-year period in the case of an applicant who has taken the SIE Exam.  The amendments also provide that the Commissioner “may reserve the right to find the applicant qualified by other examinations or significant and comprehensive experience in the securities business.”

FINRA has alerted its Member Firms to be on the watch for a fraudulent phishing email scheme targeted at compliance personnel. A phishing scheme typically uses email or some other type of electronic message to trick the recipient into clicking a malicious link or infected file attachment by mimicking a message from a trustworthy party. This particular scheme employs an email purportedly originating from an Anti-Money Laundering compliance officer at an otherwise apparently legitimate Indiana-based credit union. The email—which was received recently by a number of FINRA Member Firms—specifically targets compliance personnel by appearing to be a communication regarding an attempted transfer of money by a client of the recipient’s firm to the credit union which has been placed on hold due to concerns about potential money laundering. The scam is designed to get the recipient to open an attachment, which, according to FINRA “likely contains a malicious virus or malware designed to obtain unauthorized access to the recipient’s computer network.”

FINRA noted the following additional aspects of the fraudulent email that recipients should be alert for:

  • An otherwise legitimate reference to a provision of the USA Patriot Act allowing financial institutions to share information with each other.
  • An actual email address that appears to be from Europe, rather than the U.S.-based credit union.
  • Numerous instances of poor grammar and sentence structure.

Continue reading

FINRA has announced a new self-reporting initiative covering potential violations by its Member Firms of various rules governing share class recommendations relating to 529 Plans. See FINRA Regulatory Notice 19-04 (Jan. 28, 2019). Similar to the SEC’s recent self-reporting initiative regarding mutual fund share class selection in connection with 12b-1 marketing fees (which we have blogged about last month and in May of 2018), this new FINRA initiative (the “Initiative”) offers potential leniency in return for Member Firms coming forward to self-report likely violations pursuant to the terms of the Initiative.

529 Plans are tax-advantaged municipal securities that are structured to facilitate saving for the future educational needs of a designated beneficiary. While the sale of 529 Plans is governed by the rules of the Municipal Securities Rulemaking Board (“MSRB”), FINRA is responsible for enforcing the MSRB’s rules. These rules, in turn, require that recommendations of 529 Plans be suitable in light of the customer’s investment profile, and that Member Firms selling 529 Plans have a supervisory system in place to achieve compliance with the MSRB’s rules.

Continue reading

At this time of year, it is important for registered investment advisers to assure that they are in compliance with federal and/or state rules requiring them to monitor their supervised persons’ security holdings and transactions for compliance with the firm’s code of ethics. Even seasoned compliance professionals will encounter questions regarding application of the rule from time to time. While this article is no substitute for a detailed analysis of the rule and its application to a specific firm and its supervised persons, an overview of the rule may be helpful.

As background, all SEC-registered investment advisers are required to adopt a Code of Ethics, which must describe the standards of conduct expected for representatives of the firm and address conflicts that arise from personal trading by advisory personnel. This federal requirement, which governs SEC-registered advisers only, derives from SEC Rule 204A-1, which took effect in 2005. Since then, many state securities administrators have adopted identical or similar requirements, either by adopting SEC Rule 204A-1 “by reference”—i.e., verbatim—into state law, or by crafting similar “me too” provisions. Accordingly, if your firm is SEC-registered, it will be bound by Rule 204A-1; but, if your firm is currently a state-registered adviser, it may be bound by the same or similar requirements. Continue reading

On December 20, 2018, two days before the recent partial federal government shutdown began, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations announced its 2019 Examination PrioritiesAs discussed previously, the shutdown resulted in the SEC operating at a quite minimal level.  Now that the shutdown is over, registered investment advisers and broker-dealers can likely expect OCIE to fully implement the following examination priorities.

OCIE listed six examination priorities for 2019: (1) matters of importance to retail investors, especially seniors and investors saving for retirement; (2) compliance and risk in registrants who are tasked with overseeing critical market infrastructure; (3) focus on FINRA and MSRB; (4) digital assets; (5) cybersecurity; and (6) anti-money laundering.  According to OCIE, this is not an exhaustive list, and one can expect OCIE to cover other issues in its examinations.  However, OCIE has concluded that these issues “present potentially heightened risk to investors or the integrity of U.S. capital markets.” Continue reading

Following several enforcement actions brought against registered investment advisers that received 12b-1 fees when institutional shares were available to be purchased in clients’ advisory accounts, in February of this year the Securities and Exchange Commission announced an initiative under which firms could self-report the receipt of “avoidable” 12b-1 fees since 2014.  Under the so-called Share Class Selection Disclosure Initiative (SCSDI), advisers who self-reported receiving 12b-1 fees under those circumstances would be subject to an SEC enforcement action but would receive favorable treatment in such a case. Such favorable treatment included no recommended civil penalties as long as the firm agreed to disgorge all avoidable 12b-1 fees received.

In order to participate in the SCSDI, however, firms were required to report to the SEC by June 12, 2018. In announcing the SCSDI, the SEC indicated that firms that did not self-report may be subjected to harsher sanctions if their practice was later discovered.

In recent weeks through information available through clearing firm data and public sources the SEC has identified RIAs that may have received 12b-1 fee but chose not to self-report. Some of these firms are receiving subpoenas or requests for information and testimony.  Whether the failure to report was justified and/or the original receipt of the 12b-1 fees were not improper are questions that the SEC Enforcement Staff will be evaluating during its investigations.  In some limited circumstance a firm might be able to justify receipt of the questioned fess, and also might be excused from or ineligible for the self-reporting initiative. Continue reading

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) periodically issues “Risk Alerts” highlighting common deficiencies encountered by its staff during routine investment adviser compliance exams. These Risk Alerts serve the dual purpose of providing advisers with both useful insight into the results of recent OCIE examination activity as well as advance warning of areas that OCIE may be paying closer attention to in the future. Accordingly, a recent Risk Alert issued by OCIE details the most common deficiencies the staff has cited relating to Rule 206(4)-3 (the “Cash Solicitation Rule” or “Rule”) under the Investment Advisers Act of 1940. See National Exam Program Risk Alert, Investment Adviser Compliance Issues Related to the Cash Solicitation Rule (Oct. 31, 2018).

By way of background, the Cash Solicitation Rule prohibits SEC-registered investment advisers from paying a cash fee, directly or indirectly, to any person who solicits clients for the adviser unless the arrangement complies with a number of conditions specified in the Rule, including that the fee must be paid pursuant to a written agreement to which the adviser is a party. Notably, the Rule discerns between solicitors that are affiliated with the registered adviser versus those that are not, setting-up more comprehensive requirements for the latter third-party solicitors. For example, third-party solicitors must provide potential clients with both a copy of the adviser’s Form ADV Part II (or other applicable brochure) and a separate written solicitor’s disclosure document containing specific data about the solicitation arrangement—including the terms of the solicitor’s compensation. Moreover, with respect to third-party arrangements, the Rule obliges advisers to: (i) collect a signed and dated acknowledgment from every potential solicited client that such client has in fact received the adviser’s brochure and the solicitor’s disclosure document; and (ii) make a “bona fide effort” to ascertain whether the solicitor has complied with its duties under the Rule.

In this context, OCIE cited the following as the most noteworthy deficiency areas encountered by its front-line examiners:

The SEC routinely hears appeals arising from FINRA disciplinary proceedings, and in turn issues “Adjudicatory Orders” announcing its decisions. To the extent that these Orders are issued by vote of the full Commission, they stand as highly useful guidance to industry players on the thoughts of the SEC’s ultimate leadership. In a recent Adjudicatory Order, the SEC articulated its current position on Chief Compliance Officer (“CCO”) liability for securities regulatory violations, as well as the liabilities of other members of a securities firm’s senior management for failure to supervise the CCO. See Application of Thaddeus J. North for Review of Disciplinary Action Taken by FINRA, Order of the Commission, Rel. No. 34-84500 (Oct. 29, 2018).

The facts of the case involve findings by FINRA that the CCO (Mr. North) of a multi-office 50+ representative brokerage firm violated FINRA rules by failing to establish a reasonable supervisory system for the review of electronic correspondence, failing to reasonably review electronic correspondence, and failing to report a relationship with a statutorily disqualified person. Specifically, despite being the person responsible for reviewing the firm’s electronic communications, the record showed that for a roughly two-year period North completely failed to review any Bloomberg messages/chats (such messages making up 85% of the firm’s electronic communications). North testified that he “did not understand” his firm’s Smarsh e-mail retention/retrieval system, and further attributed his failure to review electronic communications to that activity being “boring.” Separately, North failed to either independently investigate or report to FINRA his knowledge of a material relationship between one of his firm’s registered representatives and a statutorily-disqualified person. This particular failure came despite North’s knowledge that the representative had paid the disqualified person over $150,000, had executed a services agreement with that person, and that FINRA was actively investigating the matter.

On these facts, the SEC upheld FINRA’s disciplinary action as “clearly appropriate” in light of North’s “egregious” conduct in “fail[ing] to make reasonable efforts to fulfill the responsibilities of his position.” Notably, “North ignored red flags and repeatedly failed to perform compliance functions for which he was directly responsible.”