Articles Tagged with Compliance

The Massachusetts Securities Division (“MSD”) has announced the adoption of new rules requiring that investment advisers registered with the MSD provide, to clients and prospective clients, an additional one-page stand-alone disclosure document specifically detailing the adviser’s fee schedule. This new disclosure document or “Fee Table” will need to be “updated and delivered consistent with the existing requirements for Form ADV (including the Brochure).” The new rules, which were adopted pursuant to the MSD’s notice and comment process, take effect—and will be enforced—commencing on January 1, 2020.

While only applicable to advisers registered with the MSD, the new rules requiring the Fee Table could portend similar future action by additional states. Moreover, the new rules come on the heels of the SEC’s June 5th high profile standard-of-conduct releases (which we have previously chronicled) that also include a new stand-alone disclosure document for SEC-registered advisers to be known as Form CRS. If the MSD’s actions here are in fact echoed by additional states, it could cause potential headaches for the RIA industry, as this would require RIAs operating in multiple states to conform to multiple differing disclosure document regimes. Additionally, with the new Form CRS (applicable to SEC-registered advisers only) beginning to circulate at about the same time, an assortment of new documents being presented to clients may cause marketplace confusion as well.  Continue reading

The SEC, on June 5th, adopted a comprehensive set of rules and interpretations that will have a profound effect on the brokerage and advisory industries going forward, first and foremost by revising the standard-of-conduct applicable to broker-dealers and their registered representatives in dealings with retail customers. Even casual observers will likely be familiar with the various proceedings just concluded at the SEC, which resolve debates that have raged in the investment industry for decades as to the need to align the higher fiduciary “standard-of-conduct” applicable to investment advisers with the lesser suitability standard applicable to broker-dealers. While the June 5th releases do not equalize the two standards—as many commentators would have desired—they do significantly raise the standard applicable to broker-dealers from suitability to “best interests.” The SEC’s releases number four separate documents, each covering a distinct aspect of the standard-of-conduct controversy, and run over 1200 pages. Accordingly, this note will seek to identify the major headlines from the various releases. Look for future writings, wherein we will explore the nuances of the June 5th releases in greater detail.

As noted, the SEC released a package of Final Rules and Interpretive Releases comprising four separate components: (1) Final Rules implementing Regulation Best Interest (“Reg BI”), the new enhanced standard for brokers; (2) Final Rules implementing a new Form CRS Relationship Summary (“Form CRS”), a new disclosure document applicable to both brokers and advisers (that, for advisers, will function as a new Part 3 to Form ADV); (3) an Interpretive Release clarifying the SEC’s views of the fiduciary duty that investment advisers owe to their clients; and (4) an Interpretive Release intended to more clearly delineate when a broker-dealer’s performance of advisory activities causes it to become an investment adviser within the meaning of the Advisers Act. All four components of the regulatory package were approved by a 3-1 vote of the SEC’s Commissioners, with Commissioner Robert Jackson being the sole dissenter.

While the June 5th releases are the culmination of a decades-long controversy, they are the proximate result of a formal rulemaking commenced on April 18, 2018, at which time the SEC published initial proposed versions of Reg BI, Form CRS and the advisory interpretations. The Final Rules for Reg BI and Form CRS will become effective 60 days after they are formally published in the Federal Register; however, firms will be given a transition period until June 30, 2020 to come into compliance. The two Interpretive Releases will become effective upon formal publication.  Continue reading

The North American Securities Administrators Association—also known as “NASAA”—a cooperative association consisting of the chief securities regulators for each of the 50 United States, as well as Canadian and Mexican jurisdictions, has recently voted to adopt a model information security rule. NASAA’s new model information security rule could—if widely implemented by the individual NASAA Member jurisdictions—ultimately have a broad impact on the compliance programs of state-registered investment advisers.

Among its many roles as a confederation of individual regulators, NASAA frequently drafts and circulates “model rules” to its Members, who eventually vote on and adopt these draft rules for use by the various Member jurisdictions. A “model rule” is a familiar regulatory tool, which essentially provides a template upon which laws, rules, and other regulations can be drafted. For example, many of the individual states’ securities acts are variants of the Uniform Securities Act of 2002, a model act created by a group of legal scholars, regulators and veteran attorneys. NASAA’s new model rule is just such a template for regulators. Individual states and other jurisdictions may—at their discretion—adopt it in whole, in part, or not at all. That said, we believe that, especially given the growing importance of cybersecurity issues, it will be used more likely than not as the states come around to developing rules to parallel those already in place at the federal (SEC) level.  Continue reading

In its latest Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) heeds advisers and broker/dealers to take a fresh look at their policies and procedures in the area of electronic customer record storage in light of shortcomings discovered by OCIE’s staff as part of recently-conducted regular examinations. These shortcomings include weak or misconfigured security settings on a network storage device that, in the worst-case event, could result in unauthorized access to customer information.

OCIE Risk Alerts are highly useful resources for compliance professionals to consider as these published notices serve as a window into not only the recent experiences of OCIE staffers out in the field, but also the thinking of OCIE management as to where it will be directing its staff to focus on in future examinations. In other words, if the management of OCIE warrants it important enough to publish a Risk Alert on an particular topic, registrants can be assured that future exams will likely focus on deficiencies in that area.

This most recent Risk Alert zeros-in on deficiencies uncovered by examiners with respect to how advisers and brokers are protecting their customers’ electronic records—specifically, records kept in the “cloud” or on other types of networked storage solutions. OCIE defines cloud storage as the “electronic storage of information on infrastructure owned and operated by a hosting company or service provider.” Obviously, such storage systems may be especially vulnerable to hacking or other nefarious activities, and as such, warrant robust protections. Continue reading

The SEC’s Office of Compliance Inspections and Examinations recently conducted examinations of privacy notices and safeguarding policies of SEC-registered investment advisers and broker-dealers adopted pursuant to Regulation S-P. As a result of these examinations, the SEC issued a Risk Alert identifying common deficiencies that are important to keep in mind when adopting, implementing and reviewing compliant privacy notices and effective safeguarding policies.

Regulation S-P requires financial institutions such as investment advisers and broker-dealers to adopt written policies and procedures to safeguard nonpublic personal client information. These policies must be reasonably designed to protect the confidentiality and security of nonpublic personal client information from any anticipated threats or hazards and any unauthorized access or use. The policies should address administrative, technical, and physical safeguards.

Investment advisers and broker-dealers must also provide initial and annual privacy notices to their clients describing the types of information collected and disclosed, the types of affiliated and non-affiliated third parties the information is disclosed to and, unless exempted from the opt-out notice requirement, an explanation of the client’s right to opt out of disclosure of nonpublic personal information to a non-affiliated third party. The privacy notice should also generally describe the firm’s safeguarding policies and procedures.

A recent settled SEC Order with Wedbush Securities, Inc., a dually-registered investment adviser and broker-dealer, has resulted in a censure and $250,000 fine against that firm. The genesis of this rather harsh result is what the SEC alleges to be the firm’s lack of an ability to follow-up on obvious compliance “red flags” that, in this case, pointed to an extensive and long-running “pump and dump” scheme involving one of the firm’s registered representatives. Indeed, as noted by Marc P. Berger, Director of the SEC’s New York Regional Office, “Wedbush abandoned important responsibilities to its customers by looking the other way in the face of mounting evidence of manipulative conduct.”

The SEC’s regulatory requirements compel broker-dealers to adopt policies and procedures that are sufficiently tailored to determine whether their associated persons are violating the securities laws and to prevent them from violating the securities laws. Broker-dealers are also compelled to ensure that these policies and procedures are sufficiently implemented to discover and prevent securities law violations. Continue reading

On February 4, 2019, the Commissioner of Securities of the State of Georgia and the Office of the Secretary of State announced its intent to amend the rules governing examination requirements for registered representatives of a broker-dealer and investment adviser representatives.  According to the Commissioner, the primary purposes of these amendments are to harmonize Georgia’s rules with the Financial Industry Regulatory Authority’s new rules implementing the Securities Industry Essentials (“SIE”) Exam and to update the requirements regarding examinations to applicants.  The SIE Exam, which tests a FINRA registration applicant’s knowledge of securities-related topics, was launched to simplify FINRA’s qualification examination program after the program’s efforts to address new securities products and services resulted in FINRA offering multiple exams with immense content overlap.  FINRA also launched the SIE Exam in order to provide greater consistency and uniformity to the securities industry application process.

The State of Georgia requires applicants for registration as a registered representative of a broker-dealer and/or an investment adviser representative to take certain prerequisite examinations.  Georgia Rule 590-4-5-.02 details the examination requirements for registered representatives, while Georgia Rule 590-4-4.09 details the examination requirements for investment adviser representatives.

The proposed amendments to Rule 590-4-5-.02, detailing registered representative examinations, would require an applicant applying for registration as a broker-dealer to present proof to the Commissioner that its personnel have passed at least one of a list of specified examinations within a two-year period preceding the date of the application.  The amendments also eliminate the Series 87 Research Principal Examination as a potential examination that could be passed.  The amendments also would provide that an applicant who is applying to be a registered representative would need to present the Commissioner with proof that he or she has passed the required examinations within either a two-year period immediately preceding the application date or a four-year period in the case of an applicant who has taken the SIE Exam.  The amendments also provide that the Commissioner “may reserve the right to find the applicant qualified by other examinations or significant and comprehensive experience in the securities business.”

FINRA has alerted its Member Firms to be on the watch for a fraudulent phishing email scheme targeted at compliance personnel. A phishing scheme typically uses email or some other type of electronic message to trick the recipient into clicking a malicious link or infected file attachment by mimicking a message from a trustworthy party. This particular scheme employs an email purportedly originating from an Anti-Money Laundering compliance officer at an otherwise apparently legitimate Indiana-based credit union. The email—which was received recently by a number of FINRA Member Firms—specifically targets compliance personnel by appearing to be a communication regarding an attempted transfer of money by a client of the recipient’s firm to the credit union which has been placed on hold due to concerns about potential money laundering. The scam is designed to get the recipient to open an attachment, which, according to FINRA “likely contains a malicious virus or malware designed to obtain unauthorized access to the recipient’s computer network.”

FINRA noted the following additional aspects of the fraudulent email that recipients should be alert for:

  • An otherwise legitimate reference to a provision of the USA Patriot Act allowing financial institutions to share information with each other.
  • An actual email address that appears to be from Europe, rather than the U.S.-based credit union.
  • Numerous instances of poor grammar and sentence structure.

Continue reading

FINRA has announced a new self-reporting initiative covering potential violations by its Member Firms of various rules governing share class recommendations relating to 529 Plans. See FINRA Regulatory Notice 19-04 (Jan. 28, 2019). Similar to the SEC’s recent self-reporting initiative regarding mutual fund share class selection in connection with 12b-1 marketing fees (which we have blogged about last month and in May of 2018), this new FINRA initiative (the “Initiative”) offers potential leniency in return for Member Firms coming forward to self-report likely violations pursuant to the terms of the Initiative.

529 Plans are tax-advantaged municipal securities that are structured to facilitate saving for the future educational needs of a designated beneficiary. While the sale of 529 Plans is governed by the rules of the Municipal Securities Rulemaking Board (“MSRB”), FINRA is responsible for enforcing the MSRB’s rules. These rules, in turn, require that recommendations of 529 Plans be suitable in light of the customer’s investment profile, and that Member Firms selling 529 Plans have a supervisory system in place to achieve compliance with the MSRB’s rules.

Continue reading

At this time of year, it is important for registered investment advisers to assure that they are in compliance with federal and/or state rules requiring them to monitor their supervised persons’ security holdings and transactions for compliance with the firm’s code of ethics. Even seasoned compliance professionals will encounter questions regarding application of the rule from time to time. While this article is no substitute for a detailed analysis of the rule and its application to a specific firm and its supervised persons, an overview of the rule may be helpful.

As background, all SEC-registered investment advisers are required to adopt a Code of Ethics, which must describe the standards of conduct expected for representatives of the firm and address conflicts that arise from personal trading by advisory personnel. This federal requirement, which governs SEC-registered advisers only, derives from SEC Rule 204A-1, which took effect in 2005. Since then, many state securities administrators have adopted identical or similar requirements, either by adopting SEC Rule 204A-1 “by reference”—i.e., verbatim—into state law, or by crafting similar “me too” provisions. Accordingly, if your firm is SEC-registered, it will be bound by Rule 204A-1; but, if your firm is currently a state-registered adviser, it may be bound by the same or similar requirements. Continue reading