Articles Tagged with OCIE

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a new Risk Alert on September 4th urging RIAs to review their compliance policies and procedures addressing principal trading and agency cross trading transactions.

We pay close attention to OCIE’s periodic Risk Alerts as these publications provide RIAs with not only a view of the results of recent OCIE exam, but also an insight into future exam priorities. This blog has provided commentary on all three of OCIE’s Risk Alerts for RIAs published thus far in 2019.Those alerts have focused on topics as diverse as hiring practices, customer record storage, and privacy notices.

This new Risk Alert encourages RIAs to revisit their policies and procedures designed to prevent violations of Advisers Act Section 206(3) and Rule 206(3)-2. Section 206(3) of the Advisers Act prohibits an adviser from engaging in the following trading activities, unless done with the consent of a client after receipt of written notice: (i) buying or selling a security from a client while acting as “principal for his own account” (“principal trading”); and (ii) acting as a broker for a person other than the client in order to effect a securities transaction between the client and the other person (“agency cross trading”).

Continue reading

A new Risk Alert released by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) reminds advisers of the added compliance obligations that arise when hiring representatives carrying the baggage of reportable disciplinary histories. While by no means exhorting advisers not to hire such persons, the Risk Alert nonetheless encourages advisers to properly consider the obvious compliance risks presented by such hiring practices, and, in turn, to adopt prudent policies and procedures to address those risks.

We follow OCIE’s periodic Risk Alerts closely as they not only provide insights regarding the focus of recent OCIE examinations, but also provide insights as to what OCIE management will be directing the staff to focus on in the future. This particular Risk Alert is a read-out of the results of a recent series of OCIE exams from 2017 specifically targeting advisory firms that (i) previously employed, or currently employ, any individual with a history of disciplinary events and (ii) for the most part serve retail clients. Indeed, OCIE makes special notation of its “focus on protecting retail investors” as a genesis for both the targeted exam initiative (the “Initiative”) as well as this new Risk Alert. Accordingly, advisers with a large retail customer base should pay especially close attention to the new Risk Alert.

In conducting the Initiative, OCIE’s staff focused on three areas of interest: (i) the compliance policies and procedures put into place to specifically cover the activities of previously-disciplined individuals; (ii) the disclosures relating to previously-disciplined individuals required to be made in filings and other public documents (including advertising); and (iii) conflicts of interest implicated by the hiring of previously-disciplined individuals. With this roadmap in place, the Initiative identified a variety of observed deficiencies across a range of topics, including:

In its latest Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) heeds advisers and broker/dealers to take a fresh look at their policies and procedures in the area of electronic customer record storage in light of shortcomings discovered by OCIE’s staff as part of recently-conducted regular examinations. These shortcomings include weak or misconfigured security settings on a network storage device that, in the worst-case event, could result in unauthorized access to customer information.

OCIE Risk Alerts are highly useful resources for compliance professionals to consider as these published notices serve as a window into not only the recent experiences of OCIE staffers out in the field, but also the thinking of OCIE management as to where it will be directing its staff to focus on in future examinations. In other words, if the management of OCIE warrants it important enough to publish a Risk Alert on an particular topic, registrants can be assured that future exams will likely focus on deficiencies in that area.

This most recent Risk Alert zeros-in on deficiencies uncovered by examiners with respect to how advisers and brokers are protecting their customers’ electronic records—specifically, records kept in the “cloud” or on other types of networked storage solutions. OCIE defines cloud storage as the “electronic storage of information on infrastructure owned and operated by a hosting company or service provider.” Obviously, such storage systems may be especially vulnerable to hacking or other nefarious activities, and as such, warrant robust protections. Continue reading

With annual compliance reviews in full swing this time of year, we write today to remind advisory firms to be sure to assess the sufficiency of their policies and procedures in the ever-developing area of electronic messaging.  Our note comes on the heels of a recent Risk Alert on this topic issued by the SEC’s Office of Compliance Inspections and Examinations or “OCIE,” which exhorts advisory firms to take a fresh look at their current compliance policies in light of the particular risks of non-compliance posed by the firm’s usage of electronic messaging.

“Electronic messaging,” as discussed in OCIE’s Risk Alert, refers to such mediums as text/SMS messaging, instant messaging, personal email, and personal or private messaging, but specifically excludes firm-wide email.  Notably, OCIE’s exclusion of firm email from analysis in the Risk Alert should not be read as diminishing an adviser’s compliance obligations to capture, store, and periodically review firm email communications.  Rather, as OCIE explains, “firms have had decades of experience complying with regulatory requirements with respect to firm email” and it is not as problematic from a compliance standpoint as compared to some of the newer technologies that run on third-party applications or platforms.  Continue reading

On December 20, 2018, two days before the recent partial federal government shutdown began, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations announced its 2019 Examination PrioritiesAs discussed previously, the shutdown resulted in the SEC operating at a quite minimal level.  Now that the shutdown is over, registered investment advisers and broker-dealers can likely expect OCIE to fully implement the following examination priorities.

OCIE listed six examination priorities for 2019: (1) matters of importance to retail investors, especially seniors and investors saving for retirement; (2) compliance and risk in registrants who are tasked with overseeing critical market infrastructure; (3) focus on FINRA and MSRB; (4) digital assets; (5) cybersecurity; and (6) anti-money laundering.  According to OCIE, this is not an exhaustive list, and one can expect OCIE to cover other issues in its examinations.  However, OCIE has concluded that these issues “present potentially heightened risk to investors or the integrity of U.S. capital markets.” Continue reading

As the partial federal government shutdown, which began at midnight on December 22, 2018, now approaches its fifth week, we write to update our readers on the shutdown’s specific impact on the SEC and securities regulatory activities.  While we have previously discussed many of these points with our clients who currently have matters pending before the SEC, below is more general information regarding the SEC’s most significant functions.

The SEC was able to operate fully and conduct regular business for a limited number of days following the commencement of the general federal shutdown, but was forced to effectively close its doors on December 27, 2018.  Since then, the agency has been operating at a very minimal level with a skeleton crew of staffers able to respond to only emergency situations.  As described on the SEC’s home page, the remaining staff is available to respond only to “emergency situations involving market integrity and investor protection, including law enforcement.”  The vast majority of the SEC’s employees have been furloughed and are not reporting to work at this time.  That said, we note that a number of familiar online filing platforms, such as EDGAR, IARD, and CRD, all remain fully operable. Continue reading

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) periodically issues “Risk Alerts” highlighting common deficiencies encountered by its staff during routine investment adviser compliance exams. These Risk Alerts serve the dual purpose of providing advisers with both useful insight into the results of recent OCIE examination activity as well as advance warning of areas that OCIE may be paying closer attention to in the future. Accordingly, a recent Risk Alert issued by OCIE details the most common deficiencies the staff has cited relating to Rule 206(4)-3 (the “Cash Solicitation Rule” or “Rule”) under the Investment Advisers Act of 1940. See National Exam Program Risk Alert, Investment Adviser Compliance Issues Related to the Cash Solicitation Rule (Oct. 31, 2018).

By way of background, the Cash Solicitation Rule prohibits SEC-registered investment advisers from paying a cash fee, directly or indirectly, to any person who solicits clients for the adviser unless the arrangement complies with a number of conditions specified in the Rule, including that the fee must be paid pursuant to a written agreement to which the adviser is a party. Notably, the Rule discerns between solicitors that are affiliated with the registered adviser versus those that are not, setting-up more comprehensive requirements for the latter third-party solicitors. For example, third-party solicitors must provide potential clients with both a copy of the adviser’s Form ADV Part II (or other applicable brochure) and a separate written solicitor’s disclosure document containing specific data about the solicitation arrangement—including the terms of the solicitor’s compensation. Moreover, with respect to third-party arrangements, the Rule obliges advisers to: (i) collect a signed and dated acknowledgment from every potential solicited client that such client has in fact received the adviser’s brochure and the solicitor’s disclosure document; and (ii) make a “bona fide effort” to ascertain whether the solicitor has complied with its duties under the Rule.

In this context, OCIE cited the following as the most noteworthy deficiency areas encountered by its front-line examiners:

On April 12, 2018, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations published a Risk Alert “providing a list of compliance issues relating to fees and expenses charged by SEC-registered investment advisers… that were the most frequently identified in deficiency letters sent to advisers.” According to OCIE, investment advisers often explain the terms of a client’s fees and expenses in their Form ADV and their advisory agreements. If an investment adviser does not follow these terms and participates in improper fee billing, that investment adviser may be violating the Investment Advisers Act of 1940. The Risk Alert is designed to compel investment advisers to evaluate their practices, as well as their policies and procedures, to help ensure compliance with the Advisers Act. Continue reading

On May 16, 2018, SEC Co-Directors Stephanie Avakian and Stephen Piekin appeared before the Subcommittee on Capital Markets, Securities, and Investment, a subcommittee of the House of Representatives’ Committee on Financial Services.  At this meeting, Avakian and Peikin emphasized the importance of the budget increases requested by the SEC in February of this year.  The Commission’s Fiscal Year 2019 Congressional Budget Justification; Annual Performance Plan and Fiscal Year 2017 Annual Performance Report includes budget requests for each SEC division, including the Office of Compliance Inspections and Examinations.  As part of OCIE’s budget request, the SEC requested funding for “13 restored positions to focus on examinations of investment advisers and investment companies.”

According to the SEC, the number of registered investment advisers, as well as the amount of assets that they manage, has significantly increased in the last few years.  The SEC also anticipates that the number of registered investment advisers and the complexity of these investment advisers will continue to grow throughout 2018 and 2019.  Moreover, a hiring freeze, which began at the beginning of 2017, has caused the number of compliance staff to decrease.  The SEC anticipates that it will need funding to restore 100 positions that were lost because of the hiring freeze.  Therefore, the SEC believes that without the requested funding, SEC staff will be unable to address its growing responsibilities adequately. Continue reading

Investment advisers’ use of clients’ usernames and passwords to access their clients’ accounts to observe the accounts’ performance has come under scrutiny in recent years.  In February 2017, the SEC Office of Compliance Inspections and Examinations (“OCIE”) disclosed in a Risk Alert that investment advisers’ use of client usernames and passwords can create compliance issues with the Custody Rule.  According to OCIE, an investment adviser’s “online access to client accounts may meet the definition of custody when such access provides the adviser with the ability to withdraw funds and securities from the client accounts.”  Accessing a client’s account using a client’s username and password often results in an investment adviser being able to withdraw funds and securities.

The North American Securities Administrators Association (“NASAA”) has also observed in recent years that if an investment adviser logs into a client’s account using the client’s personal information, “the investment adviser is in effect impersonating this client and has the same access to the account as the client.”  As a result, a number of issues arise when investment advisers use their clients’ personal information to gain access to online accounts, including custody, recordkeeping obligations, and potential violations of user agreements. Continue reading