Articles Tagged with OCIE

In our previous post, we described the SEC’s announcement of examination priorities in 2020 for the Commission’s Office of Compliance Inspections and Examinations (OCIE).  In that post, we discussed areas of examination that will apply to a large percentage of registered investment advisors and other regulated entities.  In this post, we focus on another priority, namely robo-advisers.

Otherwise known as automated investment platforms, “robo-advisers” have come under increased scrutiny by OCIE.  The number of these advisers has increased substantially over the last four years.  OCIE intends to focus on issues such as the eligibility of the robo-adviser to register with the SEC, marketing practices engaged in by robo-advisers, the ability to comply with fiduciary duty, the adequacy of the adviser’s disclosures, the effectiveness of the adviser’s compliance program, and the firm’s cybersecurity policies, procedures and practices.

Advisers Act Rule 203A-2(e) permits “internet only advisers” to register with the SEC, provided certain conditions are met and maintained.  Specifically, the adviser must provide investment advice to all clients exclusively through an interactive website and maintain records demonstrating that it does so.  Under the rule, an adviser may provide investment advice through means other than the internet to up to fourteen clients during any twelve-month period. Undoubtedly there are some firms that registered on this basis who were either not eligible at the time or, through the evolution of their business, have strayed from the conditions required to remain eligible for registration.

Continue reading

Earlier this month, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its examination priorities for 2020.  Many of the priorities listed are similar to those identified in previous years’ priorities lists. The SEC’s approach in addressing them, however, continues to evolve to keep pace with the changing landscape of financial markets, market participants, products, technologies and risks. This post will address some of the areas that should be of concern to a large percentage of registered investment advisers (RIAs), broker-dealers and other regulated entities.

OCIE reiterated that a significant underpinning of any effective compliance program is the “tone at the top” set by C-level executives and owners. Those firms that prioritize compliance and effectively create a “culture of compliance” tend to be more successful in designing and implementing compliance plans than firms that view compliance as an afterthought or business hindrance. One of the “hallmarks” of a firm’s commitment to compliance is the presence of an “empowered” CCO who is routinely consulted regarding most facets of the firm’s operations. There is nothing new to these concepts, but it is worth noting that OCIE continues to emphasize them year after year. Although not stated in the priorities release, the degree to which a firm demonstrates a commitment to compliance often weighs heavily on decisions OCIE examiners must make regarding how deficiencies will be addressed by the Commission. All other things being equal, firms that have made mistakes but demonstrate the ability to make effective corrections will often be provided an opportunity to implement those corrections and are less likely to become the subject of an enforcement referral.

Not surprisingly, OCIE will continue to prioritize examining RIAs to assess compliance with their fiduciary duty to clients. For examinations of RIAs occurring during the second half of 2020, this will undoubtedly include the proper use of Form ADV Part 3, which RIAs are required to complete, file, and place into use with clients by June 30, 2020. Additionally, broker-dealers will be expected to implement compliance with new Regulation BI, requiring adherence to a best interest standard. The priorities list reiterates that advisers and broker-dealers must eliminate, or at least fully and fairly disclose, all conflicts of interest, as more fully explained in Investment Advisor Release 5248, issued in June of last year.

Among other priorities relevant to RIAs, OCIE also listed the protection of retail investors saving for retirement, information security, anti-money laundering programs and financial technology.

Continue reading

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a new Risk Alert on September 4th urging RIAs to review their compliance policies and procedures addressing principal trading and agency cross trading transactions.

We pay close attention to OCIE’s periodic Risk Alerts as these publications provide RIAs with not only a view of the results of recent OCIE exam, but also an insight into future exam priorities. This blog has provided commentary on all three of OCIE’s Risk Alerts for RIAs published thus far in 2019.Those alerts have focused on topics as diverse as hiring practices, customer record storage, and privacy notices.

This new Risk Alert encourages RIAs to revisit their policies and procedures designed to prevent violations of Advisers Act Section 206(3) and Rule 206(3)-2. Section 206(3) of the Advisers Act prohibits an adviser from engaging in the following trading activities, unless done with the consent of a client after receipt of written notice: (i) buying or selling a security from a client while acting as “principal for his own account” (“principal trading”); and (ii) acting as a broker for a person other than the client in order to effect a securities transaction between the client and the other person (“agency cross trading”).

Continue reading

A new Risk Alert released by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) reminds advisers of the added compliance obligations that arise when hiring representatives carrying the baggage of reportable disciplinary histories. While by no means exhorting advisers not to hire such persons, the Risk Alert nonetheless encourages advisers to properly consider the obvious compliance risks presented by such hiring practices, and, in turn, to adopt prudent policies and procedures to address those risks.

We follow OCIE’s periodic Risk Alerts closely as they not only provide insights regarding the focus of recent OCIE examinations, but also provide insights as to what OCIE management will be directing the staff to focus on in the future. This particular Risk Alert is a read-out of the results of a recent series of OCIE exams from 2017 specifically targeting advisory firms that (i) previously employed, or currently employ, any individual with a history of disciplinary events and (ii) for the most part serve retail clients. Indeed, OCIE makes special notation of its “focus on protecting retail investors” as a genesis for both the targeted exam initiative (the “Initiative”) as well as this new Risk Alert. Accordingly, advisers with a large retail customer base should pay especially close attention to the new Risk Alert.

In conducting the Initiative, OCIE’s staff focused on three areas of interest: (i) the compliance policies and procedures put into place to specifically cover the activities of previously-disciplined individuals; (ii) the disclosures relating to previously-disciplined individuals required to be made in filings and other public documents (including advertising); and (iii) conflicts of interest implicated by the hiring of previously-disciplined individuals. With this roadmap in place, the Initiative identified a variety of observed deficiencies across a range of topics, including:

In its latest Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) heeds advisers and broker/dealers to take a fresh look at their policies and procedures in the area of electronic customer record storage in light of shortcomings discovered by OCIE’s staff as part of recently-conducted regular examinations. These shortcomings include weak or misconfigured security settings on a network storage device that, in the worst-case event, could result in unauthorized access to customer information.

OCIE Risk Alerts are highly useful resources for compliance professionals to consider as these published notices serve as a window into not only the recent experiences of OCIE staffers out in the field, but also the thinking of OCIE management as to where it will be directing its staff to focus on in future examinations. In other words, if the management of OCIE warrants it important enough to publish a Risk Alert on an particular topic, registrants can be assured that future exams will likely focus on deficiencies in that area.

This most recent Risk Alert zeros-in on deficiencies uncovered by examiners with respect to how advisers and brokers are protecting their customers’ electronic records—specifically, records kept in the “cloud” or on other types of networked storage solutions. OCIE defines cloud storage as the “electronic storage of information on infrastructure owned and operated by a hosting company or service provider.” Obviously, such storage systems may be especially vulnerable to hacking or other nefarious activities, and as such, warrant robust protections. Continue reading

With annual compliance reviews in full swing this time of year, we write today to remind advisory firms to be sure to assess the sufficiency of their policies and procedures in the ever-developing area of electronic messaging.  Our note comes on the heels of a recent Risk Alert on this topic issued by the SEC’s Office of Compliance Inspections and Examinations or “OCIE,” which exhorts advisory firms to take a fresh look at their current compliance policies in light of the particular risks of non-compliance posed by the firm’s usage of electronic messaging.

“Electronic messaging,” as discussed in OCIE’s Risk Alert, refers to such mediums as text/SMS messaging, instant messaging, personal email, and personal or private messaging, but specifically excludes firm-wide email.  Notably, OCIE’s exclusion of firm email from analysis in the Risk Alert should not be read as diminishing an adviser’s compliance obligations to capture, store, and periodically review firm email communications.  Rather, as OCIE explains, “firms have had decades of experience complying with regulatory requirements with respect to firm email” and it is not as problematic from a compliance standpoint as compared to some of the newer technologies that run on third-party applications or platforms.  Continue reading

On December 20, 2018, two days before the recent partial federal government shutdown began, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations announced its 2019 Examination PrioritiesAs discussed previously, the shutdown resulted in the SEC operating at a quite minimal level.  Now that the shutdown is over, registered investment advisers and broker-dealers can likely expect OCIE to fully implement the following examination priorities.

OCIE listed six examination priorities for 2019: (1) matters of importance to retail investors, especially seniors and investors saving for retirement; (2) compliance and risk in registrants who are tasked with overseeing critical market infrastructure; (3) focus on FINRA and MSRB; (4) digital assets; (5) cybersecurity; and (6) anti-money laundering.  According to OCIE, this is not an exhaustive list, and one can expect OCIE to cover other issues in its examinations.  However, OCIE has concluded that these issues “present potentially heightened risk to investors or the integrity of U.S. capital markets.” Continue reading

As the partial federal government shutdown, which began at midnight on December 22, 2018, now approaches its fifth week, we write to update our readers on the shutdown’s specific impact on the SEC and securities regulatory activities.  While we have previously discussed many of these points with our clients who currently have matters pending before the SEC, below is more general information regarding the SEC’s most significant functions.

The SEC was able to operate fully and conduct regular business for a limited number of days following the commencement of the general federal shutdown, but was forced to effectively close its doors on December 27, 2018.  Since then, the agency has been operating at a very minimal level with a skeleton crew of staffers able to respond to only emergency situations.  As described on the SEC’s home page, the remaining staff is available to respond only to “emergency situations involving market integrity and investor protection, including law enforcement.”  The vast majority of the SEC’s employees have been furloughed and are not reporting to work at this time.  That said, we note that a number of familiar online filing platforms, such as EDGAR, IARD, and CRD, all remain fully operable. Continue reading

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) periodically issues “Risk Alerts” highlighting common deficiencies encountered by its staff during routine investment adviser compliance exams. These Risk Alerts serve the dual purpose of providing advisers with both useful insight into the results of recent OCIE examination activity as well as advance warning of areas that OCIE may be paying closer attention to in the future. Accordingly, a recent Risk Alert issued by OCIE details the most common deficiencies the staff has cited relating to Rule 206(4)-3 (the “Cash Solicitation Rule” or “Rule”) under the Investment Advisers Act of 1940. See National Exam Program Risk Alert, Investment Adviser Compliance Issues Related to the Cash Solicitation Rule (Oct. 31, 2018).

By way of background, the Cash Solicitation Rule prohibits SEC-registered investment advisers from paying a cash fee, directly or indirectly, to any person who solicits clients for the adviser unless the arrangement complies with a number of conditions specified in the Rule, including that the fee must be paid pursuant to a written agreement to which the adviser is a party. Notably, the Rule discerns between solicitors that are affiliated with the registered adviser versus those that are not, setting-up more comprehensive requirements for the latter third-party solicitors. For example, third-party solicitors must provide potential clients with both a copy of the adviser’s Form ADV Part II (or other applicable brochure) and a separate written solicitor’s disclosure document containing specific data about the solicitation arrangement—including the terms of the solicitor’s compensation. Moreover, with respect to third-party arrangements, the Rule obliges advisers to: (i) collect a signed and dated acknowledgment from every potential solicited client that such client has in fact received the adviser’s brochure and the solicitor’s disclosure document; and (ii) make a “bona fide effort” to ascertain whether the solicitor has complied with its duties under the Rule.

In this context, OCIE cited the following as the most noteworthy deficiency areas encountered by its front-line examiners:

On April 12, 2018, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations published a Risk Alert “providing a list of compliance issues relating to fees and expenses charged by SEC-registered investment advisers… that were the most frequently identified in deficiency letters sent to advisers.” According to OCIE, investment advisers often explain the terms of a client’s fees and expenses in their Form ADV and their advisory agreements. If an investment adviser does not follow these terms and participates in improper fee billing, that investment adviser may be violating the Investment Advisers Act of 1940. The Risk Alert is designed to compel investment advisers to evaluate their practices, as well as their policies and procedures, to help ensure compliance with the Advisers Act. Continue reading