Articles Tagged with Office of Compliance Inspections and Examinations

In its latest Risk Alert, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) heeds advisers and broker/dealers to take a fresh look at their policies and procedures in the area of electronic customer record storage in light of shortcomings discovered by OCIE’s staff as part of recently-conducted regular examinations. These shortcomings include weak or misconfigured security settings on a network storage device that, in the worst-case event, could result in unauthorized access to customer information.

OCIE Risk Alerts are highly useful resources for compliance professionals to consider as these published notices serve as a window into not only the recent experiences of OCIE staffers out in the field, but also the thinking of OCIE management as to where it will be directing its staff to focus on in future examinations. In other words, if the management of OCIE warrants it important enough to publish a Risk Alert on an particular topic, registrants can be assured that future exams will likely focus on deficiencies in that area.

This most recent Risk Alert zeros-in on deficiencies uncovered by examiners with respect to how advisers and brokers are protecting their customers’ electronic records—specifically, records kept in the “cloud” or on other types of networked storage solutions. OCIE defines cloud storage as the “electronic storage of information on infrastructure owned and operated by a hosting company or service provider.” Obviously, such storage systems may be especially vulnerable to hacking or other nefarious activities, and as such, warrant robust protections. Continue reading

With annual compliance reviews in full swing this time of year, we write today to remind advisory firms to be sure to assess the sufficiency of their policies and procedures in the ever-developing area of electronic messaging.  Our note comes on the heels of a recent Risk Alert on this topic issued by the SEC’s Office of Compliance Inspections and Examinations or “OCIE,” which exhorts advisory firms to take a fresh look at their current compliance policies in light of the particular risks of non-compliance posed by the firm’s usage of electronic messaging.

“Electronic messaging,” as discussed in OCIE’s Risk Alert, refers to such mediums as text/SMS messaging, instant messaging, personal email, and personal or private messaging, but specifically excludes firm-wide email.  Notably, OCIE’s exclusion of firm email from analysis in the Risk Alert should not be read as diminishing an adviser’s compliance obligations to capture, store, and periodically review firm email communications.  Rather, as OCIE explains, “firms have had decades of experience complying with regulatory requirements with respect to firm email” and it is not as problematic from a compliance standpoint as compared to some of the newer technologies that run on third-party applications or platforms.  Continue reading

As the partial federal government shutdown, which began at midnight on December 22, 2018, now approaches its fifth week, we write to update our readers on the shutdown’s specific impact on the SEC and securities regulatory activities.  While we have previously discussed many of these points with our clients who currently have matters pending before the SEC, below is more general information regarding the SEC’s most significant functions.

The SEC was able to operate fully and conduct regular business for a limited number of days following the commencement of the general federal shutdown, but was forced to effectively close its doors on December 27, 2018.  Since then, the agency has been operating at a very minimal level with a skeleton crew of staffers able to respond to only emergency situations.  As described on the SEC’s home page, the remaining staff is available to respond only to “emergency situations involving market integrity and investor protection, including law enforcement.”  The vast majority of the SEC’s employees have been furloughed and are not reporting to work at this time.  That said, we note that a number of familiar online filing platforms, such as EDGAR, IARD, and CRD, all remain fully operable. Continue reading

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) periodically issues “Risk Alerts” highlighting common deficiencies encountered by its staff during routine investment adviser compliance exams. These Risk Alerts serve the dual purpose of providing advisers with both useful insight into the results of recent OCIE examination activity as well as advance warning of areas that OCIE may be paying closer attention to in the future. Accordingly, a recent Risk Alert issued by OCIE details the most common deficiencies the staff has cited relating to Rule 206(4)-3 (the “Cash Solicitation Rule” or “Rule”) under the Investment Advisers Act of 1940. See National Exam Program Risk Alert, Investment Adviser Compliance Issues Related to the Cash Solicitation Rule (Oct. 31, 2018).

By way of background, the Cash Solicitation Rule prohibits SEC-registered investment advisers from paying a cash fee, directly or indirectly, to any person who solicits clients for the adviser unless the arrangement complies with a number of conditions specified in the Rule, including that the fee must be paid pursuant to a written agreement to which the adviser is a party. Notably, the Rule discerns between solicitors that are affiliated with the registered adviser versus those that are not, setting-up more comprehensive requirements for the latter third-party solicitors. For example, third-party solicitors must provide potential clients with both a copy of the adviser’s Form ADV Part II (or other applicable brochure) and a separate written solicitor’s disclosure document containing specific data about the solicitation arrangement—including the terms of the solicitor’s compensation. Moreover, with respect to third-party arrangements, the Rule obliges advisers to: (i) collect a signed and dated acknowledgment from every potential solicited client that such client has in fact received the adviser’s brochure and the solicitor’s disclosure document; and (ii) make a “bona fide effort” to ascertain whether the solicitor has complied with its duties under the Rule.

In this context, OCIE cited the following as the most noteworthy deficiency areas encountered by its front-line examiners:

On April 12, 2018, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations published a Risk Alert “providing a list of compliance issues relating to fees and expenses charged by SEC-registered investment advisers… that were the most frequently identified in deficiency letters sent to advisers.” According to OCIE, investment advisers often explain the terms of a client’s fees and expenses in their Form ADV and their advisory agreements. If an investment adviser does not follow these terms and participates in improper fee billing, that investment adviser may be violating the Investment Advisers Act of 1940. The Risk Alert is designed to compel investment advisers to evaluate their practices, as well as their policies and procedures, to help ensure compliance with the Advisers Act. Continue reading

On May 16, 2018, SEC Co-Directors Stephanie Avakian and Stephen Piekin appeared before the Subcommittee on Capital Markets, Securities, and Investment, a subcommittee of the House of Representatives’ Committee on Financial Services.  At this meeting, Avakian and Peikin emphasized the importance of the budget increases requested by the SEC in February of this year.  The Commission’s Fiscal Year 2019 Congressional Budget Justification; Annual Performance Plan and Fiscal Year 2017 Annual Performance Report includes budget requests for each SEC division, including the Office of Compliance Inspections and Examinations.  As part of OCIE’s budget request, the SEC requested funding for “13 restored positions to focus on examinations of investment advisers and investment companies.”

According to the SEC, the number of registered investment advisers, as well as the amount of assets that they manage, has significantly increased in the last few years.  The SEC also anticipates that the number of registered investment advisers and the complexity of these investment advisers will continue to grow throughout 2018 and 2019.  Moreover, a hiring freeze, which began at the beginning of 2017, has caused the number of compliance staff to decrease.  The SEC anticipates that it will need funding to restore 100 positions that were lost because of the hiring freeze.  Therefore, the SEC believes that without the requested funding, SEC staff will be unable to address its growing responsibilities adequately. Continue reading

Investment advisers’ use of clients’ usernames and passwords to access their clients’ accounts to observe the accounts’ performance has come under scrutiny in recent years.  In February 2017, the SEC Office of Compliance Inspections and Examinations (“OCIE”) disclosed in a Risk Alert that investment advisers’ use of client usernames and passwords can create compliance issues with the Custody Rule.  According to OCIE, an investment adviser’s “online access to client accounts may meet the definition of custody when such access provides the adviser with the ability to withdraw funds and securities from the client accounts.”  Accessing a client’s account using a client’s username and password often results in an investment adviser being able to withdraw funds and securities.

The North American Securities Administrators Association (“NASAA”) has also observed in recent years that if an investment adviser logs into a client’s account using the client’s personal information, “the investment adviser is in effect impersonating this client and has the same access to the account as the client.”  As a result, a number of issues arise when investment advisers use their clients’ personal information to gain access to online accounts, including custody, recordkeeping obligations, and potential violations of user agreements. Continue reading

Following its publication of a Risk Alert in late 2017 detailing findings from examinations of municipal advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE) continues to examine municipal advisers in 2018.  In 2014, OCIE established the Municipal Advisor Examination Initiative to perform an examination on municipal advisers who recently registered for the first time.  OCIE performed over 110 examinations in the course of the Initiative and found that many municipal advisers did not have adequate knowledge of regulatory requirements for municipal advisers.  As a result, many municipal advisers were found not to be in adequate compliance with regulatory requirements pertaining to registration, recordkeeping, and supervision.  OCIE hoped that in publishing the 2017 Risk Alert, municipal advisers will be compelled to evaluate their policies and procedures to find possible areas for improvement.

Municipal advisers are obligated to register with the SEC pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”).  The SEC established its municipal adviser registration rules in September 2013, and the rules became effective in July 2014.  The Dodd-Frank Act also established the Municipal Securities Rulemaking Board (“MSRB”), which exercises regulatory authority over municipal advisers.  OCIE’s examinations of municipal advisers covered “compliance with regulatory obligations including registration, statutory fiduciary standard of care, fair dealing, recordkeeping, and supervision, among other things.”  OCIE discovered that the most common deficiencies among municipal advisers related to registration, books and records, and supervision requirements. Continue reading

On February 7, 2018, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published its Examination Priorities for 2018.  The Examination Priorities cover “certain practices, products, and services that OCIE believes may present potentially heightened risk to investors and/or the integrity of the U.S. capital markets.”  The five priorities that OCIE specifically listed are (1) issues crucial to retail investors, such as seniors and those saving for retirement, (2) compliance and risks in critical market infrastructure, (3) FINRA and MSRB, (4) cybersecurity, and (5) anti-money laundering programs.  This is not an exclusive list, and OCIE invited comments concerning how it can adequately promote compliance.

OCIE intends to continue to make shielding retail investors from fraud a priority.  OCIE plans to focus especially on senior investors and those saving for retirement.  For example, examiners will pay particular attention to firms’ internal controls that are intended to monitor their representatives, especially in relation to products targeted at senior investors.  OCIE will also focus on disclosure of the costs of investing, examination of investment advisers and broker-dealers who primarily offer advice through digital platforms, wrap fee programs, mutual funds and exchange traded funds, municipal advisors and underwriters, and the growth of the cryptocurrency and initial coin offering markets. Continue reading

On June 5, 2017, the Securities and Exchange Commission (“SEC”) filed a complaint in the United States District Court for the Southern District of New York against Alpine Securities Corporation (“Alpine”), a Salt Lake City-based broker-dealer.  The complaint alleges that Alpine failed to file Suspicious Activity Reports (“SARs”) in the manner prescribed by the Bank Secrecy Act (“BSA”).  According to the SEC’s complaint, Alpine’s alleged misconduct “facilitated illicit actors’ evasion of scrutiny by U.S. regulators and law enforcement, and provided them with access to the markets they might otherwise have been denied.”

The BSA obligates a broker-dealer to file SARs with the Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) to report transactions that the broker-dealer knows or suspects involve funds obtained from illegal activities or that were used to conceal such activities.  Broker-dealers are also obligated, under the “SAR Rule” (31 C.F.R. § 1023.320), to file SARs if they know or suspect that a transaction’s purpose was to evade BSA obligations or that the transaction did not have an obvious business or lawful purpose.  Broker-dealers are also required to file SARs if they know or suspect that a transactions’ purpose is to instigate criminal activity.  In addition, both FinCEN, under the SAR Rule, and the Financial Industry Regulatory Authority (“FINRA”), under FINRA Rule 3310, require that broker-dealers establish and enforce anti-money laundering programs that are tailored to guarantee compliance with the BSA and its regulations.  Since Alpine was a FINRA-member firm, it was obligated to comply with FINRA’s rule regarding the adoption and enforcement of an anti-money laundering program.

The SEC alleged that while Alpine had adopted an anti-money laundering compliance program, it did not adequately put this compliance program into practice.  For example, evidence showed that Alpine’s records included information revealing incidents of “money laundering, securities fraud, or other illicit financial activities relating to [Alpine’s] customers and their transactions.”  These constituted so-called “material red flags” and were required to be reported in Alpine’s SARs.  However, the SEC alleged that at least 1,950 of Alpine’s SARs did not report these material red flags.  Evidence also showed that Alpine filed SARs on about 1,900 deposits of a security, but did not file SARs upon the subsequent liquidation of deposits.