Articles Tagged with SEC

On July 13, 2021, the Securities and Exchange Commission (“SEC”) published an order instituting administrative cease-and-desist proceedings against TIAA-CREF Individual & Institutional Services, LLC (“TIAA”). TIAA consented to this order without admitting or denying the findings except as to jurisdiction and subjection matter. The SEC’s order alleges TIAA failed to properly disclose conflicts of interest and made materially misleading statements concerning rollover recommendations they made to clients over a five-year period from 2013 to 2018.

TIAA’s policies and procedures required their investment adviser representatives, who were also dually registered as registered representatives, to present clients with four options regarding rollover recommendations when providing financial planning services. The options were:

  1. Leave client assets in their employer-sponsored retirement plans;
  2. Rolling the assets into a self-directed individual retirement account;
  3. Rolling over the assets to a new employer’s plan; or
  4. Cashing out the account value/taking a lump-sum distribution.

Continue reading ›

Over the last five years, cybersecurity has consistently been a top priority of the Securities and Exchange Commission (“SEC”). We have written about the SEC’s focus on cybersecurity in July 2020 and January 2020. With an additional enforcement action in June, the SEC is continuing to signal that firms regulated by the SEC need to have appropriate risk management and cybersecurity controls in place. While this case study isn’t directly related to Investment Advisers, they would be wise to learn lessons from this story.

First American Financial Corporation (“First American”) is a real estate settlement services provider. In that capacity, they store certain non-public personal information (“NPPI”) of real estate purchasers and sellers. In an internal audit in 2018, an error was caught that certain NPPI stored by First American was not stored securely.

Subsequently, First American conducted a vulnerability test which culminated in a written report in January 2019. In the report, information security personnel determined that certain website URLs that First American provided to people could be replaced with different numbers to create access to NPPI that was unauthorized. Continue reading ›

Rule 206(4)-1 under the Investment Advisers Act, known as the “Marketing Rule,” becomes effective on May 4, 2021. Full details of the new rule and the related amendments to the Books and Records Rule and for ADV can be reviewed in the SEC’s adopting release. The new rule changes many aspects of the current guidance applicable to advertising by SEC-registered investment advisers, some of which is drawn from no-action letters and other informal releases. Advisers must come into compliance with the new rule within eighteen months of the effective date or by November 4, 2022. Firms may choose to come into compliance at any time between the effective date and the compliance date, but the SEC has warned that RIAs may not choose to implement parts of the new rules at different times. Rather, a firm must implement and be prepared to comply with the entirety of the new rule on a single date within the eighteen-month compliance period. The rule does not, on its face, apply to state-registered RIAs, who should continue to follow the rules applicable to the states in which they conduct business. Some state rules mirror or adopt the SEC advertising rules in some respects.

One of the most important changes relates to using what has historically been referred to as “testimonials,” or statements by clients regarding their experience with an adviser. The current rule 206(4)-1, titled “Advertisements by Investment Advisers,” states that any advertisement by an adviser that uses a “testimonial of any kind” is deemed fraudulent, deceptive or manipulative. Although “testimonial” is not defined in the current rule, the SEC consistently interpreted the term as a statement of a client’s experience with, or endorsement of, an investment adviser. Under the new rule, however, testimonials as traditionally understood are permitted as long as firms comply with a number of requirements. Continue reading ›

The U.S. Securities and Exchange Commission yesterday issued long-anticipated changes to the rules governing marketing for RIAs, including managers of private funds. The changes are designed to modernize the rules to account for the era of digital communication and other marketplace “evolutions.” The rule changes also impact firms’ uses of testimonials and paid solicitors.

By a 5-0 vote, the amendments will replace prior separate rules into a single comprehensive rule that deals with advertising and solicitation. The replaced rules date back to the 1970s and earlier.

By and large, the rules allow for more flexibility. For instance, instead of a blanket prohibition of testimonials, the new rule permits testimonials if certain disclosures are made. These disclosure requirements dovetail with the emphasis on preventing conflicts of interests that was the focus of last year’s IA Release 5248, relating to advisers’ fiduciary duty. The rules also create additional questions related to marketing on Form ADV Part 1.

In conjunction with a speech delivered by its Director last month, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert discussing significant compliance deficiencies its examination staff had identified relating to Investment Advisers Act Rule 206(4)-7 (the “Compliance Rule”). The alert followed on the heels of prior Risk Alerts that addressed Compliance Rule deficiencies, among others, as having been the frequent subject of compliance-related findings by OCIE staff. Many of the deficiencies discussed in the Risk Alert are particularly relevant to growing RIAs who are attempting to assure that their compliance programs evolve and improve as they continue their growth.

The Compliance Rule requires, among other things, that RIAs must design, adopt and put into place written procedures and policies designed to prevent and detect violation of the Advisers Act and its rules. The Compliance Rule also requires the RIA to review the adequacy of those procedures annually. It also requires the RIA to appoint a competent Chief Compliance Officer who is empowered with the responsibility to develop and enforce policies that are appropriate to the firm.

The Risk Alert listed many examples of the types of deficiencies noted during examinations, including inadequate allocation of compliance resources. As we have discussed before, an RIA must assure that the CCO has sufficient time and resources to do the job. This means, for many small and growing RIAs, that the CCO’s compliance role should be exclusive and noncompliance tasks should be reallocated to other employees. There is no prohibition on the CCO having other roles within the organization, but where there are compliance deficiencies, the inability of a CCO to commit sufficient time to compliance will usually be cited as a structural deficiency. The CCO must be permitted, if not encouraged, to obtain additional training and to hire extra compliance staff when needed. Outside consultants or law firms are encouraged when necessary to enable the firm to meet its compliance obligations.

In a speech last month, Peter Driscoll, the director of the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE), stressed that registered investment advisers must take steps to grant authority to their Chief Compliance Officers, pointing out that the failure to do so is often cited as a deficiency following RIA audits. Driscoll explained that CCOs must be supported and empowered by an RIA’s upper management and that OCIE examiners are looking closely to determine whether that is or is not happening at a particular firm.

Driscoll’s speech comes on the heels of the SEC’s upholding a FINRA enforcement action against the CCO of a broker-dealer who was fined $45,000 and given a 90-day suspension for failing to follow up on “red flags” that the broker-dealer was making payments to a firm owned by a barred broker. A federal appellate court recently affirmed that decision. The speech seemed designed, in part, to allay concerns by CCOs that they are at risk of becoming frequent enforcement targets. Consistent with prior SEC guidance, Driscoll’s speech highlighted that compliance failures are more often the result of other senior firm officers not sufficiently fulfilling their roles to assure that the compliance function is adequately staffed and complied with. Compliance should not fall entirely “on the shoulders of the CCO,” he said.

Too often, says Driscoll, OCIE sees firms take a “check-the-box” approach to their CCO position, meaning they are given just enough authority to complete the bare minimum compliance tasks but aren’t fully integrated into the ongoing operations, direction, or major decisions of the company. He notes that in many examination meetings, the CCO stays quiet as the company’s other senior executives dominate answers to core compliance questions. In other instances, he says, firms try to use the CCO as a “scapegoat” to cover failings by other firm personnel to follow clear policies or guidance. When OCIE notices that the CCO is turned into a target for every compliance problem identified, while CEOs take no responsibility, it is an indication that the firm has not set the proper tone and the top that is critical to all good compliance programs.

Last week the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) released updated guidance to the disciplinary disclosures section of Form CRS. The purpose of Form CRS is to provide a succinct summary of the business of the Investment Adviser or Broker-Dealer to provide a retail investor with the proper information to make an informed decision regarding whether an investment advisory or brokerage relationship is in the best interest of the investor. Form CRS also provides a platform to generate questions for clients to ask their financial professional to spark a conversation regarding the disclosures. Likewise, the purpose of the disciplinary section of the Form CRS is to give an overall indication as to whether the firm or its financial professionals have disciplinary history to disclose.

The SEC and FINRA place a high level of importance on ensuring that firms adequately disclose their disciplinary history to provide full and accurate disclosure to retail investors. Since June 30, 2020, the required implementation date of Form CRS, the SEC and FINRA have examined investment advisers to determine compliance with the guidance regarding Form CRS and Regulation BI. In its examinations, the regulators determined that many investment advisory and brokerage firms were either not providing a response to the disciplinary section or providing more details than the section’s instructions require. The following are summaries of the updated guidance on Form CRS disciplinary disclosures:

Continue reading ›

The Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert highlighting the need for investment advisers to prevent unauthorized access to client data stored on websites.

Recently, cyber attackers have used “credential stuffing” and other methods to breach web-based user accounts. Credential stuffing is when a hacker combines lists of stolen account information from the dark web and customized scripts to compromise user names and passwords to other sites. Hackers prefer this method because it seems to be more efficient and successful than more traditional methods of hacking, like a brute force attack.

OCIE has the following recommendations for Investment Advisers to consider in protecting themselves and their websites against credential stuffing attacks: Continue reading ›

In July 2020, the Securities and Exchange Commission issued supplemental guidance relating to the duties of investment advisers with respect to proxy voting. This follows guidance issued in 2019, which we have discussed before. The prior guidance was issued in connection with amended rules finalized at the same time which dealt with proxy solicitations under the federal securities laws. Those amendments were designed to grant companies that issue stock to obtain advisory firms’ recommendations on proxy issues in advance of the proxy submission deadline. As a result, the issuer has time to submit additional materials as part of the proxy solicitation.

As a result of the new rules, proxy voting services will be forced to share their voting recommendations with the issuers of the securities at or prior to the providing the recommendations to their institutional clients, and if issuers submit additional information in response, must also disclose such information to the clients. The proxy advisers must also disclose any conflicts of interest that might exist that could reasonably be expected to influence their recommendations.

The effective date of the amended rule is 60 days after publication. Proxy advisory firms must comply with the amendments by December 1, 2021. The supplemental guidance became effective on September 3, 2020. Continue reading ›

In a closely-watched move, the SEC voted 3-2 this past Wednesday to expand the definition of an “accredited investor” to include both state-registered and SEC-registered investment advisers with $5 million or more in assets. Accredited investors are those who are permitted to purchase unregistered securities such as those typically sold in a private placement. The current definition includes individuals or married couples with $1 million or more in investments and individuals with $200,000 in annual income or total income with a spouse of $300,000.

Also added to the definition are individuals who hold Series 7, 65, and 82 licenses. Those correspond to examinations for the general securities agent or representative, the investment adviser representative, and the private placement agent, respectively. “Knowledgeable employees” of a private fund are now also accredited investors. In addition to the new categories included, the Commission established a framework whereby additional categories of sophisticated investors can be added to the definition over time.

The Commission also voted not to adjust upward for inflation, the traditional wealth-based definition of “accredited investor.” The issue exposes a fundamental debate about the adequacies of protections that currently exist in the private securities market, as well as issues of class-based access to markets.

Continue reading ›

Contact Information