RIA Compliance Blog

Growing RIAs Beware: SEC Issues Risk Alert Relating to Compliance Rule Failures

December 15, 2020 | Steve Parker

In conjunction with a speech delivered by its Director last month, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert discussing significant compliance deficiencies its examination staff had identified relating to Investment Advisers Act Rule 206(4)-7 (the “Compliance Rule”). The alert followed on the heels of prior Risk Alerts that addressed Compliance Rule deficiencies, among others, as having been the frequent subject of compliance-related findings by OCIE staff. Many of the deficiencies discussed in the Risk Alert are particularly relevant to growing RIAs who are attempting to assure that their compliance programs evolve and improve as they continue their growth.

The Compliance Rule requires, among other things, that RIAs must design, adopt and put into place written procedures and policies designed to prevent and detect violation of the Advisers Act and its rules. The Compliance Rule also requires the RIA to review the adequacy of those procedures annually. It also requires the RIA to appoint a competent Chief Compliance Officer who is empowered with the responsibility to develop and enforce policies that are appropriate to the firm.

The Risk Alert listed many examples of the types of deficiencies noted during examinations, including inadequate allocation of compliance resources. As we have discussed before, an RIA must assure that the CCO has sufficient time and resources to do the job. This means, for many small and growing RIAs, that the CCO’s compliance role should be exclusive and noncompliance tasks should be reallocated to other employees. There is no prohibition on the CCO having other roles within the organization, but where there are compliance deficiencies, the inability of a CCO to commit sufficient time to compliance will usually be cited as a structural deficiency. The CCO must be permitted, if not encouraged, to obtain additional training and to hire extra compliance staff when needed. Outside consultants or law firms are encouraged when necessary to enable the firm to meet its compliance obligations.

SEC Examination Director Discusses Importance of Empowering the CCO

December 2, 2020 | Steve Parker

In a speech last month, Peter Driscoll, the director of the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE), stressed that registered investment advisers must take steps to grant authority to their Chief Compliance Officers, pointing out that the failure to do so is often cited as a deficiency following RIA audits. Driscoll explained that CCOs must be supported and empowered by an RIA’s upper management and that OCIE examiners are looking closely to determine whether that is or is not happening at a particular firm.

Driscoll’s speech comes on the heels of the SEC’s upholding a FINRA enforcement action against the CCO of a broker-dealer who was fined $45,000 and given a 90-day suspension for failing to follow up on “red flags” that the broker-dealer was making payments to a firm owned by a barred broker. A federal appellate court recently affirmed that decision. The speech seemed designed, in part, to allay concerns by CCOs that they are at risk of becoming frequent enforcement targets. Consistent with prior SEC guidance, Driscoll’s speech highlighted that compliance failures are more often the result of other senior firm officers not sufficiently fulfilling their roles to assure that the compliance function is adequately staffed and complied with. Compliance should not fall entirely “on the shoulders of the CCO,” he said.

Too often, says Driscoll, OCIE sees firms take a “check-the-box” approach to their CCO position, meaning they are given just enough authority to complete the bare minimum compliance tasks but aren’t fully integrated into the ongoing operations, direction, or major decisions of the company. He notes that in many examination meetings, the CCO stays quiet as the company’s other senior executives dominate answers to core compliance questions. In other instances, he says, firms try to use the CCO as a “scapegoat” to cover failings by other firm personnel to follow clear policies or guidance. When OCIE notices that the CCO is turned into a target for every compliance problem identified, while CEOs take no responsibility, it is an indication that the firm has not set the proper tone and the top that is critical to all good compliance programs.

Possible Cognitive Decline of Investment Advisers Underscores Need for Succession Plan, Training

November 18, 2020 | Steve Parker

Earlier this year, the North American Securities Administrators Association (NASAA), through a working group within the Senior Issues/Diminished Capacity Committee, issued a report of findings and recommendations relating to issues of cognitive impairment or diminished capacity that may affect investment advisers and other financial professionals. The report summarized information received by the working group from registered investment advisers, broker-dealers, and compliance consultants in the industry. The findings focused on communication, education, and succession planning as key elements of an effective plan to address impairment issues.

Of course, an adviser suffering from diminished capacity could face serious difficulties relating to his or her work, including not being able to provide effective service to the client or to comply with responsibilities under the securities laws, including meeting the standards of conduct and maintaining adequate books and records. Those interviewed in connection with the study indicated that the industry welcomes continued regulatory engagement and continued input on this subject. Many of them also identified existing guidance from NASAA, the Securities Industry and Financial Markets Association, and the Financial Services Institute as being resources they currently consult when issues arise.

Among the key areas considered are how firms can recognize signs of diminished capacity and how they should consider dealing with issues that arise. The report encouraged firms to consider implementing an appropriate training program to enable staff to detect “red flags” of impairment by an adviser and a mechanism to communicate concerns freely within an organization. While dementia associated with aging is still the most common reason for impairment, other underlying causes include accidents and traumatic injury, side effects from medications, a non-dementia medical diagnosis, and drug or alcohol addiction. When a situation is detected, how a firm should confront the adviser is a key issue, and one that may be fraught with both practical and legal considerations. The report summarized a few instances where firms had successfully dealt with such issues and stressed that sensitivity and respect should be paramount in every such encounter.

SEC Updates Form CRS Disciplinary Guidance

October 16, 2020 | Bryan Gort

Last week the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) released updated guidance to the disciplinary disclosures section of Form CRS. The purpose of Form CRS is to provide a succinct summary of the business of the Investment Adviser or Broker-Dealer to provide a retail investor with the proper information to make an informed decision regarding whether an investment advisory or brokerage relationship is in the best interest of the investor. Form CRS also provides a platform to generate questions for clients to ask their financial professional to spark a conversation regarding the disclosures. Likewise, the purpose of the disciplinary section of the Form CRS is to give an overall indication as to whether the firm or its financial professionals have disciplinary history to disclose.

The SEC and FINRA place a high level of importance on ensuring that firms adequately disclose their disciplinary history to provide full and accurate disclosure to retail investors. Since June 30, 2020, the required implementation date of Form CRS, the SEC and FINRA have examined investment advisers to determine compliance with the guidance regarding Form CRS and Regulation BI. In its examinations, the regulators determined that many investment advisory and brokerage firms were either not providing a response to the disciplinary section or providing more details than the section’s instructions require. The following are summaries of the updated guidance on Form CRS disciplinary disclosures:

Cybersecurity: OCIE Warns Against Credential Stuffing

October 7, 2020 | Bryan Gort

The Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert highlighting the need for investment advisers to prevent unauthorized access to client data stored on websites.

Recently, cyber attackers have used “credential stuffing” and other methods to breach web-based user accounts. Credential stuffing is when a hacker combines lists of stolen account information from the dark web and customized scripts to compromise user names and passwords to other sites. Hackers prefer this method because it seems to be more efficient and successful than more traditional methods of hacking, like a brute force attack.

OCIE has the following recommendations for Investment Advisers to consider in protecting themselves and their websites against credential stuffing attacks: Continue reading ›

SEC Amends Proxy Rule and Issues Supplemental Guidance to Investment Advisers

September 30, 2020 | Steve Parker

In July 2020, the Securities and Exchange Commission issued supplemental guidance relating to the duties of investment advisers with respect to proxy voting. This follows guidance issued in 2019, which we have discussed before. The prior guidance was issued in connection with amended rules finalized at the same time which dealt with proxy solicitations under the federal securities laws. Those amendments were designed to grant companies that issue stock to obtain advisory firms’ recommendations on proxy issues in advance of the proxy submission deadline. As a result, the issuer has time to submit additional materials as part of the proxy solicitation.

As a result of the new rules, proxy voting services will be forced to share their voting recommendations with the issuers of the securities at or prior to the providing the recommendations to their institutional clients, and if issuers submit additional information in response, must also disclose such information to the clients. The proxy advisers must also disclose any conflicts of interest that might exist that could reasonably be expected to influence their recommendations.

The effective date of the amended rule is 60 days after publication. Proxy advisory firms must comply with the amendments by December 1, 2021. The supplemental guidance became effective on September 3, 2020. Continue reading ›

SEC Enforcement Continues to Sanction RIAs Over Excessive Fees

September 18, 2020 | Steve Parker

As illustrated in two recent cases, the SEC’s Enforcement Division continues to root out RIAs that receive excessive undisclosed fees, particularly 12b-1 fees and mutual fund revenue sharing payments. As we have noted repeatedly, the SEC has focused on this issue in the last several years. At issue is whether an adviser properly disclosed to its clients that its representatives or an affiliated broker-dealer would receive 12b-1 fees based upon the recommendation of a mutual fund share class that pays such a fee when other classes that do not carry such a fee are available to the client.

In the first case, SCF Investment Advisors (SCF), a California-based registered investment adviser, consented to more than $700,000 in monetary sanctions imposed by the SEC relating to the firm’s practice of receiving 12b-1 fees in advisory accounts without proper disclosure. According to the order, SCF used mutual funds and money market funds that paid 12b-1 fees, although the receipt of those fees was not disclosed to clients and less expensive alternatives were available. The firm’s affiliated broker-dealer also received revenue sharing payments, a practice that was also not disclosed. As a result of those charges, SCF and its affiliates were unjustly enriched, and the clients’ performance was lower than it would have been had the practices not existed.

In 2018, the SEC granted RIAs the opportunity to enter into consent orders that did not carry civil penalties by self-reporting the receipt of undisclosed 12b-1 fees. In those cases, however, the firms would nevertheless be required to reimburse clients the amounts received in 12b-1 fees. In April of this year, as a result of that self-disclosure initiative, the SEC announced that the initiative resulted in 95 RIAs returning nearly $140 million to their customers. Continue reading ›

SEC Adds RIAs to Definition of “Accredited Investor,” Adopts Other Changes

September 3, 2020 | Steve Parker

In a closely-watched move, the SEC voted 3-2 this past Wednesday to expand the definition of an “accredited investor” to include both state-registered and SEC-registered investment advisers with $5 million or more in assets. Accredited investors are those who are permitted to purchase unregistered securities such as those typically sold in a private placement. The current definition includes individuals or married couples with $1 million or more in investments and individuals with $200,000 in annual income or total income with a spouse of $300,000.

Also added to the definition are individuals who hold Series 7, 65, and 82 licenses. Those correspond to examinations for the general securities agent or representative, the investment adviser representative, and the private placement agent, respectively. “Knowledgeable employees” of a private fund are now also accredited investors. In addition to the new categories included, the Commission established a framework whereby additional categories of sophisticated investors can be added to the definition over time.

The Commission also voted not to adjust upward for inflation, the traditional wealth-based definition of “accredited investor.” The issue exposes a fundamental debate about the adequacies of protections that currently exist in the private securities market, as well as issues of class-based access to markets.

US Supreme Court Disgorgement Ruling Leaves Open Questions

August 18, 2020 | Steve Parker

Earlier this summer, the US Supreme Court handed down a highly anticipated decision clarifying the powers of the Securities and Exchanges Commission in civil enforcement proceedings. The court ruled by a margin of 8 to 1 that the SEC can obtain disgorgement from a defendant because disgorgement is a form of equitable relief. As such, the remedy is based on district courts’ inherent powers to enter remedies based on fairness and equity. But we anticipate that the lower courts will still have difficulty in answering questions relating to the equitable remedy with uniformity, most likely resulting in those questions eventually coming back to the high court for resolution.

The case, Liu v. SEC, involved a lower court’s order that a married couple must pay $27 million in disgorgement as a result of the husband’s raising that amount from Chinese investors in a fraudulent EB-5 offering. The funds were ostensibly raised to fund a new cancer clinic, but ultimately the funds were misused. The husband funneled some of the money to the wife and some to other related companies. Both husband and wife were paid millions of dollars in salaries alone. The disgorgement award held both husband and wife jointly and severally liable for the full amount.

The trial court ordered the couple to disgorge the full amount raised in the fraudulent scheme as “ill-gotten gains.” The defendants challenged the amount of disgorgement imposed on several grounds, including that the amount should be offset by legitimate expenses incurred by the defendants. A disgorgement award that was not limited to net profits, they argued, constituted a penalty and therefore, could not be imposed consistent with other limitations on awards of civil penalties. Continue reading ›

SEC Signals Ransomware Risk to Investment Advisers is High

July 31, 2020 | Bryan Gort

The Securities and Exchange Commission (“SEC”) recently published its sixth risk alert on cybersecurity since 2014. In this alert, the SEC focused on how its regulated firms protect themselves against ransomware risk. I previously wrote about the SEC’s last risk alert on ransomware here.

Ransomware is malware that stops a user from accessing either part or all of the data within their network or other systems until a ransom is paid. For ransomware to be effective, it must gain access to network data in some form or fashion, usually through user error, such as a user clicking a link, downloading a file, or doing something else which affirmatively provides the ransomware access to data. From there, the hacker typically encrypts data and demands payment to unencrypt it.

There are varying studies, but up to 90% of financial services firms, including investment advisers, broker-dealers and investment companies, report that they have been targeted by ransomware. The SEC also reports that these targeted attacks have gotten more sophisticated in nature over the last few years, which necessitates greater allocation of resources from firms to protect themselves.