Articles Tagged with SEC

|

The Securities and Exchange Commission (SEC) recently released the 2022 Examination Priorities from the Division of Examinations, formerly known as the Office of Compliance Inspections and Examinations. This annual release provides insight into the areas that the SEC plans to highlight when examining investment advisers during the coming year.

While the SEC notes the continued impact of COVID-19 on investment advisers and the investment industry, the SEC reported an increase in examinations conducted during FY21, with the total number of completed examinations close to the pre-pandemic levels of FY19.

For FY22 examinations, the SEC will place a significant focus on (1) private funds; (2) environmental, social, and governance (ESG) investing; (3) standards of conduct: Regulation Best Interest (Regulation BI), fiduciary duty, and Form CRS; (4) information security and operational resiliency; and (5) emerging technologies and crypto-assets. Many of these focus areas, such as ESG and Regulation BI, are carried over from previous years and mark a multi-year emphasis for the SEC.

Continue reading ›

|

Last month, the SEC commenced an administrative enforcement action that highlights the significance of its change in guidance over the use of “hedge clauses” in investment advisory agreements. Recall that in IA-5248, the SEC’s 2019 interpretive release that addressed the standard of conduct for investment advisers, the Commission withdrew the 2007 No-Action Letter previously issued in Heitman Capital Management, LLC (Feb. 12, 2007) (“Heitman Letter”). Prior to IA-5248, the Heitman Letter had frequently been relied upon by investment advisers to permit the use of hedge clauses, or clauses purporting to limit an adviser’s liability, as long as the clause contained an affirmative statement that it should not be construed to waive unwaivable claims under federal and state securities laws. Because the SEC concluded that the Heitman Letter had been often misconstrued, IA-5248 expressly withdrew it.

Prior to the issuance of the Heitman Letter in 2007, the SEC had rather consistently prohibited the use of hedge clauses. The Heitman Letter, however, constituted a departure from that previous near-blanket prohibition. In Heitman, the SEC staff stated that the use of a hedge clause that limits the adviser’s liability except for gross negligence or willfulness may under some circumstances be permitted, depending on “all the surrounding facts and circumstances.” Among the circumstances to be considered were whether it was written in plain English, whether it had been highlighted and explained to the client personally, whether there was a heightened explanation of the types of claims that were not waived, and whether impacted clients had access to other professional “intermediaries” upon whom they relied. After the Heitman Letter, the use of hedge clauses by investment advisers proliferated, not always consistently with the Heitman guidance.

Continue reading ›

|

On July 13, 2021, the Securities and Exchange Commission (“SEC”) published an order instituting administrative cease-and-desist proceedings against TIAA-CREF Individual & Institutional Services, LLC (“TIAA”). TIAA consented to this order without admitting or denying the findings except as to jurisdiction and subjection matter. The SEC’s order alleges TIAA failed to properly disclose conflicts of interest and made materially misleading statements concerning rollover recommendations they made to clients over a five-year period from 2013 to 2018.

TIAA’s policies and procedures required their investment adviser representatives, who were also dually registered as registered representatives, to present clients with four options regarding rollover recommendations when providing financial planning services. The options were:

  1. Leave client assets in their employer-sponsored retirement plans;
  2. Rolling the assets into a self-directed individual retirement account;
  3. Rolling over the assets to a new employer’s plan; or
  4. Cashing out the account value/taking a lump-sum distribution.

Continue reading ›

|

Over the last five years, cybersecurity has consistently been a top priority of the Securities and Exchange Commission (“SEC”). We have written about the SEC’s focus on cybersecurity in July 2020 and January 2020. With an additional enforcement action in June, the SEC is continuing to signal that firms regulated by the SEC need to have appropriate risk management and cybersecurity controls in place. While this case study isn’t directly related to Investment Advisers, they would be wise to learn lessons from this story.

First American Financial Corporation (“First American”) is a real estate settlement services provider. In that capacity, they store certain non-public personal information (“NPPI”) of real estate purchasers and sellers. In an internal audit in 2018, an error was caught that certain NPPI stored by First American was not stored securely.

Subsequently, First American conducted a vulnerability test which culminated in a written report in January 2019. In the report, information security personnel determined that certain website URLs that First American provided to people could be replaced with different numbers to create access to NPPI that was unauthorized. Continue reading ›

|

Rule 206(4)-1 under the Investment Advisers Act, known as the “Marketing Rule,” becomes effective on May 4, 2021. Full details of the new rule and the related amendments to the Books and Records Rule and for ADV can be reviewed in the SEC’s adopting release. The new rule changes many aspects of the current guidance applicable to advertising by SEC-registered investment advisers, some of which is drawn from no-action letters and other informal releases. Advisers must come into compliance with the new rule within eighteen months of the effective date or by November 4, 2022. Firms may choose to come into compliance at any time between the effective date and the compliance date, but the SEC has warned that RIAs may not choose to implement parts of the new rules at different times. Rather, a firm must implement and be prepared to comply with the entirety of the new rule on a single date within the eighteen-month compliance period. The rule does not, on its face, apply to state-registered RIAs, who should continue to follow the rules applicable to the states in which they conduct business. Some state rules mirror or adopt the SEC advertising rules in some respects.

One of the most important changes relates to using what has historically been referred to as “testimonials,” or statements by clients regarding their experience with an adviser. The current rule 206(4)-1, titled “Advertisements by Investment Advisers,” states that any advertisement by an adviser that uses a “testimonial of any kind” is deemed fraudulent, deceptive or manipulative. Although “testimonial” is not defined in the current rule, the SEC consistently interpreted the term as a statement of a client’s experience with, or endorsement of, an investment adviser. Under the new rule, however, testimonials as traditionally understood are permitted as long as firms comply with a number of requirements. Continue reading ›

|

The U.S. Securities and Exchange Commission yesterday issued long-anticipated changes to the rules governing marketing for RIAs, including managers of private funds. The changes are designed to modernize the rules to account for the era of digital communication and other marketplace “evolutions.” The rule changes also impact firms’ uses of testimonials and paid solicitors.

By a 5-0 vote, the amendments will replace prior separate rules into a single comprehensive rule that deals with advertising and solicitation. The replaced rules date back to the 1970s and earlier.

By and large, the rules allow for more flexibility. For instance, instead of a blanket prohibition of testimonials, the new rule permits testimonials if certain disclosures are made. These disclosure requirements dovetail with the emphasis on preventing conflicts of interests that was the focus of last year’s IA Release 5248, relating to advisers’ fiduciary duty. The rules also create additional questions related to marketing on Form ADV Part 1.

Continue reading ›

|

In conjunction with a speech delivered by its Director last month, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert discussing significant compliance deficiencies its examination staff had identified relating to Investment Advisers Act Rule 206(4)-7 (the “Compliance Rule”). The alert followed on the heels of prior Risk Alerts that addressed Compliance Rule deficiencies, among others, as having been the frequent subject of compliance-related findings by OCIE staff. Many of the deficiencies discussed in the Risk Alert are particularly relevant to growing RIAs who are attempting to assure that their compliance programs evolve and improve as they continue their growth.

The Compliance Rule requires, among other things, that RIAs must design, adopt and put into place written procedures and policies designed to prevent and detect violation of the Advisers Act and its rules. The Compliance Rule also requires the RIA to review the adequacy of those procedures annually. It also requires the RIA to appoint a competent Chief Compliance Officer who is empowered with the responsibility to develop and enforce policies that are appropriate to the firm.

The Risk Alert listed many examples of the types of deficiencies noted during examinations, including inadequate allocation of compliance resources. As we have discussed before, an RIA must assure that the CCO has sufficient time and resources to do the job. This means, for many small and growing RIAs, that the CCO’s compliance role should be exclusive and noncompliance tasks should be reallocated to other employees. There is no prohibition on the CCO having other roles within the organization, but where there are compliance deficiencies, the inability of a CCO to commit sufficient time to compliance will usually be cited as a structural deficiency. The CCO must be permitted, if not encouraged, to obtain additional training and to hire extra compliance staff when needed. Outside consultants or law firms are encouraged when necessary to enable the firm to meet its compliance obligations.

Continue reading ›

|

In a speech last month, Peter Driscoll, the director of the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE), stressed that registered investment advisers must take steps to grant authority to their Chief Compliance Officers, pointing out that the failure to do so is often cited as a deficiency following RIA audits. Driscoll explained that CCOs must be supported and empowered by an RIA’s upper management and that OCIE examiners are looking closely to determine whether that is or is not happening at a particular firm.

Driscoll’s speech comes on the heels of the SEC’s upholding a FINRA enforcement action against the CCO of a broker-dealer who was fined $45,000 and given a 90-day suspension for failing to follow up on “red flags” that the broker-dealer was making payments to a firm owned by a barred broker. A federal appellate court recently affirmed that decision. The speech seemed designed, in part, to allay concerns by CCOs that they are at risk of becoming frequent enforcement targets. Consistent with prior SEC guidance, Driscoll’s speech highlighted that compliance failures are more often the result of other senior firm officers not sufficiently fulfilling their roles to assure that the compliance function is adequately staffed and complied with. Compliance should not fall entirely “on the shoulders of the CCO,” he said.

Too often, says Driscoll, OCIE sees firms take a “check-the-box” approach to their CCO position, meaning they are given just enough authority to complete the bare minimum compliance tasks but aren’t fully integrated into the ongoing operations, direction, or major decisions of the company. He notes that in many examination meetings, the CCO stays quiet as the company’s other senior executives dominate answers to core compliance questions. In other instances, he says, firms try to use the CCO as a “scapegoat” to cover failings by other firm personnel to follow clear policies or guidance. When OCIE notices that the CCO is turned into a target for every compliance problem identified, while CEOs take no responsibility, it is an indication that the firm has not set the proper tone and the top that is critical to all good compliance programs.

Continue reading ›

|

Last week the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) released updated guidance to the disciplinary disclosures section of Form CRS. The purpose of Form CRS is to provide a succinct summary of the business of the Investment Adviser or Broker-Dealer to provide a retail investor with the proper information to make an informed decision regarding whether an investment advisory or brokerage relationship is in the best interest of the investor. Form CRS also provides a platform to generate questions for clients to ask their financial professional to spark a conversation regarding the disclosures. Likewise, the purpose of the disciplinary section of the Form CRS is to give an overall indication as to whether the firm or its financial professionals have disciplinary history to disclose.

The SEC and FINRA place a high level of importance on ensuring that firms adequately disclose their disciplinary history to provide full and accurate disclosure to retail investors. Since June 30, 2020, the required implementation date of Form CRS, the SEC and FINRA have examined investment advisers to determine compliance with the guidance regarding Form CRS and Regulation BI. In its examinations, the regulators determined that many investment advisory and brokerage firms were either not providing a response to the disciplinary section or providing more details than the section’s instructions require. The following are summaries of the updated guidance on Form CRS disciplinary disclosures:

Continue reading ›

|

The Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert highlighting the need for investment advisers to prevent unauthorized access to client data stored on websites.

Recently, cyber attackers have used “credential stuffing” and other methods to breach web-based user accounts. Credential stuffing is when a hacker combines lists of stolen account information from the dark web and customized scripts to compromise user names and passwords to other sites. Hackers prefer this method because it seems to be more efficient and successful than more traditional methods of hacking, like a brute force attack.

OCIE has the following recommendations for Investment Advisers to consider in protecting themselves and their websites against credential stuffing attacks: Continue reading ›

Contact Information
2987 Clairmont Rd
#200
Atlanta, GA 30329
Toll Free: (855) 322-2057Local: (404) 490-4060Fax: (404) 490-4058 jsparker@parkmac.com

Attorney Advertising

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please do not include any confidential or sensitive information in a contact form, text message, or voicemail. The contact form sends information by non-encrypted email, which is not secure. Submitting a contact form, sending a text message, making a phone call, or leaving a voicemail does not create an attorney-client relationship.

Copyright © 2024, Parker MacIntyre
JUSTIA Law Firm Blog Design