Year-end 2020 Regulatory Flourish

As 2020 winds to a close, the regulators are intent on making sure their voices are heard. From the SEC to the states, regulatory guidance is plentiful. The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued three Risk Alerts in just the past 45 days. The Multi-Branch Initiative Alert was issued in early November and focused on registered investment advisers operating from branch offices and/or with operations geographically dispersed from the adviser’s principal office. The second November Alert focused on adviser compliance programs and the capabilities of the examined firms to implement their compliance programs effectively and consistently.  In December, OCIE snuck in yet another Risk Alert related to large trader compliance under Rule 13h-1.

Late breaking news … before the ink was barely dry on its December Risk Alert, the Commission announced on December 17^th that the Office of Compliance Inspections and Examinations will now be called the Division of Examinations.  And … wait for it … today (December 22^nd) the SEC finally amended the Advertising Rule. We will issue a separate bulletin about this development in coming weeks.

The North American Securities Administration Association (“NASAA”) issued a model rule that will have a profound impact on Investment Adviser Representative (“IAR”) registration requirements. And last but not least, New York adopted new registration requirements for IARs doing business in the state.

While the guidance and attendant recommendations in aggregate cast a wide net over the prevailing regulatory regime, it’s clear that supervision and accountability reign supreme.  The Risk Alerts and state regulatory developments are further discussed below.

*******************

November 9, 2020 – Observations from OCIE’s Examinations of

Investment Advisers: Supervision, Compliance and Multiple Branch Offices

Background

On November 9, 2020, the SEC issued a Risk Alert entitled “Observations from OCIE’s Examinations of

Investment Advisers: Supervision, Compliance and Multiple Branch Offices.” The Multi-Branch Initiative aggregates findings and recommendations culled from over 40 examinations. OCIE exams focused on adviser primary office locales with at least one branch or remote office affiliated with the examined firm, primarily serving retail investors.  While the Alert did not explicitly cite deficiencies attendant to remote from home working arrangements that are now prevalent in the COVID era, Chief Compliance Officers should acknowledge the nexus between adviser branch risk profiles and sustained remote arrangements and thereby ascertain the degree to which the firm may be exposed to particular risk sets.  OCIE observed that advisers utilizing the branch office business model were at greater risk for certain compliance risk factors, i.e., a centralized approach to compliance risk management implementation for branch offices was not deemed to be particularly effective in many cases.

The Initiative focused upon Compliance Programs/Supervision and Investment Advice as the two primary areas of examination and regulatory scrutiny.

Compliance Programs/Supervision. OCIE ascertained whether the adviser implemented risk-based written policies and procedures pursuant to Rule 206(4)-7. Policies and procedures implemented at both main and branch offices were evaluated for relevance and comportment to rule requirements. Included in this evaluation was an assessment of the efficacy of branch supervisory protocol.   

Specific scrutiny was placed upon adviser compliance with the Code of Ethics and custody rules as well as adherence to the fiduciary standard.  OCIE determined that policies and procedures implemented at the branch level were often irrelevant, ineffective, or incomplete.

Investment Advice. OCIE identified risks pertaining to the formulation and execution of investment advice by branch personnel. Scrutiny focused upon adviser oversight of investment recommendations, allocation of investment opportunities and the management/disclosure of conflicts of interest related to the provision of investment advice. OCIE concluded that many adviser firms operating branch offices lacked adequate controls to monitor and supervise employees responsible for developing and/or executing investment advice at the branch level.  

Specific Observations – Compliance Programs/Supervision

When contrasting the divergence of risk management capabilities found in principal offices versus branch offices, OCIE found ineffective supervision of branch personnel and/or the failure to implement risk-based policy at the branch level. These risks were magnified when principal and branch offices utilized dissimilar implementation practices for common policy provisions. Furthermore, OCIE observed that branch personnel neglected to engage in testing policies and procedures for efficacy as an ongoing risk management consideration. 

OCIE found that more than half of examined firms had compliance policies and procedures that were:

• Inaccurate due to outdated information;
• Inconsistently applied across the enterprise;
• Inadequately implemented; and/or
• Not enforced.

Rule 206(4)-7 deficiencies included the failure of advisers to properly recognize the custody status of client accounts and failure to adequately implement and supervise client fee billing practices.

Custody. OCIE found certain branch personnel were either uninformed or unconcerned about branch custody exposure. Branch personnel were found to lack adequate procedures or supervision to ensure procedures were followed. Specific deficiencies included lacking proper custody controls when:

1. Commingling the firm’s assets with those of its clients;
2. Assuming trusteeship (by the firm or its employees);
3. Assuming general partner responsibilities for limited partnership clients;
4. Receiving client checks in branch offices and depositing same with client custodians;
5. Assuming disbursement authority over client assets; and/or
6. Processing withdrawals and deposits in client accounts or client address changes. 

Fees and Expenses. OCIE found that certain advisers that delegated the development of investment advice to branch office personnel were not sufficiently supervised. The following client overcharge scenarios were cited by OCIE in the Risk Alert:

1. Misapplied tiered fee structures or incorrect valuations for fee calculations;
2. Inconsistently applied fee reimbursements, including advisory fee offsets for 12b-1 fees from certain mutual fund purchases and refunds for prorated fees paid in advance by clients who terminated their accounts;
3. Fee mismatch between advisory agreements and invoices; and/or
4. Fees charged on assets that were to be excluded from advisory fees.

Supervision. Deficiencies related to supervision included:

1. Failure to disclose material information, including disciplinary events of supervised persons;
2. Portfolio management failures, such as the recommendation of mutual fund share classes that were not in the clients’ best interest; and/or
3. Trading and best execution deficiencies, including the failure to enforce pre-existing policies and procedures.

Supervision deficiencies were particularly prevalent when the advisers supervised branch office personnel with higher-risk profiles. 

Advertising. Deficiencies related to the use of unapproved materials and/or personnel operating under a different name than the primary name of the adviser. Examples of problematic advertisements included:

1. Performance presentations that omitted material disclosures;
2. Superlatives or unsupported claims (also referred to as “touting”);
3. False professional experience/credentials pertaining to personnel or the advisory firm itself; and/or
4. Third-party rankings or awards that omitted material facts regarding these accolades.  

Code of Ethics. Advisers were cited for Code deficiencies such as:

1. Failure to comply with personal trade reporting requirements; 
2. Failure to perform compliance review of employee transactions and holdings reports;
3. Inadequate identification of access persons to be subject to the Code of Ethics; and/or
4. Failure to include all required provisions in their codes of ethics, e.g., such as pre-approval of limited or private offerings.

Specific Observations – Investment Advice

Advisers utilizing the branch office structure in their business model generally implemented a decentralized protocol to develop client investment advice whereby branch personnel retained most if not sole authority to perform this function. In this regard OCIE primarily focused upon portfolio management practices of branch personnel with over 50% of advisers cited for deficiencies relating to oversight of investment decisions, disclosure of conflicts of interest, and trade allocation decisions.

Investment Decisions. Lack of supervision deficiencies related to mutual fund share class selection practices as well as investment recommendations and disclosures associated with wrap fee programs were commonly cited.  Advisers purchased share classes of mutual funds that charged 12b-1 fees instead of lower cost share classes of the same mutual funds that were available to clients. This practice represented a conflict of interest whereby clients were not informed of the added expense whilst advisers received related fee income from the mutual fund sponsor. This business practice jeopardized adherence to the fiduciary standard. Furthermore, advisers failed to adequately assess whether wrap fee programs were in the best interests of clients and erroneously charged commissions.  OCIE further determined that branch offices misrepresented or failed to disclose conflicts of interest attendant to adviser operation of sponsored wrap programs, e.g., trading away practices. Additional deficiencies included inadequate or non-existent supervision of branch personnel pertaining to adviser/sub-adviser step-out trading protocol. 

Portfolio Rebalancing. Advisers implemented automated rebalancing of accounts that caused clients to incur short-term redemption fees from mutual funds. OCIE cited advisers that failed to document the suitability of these automated processes for client accounts which incurred additional fees.

Conflicts of Interest Disclosures. Advisers were cited for conflicted practices that were not fully and fairly disclosed, e.g., expense allocations that appeared to benefit proprietary fund clients over non-proprietary fund clients. Advisers also did not fully and fairly disclose financial incentives for the advisers and/or their personnel to recommend specific investments.

Trading/Allocation of Investment Opportunities.  Advisers were cited for:

1. The lack of documentation demonstrating best execution analysis;
2. Completing principal transactions without prior client consent and disclosure; and/or
3. Inadequate monitoring of employee trades, including the improper allocation of block trade losses to clients rather than to the employee accounts.

OCIE Recommended Best Practices

OCIE observed a range of risk management practices with respect to branch office activities that were in fact beneficial to compliance risk management implementation.  These recommendations were provided by the SEC to further assist and direct advisers pursuant to the design and implementation of risk-based policies and procedures, especially those advisers with branch offices.

1. Advisers adopted and implemented written compliance policies and procedures that:
2. Were applicable to all office locations and all personnel, regardless of whether these individuals were independent contractors or employees of the adviser;
3. Were customized to the profile of the branch; and
4. Included all branch personnel in all compliance training programs.
5. The following best practices were found to achieve and maintain risk-based policies:
6. Uniform policies and procedures regarding main office oversight for monitoring and approval of advertising;
7. Centralized, uniform processes to manage client fee billing across all branches;
8. Centralized processes for implementing the adviser’s personal securities trading policy;
9. Centralized implementation protocol included automated review and approval of personal trading requests and transactions originating from both home office and geographically dispersed personnel.  Many of these advisers also provided personnel with annual training pertaining to personal accountability metrics attendant to code of ethics compliance; and
10. Uniform portfolio management policy and procedures and/or portfolio management systems, across all office locations which in many cases included centralized routing of client trade orders.

• Advisers performed compliance testing or periodic reviews of key activities at all branch offices at least annually, with some firms conducting reviews more frequently. Examples of compliance oversight and testing of branch office activities included: 
• Validating that branch offices undertook reviews of their portfolio management decisions, both initially and ongoing;
• Designating individuals within branch offices to provide portfolio management monitoring, primarily to assess whether investment recommendations were consistent with clients’ investment objectives and recommendations;
• Consolidating the trading activities occurring within branch offices into the advisers’ overall best execution testing practices; and
• Conducting compliance reviews that did not solely rely on self-reporting by personnel.  

• Advisers established compliance policies and procedures to check for prior disciplinary events when hiring supervised persons and periodically confirmed the accuracy of disclosures regarding such information. Some advisers also had procedures that included periodically reviewing disciplinary histories, documenting such reviews, and providing heightened supervision of individuals with disciplinary histories.

• Advisers required compliance training for branch office employees generally once or twice a year, targeting areas identified as needing improvement based on their branch office reviews.

More Information

Download a copy of the OCIE Risk Alert here: https://www.sec.gov/files/Risk%20Alert%20-%20Multi-Branch%20Risk%20Alert.pdf.

*******************

November 19, 2020 – OCIE Observations: Investment Adviser Compliance Programs

On November 19, 2020, the SEC issued a Risk Alert entitled “OCIE Observations: Investment Adviser Compliance Programs” which focused on compliance deficiencies under Rule 206(4)-7. Deficiency findings centered upon the following:

• Compliance resources
• Chief Compliance Officer authority and independence
• Annual reviews
• Policy relevance
• Policy implementation
• Risk-based policy development

Compliance Resources

OCIE observed registrants who failed to allocate sufficient resources to the Chief Compliance Officer (“CCO”) pursuant to ongoing compliance with Rule 206(4)-7. Resource issues included CCO obligations to assume responsibilities attendant to multiple line of business/administrative hubs unrelated to the firm’s compliance program, inadequate staffing of compliance administration, and inadequate compliance training of personnel. 

CCO Authority/Independence

OCIE cited situations where the CCO lacked sufficient authority within the firm to develop and enforce appropriate policies and procedures. Specific deficiencies focused upon CCO access to senior management and related business information pertaining to adviser operations which precluded the CCO from implementing a risk-based compliance program. 

Annual Reviews

OCIE cited advisers that were unable to demonstrate performance of the annual review or whose annual reviews failed to identify significant existing compliance or regulatory problems detected by the regulator.  Noted deficiencies included failure to incorporate all aspects of the adviser’s business into policy implementation, failure to comprehensively identify and review all risk sets confronting the adviser, and/or failure to provide written documentation of the annual review process.

Policy Relevance

OCIE cited policies and procedures that contained outdated or inaccurate information about the adviser, including off-the-shelf policies that contained unrelated or incomplete information pertaining to policies, procedures and/or internal controls.

Inadequate Policy Implementation

Pursuant to policy compliance, advisers neglected to do what they said they would do in a manner that was fully documented and congruent with written policy and procedure. Having a policy response is not enough … advisers must have written risk-based policies, procedures and internal controls which are consistently implemented. As an example, the majority of advisers had written policies pertaining to advertising, compliance training, best execution, client account reviews, and fee testing but they neglected to execute and fully document policy compliance.

Risk-Based Policy

Advisers neglected to comply with Rule 206(4)-7 provisions directing the amendment of policies pursuant to changes in the business model and/or the regulatory regime. Business model changes that were not captured in this respect included:

• Portfolio management (the utilization of third-party investment managers, monitoring of client investment strategies, and adherence to the investment management agreement);
• Supervision (oversight of new or existing third-party service providers and branch/remote personnel);
• Marketing (new marketing content was insufficiently reviewed for compliance with Rule 206(4)-1 while solicitor supervision was not evident pursuant to Rule 206(4)-3);
• Trading practices (risk-based policy was not implemented pursuant to soft dollar utilization, best execution, and restricted securities);
• Disclosures (Form ADV and client communications were inaccurate or misleading);
• Advisory fees and valuation (insufficient or non-existent internal controls for fee billing accuracy and repatriation of fees associated with termed accounts); 
• Safeguards for client privacy (policy not sufficiently robust pursuant to Reg S-P and Reg S-ID requirements);
• Cybersecurity deficiencies (insufficient controls related to access rights, encryption, data loss prevention, vendor management, employee training, and penetration testing);
• Books and records (incomplete policy and procedure attendant to Rule 204-2 compliance);
• Safeguarding of client assets (insufficient policy attendant to custody and the safety of client assets); and/or
• Business continuity plans (BCP failed to designate responsibility, provide contact information and/or the adviser failed to test the plan pursuant to Rule 206(4)-7 requirements).

More Information

Risk Alert: https://www.sec.gov/files/Risk%20Alert%20IA%20Compliance%20Programs_0.pdf

*******************

November 24, 2020 – NASAA Members Adopt Model Rule to Require Continuing Education by Investment Adviser Representatives

NASAA works to promote education to help investors identify and avoid fraud, to investigate violations of state and provincial law, and to file enforcement actions. NASAA members have long worked toward the creation of a continuing education (“CE”) requirement for IARs to maintain their licenses with state regulators similar to other financial service professions.

Under NASAA’s model rule, beginning in 2022, IARs will be required to complete 12 hours of CE annually, with six hours focused on ethics and professional responsibility and the remaining six hours devoted to products and practice. NASAA said its model rule is designed to be compatible with other CE programs. The ethics and professional responsibility component is designed to ensure ongoing knowledge and competency related to an IAR’s duties and obligations to his or her clients, including issues related to the fiduciary duty owed to each client. The product and practice component is designed to ensure ongoing knowledge and competency related to investment products, strategies, standards, and compliance practices relevant to the investment advisory industry.

Keep in mind that individual states reserve the right to adopt the model rule for these requirements to impact IARs. The states are responsible to designate approved providers and content. A delinquent IAR would not be permitted to practice until he/she completed the continuing education requirement.

More Information

The model rule is available at: https://www.nasaa.org/wp-content/uploads/2011/08/33-IA-Rules_General_USA2002.pdf

*******************

December 1, 2020 – Changes to NY State IAR Registrations Coming in 2021

On December 1, 2020, the New York Attorney General announced the adoption of final rules that will modernize registration and filing with the Investor Protection Bureau in the Office of the Attorney General (“OAG”). According to the OAG, once these changes are fully implemented in 2021, New York’s registration procedures will better conform to the federal securities registration regime, cure industry confusion when it comes to certain registration requirements, and better track exam requirement compliance and disciplinary disclosures for thousands of investment advisers who provide investment advice to New Yorkers. 

Changes

The changes require the registration of IARs including principals, supervisors, and solicitors through the WebCRD/IARD system beginning  February 1, 2021.   Prior to the rule change, New York was the only state that did not license IARs via the WebCRD/IARD system.

Initial and Ongoing Registration

An IAR for an SEC registered investment adviser will file the Form U4 and pay a $200 fee if the IAR conducts advisory activities from a place of business in New York.   After initial registration, IARs must renew their registration annually, and make timely updating amendments through the year whenever material changes occur.

Exam Requirements

IARs must pass the Series 65 or the Series 7 and Series 66 within 2 years of registering in NY unless the IAR qualifies for a waiver.  

Waivers

Waivers will be available to an IAR for prior registrations: 

• If the IAR has been continuously registered to provide investment advice in any jurisdiction for a period of at least two years prior to the date of filing the Form U4;
• If the IAR has not had any lapse in registration exceeding two years; and
• If the IAR is not, and has not been, subject to any regulatory or civil action, proceeding or arbitration, either pending or in the preceding ten years from the date of their application, that would require disclosure on Form U4.

  Waivers will be also available to IARs who hold the following active professional designations:  

• Certified Financial Planner (CFP)
• Chartered Financial Consultant (ChFC)
• Personal Financial Specialist (PFS)
• Chartered Financial Analyst (CFA)
• Chartered Investment Counselor (CIC)

More Information

Press Release: https://ag.ny.gov/press-release/2020/attorney-general-james-announces-final-rules-modernize-and-streamline-securities

*******************

December 16, 2020 – Observations from Examinations of Broker-Dealers and Investment

Advisers: Large Trader Obligations

On December 16, 2020, the SEC issued a Risk Alert entitled “Observations from Examinations of Broker-Dealers and Investment Advisers: Large Trader Obligations.” The SEC adopted Rule 13h-1 (“Rule 13h-1” or the “Rule”) to assist the Commission in both identifying and obtaining information on market participants that conduct a substantial amount of trading activity, as measured by volume or market value, in national market system (“NMS”) securities (such persons are referred to as “Large Traders”). Reporting under the Rule facilitates the SEC’s ability to assess the impact of Large Trader activity on the securities markets, to reconstruct trading activity following periods of unusual market volatility, and to analyze significant market events for regulatory purposes.

During examinations, OCIE observed that some investment advisers and broker-dealers were either not aware of the Rule or were not familiar with certain requirements. This Risk Alert is intended to assist investment advisers and broker-dealers in reviewing and enhancing their compliance programs with respect to their Large Trader obligations. In the Alert, OCIE encourages both investment advisers and broker-dealers to bring filing deficiencies into line, and thoroughly review and, where appropriate, amend their supervisory and compliance policies and procedures to ensure compliance with the Rule.

More Information

Risk Alert: https://www.sec.gov/files/Risk%20Alert%20-%20Large%20Trader%2013h.pdf