As 2020 winds to a close, the regulators are intent on making sure their voices are heard. From the SEC to the states, regulatory guidance is plentiful. The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued three Risk Alerts in just the past 45 days. The Multi-Branch Initiative Alert was issued in early November and focused on registered investment advisers operating from branch offices and/or with operations geographically dispersed from the adviser’s principal office. The second November Alert focused on adviser compliance programs and the capabilities of the examined firms to implement their compliance programs effectively and consistently. In December, OCIE snuck in yet another Risk Alert related to large trader compliance under Rule 13h-1.Read More
OCIE Risk Alert: Cybersecurity: Safeguarding Client Accounts against Credential Compromise
On September 15, 2020, the SEC issued yet another Risk Alert focusing on cyber risk. This Risk Alert addresses “credential stuffing” which is a cyber-attack seeking access to customer accounts of the investment adviser. Credential stuffing uses compromised login credentials to obtain unauthorized access to the adviser’s network. Advisers experiencing credential stuffing have reported lost customer Personally Identifiable Information (“PII”) and stolen customer assets.Read More
OCIE Risk Alert: Select COVID-19 Compliance Risks and Considerations for Broker-Dealers and Investment Advisers
COVID Produces New Adviser Hybrid Business Model
For most registered investment advisers, business continuity implementation in the COVID era entails some element of an employee work from home arrangement. As investment advisers approach month seven of COVID business continuity implementation, it is prudent to consider the ramifications attendant to long term business continuity implementation. Working from home is on the verge of becoming a quasi-permanent feature of investment adviser business models and therefore the SEC is directing advisers to evaluate compliance risk sets related to the remote work configuration.Read More
HRL newsletter published August 3, 2020
Over the past month, regulators are talking ransomware, Form 13F, proxy voting, and Form CRS. Below we highlight each topic and cite the source for easy reference. We welcome questions from our clients relative to these important matters.Read More
Private Fund Risk Alert / Form CRS Reminders and New FAQs / ESG
The regulators were busy in late June 2020. In this newsletter, we cover the SEC’s recent Risk Alert, Form CRS reminders and new FAQs, as well as the Department of Labor’s proposed ESG rule.Read More
Please note that this newsletter addresses only investment adviser requirements. See the last page of this newsletter for helpful Form CRS resources available to advisers and broker-dealers.
Despite the industry’s hopes for a delay in the implementation of Form CRS (Form ADV Part 3 Customer Relationship Summary) requirements, the SEC is moving forward with its original timeframe.
In fact, the IARD system is ready to accept investment advisers’ Form CRS today.Read More
“Before anything else, preparation is the key to success.”
Alexander Graham Bell
Now is an opportune time to review, update, and test your business continuity plan (“BCP”). Here are three good reasons to do so …
- Regulatory: Recently, the SEC Division of Investment Management recommended that investment advisers and funds plan and prepare for potential sustained business disruptions due to the evolving risk presented by the coronavirus (“COVID-19”) outbreak. Specifically, the Commission stated: “The Division encourages investment advisers and funds to contact the Division staff with any concerns they have related to the staff letter or to current or potential effects of COVID-19 on their operations, including any need for relief or guidance.” The SEC goes on to encourage registrants to evaluate their business continuity plans and valuation procedures, among other relevant policies, procedures, and systems. This guidance is consistent with the Commission’s ongoing directive to advisers to develop “risk-based” policy. The COVID-19 risk set presents unusual challenges to adviser BCP execution; a risk-based response would therefore entail testing and follow-on amendment and possible implementation.
SEC Office of Compliance Inspections and Examinations Publishes Observations on Cybersecurity and Resiliency Practices
“An ounce of prevention is worth a pound of cure.”
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued new guidance on January 27, 2020 which further addresses the cybersecurity risk set confronting regulated financial entities. The report provides visibility into OCIE observations pertaining to effective mitigation of primary cybersecurity risk sets, including:
- Access rights
- Data loss prevention,
- Mobile security
- Vendor management
- Incident response
- Employee training.
The U.S. Securities and Exchange Commission (“SEC”) continues to make progress with its self-imposed mandate of expanding its investment adviser examination reach. Leveraging increased staff and proprietary risk analytics, the Commission maintained its examination coverage of registered advisers in 2019 versus 2018 despite an increase of nearly 4 percent in registered firms and a month-long suspension of examination activity due to the 2019 government shut down. Examinations of registered advisers in fiscal year 2019 remained robust covering 15 percent of the registered adviser population.Read More
The U.S. Securities and Exchange Commission (“SEC”) announced on November 4, 2019 that it has voted to propose amendments to modernize the rules under the Investment Advisers Act of 1940, as amended (“Advisers Act”) addressing investment adviser advertisements and payments to solicitors. The proposed amendments (all 507 pages) are intended to update these rules to reflect changes in technology, the expectations of investors seeking advisory services, and the evolution of industry practices.Read More