Category

New in Compliance

SEC Risk Alert: Investment Adviser Compliance Issues Related to the Cash Solicitation Rule

By | New in Compliance, Risk Alert | No Comments

Risk Alert 

While we were busy handing out candy, the SEC was busy handing out advice! The Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert on October 31, 2018 to provide investment advisers, investors and other market participants with information concerning the most common deficiencies the staff has cited relating to Rule 206(4)-3 (the “Cash Solicitation Rule”) under the Investment Advisers Act of 1940 (the “Advisers Act”). The Risk Alert is intended to assist investment advisers in identifying potential issues and adopting and implementing effective compliance programs, and generally pertains to an adviser’s use of third-party solicitors that are subject to the broader requirements of the Cash Solicitation Rule.

Rule Requirement

Rule 206(4)-3 under the Advisers Act prohibits investment advisers from paying a cash fee, directly or indirectly, to an unrelated third party (a “solicitor”) for referring clients to the adviser unless the arrangement complies with certain conditions, as detailed below:

  • Solicitor agreement: a written agreement is executed between the adviser and the solicitor (a copy of which the adviser must retain) detailing the referral arrangement (e.g., a description of the solicitation activities and compensation to be received, as well as obligations of the solicitor under the arrangement);
  • Adviser’s brochure: at the time of any solicitation activities, the solicitor is required to provide the prospective client with a copy of the investment adviser’s brochure and supplements (i.e., Form ADV Part 2);
  • Solicitor disclosure: at the time of any solicitation activities the solicitor is required to provide a separate and written disclosure document to the prospective client which discloses the solicitor’s relationship to the adviser, and clarifies that the solicitor is being compensated for recommending the adviser, specifying the terms of the compensation arrangement;
  • Client acknowledgement: the adviser receives from the client at a time no later than the execution of the investment adviser’s agreement, a signed and dated acknowledgment that the client received the investment adviser’s brochure and the solicitor’s written disclosure document;
  • Solicitor disqualification: the solicitor may not be a person subject to certain disqualifications specified in the Cash Solicitation Rule; and
  • Compliance: the adviser must make a bona fide effort to ascertain whether the solicitor has complied with the solicitation agreement and must have a reasonable basis for believing that the solicitor has so complied.

Advisers are subject to narrower requirements under the Solicitation Rule when the solicitor is a partner, officer, director, or employee of the adviser or of an entity that controls, is controlled by, or is under common control with the adviser or if the cash fee is paid with respect to solicitation activities for the provision of impersonal advisory services only. The Risk Alert did not enumerate any observed deficiencies related to this type of arrangement.

Recurring Adviser Deficiencies 

The OCIE staff outlined common deficiencies in the Risk Alert, as noted below:

Solicitor disclosure documents: non-provision of disclosure documents to prospective clients pursuant to rule requirement and/or insufficient or obtuse disclosure of required information. Several deficiencies were noted wherein disclosure language regarding compensation were hypothetical or vague. In other situations, disclosure documents failed to clarify that the client would pay a higher fee for advisory services to essentially cover the solicitation fee. The SEC requires all disclosures to be truthful, complete and in Plain English.

Client acknowledgements: untimely or incomplete execution of required client acknowledgments pursuant to rule requirement wherein advisers did not receive a signed and dated client acknowledgement of receipt of the adviser brochure and the solicitor disclosure document. Furthermore, several advisers had received client acknowledgements, but they were undated or dated after the clients had entered into an investment advisory agreement.

Solicitation agreements: advisers paid cash fees to a solicitor without a duly executed solicitation agreement or paid compensation referencing an agreement that did not contain required provisions pursuant to rule requirement.  The SEC determined that solicitors did not perform their duties referenced in the solicitation agreement in a manner consistent with the instructions of the adviser thereby placing the adviser in deficient status.

Bona fide efforts to ascertain solicitor compliance: adviser compliance with rule 206(4)-3 requires advisers to make a genuine effort to ensure that solicitors are complying with cash solicitation rule requirements. The SEC observed that deficient advisers could not represent that they had a reasonable basis to believe that engaged third party solicitors were in full compliance with rule requirements (e.g., there was no evidence of a compliance audit trail with sufficient documentation attesting to solicitor compliance).

Other regulatory implications: the SEC also cited advisers for non-compliance with other provisions of the Advisers Act, e.g., breach of fiduciary duty under Sections 206(1) and 206(2). For example, OCIE observed advisers that recommended service providers to clients in exchange for client referrals without full and fair disclosure of the conflicts of interest.

Action Plan

We recommend that advisers review and amend, as necessary, disclosure documents and solicitation agreements to be consistent with actual practices.  Payment arrangements must be clear to all parties involved, including solicited clients. We also recommend that advisers adopt an internal control whereby the Chief Compliance Officer or designee performs appropriate due diligence for all engaged third party solicitors to ensure that all parties remain compliant with cash solicitation rule requirements. The frequency of review should be commensurate with the level of activity and risks associated with solicitation arrangements. Of course, all due diligence efforts must be documented in writing, and written policies and procedures must be adopted and implemented to ensure full compliance with the rule. Finally, although the SEC did not call out advisers for solicitation arrangement deficiencies evident with related party solicitors, investment advisers must ensure that related party arrangements follow the requirements of Rule 206(4)-3.

The SEC has stated that examinations within the scope of this review resulted in a range of regulatory actions against advisers, including enforcement actions. As one example, the SEC acted against an adviser deemed to violate the Cash Solicitation Rule by paying a cash fee to a solicitor despite knowing that the solicited clients had not received the necessary disclosures.

For More Information 

View the Risk Alert here: Investment Adviser Compliance Issues Related to the Cash Solicitation Rule (PDF)

IM Information Update 2018-02   Statement Regarding Staff Proxy Advisory Letters

By | Blog, New in Compliance | No Comments

Information Update 

On September 13, 2018, the SEC’s Division of Investment Management issued IM Information Update 2018-02 entitled “Statement Regarding Staff Proxy Advisory Letters.” The purpose of this Update is to notify advisers of its withdrawal of two 2004 no-action letters related to proxy voting. This Update follows the Commission’s July 2018 announcement of its plans to host a Roundtable with market participants (now scheduled for November 2018) to address proxy voting topics including the voting process, retail shareholder participation and the role of proxy advisory firms.

Over the past decade the SEC has consistently conveyed concern in public discourse and in adviser examinations regarding the growing reliance by advisers on proxy consultants. In 2010 the Commission sought public comment on the issue due to concern that the SEC’s own guidance permitted advisers to fulsomely rely upon the recommendations of proxy consultants. After reviewing this condition, the SEC has determined that over-reliance by advisers on proxy consultants may introduce a conflict of interest wherein the investment adviser fiduciary duty to provide objective investment advice is jeopardized.

This determination has resulted in an unusual but by no means unprecedented regulatory intervention wherein the SEC re-examined and subsequently withdrew (effective September 13, 2018) no-action letter guidance addressing adviser proxy voting services. This regulatory guidance was issued to Egan-Jones Proxy Services (May 27, 2004) and Institutional Shareholder Services, Inc. (Sept. 15, 2004). This guidance clarified that voting in reliance on a proxy consultant’s voting recommendations will insulate an investment adviser from any conflicts of interest and otherwise support the discharge of the investment adviser’s fiduciary duties.

However, the Egan Jones letter also issued a warning that the adviser should not conclude that it is appropriate to follow the voting recommendations of an independent proxy voting firm without first ascertaining, among other things, whether the proxy voting firm (a) has the capacity and competency to adequately analyze proxy issues; and (b) can make such recommendations in an impartial manner and in the best interests of the adviser’s clients.

As to the withdrawal of its 2004 no-action letter guidance, the Commission has stated that it has done so to facilitate the forthcoming roundtable discussion wherein the Commission will solicit and consider input from various market participants and stakeholders, i.e., public companies, public funds, investors, proxy advisors, and registered firms, among others, on all matters related to proxy voting.

Staff Legal Bulletin No. 20 (Proxy Voting Responsibilities of Investment Advisers and Availability of Exemptions from the Proxy Rules for Proxy Advisory Firms), issued by the Division of Investment Management in June 2014, remains in force, and provides guidance to advisers about their responsibilities in voting client proxies and retaining proxy advisory firms (including a reiteration of the Egan Jones capacity, competency, and impartiality standards).

 

Conclusions

The regulatory regime requires advisers to implement risk-based policy and procedure that is reasonably designed to ensure compliance with securities statutes. The rescindment of the referenced no-action guidance makes this risk management objective more problematic for advisers that retain proxy voting authority.

Advisers that retain voting authority are required to fulfill the fiduciary standard of care when voting proxies, as referenced in the Egan Jones letter. The Commission views proxy voting as a vital component of the investment decision making process. Proxy advice and decisions must be disinterested and objective in nature to ensure that client interests prevail in all voting decisions.

Furthermore, advisers must monitor proxy policies and procedures and fully document and retain all related input utilized to formulate, execute, and assess voting decisions in much the same manner as the adviser does investment decisions for clients.  Legal Bulletin No. 20 provides a helpful Question & Answer format to assist advisers in stress testing their proxy voting policies and procedures.

The proxy consultant industry has grown exponentially since advisers were first required to register with the SEC in 2004. This growth, and adviser reliance upon this industry, exerts considerable pressure upon advisers to evince through documentation that proxy consultants are but one source of input rather than the sole source.

 

Valuable Information Sources 

IM Information Update 2018-02: https://www.sec.gov/divisions/investment/imannouncements/im-info-2018-02.pdf

To view the SEC’s public statement about its actions with regard to the proxy letters, follow this link: https://www.sec.gov/news/public-statement/statement-regarding-staff-proxy-advisory-letters 

Staff Legal Bulletin No. 20 is available here: https://www.sec.gov/interps/legal/cfslb20.htm

SEC Risk Alert – Frequent Fee and Expense Deficiencies in Adviser Exams

By | Blog, New in Compliance, Risk Alert | No Comments

April 12, 2018:  The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert to highlight recurrent deficiencies observed in their recent examinations of investment advisers’ policies and procedures governing client fee and expense assessments. The deficiencies were identified by OCIE while conducting more than 1,500 investment adviser examinations over the past two years.  This Risk Alert emphasizes the importance of advisers’ provision of clear and thorough disclosures in Form ADV and client investment advisory agreements.  The Risk Alert further underscores prior Commission guidance relating to adviser obligations to develop, implement, and test effective risk-based compliance policies to minimize the risk of misrepresentation in client communications and the risk of misappropriation in the management of client assets.

Most Frequent Compliance Issues – Advisory Fees and Expenses 

The following issues were deemed to be significant and prevalent in nature, although they do not constitute all fee and expense-related findings detected by OCIE.

Read More

SEC Announces Share Class Selection Disclosure Initiative

By | Blog, New in Compliance, SEC

February 12, 2018: Investment advisers recommending mutual fund shares to advisory clients may have a disclosure problem. And yes, the U.S. Securities and Exchange Commission (“SEC”) is here to help address the problem. Yesterday the Commission announced its new self-reporting initiative, the Share Class Selection Disclosure Initiative (“SCSD Initiative”), to provide relief to advisers that have engaged in improper mutual fund recommendations on behalf of their clients. This initiative, forgiveness if you will, relates to certain mutual fund share class selections made by advisers relative to the formulation and execution of investment advice. If the offending firm promptly fesses up to the Division of Enforcement and promptly returns any non-compliant fees to harmed clients, the Division will agree not to recommend financial penalties against such advisers for violating federal securities laws. Read More

Labor Department Officially Delays Start of Fiduciary Rule

By | Blog, New in Compliance

December 4, 2017:  Last week, the Department of Labor (“DOL”) officially announced an 18-month extension for the start of key provisions of the Fiduciary Rule. DOL announced that the special Transition Period for the Fiduciary Rule’s Best Interest Contract Exemption (“BICE”) and the Principal Transactions Exemption, and the applicability of certain amendments to Prohibited Transaction Exemption 84-24 (PTEs), will move from January 1, 2018 to July 1, 2019. The extension gives DOL time to consider public comments, review the Fiduciary Rule and related exemptions, and coordinate with the U.S. Securities and Exchange Commission and other securities and insurance regulators. The delay underscores the DOL’s objectives of protecting retirement investors and avoiding unnecessary restrictions imposed upon retirement investors by financial service firms scrambling to fully implement the rule.

The DOL action leaves in place the Fiduciary Rule, effective June 9, 2017, including the revised definitions of fiduciary and investment advice that apply to ERISA plans and IRAs. The DOL’s action continues to recognize various exemptions permitted under the rule. Financial services organizations may rely on the BICE and the Principal Transactions Exemption if they satisfy the Impartial Conduct Standards. The impartial conduct standards, also referred to as the best-interest standard, which took effect on June 9, require fiduciary advisers to adhere to a best-interest standard when making investment recommendations, charge no more than reasonable compensation for their services, and refrain from making misleading statements.

The DOL also announced an extension of the temporary enforcement policy contained in Field Assistance Bulletin 2017-02 to cover the 18-month extension period. Therefore, from June 9, 2017, to July 1, 2019, the DOL will not pursue claims against fiduciaries working diligently and in good faith to comply with the Fiduciary Rule and PTEs, or treat those fiduciaries as being in violation of the Fiduciary Rule and PTEs. However, there is nothing to prevent a client from initiating a private action against a fiduciary for not placing their interests first and foremost as affirmed by the Supreme Court (SEC v. Capital Gaines Bureau 1963).

To our clients who have taken affirmative steps to comply with the Fiduciary Rule and demonstrate compliance with the Impartial Conduct Standards, we recommend that you continue to follow your enhanced policies and procedures. To those firms who have not yet implemented policies and procedures, we recommend that you do so.

Action steps to consider, if not already implemented:

  • Identify and segment all retirement investors as ERISA Plans, IRAs, etc. to facilitate tracking, disclosures, and management reporting.
  • Update compliance policies and procedures to document Fiduciary Rule compliance.
  • Update investment advisory agreements and Form ADV disclosures to clarify your firm’s fiduciary status and address inherent conflicts of interest.
  • IRA rollovers should be treated as a fiduciary activity unless it can be clearly and conclusively established that the firm’s role is purely informational, and does not involve the rendering of advice.  Client disclosures and written internal rollover analysis requirements should be in place.
  • Review all marketing materials and disclosures with a view to identifying and eliminating any statements that could be viewed as misleading or inadvertently deemed to constitute a fiduciary recommendation.
  • Evaluate all revenue streams and compensation programs to comport to the Fiduciary Rule exemption under which your firm has chosen to operate (i.e., level pay).
  • Evaluate the use of proprietary products and investments that generate third-party payments in retirement accounts to make sure use of such products is consistent with the best interest standard.
  • Consider benchmarking fees to defend the reasonableness of fees as being in the best interest of retirement investors.
  • Identify the party or parties in your firm responsible for overseeing compliance with the Impartial Conduct Standards.
  • Review insurance policies to ensure that coverage is appropriate under the new Fiduciary Rule.

Please call on us for assistance in implementing the Fiduciary Rule.

SEC Issues Additional Guidance – Form ADV Updates

By | New in Compliance, SEC

August 17, 2017:  Earlier this week, the Division of Investment Management of the U.S. Securities and Exchange Commission (“SEC”) issued IM Information Update 2017-06, directed to investment advisers filing Form ADV updates.  As widely reported, in August 2016, the Commission adopted amendments to Form ADV with a compliance date of October 1, 2017.[1] As of that date, any adviser filing an initial Form ADV or an amendment to an existing Form ADV will be required to provide responses to the form revisions adopted in the rulemaking. Read More

SEC Risk Alert – Observations from Cybersecurity Examinations OCIE Cybersecurity 2 Initiative

By | New in Compliance, Risk Alert, SEC

August 7, 2017:  The U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) has released results of its Cybersecurity 2 Initiative. In this Initiative, National Examination Program Staff examined 75 firms, including broker-dealers, investment advisers, and investment companies (“funds”) registered with the SEC to assess industry practices and legal and compliance issues associated with cybersecurity preparedness. The OCIE Cybersecurity 2 Initiative examinations involved more validation and testing of procedures and controls attendant to cybersecurity preparedness than was previously performed in OCIE’s 2014 Cybersecurity 1 Initiative. Read More

SEC Division of Investment Management Issues New Form ADV FAQs

By | New in Compliance, SEC

June 26, 2017:  As reported last year, on August 25, 2016, the U.S. Securities and Exchange Commission (“SEC”) adopted a series of rule amendments that will impact all federally-registered investment advisory firms. Specifically, the SEC is requiring additional Form ADV disclosures for registered investment adviser (“RIA”) firms related to separately managed accounts, social media accounts, types of clients, branch offices, and the use of an outsourced Chief Compliance Officer (“CCO”). The effective date of the new requirements is October 1, 2017. Therefore, any SEC-registered RIA filing an amendment beginning in October 2017, will be required to provide additional information on Form ADV Part 1. Read More

SEC National Exam Program Risk Alert Cybersecurity: Ransomware Alert

By | New in Compliance, Risk Alert, SEC

May 17, 2017:  The SEC just issued a Risk Alert (Cybersecurity: Ransomware Alert) to investment advisers and broker dealers informing them of the targeting of companies by hackers propagating a new and aggressive ransomware. On May 12, 2017, this attack, referred to as WannaCry, WCry, or Wanna Decryptor, rapidly affected numerous organizations across over one hundred countries. The WannaCry ransomware infects computers with a malicious software that encrypts computer users’ files and demands payment of ransom to restore access to the locked files.

Initial reports indicate that the hackers that perpetrated the attack are gaining access to enterprise servers either through Microsoft Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows Server Message Block version 1 vulnerability.[1] Most significantly, some networks have been affected through phishing emails and malicious websites.

To protect against the WannaCry threat, investment advisers are urged to (1) review the alert published by the United States Department of Homeland Security’s Computer Emergency Readiness Team[2] and (2) evaluate whether applicable Microsoft patches for Windows XP, Windows 8, and Windows Server 2003 operating systems are properly and timely installed.  The Microsoft patches to prevent the infection have been available since March for supported operating systems.  In addition, within 24 hours of the attack, Microsoft had provided the necessary security patch for non-supported Windows XP.  This highlights the need to keep current operating systems and have a disciplined and managed patching strategy.

This latest Risk Alert highlights the importance of conducting penetration tests and vulnerability scans on critical systems and implementing system upgrades on a timely basis. SEC staff also notes that appropriate planning to address cybersecurity issues, including developing a rapid response capability, is important and may assist firms in mitigating the impact of any such attacks and any related effects on investors and clients.

On the broader topic of cybersecurity, OCIE’s National Examination Program staff recently examined 75 SEC registered broker-dealers, investment advisers, and investment companies to assess industry practices and legal, regulatory, and compliance issues associated with cybersecurity preparedness.  The SEC observed a wide range of information security practices, procedures, and controls across the industry, varying greatly based on registrant operations, lines of business, risk profiles, and enterprise size.

The following observations gleaned from this sweep certainly informed this week’s SEC guidance relative to mitigating the cyber security risk posed by WannaCry ransomware, especially with respect to small and mid-sized registrants:

  • Cyber-risk Assessment: Five percent of broker-dealers and 26 percent of advisers and funds (collectively, “investment management firms”) examined did not conduct periodic risk assessments of critical systems to identify cybersecurity threats, vulnerabilities, and the potential business consequences.
  • Penetration Tests: Five percent of broker-dealers and 57 percent of the investment management firms examined did not conduct penetration tests and vulnerability scans on systems that the firms considered to be critical.
  • System Maintenance: All broker-dealers and 96 percent of investment management firms examined have a process in place for ensuring regular system maintenance, including the installation of software patches to address security vulnerabilities.  However, ten percent of the broker-dealers and four percent of investment management firms examined had a significant number of critical and high-risk security patches that were missing important updates.

The Commission has provided guidance and information that firms must consider when addressing cybersecurity risks and response – https://www.sec.gov/about/offices/ocie/cybersecurity-examination-sweep-summary.pdf .  While not a functional regulator for advisers, FINRA has also provided guidance which is especially useful for smaller enterprises with commensurately smaller cyber risk profiles – http://www.finra.org/industry/cybersecurity.

For the past two years, Horrigan Resources has partnered with an IT specialist to offer cybersecurity risk assessments to our clients. Although each firm presents unique risks and challenges, the overarching themes relative to risk mitigation have been rapid response to red flags, and swift handling of ‘low hanging fruit’. Risk mitigation may entail material capital expenditure over time however the key is to know and triage risk, recognize that cyber risk management is ongoing and continuous, and be proactive.

Not unlike compliance, attaining a secure IT environment is a journey without a destination. Continuous and prudent attention to business risk, awareness of the threat environment, and ongoing employee training and awareness are great starting points to reduce cyber risk. Follow this link for the Risk Alert: https://www.sec.gov/files/risk-alert-cybersecurity-ransomware-alert.pdf.

May 19, 2017

prepared by Horrigan Resources, Ltd.

www.horriganresources.com

(724) 934-0129

Not customized advice. Not legal advice.

[1] See, U.S. Department of Homeland Security/ U.S. Computer Emergency Readiness Team (US-CERT), Alert (TA17-132A), Indicators Associated with WannaCry Ransomware (May 12, 2017, last revised May 15, 2017) (“U.S. Cert Alert TA-132A”).

[2] https://www.us-cert.gov/ncas/alerts/TA17-132A