SEC Announces Share Class Selection Disclosure Initiative

By | Blog, New in Compliance, SEC

February 12, 2018: Investment advisers recommending mutual fund shares to advisory clients may have a disclosure problem. And yes, the U.S. Securities and Exchange Commission (“SEC”) is here to help address the problem. Yesterday the Commission announced its new self-reporting initiative, the Share Class Selection Disclosure Initiative (“SCSD Initiative”), to provide relief to advisers that have engaged in improper mutual fund recommendations on behalf of their clients. This initiative, forgiveness if you will, relates to certain mutual fund share class selections made by advisers relative to the formulation and execution of investment advice. If the offending firm promptly fesses up to the Division of Enforcement and promptly returns any non-compliant fees to harmed clients, the Division will agree not to recommend financial penalties against such advisers for violating federal securities laws. Read More

SEC Issues 2018 Examination Priorities

By | Blog, SEC

February 7, 2018:  We wish our clients and colleagues a very prosperous new year and, this being the kickoff of 2018, we are all once again bestowed with the SEC National Exam Program Examination Priorities for the coming year!  We believe this informal guidance, announced February 7, 2018, can be helpful to Chief Compliance Officers as they recalibrate their compliance programs to adjust for business model evolutions or to realign their own compliance priorities following the 2017 annual review.

The following is a synopsis of the 2018 SEC examination priorities, abridged to present content pertaining primarily to investment advisers. The strategy and principles content has been extracted directly from the release to provide appropriate context to the Commission’s strategic and tactical execution of their mission.   Read More

2017 SEC Enforcement Division Playbook

By | Blog, SEC

November 27, 2017:  The U.S. Securities and Exchange Commission (“SEC”) was established by an Act of Congress to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Compliance with the Investment Advisers Act, the Investment Company Act, and other federal securities statutes is highly dependent upon the adviser’s capacity to fully appreciate where the SEC is headed when they contemplate a deficiency letter, enforcement action, or referral to the Department of Justice.  For investment advisers, all aspects of the SEC mission statement have a direct correlation to the adviser’s business model, i.e., the non-compliant registered investment adviser presents an ongoing threat to undermine the Commission’s execution of its mission statement and therefore attracts significant resources and scrutiny from the regulator.

Fiscal year 2017 was by all accounts a successful year for the SEC’s Division of Enforcement. The Commission brought 754 actions and obtained judgments and orders totaling more than $3.7 billion in disgorgement and penalties. Significantly, it also returned a record $1.07 billion to harmed investors, suspended trading in the securities of 309 companies, and barred or suspended more than 625 individuals.

The Commission recently announced that in its fiscal year 2018, it will deliver a 20 per cent increase in the number of examinations of US investment advisers year-over-year.[1] In June of 2017, the SEC announced the reassignment of 100 staff to adviser exams from the broker-dealer regime. In testimony before Congress, Chairman Jay Clayton noted that “for at least the next several years we will need to do more each year to increase the agency’s examination coverage of investment advisers in light of continuing changes in the markets…”[2]

Beyond the OCIE Deficiency Letter, there are three manifestations of an SEC enforcement action to be imposed upon a non-compliant investment adviser if in fact the adviser’s compliance program is required to suffer the ignominy of a referral to the Enforcement Division.  In roughly equal measure they are, penalties and fines, disgorgement of ill-gotten gains, and suspensions or bars that prevent wrongdoers from working in the securities industry.  The latter has become a more widely utilized enforcement mechanism as the SEC seeks to reaffirm the personal accountability of professionals for acts of commission and omission which undermine the SEC’s mission.

The Division of Enforcement’s recently released 2017 Annual Report reveals significant insight into the current orientation of the Commission and its unwavering focus upon robust execution of its mission statement.[3]

The Commission is steadfast in its execution of all three mission axes however the protection of investors remains a significant focus year after year regardless of political or budgetary considerations. This reality drives SEC resource allocation in the following investor protection subsets: cyber-related misconduct, non-compliant activities of investment advisers, financial reporting, insider trading, and market abuse.   To closely align allocation of resources with two key SEC priorities—protecting retail investors and combatting cyber-related threats—at the end of fiscal year 2017, the Division announced the creation of a Cyber Unit and a Retail Strategy Task Force.

The Cyber Unit combines the Enforcement Division’s substantial cyber-related expertise and its proficiency in digital ledger technology.  This component of the Enforcement Division will focus upon the following risk inflection points:

  • Market manipulation schemes involving false information spread through electronic and social media;
  • Hacking to obtain material nonpublic information and trading on that information;
  • Violations involving distributed ledger technology and initial coin offerings (ICOs);
  • Misconduct perpetrated using the dark web;
  • Intrusions into retail brokerage accounts; and
  • Cyber-related threats to trading platforms and other critical market infrastructure.


The Retail Strategy Task Force is a component of the Enforcement Division which focuses upon the protection of investors and relies heavily on the ongoing development and utilization of proprietary technology and data analytics to identify violations of federal securities statutes.  The primary focus of the Retail Strategy Task Force will center on the following risk areas:

  • Microcap markets;
  • Offering frauds (where victims typically are retail investors); and
  • The intersection of investment professionals and retail investors.


With respect to the latter area of risk, the Enforcement Division will scrutinize misconduct wherein advisers:

  • Steer clients to higher-cost mutual fund share classes;
  • Abuse wrap fee account protocol (churning, excessive trading, etc.); and
  • Provide investor recommendations to buy and hold highly volatile products like inverse exchange-traded funds and/or provide unsuitable advice to purchase structured products.

Clearly the creation and funding of these Enforcement resources place the non-compliant registered investment adviser in greater reputational and regulatory jeopardy. A long forgotten Chinese philosopher once remarked “a picture is worth a thousand words.”  In this same vernacular, one should refer to data provided by the Enforcement Division wherein an interesting “picture” emerges relating to the current and prospective orientation of the Enforcement Division.

Even in the midst of a transition in leadership, 2017 was an impactful year for the Enforcement Division. The Commission brought a diverse mix of 754 enforcement actions, of which:

  • 446 were “standalone” (wherein the Commission either sued in civil action or referred to the Department of Justice in criminal action, individual defendants rather than subsets of defendants) actions brought in federal court or as administrative proceedings;
  • 196 were “follow-on” proceedings seeking bars based on the outcome of Commission actions or actions by criminal authorities or other regulators; and
  • 112 were proceedings to deregister public companies—typically microcap—that were delinquent in their Commission filings.


Consistent with the Division’s focus upon personal accountability, over 73% of the standalone actions entailed prosecution of non-compliant individuals while approximately 20% of these actions involved investment advisers and their personnel. Total monies ordered paid by defendants in fiscal year 2017 was $3.789 billion, comprised of $832 million in penalties and $2.957 billion in disgorgement.

A deeper dive into the numbers reveals a well-known fact … a small number of enforcement actions (generally against larger firms) constitute most of the penalties and disgorgements. Indeed, 5 percent of cases that involve the largest penalties and disgorgement account for most of the financial remedies the Commission obtained in its last fiscal year.  However, the remaining 95 percent of cases not only constitute the bulk of the Enforcement Division’s overall activity and resources, but also address the broadest array of conduct. There should be no doubt that the Enforcement Division is intent on protecting all investors regardless of whether they are serviced by the very large investment adviser or the small adviser.

As noted, monetary sanctions and disgorgements are two legs of the enforcement protocol. A third and very effective means of behavioral modification utilized by the Enforcement Division entails removing bad actors from the securities industry altogether, whether as a suspension or a permanent bar. One of the most important things that the Commission can do proactively to protect investors and the market is to remove bad actors from positions where they can engage in future wrongdoing. Bars and suspensions allow the SEC to prevent wrongdoers from serving as officers or directors of public companies, dealing in penny stocks, associating with registered entities such as broker-dealers and investment advisers, or appearing or practicing before the Commission as accountants or attorneys. Enforcement actions resulted in over 625 bars and suspensions of wrongdoers in fiscal year 2017 and over 650 bars and suspensions in fiscal year 2016 pursuant to the SEC’s intent to focus upon personal accountability.

Insight into the Commission’s enforcement activity and underlying rationale provides a very valuable perspective to the adviser registrant intent on attaining and maintaining a culture of compliance. To this end, enforcement actions are closely watched by registrants and their agents. This scrutiny leads to improved compliance risk management and training as non-compliant behavior is modified.  In this respect the actions of the Enforcement Division have a multiplier effect insofar as enforcement actions have a meaningful impact on market participants who are not involved in the particular misconduct that has been charged.

Of course, it is understood that registered advisers design their compliance risk management programs to avoid contact with the Division of Enforcement.  Perhaps less understood that bears reinforcement with advisory staff is that personal accountability has never been more important.


[2] Testimony on “Oversight of the U.S. Securities and Exchange Commission” by Chairman Jay Clayton, Washington D.C., Sept. 26, 2017


SEC Issues Additional Guidance – Form ADV Updates

By | New in Compliance, SEC

August 17, 2017:  Earlier this week, the Division of Investment Management of the U.S. Securities and Exchange Commission (“SEC”) issued IM Information Update 2017-06, directed to investment advisers filing Form ADV updates.  As widely reported, in August 2016, the Commission adopted amendments to Form ADV with a compliance date of October 1, 2017.[1] As of that date, any adviser filing an initial Form ADV or an amendment to an existing Form ADV will be required to provide responses to the form revisions adopted in the rulemaking. Read More

SEC Risk Alert – Observations from Cybersecurity Examinations OCIE Cybersecurity 2 Initiative

By | New in Compliance, Risk Alert, SEC

August 7, 2017:  The U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) has released results of its Cybersecurity 2 Initiative. In this Initiative, National Examination Program Staff examined 75 firms, including broker-dealers, investment advisers, and investment companies (“funds”) registered with the SEC to assess industry practices and legal and compliance issues associated with cybersecurity preparedness. The OCIE Cybersecurity 2 Initiative examinations involved more validation and testing of procedures and controls attendant to cybersecurity preparedness than was previously performed in OCIE’s 2014 Cybersecurity 1 Initiative. Read More

SEC Division of Investment Management Issues New Form ADV FAQs

By | New in Compliance, SEC

June 26, 2017:  As reported last year, on August 25, 2016, the U.S. Securities and Exchange Commission (“SEC”) adopted a series of rule amendments that will impact all federally-registered investment advisory firms. Specifically, the SEC is requiring additional Form ADV disclosures for registered investment adviser (“RIA”) firms related to separately managed accounts, social media accounts, types of clients, branch offices, and the use of an outsourced Chief Compliance Officer (“CCO”). The effective date of the new requirements is October 1, 2017. Therefore, any SEC-registered RIA filing an amendment beginning in October 2017, will be required to provide additional information on Form ADV Part 1. Read More

SEC National Exam Program Risk Alert Cybersecurity: Ransomware Alert

By | New in Compliance, Risk Alert, SEC

May 17, 2017:  The SEC just issued a Risk Alert (Cybersecurity: Ransomware Alert) to investment advisers and broker dealers informing them of the targeting of companies by hackers propagating a new and aggressive ransomware. On May 12, 2017, this attack, referred to as WannaCry, WCry, or Wanna Decryptor, rapidly affected numerous organizations across over one hundred countries. The WannaCry ransomware infects computers with a malicious software that encrypts computer users’ files and demands payment of ransom to restore access to the locked files.

Initial reports indicate that the hackers that perpetrated the attack are gaining access to enterprise servers either through Microsoft Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows Server Message Block version 1 vulnerability.[1] Most significantly, some networks have been affected through phishing emails and malicious websites.

To protect against the WannaCry threat, investment advisers are urged to (1) review the alert published by the United States Department of Homeland Security’s Computer Emergency Readiness Team[2] and (2) evaluate whether applicable Microsoft patches for Windows XP, Windows 8, and Windows Server 2003 operating systems are properly and timely installed.  The Microsoft patches to prevent the infection have been available since March for supported operating systems.  In addition, within 24 hours of the attack, Microsoft had provided the necessary security patch for non-supported Windows XP.  This highlights the need to keep current operating systems and have a disciplined and managed patching strategy.

This latest Risk Alert highlights the importance of conducting penetration tests and vulnerability scans on critical systems and implementing system upgrades on a timely basis. SEC staff also notes that appropriate planning to address cybersecurity issues, including developing a rapid response capability, is important and may assist firms in mitigating the impact of any such attacks and any related effects on investors and clients.

On the broader topic of cybersecurity, OCIE’s National Examination Program staff recently examined 75 SEC registered broker-dealers, investment advisers, and investment companies to assess industry practices and legal, regulatory, and compliance issues associated with cybersecurity preparedness.  The SEC observed a wide range of information security practices, procedures, and controls across the industry, varying greatly based on registrant operations, lines of business, risk profiles, and enterprise size.

The following observations gleaned from this sweep certainly informed this week’s SEC guidance relative to mitigating the cyber security risk posed by WannaCry ransomware, especially with respect to small and mid-sized registrants:

  • Cyber-risk Assessment: Five percent of broker-dealers and 26 percent of advisers and funds (collectively, “investment management firms”) examined did not conduct periodic risk assessments of critical systems to identify cybersecurity threats, vulnerabilities, and the potential business consequences.
  • Penetration Tests: Five percent of broker-dealers and 57 percent of the investment management firms examined did not conduct penetration tests and vulnerability scans on systems that the firms considered to be critical.
  • System Maintenance: All broker-dealers and 96 percent of investment management firms examined have a process in place for ensuring regular system maintenance, including the installation of software patches to address security vulnerabilities.  However, ten percent of the broker-dealers and four percent of investment management firms examined had a significant number of critical and high-risk security patches that were missing important updates.

The Commission has provided guidance and information that firms must consider when addressing cybersecurity risks and response – .  While not a functional regulator for advisers, FINRA has also provided guidance which is especially useful for smaller enterprises with commensurately smaller cyber risk profiles –

For the past two years, Horrigan Resources has partnered with an IT specialist to offer cybersecurity risk assessments to our clients. Although each firm presents unique risks and challenges, the overarching themes relative to risk mitigation have been rapid response to red flags, and swift handling of ‘low hanging fruit’. Risk mitigation may entail material capital expenditure over time however the key is to know and triage risk, recognize that cyber risk management is ongoing and continuous, and be proactive.

Not unlike compliance, attaining a secure IT environment is a journey without a destination. Continuous and prudent attention to business risk, awareness of the threat environment, and ongoing employee training and awareness are great starting points to reduce cyber risk. Follow this link for the Risk Alert:

May 19, 2017

prepared by Horrigan Resources, Ltd.

(724) 934-0129

Not customized advice. Not legal advice.

[1] See, U.S. Department of Homeland Security/ U.S. Computer Emergency Readiness Team (US-CERT), Alert (TA17-132A), Indicators Associated with WannaCry Ransomware (May 12, 2017, last revised May 15, 2017) (“U.S. Cert Alert TA-132A”).


Pay-to-Play Enforcement Actions against Investment Advisers

By | New in Compliance, SEC

April 9, 2017:  The U.S. Securities and Exchange Commission (“SEC”) recently announced that ten investment advisory firms agreed to pay penalties in the tens of thousands of dollars to settle charges that they violated Rule 206(4)-5 (the “Pay-to-Play Rule”) under the Investment Advisers Act of 1940. The SEC charged the firms with receiving compensation for investment advisory services that they provided for managing public pension fund assets within two years of the firms’ covered associates having made prohibited campaign contributions.

In the aftermath of the California and New York pension scandals, the Pay-to-Play rule made it illegal for employees of regulated firms to make contributions to elected officials to influence the awarding of contracts to manage public pension plan assets and other government investment accounts. The presumption is that such practices result in higher fees for inferior advisory services because the advisory contracts are not negotiated at arm’s length.


The Rule 

The rule itself is fairly direct … investment advisers registered, or required to register, with the SEC, or which are “exempt reporting advisers” to private funds or venture capital funds, may not receive compensation for providing investment advice to government entities for two years after the adviser or its covered associates make direct or indirect contributions to officials of such governments who are responsible for hiring investment advisers.

A “covered associate” of an investment adviser is defined in Rule 206(4)-5(f)(2) as: (i) any general partner, managing member or executive officer, or other individual with a similar status or function; (ii) any employee who solicits a government entity for the investment adviser and any person who supervises, directly or indirectly, such employee; and (iii) any political action committee controlled by the investment adviser or by any of its covered associates.  The rule also prohibits covered investment advisers or their covered associates from providing or agreeing to provide, directly or indirectly, payment to any person to solicit a government entity for investment advisory services on behalf of an adviser, unless that person is a regulated person as defined by Rule 206(4)-5(a)(2)(i)(A). 

There are three exceptions to the Pay-to-Play Rule wherein covered associates of a firm (not the firm itself) may contribute to current or prospective clients of the firm which are government entities without fear of violating the rule. They include the following:
¨       De minimis contributions: covered associates, who are natural persons, may contribute up to $350 per election to an official for whom that covered associate is entitled to vote, and a maximum contribution of $150 for any other official.
¨       New covered associates: provides an exception for certain covered associates who made a contribution more than six months prior to becoming a covered associate of the current adviser; this exception is not valid for associates that engage in distribution or solicitation activities with a government entity on behalf of the adviser, where in such case, the time-out period is two years.
¨       Returned contributions: an adviser will not be in violation of the rule if the contribution in question is returned to the contributor within the stipulated grace period.  Reliance on this exception is subject to the following additional conditions:
¨       Advisers with more than 150 registered persons may rely on this exemption three times in a calendar year;
¨       Advisers with less than 150 registered persons may rely on this exemption twice a year;
¨       The exemption may only be used once for the same registered person;
¨       The excess contribution is discovered within four months of the initial conveyance to the political office holder/aspirant; and
¨       The contribution is returned to the donor within 60 days of its discovery.

The SEC findings affirmed that ten advisory firms violated the two-year timeout period wherein they accepted advisory fees from city or state pension funds after their covered associates made campaign contributions to candidates or elected officials.  The ten firms were required to pay penalties ranging from $35,000 to $75,000 and forego compensation for two years from such government entities. 


Of Interest

Several key factors make these settlements particularly noteworthy and instructive, namely:

  • The contributions in question were small.
  • Several of the advisers charged were only “exempt reporting advisers”.
  • Several of the advisers charged had obtained returns of the prohibited contributions.

The amount of the contributions made in all cited cases was relatively small and in most cases only a few hundred dollars above the permissible limit. A few of the advisers contributed a total of $500, and in one instance a covered associate of the adviser made a contribution $50 over the de minimus limit. Of significant import … there appears to have been no specific indication that these contributions were made as part of a quid pro quo arrangement or attempt to induce an investment by a government entity.

Of the ten enforcement actions, the contributions in question were made to a state governor or candidate for governor in six instances, while in two cases, the contributions were made to the mayor of New York City.  While these political office holders/aspirants fall within the rule’s technical definition of “elected official”, many CCOs find it surprising that the SEC chose to focus its enforcement efforts on donations to such offices to the extent that Pay-to-Play is intended to thwart political contributions to political players who truly influence the awarding of asset management contracts by public funds. Nevertheless, regardless of how tenuous the office holder/aspirant’s connection is to the asset management protocol for a given political jurisdiction, the SEC is making clear that advisers and their covered associates must toe the line as it relates to Pay-to-Play compliance.

These enforcement actions should compel CCOs and covered associates alike to review their Pay-to-Play policies and procedures to avoid penalties and sanctions.


Horrigan Resources, Ltd.

Wexford, Pennsylvania                            724-934-0129         

SEC IM Guidance Update 2017-01 Inadvertent Custody: Advisory Contract versus Custodian Contract Authority

By | New in Compliance, SEC

March 9, 2017:  The law of unintended consequences has struck again … this time its target is the investment advisory community wherein advisers who eschew custody and indeed have written policies which prohibit custody, may in fact retain custody and therefore be noncompliant with U.S. Securities and Exchange Commission (“SEC”) Rule 206(4)-2 pursuant to the Investment Advisers Act of 1940, as amended (“Advisers Act”).

The occurrence of unintended custody is a process wherein the custodian and the client, without adviser participation or direct knowledge, execute a custodian agreement which conveys to the adviser access to client funds. Advisers prohibiting client custody under this scenario are now deemed to have client custody.  If you are such an adviser, the SEC wants you to know that your firm has the obligation to fully comply with Custody Rule 206(4)-2. Read More