cybersecurity | DOL Fiduciary Rule | FINRA Rule Changes | Form ADV | Form ADV Disclosure

Regulatory Update for September 2017

  • Fiduciary Rule Delayed — yet again — until July 1, 2019. The Office of Management and Budget (OMB) moved at lightning speed (for a governmental entity) in approving a proposal to delay the DOL’s Fiduciary Rule, and the DOL has proposed to extend the existing transition period for implementation of the Best Interest Contract Exemption (BICE), the Principal Transaction Exemption, and PTE 84-24 (relating to sales of annuities and other transactions involving insurance companies and agents).  In the meantime, financial institutions and investment advisers subject to the DOL’s Fiduciary Rule must still “give prudent advice that is in retirement investors’ best interest, charge no more than reasonable compensation, and avoid misleading statements.” The DOL said the delay was necessary since it has not yet completed its required re-examination of the Fiduciary Rule and accompanying prohibited transaction exemptions as directed by President Trump, and that it needs time to review the “substantial commentary received in response to the March 2, 2017 solicitation for comments and to honor the President’s directive to take a hard look at any potential undue burden.” Contributed by Jaqueline M. Hummel, Partner and Managing Director
  • DOL issues more FAQs on Fiduciary Rule: In this most recent FAQ, the DOL reverses itself, saying that a recommendation by a 401(k) and its service provider urging plan participants to make contributions to the plan is not (necessarily) “fiduciary advice.”  Before you breathe that sigh of relief, check out the fine print. The DOL says that a service provider can recommend that a plan participant contribute more to the plan, if the recommendation is objective.  So, if the plan provider recommends that participants increase their contributions in order to obtain the full benefit of an employer’s matching contributions, that’s not considered fiduciary advice.  Second, the recommendation to increase a participant’s participation in the 401(k) plan cannot recommend any particular investment or strategy.  Contributed by Jaqueline M. Hummel, Partner and Managing Director
  •  OCIE’s Lessons from Cybersecurity Exams: As a part of the Office of Compliance Inspections and Examinations’ (OCIE) Cybersecurity 2 Initiative, the National Examination Program staff (NEP) examined 75 firms to take stock of the industry’s cybersecurity preparedness. Among the firms examined were broker-dealers, investment advisors, and investment companies (“funds”).  In its Risk Alert, “Observations from Cybersecurity Exams,” OCIE found an overall improvement in cybersecurity practices since the 2014 Cybersecurity 1 Initiative, and noted that broker-dealers were ahead of the curve on cybersecurity issues. OCIE staff still found gaps in the policies and procedures and failures to enforce the cybersecurity measures. Take note:  the staff included a list practices of what it deems robust cybersecurity controls, including:
    • Detailed policies and procedures for reviewing results of penetration testing;
    • Monitoring and auditing information systems, periodic review of access rights, and reporting issues.
    • Scheduling vulnerability scans and beta testing of security patches;
    • Enforcing controls for accessing data and systems;
    • Maintaining an inventory of data, information and vendors;
    • Mandatory employee training; and
    • Engagement of senior management.

Contributed by Alison Palmeri, Compliance Associate

  • New Investment Management Information Update on Form ADV: The SEC has adopted changes to Form ADV that go into effect on October 1st of this year. (You can refresh your memory here:  Amendments to Form ADV Part 1A for 2017.)  The changes to the form will be incorporated into the IARD system, and failure to complete the new and updated sections will result in update being rejected as incomplete submissions.  But since advisers are not yet required to include some of this new information until their annual updates, how do you deal with filing an other-than-annual amendment to the Form between October 1st and the next required annual amendment?  The SEC staff recently issued an Information Update to deal with this temporary issue.  For these other-than-annual amendments, SEC staff will not recommend enforcement action if advisers use “0” as a placeholder for the new or amended questions in Item 5 and Schedule D.   Advisers should submit a corresponding note in the Miscellaneous section of Schedule D to identify their use of a placeholder.  Although this provides some relief for advisers in the interim, annual amendments will be here before you know it. We recommend continuing to gather the information required so you’re prepared for that first annual amendment come 2018. Contributed by Cara Sharbaugh, Compliance Consultant
  • FINRA Updates its New Account Application Template: In our May 2017 Regulatory Update, we told you about new FINRA Rule 2165 which provides a safe harbor for broker-dealers when dealing with the potential exploitation of a vulnerable adult.  Recently, FINRA updated its New Account Application template to reflect new FINRA Rule 2165 and the resulting amendments to Rule 4512 (customer account information).  The existing section of the template titled, “Getting Started” now contains a reference to trusted contact person information.  This is in reference to a new section titled, “Trusted Contact Person Information (optional)” that has been added to collect contact information and grant the firm authorization to contact the named individual and disclose account information under specified circumstances.  We encourage broker-dealers to work with their clearing firms to determine how they will be addressing Rules 2165 and 4512.  Contributed by Rochelle Truzzi, Senior Compliance Consultant.

Lessons Learned From Recent SEC and FINRA Cases:

RIA’s Affiliate Private Fund Manager Wrongly Claimed Registration Exemption:  It’s the old shell game…In this SEC cease and desist order Brian Kimball Case, CCO of Bradway Financial, LLC, mistakenly thought he could avoid an independent custody audit for two private funds if he created a separate exempt entity to advise them, which he called Bradway Capital Management, LLC.  The SEC saw through this thin veil, finding that registration could not be avoided since the two advisers were under common control, operationally integrated, and had the same employees, space and systems.  This meant that Bradway Capital was not acting “solely as adviser to private funds” and could not avoid registration.  Moreover, Bradway Capital did not act like an exempt adviser, since it did not maintain separate policies and procedures regarding registration and exemptions from registration as an investment advisor.  As a side note, Bradway was also deemed to have custody for accepting stock certificates, blank authorization forms, and password and login information for accounts with cash transfer options.  It certainly didn’t help matters that Bradway Capital had mislead investors by providing them with inflated values for investments in the funds.   When managing firm risk, custody issues and controls should always be a top priority.   Contributed by Heather Augustine, Senior Compliance Consultant

If you play with fire, you’re gonna get burned.  Columbia River Advisors, LLC, Benjamin J. Addink and Donald A. Foy, recently settled a case with the SEC for failure to disclose conflicts of interest.  Foy and Addink, the fund managers, used assets from Fund I to invest in Fund II. Fund II, in turn, loaned money to the advisor, which used the money to expand its business, and, presumably, its profits.   Disclosure of the investment and conflict of interest didn’t happen until 18 months later — in the audited financial statement for Fund I.  The SEC seemed to find it particularly galling that investors in Fund I were not informed that a substantial portion of the Fund’s assets were not being deployed in the disclosed foreign currency trading strategy, and that these investors also ended up paying a second advisory fee because of Fund I’s investment in Fund II.  And to add fuel to the SEC fire, the CCO and CEO were hit with willful violation of the Custody Rule because they did not send out the audited financials within three months of their fiscal year end.  Additionally, the independent auditor for the funds was registered with the PCAOB, but it was not also subject to PCAOB inspection, which meant it was not qualified to perform audits under the Custody Rule.   The SEC goes on to explain that Foy, the CCO, was aware of his responsibilities because the custody requirements were outlined in the compliance manual that he had read!  Contributed by Heather Augustine, Senior Compliance Consultant

Yikes!  CCO Sanctioned for Incorrectly Stating Assets under Management on Form ADV!  In a case that makes me want to hide under the covers, the SEC fined a CCO $30,000 and banned him from the industry for one year!  David I. Osunkwo, an outsourced CCO working for Aegis Capital LLC and Circle One Wealth Management LLC, prepared a Form ADV to reflect the merger of the two firms under the same parent company.  In preparing the document, Osunkwo relied on an email message from the Chief Investment Officer that provided him with an estimate of the combined AUM, which overstated the amount by 190%.  The scary thing about this case is that there is no evidence that Osunkwo engaged in fraud or that investors were harmed.  He relied on the CIO for the information.  So for all the CCOs out there, make sure you have more evidence to back up the information in the Form ADV than just the word of a principal of the firm.  Contributed by Jaqueline M. Hummel, Partner and Managing Director

Worth Reading:

 Confused about the differences between Accredited Investors, Qualified clients and Qualified Purchasers?  Alexander J. Davie sorts it out for you.

Knock, Knock!  It’s the SEC’s Boston regional office Investment advisers in Boston are at increased risk of unannounced exam visits.  ACA Insight provides details.

Still scratching your head about which plans are covered by the Fiduciary Rule?  Fred Reish breaks it down for you.

Custody and third-party SLOA Authority:  Chris Stanley writes about standing letters of authorization and the Custody Rule, in his guest post on the Nerd’s Eye View.

Filing Deadlines and To Do List for September


 No regulatory deadlines for September 2017.


  • Annual Audit Reports for the period ending July 31, 2017. FINRA members are required to submit their annual audit reports in electronic form.  In addition, firms that are members of Securities Investor Protection Corporation (SIPC) must file the annual audit report with SIPC. Filings are due September 29, 2017.
  • FOCUS Reports: FINRA members must submit their FOCUS reports for the period ending August 31, 2017 by September 26, 2017.
  • Supplemental Inventory Schedule (SIS):  The SIS must be filed by a firm that is required to file FOCUS Report Part II, FOCUS Report Part IIA or FOGS Report Part I, with inventory positions as of the end of the FOCUS or FOGS reporting period, unless the firm has (1) a minimum dollar net capital or liquid capital requirement of less than $100,000; or (2) inventory positions consisting only of money market mutual funds.  SIS Form Filing is due September 29, 2017 for the period ending August 31, 2017.

Hardin Compliance Consulting provides links to other publicly-available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance.  The information in this e-newsletter is for general guidance only.  It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind.