For Investment Advisers and Broker-Dealers
Cybersecurity Awareness Month – Noteworthy Resources. October was Cybersecurity Awareness Month. Here is a recap of recent alerts and notices from regulators:
- FBI Public Service Announcement: A COVID 19-Driven Increase in Telework from Hotels Could Pose a Cyber Security Risk for Guests. (10/6/2020) The FBI encourages caution when using hotel wireless networks. Dangers include hotels employing lax Wi-Fi security measures and cyber crooks tricking guests into using malicious networks. The PSA also provides tips on reducing your risk when using hotel Wi-Fi, how to identify when a device has been compromised, and what you should do if this happens.
- OCIE Cybersecurity: Safeguarding Client Accounts Against Credential Compromise. (9/15/2020) OCIE has observed an increase in the number of credential stuffing cyber-attacks impacting SEC-registered investment advisers and broker-dealers. See Hardin’s October Regulatory Updates for our prior coverage of the alert.
- OCIE Cybersecurity: Ransomware Alert. (7/10/2020) OCIE reports an increase in the level of sophistication of ransomware attacks on investment advisers and broker-dealers. See Hardin’s August Regulatory Updates for our summary of the alert.
- FINRA Notices
- Information Notice – Cybersecurity Background: Authentication Methods. (10/15/2020) FINRA reminded members that a key element of an effective cybersecurity program is a robust authentication process.
- Regulatory Notice 20-35: FINRA Alerts Firms to Phishing Email Requesting Them to Respond to Fraudulent FINRA Survey. (10/6/2020) FINRA alerted members to a phishing email requesting that recipients respond to a fraudulent FINRA survey.
- Regulatory Notice 20-32: FINRA Reminds Firms to Be Aware of Fraudulent Options Trading in Connection with Potential Account Takeovers and New Account Fraud. (9/17/2020) FINRA reported an increase in fraudulent option trading where bad actors take over accounts using compromised customer login credentials. Contributed by Doug MacKinnon, Senior Compliance Consultant.
Message from States to Firms Shifting from Temporary to Permanent WFH Offices: Don’t Forget State Registration Requirements. State regulators are recognizing that the new “work from home” environment is here to stay. Several have ended grace periods that allowed investment adviser representatives (IARs) to provide advisory services in a different state without registration, if they relocated because of the COVID-19 pandemic. For example, Pennsylvania’s Department of Banking and Securities’ patience wore thin for IARs who re-located to the Keystone state to “shelter-in-place”. The department sent an email to broker-dealers and advisors stating that the grace period will end as of August 31, 2020 for individuals teleworking from their homes in Pennsylvania during COVID-19 that have not yet registered with the state. Many advisers may not be aware that the grace period has ended since the department did not include the announcement on its website.
States where grace periods have ended include Delaware (May 15, 2020) and Alabama (July 31, 2020). Texas will be ending its grace periods soon Texas (December 31, 2020). New Hampshire and Idaho are continuing their grace periods until further notice. Maine recently extended its grace period until January 29, 2021.
We recommend that firms contact their state regulators to ask whether registration is necessary for IARs who have relocated. For some IARs, registration in a new state may require jumping some regulatory hurdles. Although many states waive examination requirements for individuals currently registered in another state, some states, like Pennsylvania, do not.
Stay tuned for a future blog post by Hardin Compliance for more information on this issue. Contributed by Jaqueline M. Hummel, Partner and Managing Director.
New Guidance on Form CRS Disclosures. On October 8th, the SEC updated its Frequently Asked Questions on Form CRS to provide additional guidance related to disciplinary history disclosures. Specifically:
- ALL Forms CRS must include the prescribed heading, “Do you or your financial professionals have legal or disciplinary history?” and a “Yes” or “No” response.
- When responding “Yes” or “No” on behalf of the firm, the firm must include the reportable disciplinary histories of its relevant affiliates (e.g., parent company).
- A firm may provide two responses to the heading required by Item 4.A: one response for the firm (including relevant affiliates) and a second response for the firm’s financial professionals. While the FAQ reads that the SEC would accept a concise response of “Firm – no.” “Financial professionals – yes,” we encourage readers to review the SEC’s instruction to new registrants filing Form CRS for the first time (see bullet #5, below).
- Firms may not include additional qualitative or quantitative information in the relationship summary to explain the disciplinary history.
- In addition to the updated FAQ, the SEC has recently instructed new registrants filing Form CRS for the first time that all responses to headings phrased as questions should begin with the words, “Yes” or “No.” The response should not begin, for example, with the words, “Our Firm does not […].”
Have a question? Hardin is standing by, ready to answer your questions. Contributed by Rochelle A. Truzzi, Managing Director.
For Investment Advisers
Advisers – Mark your Calendars! The IARD Annual 2021 Renewal Program has Begun. November marks the beginning of the annual renewal cycle for investment advisers (IAs) and their investment adviser representatives (IARs). Unlike many other filings in 2020, there will be no regulatory relief for late filings or payments due to the ongoing COVID-19 pandemic. Preliminary renewal statements will be available on the IARD system on November 16, 2020, and the deadline for the receipt of firms’ preliminary renewal payment is December 14, 2020. If the firm has sufficient funds in its Flex-Funding Account to cover the renewal fee, note that funds will be transferred to its Renewal Account. If not, firms are encouraged to submit renewal payments by December 10, 2020 to ensure payments are processed timely. See the To-Do Checklist for November below for details, as well as the IARD 2021 Renewal Program webpage. Broker-Dealers – see below for similar information regarding the 2021 Renewal Program. Contributed by Cari A. Hopfensperger, Managing Director.
National Compliance Outreach Seminar for Investment Advisers and Investment Companies is Back On. After postponing the National Compliance Outreach seminar in April due to the COVID-19 pandemic, the SEC will be holding this event virtually on November 19, 2020, beginning at noon ET. Registration is not required to attend the live webcast, and attendees should visit the SEC’s site to participate and view the presentation. A recording will be made available after the event. Refer to the SEC’s press release for details. Contributed by Cari A. Hopfensperger, Managing Director.
NASAA Releases Annual Enforcement Report. Under the leadership of the indefatigable Joseph Borg of Alabama, the North American Securities Administrators Association (NASAA) has reported its 2019 enforcement action statistics from state securities regulators. There are several striking trends from this report and related best practices for firms to consider.
- Trend/Statistic: States opened almost as many investigations as they received investor complaints. Roughly 6,600 complaints were received and 6,500 investigations conducted.
Best Practice: If a client complains to a state regulator, there is a strong probability that a state securities regulator will start an investigation of both the firm and the representative named. This probability multiplies if a client complains to more than one state regulator. Clients who are well-serviced and well-educated about their investments are less likely to file complaints about their representatives or their firms with a securities regulator.
- Trend/Statistic: States reported over 5,800 licensure actions against individuals in 2019. The ability of state securities regulators to exercise this power is a potent enforcement tool.
Best Practice: Consider what action to take if a state securities regulator served you with notice that it was taking action against your license. Do you have a chief compliance officer, general counsel, outside consultant or securities attorney in your network who could guide you through a licensure situation or investigation? How would you find someone with the right knowledge who could help you? Having a plan beforehand is a prudent risk management step.
- Trend/Statistic: States commenced over 200+ investigations related to Senior Safe reporting. For the approximately thirty (30) states with Senior Safe modeled legislation or rules, NASAA is tracking the number of investigations arising from reports about suspected financial exploitation against vulnerable persons.
Best Practice: Most securities professionals now know about federal efforts to tamp down on financial exploitation against seniors and vulnerable persons. But many states have adopted rules protecting senior and other vulnerable investors, and some legally require that financial advisers report any suspected exploitation of their clients. Do you know whether you could be committing a crime by failing to report suspected financial abuse? Check out the map maintained by Bressler and find out more about your reporting requirements under state law.
- Trend/Statistic: While the states took decisive action (revocation, suspension, bar, prohibition, or conditioning) approximately 1,000 times in 2019 against active securities licenses for registered persons and firms, those actions only tell a sliver of the story. Withdrawal of licensure continues to be the most frequent exercise of state power in the licensing arena to protect investors. States report that an additional 4,800+ license/registration applications were withdrawn based on initial state action or review.
Best Practice: Review state licensing requirements carefully before applying for registration. If your record contains issues that can be resolved before submitting a new application, resolve them. Cleaning up your record may prevent you from being denied registration.
- Trend/Statistic: Rule 506 private offerings triggered 275 investigations and netted 144 enforcement actions by the States in 2019.
Best Practice: The search for portfolio yield continues. Ensure the alternative investments you recommend have been fully vetted by your firm and that the due diligence is initial AND ongoing in nature.
Contributed by Carolyn W. Mendelson, Senior Compliance Consultant.
For Registered Commodity Pool Operators and Commodity Trading Advisers
CFTC Fingerprinting Relief Comes to an End. In late September, the CFTC’s Division of Swap Dealer and Intermediary Oversight (DSIO) issued an email alert that it will not be extending its previously-issued no action relief exempting principals and associated person (AP) applicants from fingerprinting requirements. All applicants for AP registration and natural persons being listed as principals must once again submit fingerprint cards, and all persons relying on the no-action letters must submit cards by November 2, 2020. Contributed by Mark L. Silvester, Compliance Associate.
NFA Relieves Members from On-site Annual Inspection Requirements. On October 1st, the CFTC issued Notice to Members I-20-35 which provides relief related to required Member inspections of branch offices and guaranteed Introducing Brokers (IBs). Members are required to complete annual inspections of all branch offices and guaranteed IBs, with an allowance for Members to use a risk-based approach to identify offices or IBs for which it would be appropriate to conduct on-site inspections every other year, with the off-year’s inspection conducted remotely. The Notice allows Members to conduct 2020 inspections remotely, and a remote 2020 inspection will not necessitate an on-site 2021 annual inspection. Specifically, Members may conduct a remote inspection again next year if its risk assessment indicates that it is appropriate to do so. Contributed by Mark L. Silvester, Compliance Associate.
NFA Redesigns Annual Questionnaire. The NFA’s Annual Questionnaire, which is completed by firms applying for NFA membership and annually thereafter, has been redesigned (effective October 2nd) to implement dynamic question logic, consolidate Member category-specific questionnaires into a “master” questionnaire, clarify and add questions, and integrate with other NFA systems. While major changes to content were not made, Member firms can review the NFA’s Annual Questionnaire Webinar (view the archived version or read a transcript of the webinar) to familiarize themselves with the redesigned questionnaire. Contributed by Mark L. Silvester, Compliance Associate.
2021 Renewal Program is Underway. Already? But some of us just got our kids back to school! Nonetheless, the Halloween candy is sold-out, the malls are decorated for holiday festivities, and renewals are upon us. To successfully transition registrations for 2021, Hardin recommends the following steps for Broker-Dealers (See above for information regarding the 2021 IARD Renewal Program for Investment Advisers):
- Encourage your representatives to review their personal industry record in the Financial Professional Gateway (FinPro);
- Review your roster of registered representatives for inaccuracies or deficiencies;
- Fund your Renewal Account. Beginning on the renewal payment deadlines, FINRA will transfer funds from the Flex-Funding Account to the Renewal Account if there are sufficient funds to cover the total assessment; and
- Mark your calendar with these important dates:
- 10/30/2020 – Read the 2021 Renewal Program Preliminary Statement Regulatory Notice.
- 11/16/2020 – Retrieve your firm’s preliminary statement.
- 12/14/2020 – Pay your firm’s preliminary statement.
- 12/26/2020 – End of year filings and payment due before 6 pm Eastern Time.
- 01/02/2021 – Retrieve your firm’s final renewal statement.
- 01/22/2021 – Reconcile or pay your final statement.
Failure to remit payments timely will result in late fees. Additionally, jurisdictions may automatically terminate registrations, resulting in the firm’s inability to conduct securities business in those jurisdictions as of January 1, 2021. Contributed by Rochelle A. Truzzi, Managing Director.
RIA/BD CCO Charged with Providing Fabricated Compliance Documentation. In this case, SEC examiners requested compliance reviews related to the fund’s decision to invest in the securities of a company shortly before that company’s acquisition was announced. The CCO represented to the SEC that those reviews had been completed prior to the hedge fund’s investment in the company’s securities. The SEC, however, alleged that after failing to conduct and document such reviews as requested by her manager, the CCO created two backdated and factually inaccurate versions of a memorandum that claimed to memorialize the reviews. According to the order, the CCO’s conduct delayed and impeded the exam staff’s inquiry into the fund’s investment. The CCO consented to a cease and desist order and agreed to pay a civil penalty of $25,000. She was also suspended from appearing before the SEC as an attorney in any matter for at least one year and from acting in a compliance capacity for at least three years. This case is another unfortunate lesson that the cover up is often worse than the crime, and it is far better to admit that a review has not occurred than to fabricate compliance records. Contributed by Doug MacKinnon, Senior Compliance Consultant.
Personal Liability and Industry Ban for Two Former Fund Officers for their Role in Inflating Fund Valuations. Portfolio managers, CCOs and CEOs are not the only targets of the SEC. The Commission imposed personal liability on the Chief Financial and Chief Operating Officers of fund manager TCA Fund Management Group Corp. (“TCA”), a firm that managed a private fund with a master-feeder structure. In this case, TCA’s Master Fund provided financing investments of about $1 to $5 million to small and medium-sized enterprises. The fees and interest earned on these financing deals were counted as fund assets. TCA, however, was routinely recording financing deals as revenue on the Master Fund’s financial statements, even when the deals had not been consummated. As a result, the net asset value was being inflated, resulting in greater management fees for TCA and less money for investors.
The big takeaway here is that the SEC went after two TCA executives, the Chief Accounting/Chief Financial Officer, Steven Rosen, and Michael Vernon, the Chief Operating Officer. The SEC alleged that the two passed along data supporting the inflated valuations, even though they knew, or should have known, it was untrue. Both received a three-year industry ban and fines of $35,000. TCA already faced SEC allegations of fraud for inflating fund valuations, resulting in the appointment of a receiver over those entities and the TCA funds. Contributed by Jaqueline M. Hummel, Partner and Managing Director
Hedge Fund Adviser Settles Over Custody Rule and Performance Fee Violations. The SEC recently found that Florida-based Finser International Corporation (Finser), a registered investment adviser and private fund manager, “willfully violated” Sections 206(2) and 206(4) of the Advisers. Finser and its sole principal owner, Andrew Jacobus, managed a private fund with approximately $8 million in assets. According to the SEC’s findings, Finser and Jacobus charged the fund $51,000 in performance fees from January 2015 through September 2017, without ever meeting the high-water mark detailed in the fund’s private placement memorandum (PPM). The SEC also found Finser and Jacobus violated the Custody Rule by commingling fund assets with non-fund-assets and failing to distribute audited financials to investors. Finally, the SEC determined Finser failed to maintain adequate written policies and procedures with respect to performance fees and custody of client assets.
Private fund managers should take note. This is a prime example of why the SEC remains focused on private funds and their managers. We all know that disclosure to investors is imperative when it comes to private funds, but firms confirm that their compliance program has adequate policies and procedures in place to ensure they do what they say they are going to do. OCIE’s June Risk Alert outlines three areas of concern commonly identified during examinations of private fund advisers: conflicts of interest, fees and expenses, and policies and procedures relating to MNPI. This Risk Alert should serve as a starting point for checking the adequacy of your compliance program and identifying areas that could be improved. (Read here for Hardin’s previous coverage of the alert.) Ultimately, the SEC ordered Finser and Jacobus to cease and desist from any further violations of the Advisers Act and Rules, censured them, and ordered disgorgement in the amount of $61,808 and a civil penalty of $70,000. Finser is currently seeking registration with the state of Florida and plans to withdraw its registration from the Commission. Contributed by Jennifer L. Cagadas, Compliance Consultant.
Transamerica Asset Management Settles Charges for Disclosure Failures. This is a perfect example of why it “pays” to self-report. In this case, Transamerica Asset Management, Inc. failed to accurately reflect the annual operating expenses of four money market funds that it managed, resulting in material misstatements and omissions to investors over a three-year period. The fees and expenses excluded from the calculation of annual operating expenses related to “recaptured amounts.” Recaptured amounts are reimbursements of fees and expenses incurred during prior periods but waived in order to prevent fund expenses from exceeding an agreed-upon expense cap or to prevent the funds from experiencing a negative yield. When Transamerica realized the oversight, they promptly self-reported and took remedial action, which included engaging a third-party consultant to assess damages and reimbursing clients. In doing so, Transamerica avoided a civil penalty. Contributed by Rochelle A. Truzzi, Managing Director.
Regulatory Sneak Attack! Broker-Dealer Gets Massive Fine for Texting Failures Exposed During Unrelated Investigation. It doesn’t seem fair, but JonesTrading Institutional Services LLC (“JonesTrading”) came under the SEC’s scrutiny after producing documents in an unrelated SEC enforcement investigation. According to the SEC’s administrative order, “JonesTrading produced communication records referencing the existence of text message communications between JonesTrading registered representatives and a firm customer that were responsive to the staff’s request. However, because the text messages were not retained on one of JonesTrading’s firm-sponsored systems, JonesTrading failed to produce the referenced text messages to Commission staff.”
To make a long story short, the SEC fined JonesTrading $100,000 for books and records violations. Embarrassingly, the SEC pointed out that JonesTrading senior management, including compliance staff, sent and received business-related text messages, in contravention of the firm’s policy prohibiting the use of texting. To its credit, JonesTrading took immediate action by implementing a software solution to preserve text messages sent or received for business purposes on employees’ personal devices. Contributed by Jaqueline M. Hummel, Partner and Managing Director.
- FINRA is About to Make it MUCH Harder to Obtain Expungement – Part Two. This Ulmer and Berne blog post is the 2nd in a two-part series by Chris Seps addressing FINRA rule changes to revamp the expungement process. The key take-away, in the words of the author, is that these changes (three years in the making) will “make it much, much harder to expunge customer dispute disclosures.” Find Part One here.
- Pay at Your Own Risk: OFAC Issues Advisory on Potential Sanctions Risks Stemming from Ransomware Payments. Between a rock and hard place… Morrison Foerster summarizes a recent OFAC advisory highlighting the lose-lose position facing victims of ransomware attacks – either suffer the consequences of the ransomed data or pay the ransom and face potential OFAC sanctions exposure. One more reason for investing in resources and training to prevent attacks. See Happy Cybersecurity Awareness Month: OFAC and FinCEN Issue New Advisories on Ransomware Payments by Cozen O’Connor for more insight on the OFAC and FinCEN advisories.
- How ‘Free’ RIA Custodians Make it Difficult to Determine Which is Actually the Most Expensive. Michael Kitces’ guest columnist Yang Xu, the CEO of Trading Front, provides insight into the real costs of “zero-commission” trading and why there is no free lunch.
- Diversity & Inclusion at the SEC. The SEC recently launched a new Diversity & Inclusion webpage with information regarding its D&I goals, initiatives and resources.
- Record-setting Year for SEC Whistleblower Program. September 30th marked the fiscal year end of the SEC’s Whistleblower Program with a bang, as it announced four new whistleblower awards totaling just under $5 million.
- How to Develop an Effective Data Retention Policy. Onna Technologies, Inc., with platform services to address information governance, archiving, e-discovery and compliance needs, published this blog post that highlights the most important considerations when developing a data retention policy.
- Purchasing Cybersecurity Insurance. An easy read by Kevin LaCroix, as a guest writer for the D&O Diary blog. It is not specific to financial services but provides several useful tips to consider when evaluating cybersecurity insurance.
Filing Deadlines and To-Do List for November 2020
- Form 13F: Form 13F quarterly filing for Q3 2020 is due for advisers within 45 days after the end of the calendar quarter. Due date is November 16, 2020.
- Annual Renewal Program for IARD System: The IARD Renewal Program facilitates the annual renewal of investment adviser (IA) firms and their IA representatives’ (IARs) registrations with jurisdictions/states. Preliminary renewal statements for the IARD system will be available on November 16, 2020, and will be accessible only through the E-Bill System. Renewal statements reflect the registration renewal fees and annual system processing fees for all IARs and state-registered IA firms. The deadline for the receipt of the preliminary statement payment is expected to be on or around December 14, 2020. Questions? Check out the FAQs, which will be updated with 2021 IARD Renewal Program details later in 2020.
HEDGE/PRIVATE FUND ADVISERS
- Blue Sky Filings (Form D). Advisers to private funds should review fund blue sky filings and determine whether any amended or new filings are necessary. Generally, most states require a notice filing (“blue sky filing”) within 15 days of the first sale of interests in a fund, but state laws vary. Did you know that Hardin Compliance Consulting offers a convenient and economical blue sky filing service to help firms manage this complicated monthly task? Learn more here and give us a call to discuss your needs further. Due November 15, 2020.
- Form PF for Large Hedge Fund Advisers: Large hedge fund advisers must file Form PF within 60 days of each quarter-end on the IARD system. Due date is November 29, 2020.
REGISTERED COMMODITY POOL OPERATORS & COMMODITY TRADING ADVISORS
- Form CPO-PQR (September 30 Quarter End): Small, Mid-Sized and Large Commodity Pool Operators are required to file NFA Form CPO-PQR quarterly with the NFA. The due date is November 30, 2020.
- Form CTA-PR (September 30 Quarter End). Commodity Trading Advisors are required to file Form CTA-PR quarterly with the NFA. Due date is November 16, 2020.
- FINRA 2021 Renewal Program Preparations: Consult the FINRA website to access important dates and information regarding the 2019 Renewal Program. Be sure to update your calendars and ensure your Renewal Account is sufficiently funded.
- Form OBS: For the Quarter ending September 30. Unless subject to the de minimis exception, all clearing, self-clearing, and carrying firms and those firms that have a minimum dollar net capital requirement equal to or greater than $100,000 and at least $10 million in reportable derivatives and other off-balance sheet items must submit Form OBS as of the last day of a reporting period within 22 business days of the end of each calendar quarter via eFOCUS. Firms that claim the de minimis exemption must affirmatively indicate through the eFOCUS system that no filing is required for the reporting period. Due November 2, 2020.
- Rule 17a-5 Monthly and Fifth FOCUS Part II/IIA Filings: For the period ending October 31, 2020. For firms required to submit monthly FOCUS filings and those firms whose fiscal year-end is a date other than a calendar quarter. Due November 25, 2020.
- SIPC-7 Assessment: For firms with a Fiscal Year-End of September 30. SIPC members are required to file the SIPC-7 General Assessment Reconciliation Form together with the assessment owed (less any assessment paid with the SIPC-6) within 60 days after the Fiscal Year-End. Due November 29, 2020.
- Annual Audit Reports for Fiscal Year-End September 30, 2020: FINRA requires that member firms submit their annual audit reports in electronic form. Firms must also file the report at the regional office of the SEC in which the firm has its principal place of business and the SEC’s principal office in Washington, DC. Firms registered in Arizona, Hawaii, Louisiana, or New Hampshire may have additional filing requirements. Due November 30, 2020.
- SIPC-3 Certification of Exclusion from Membership: For firms with a Fiscal Year-End of October 31 AND claiming an exclusion from SIPC Membership under Section 78ccc(a)(2)(A) of the Securities Investor Protection Act of 1970. This annual filing is due within 30 days of the beginning of each fiscal year. Due November 30, 2020.
- SIPC-6 Assessment: For firms with a Fiscal Year-End of April 30, 2019. SIPC members are required to file for the first half of the fiscal year a SIPC-6 General Assessment Payment Form together with the assessment owed within 30 days after the period covered. Due November 30, 2020.
- Form N-MFP. Form N-MFP (Monthly Schedule of Portfolio Holdings of Money Market Funds) reports information about the fund’s holdings as of the last business day of the prior calendar month and must be filed no later than the fifth business day of each calendar month. Due date is November 7, 2020.
Partner with Hardin Compliance
Have a compliance question or want an independent review of your compliance program? Hardin Compliance can help! Call us today at 1.724.935.6770, or visit our website at www.hardincompliance.com for more information.
Hardin Compliance Consulting provides links to other publicly-available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance. The information in this e-newsletter is for general guidance only. It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind.