Annual Compliance Program Review | Blue Sky Filings | Broker Dealer | Compliance Program Rule, Rule 206(4)-7 | Compliance Programs | Conflicts of Interest | Cybersecurity | Disclosures | Examinations and Audits | Form ADV | Investment Advisers | Mutual Funds | SEC Risk Alert | Seniors and Vulnerable Investors | States | Supervision |

SEC’s Top Eleven Hits: Investment Adviser Regulatory Review 2019

In addition to basic blocking and tackling, compliance officers often have the thankless job of performing the annual review of their compliance program required by Advisers Act Rule 206(4)-7.  As discussed in our blog post, Write the Best Annual Compliance Program Review EVER!, that review should consider changes to the Advisers Act and applicable regulations, legal proceedings and guidance from regulators, including risk alerts and interpretations.  To simplify the task of collecting all of this information, I’ve identified the top regulatory hot buttons to help advisory firms update their compliance programs for 2020.  I’ve also included a list of recommended resources at the end of this post to help you implement these changes.

Despite a government shutdown early in the year, the SEC covered a lot of ground in 2019.  The big headline-grabber for 2019 was the adoption of Regulation Best Interest (“Reg BI”) and the Form CRS Relationship Summary (“Form CRS”) along with two interpretations clarifying the role of investment advisers and broker-dealers.  OCIE has already warned that it will be looking at compliance with these initiatives as part of its 2020 exam priorities.

The SEC also explained (finally!) what it expects and will be looking from disclosures in Form CRS and Form ADV by issuing its FAQs on Conflicts of Interest.  Advisers should review this document carefully and consider their sources of income and any help received from service providers in defraying costs that would otherwise be borne by the firm, such as support provided by mutual fund companies for marketing or training of sales personnel.  The SEC views this assistance the same as “compensation”.  Consider whether it makes sense to rebate fees paid by clients if such payments end up in the firm’s pocket.

The Office of Compliance Inspections and Examination (OCIE) also issued seven Risk Alerts to help advisers (one dealt solely with transfer agents).  Although all of OCIE’s Risk Alerts are generally required reading for compliance officers, I rank “Observations from Examinations of Investment Advisers: Compliance, Supervision, and Disclosure of Conflicts of Interest as number one since it identifies issues that are currently high on the SEC’s hit list.  I rank “Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies” as second because I agree with OCIE’s observation that although most firms have a Privacy Notice, many do not follow up with appropriate policies and procedures to ensure the safety of customer records.  This risk alert also dovetails nicely with the current regulatory focus on cybersecurity and the protection of private customer information.

The Division of Enforcement relentlessly pursued advisers and broker-dealers for failing to disclose to clients that they received 12b-1 fees, revenue sharing payments and had other conflicts of interest affecting their decision-making processes.  In March, the SEC announced settlements with 79 advisers that self-reported 12b-1 fee conflict disclosures failure during the Share Class Disclosure Initiative.  The average amount returned to investors per adviser was roughly $1.5 million, although six firms accounted for more than 40% of the total.  According to the Enforcement Division’s 2019 annual report, investment advisers and investment companies bore the brunt of enforcement efforts as the subject of 35% of cases brought, a significant uptick from 22% in 2018.  As compared to 2018, the division also extracted more in disgorgement and penalties ($4.3 billion versus $3.95 billion) and returned significantly more dollars to investors ($1.2 billion versus $794 million).

Given this regulatory background, my top takeaways for investment advisers are:

  1. Dual registrants should prepare for Regulation BI implementation.  For dual registrants, preparation for Reg BI should be your number one priority.  As a starting point, firms should review how they are providing advice, analyze the products being offered and their associated conflicts of interest, review compensation arrangements and incentive structures, develop policies and procedures to comply with Reg BI’s requirements, train staff on these new procedures, and create a supervision infrastructure to monitor compliance.  Hardin Compliance has developed resources to help you on our new web site, Standards of Conduct for Broker-Dealers and Investment Advisers.  Download our Reg BI spreadsheet to get started.  We will add new tools to the website so stay tuned!
  2. Get ready for Form CRS.  For investment advisers serving retail clients, get ready to draft and deliver the Form CRS Relationship Summary (“Form CRS”).  This form is a new disclosure document to be filed with the SEC and delivered to retail investors by both broker-dealers and investment advisers.  The SEC has defined a retail investor as “a natural person, or the legal representative or such a natural person, who seeks to receive or receives services primarily for personal, family or household purposes”.   Investment advisers should adopt policies and procedures for drafting, distributing, and updating Form CRS, which is now Part 3 of Form ADV.  The SEC will be looking at this form during examinations, so be prepared.  Check out the SEC Compliance Guide to Form CRS Relationship Summary.  Check out our resources, including Hardin’s Regulatory Update for October 2019, and our webpage, Form CRS Relationship Summary, where we will be adding more tools as the June 30 deadline gets closer.
  3. Up your game for identifying conflicts of interest and disclosing them in Form ADV.  Avoid using the word “may” whenever possible.  Investment advisers should review policies and procedures for drafting Form ADV Part 2A disclosures.  Make sure you are identifying conflicts of interest identified most recently by the SEC by reviewing the OCIE risk alert on Observations from Examinations of Investment Advisers: Compliance, Supervision, and Disclosure of Conflicts of Interest and the SEC’s FAQs on Conflicts of Interest.  Review the Commission Interpretation Regarding Standard of Conduct for Investment Advisers and make sure your disclosures are “clear and detailed enough for the client to make an informed decision to consent to the conflict of interest or reject it”.  Finally, stop using the word “may” with respect to potential conflicts.  The SEC finds words like “may”, “might” and “could” as woefully inadequate when describing conflicts of interest.
  4. Review your policies and procedures to determine whether they meet SEC’s Standard of Conduct.  Advisers should review the Commission Interpretation Regarding Standard of Conduct for Investment Advisers (the “Interpretation”) to ensure they are covering all the areas addressed by the SEC.  Briefly, an adviser’s fiduciary obligations include client account monitoring, selecting the appropriate account type for clients, performing due diligence on investment products, providing full and fair disclosure on conflicts of interest, meeting best execution obligations, and making a reasonable inquiry into a client’s investment objectives.
  5. Take a fresh look at your firm’s policy on proxy voting.  The recently-issued Commission Guidance Regarding Proxy Voting Responsibilities of Investment Advisers contains specific recommendations for advisers that take on proxy voting duties that may not be addressed by current policies and procedures.  Some advisers may decide against offering proxy voting services given the time and cost it will take to meet the SEC’s expectations.
  6. Make sure you are on top of Regulation S-P obligations and enhance protocols for security on the Cloud.  Review your firm’s privacy policies and procedures to see if they include the administrative, operational and physical safeguards that the SEC expects to see, as spelled out in OCIE’s Risk Alert Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies.  As part of this effort, you should also review OCIE’s Risk Alert Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features.  The alert includes samples of effective practices, such as policies and procedures designed to support the initial installation, on-going maintenance, and regular review of the cloud-based storage systems.  OCIE recommends that firms set basic standards for security configuration and schedule periodical maintenance of the systems.
  7. Consider whether you have sufficient supervisory processes in place.  OCIE issued a risk alert describing its findings from its 2017 “Supervision Initiative” that reviewed the supervisory practices of more than 50 firms that employed individuals with disciplinary histories.  Deficiencies identified by OCIE included inadequate disclosure of disciplinary events and failure to adequately supervise their employees and representatives.  Advisers should take a close look at the examples cited in this risk alert and compare them against their current processes and practices.  In addition to keeping a close eye on employees with regulatory blemishes, firms should also close potential holes in their supervision processes.  As noted in the risk alert, SEC staff found weak supervisory practices in determining asset valuation, calculating and reporting performance, fee billing and monitoring supervised persons’ activities in remote offices.  Gaps in supervision can lead to serious compliance issues.
  8. Confirm whether your policies and procedures to protect senior and other vulnerable investors address state law requirements.  As we noted last year, more than 20 states have adopted laws addressing the financial exploitation of seniors and vulnerable clients.  Some states, like Ohio, require investment advisers to report suspected or actual financial exploitation of seniors and vulnerable clients to state adult protective services agencies.  Make sure your procedures include training employees and representatives on how to identify and report such abuse.
  9. Review regulatory activity within the states relevant to your business to see if any developments affected your firm.  Depending on the regulation, this may include the state in which you are registered (if you are a state-registered adviser), the state(s) in which you operate as well as those states where the firm has or prospects clients.  Just because your firm is federally registered doesn’t mean you can ignore state law.  For example, advisers should be aware of the California Consumer Privacy Act (“CCPA”) which affects firms with California clients and meet certain thresholds.  The CCPA requires certain for-profit businesses that collect personal information from California consumers (i) provide consumers access to their personal information;(ii) delete their personal information if so requested and (iii) stop selling personal information if consumers opt out of the sale.  Another example is  Massachusetts’ amendment of its Data Breach Notification Law.  Broker-dealers and investment advisers subject to the MA law are now required to provide a minimum of 18 months of free, third-party credit monitoring services to affected consumers when there is a breach involving social security numbers.  Finally, New Hampshire became the 47th jurisdiction to join the “Automatic Fail to Renew Program, eliminating its grace period for broker-dealers and investment advisers to renew their registrations.  If a firm failed to renew by December 31, 2019, its registration will be terminated, and it will no longer be eligible to conduct securities or investment advisory business in New Hampshire.  Firms that violate this policy may be subject to enforcement action.
  10. Mutual fund advisers need to step up their compliance game.  OCIE issued a risk alert discussing the most often cited deficiencies and weaknesses it observed during hundreds of fund examinations over two years.  Advisers should review this risk alert and consider whether their compliance programs adequately address the gaps noted.
  11. Review or add policies and procedures for UTMA/UGMA accounts.  Although this may not currently be on the radar screen for most firms, FINRA has been cracking down on firms that continued to let parents, as custodians of UGMA and UTMA accounts (Uniform Transfer to Minors Act and Uniform Gifts to Minors Act), manage these accounts after the beneficiaries (the children) reached the age of majority.  Advisers should have processes in place to track when beneficiaries of such accounts reach the age of majority and ensure that responsibility for the account is transferred.

For those of you that are wondering, I deliberately did not discuss the OCIE Risk Alert on Investment Adviser Principal and Agency Cross Trading Compliance Issues.  Although compliance with Section 206(3) of the Advisers Act is important, and the cross trading rules are complicated, this alert did not bring to light any new or unusual issues.  If your firm engages in principal or cross trades (or if you aren’t sure), then check out our Regulatory Update for October 2019, under Risk Alert on Principal and Agency Cross Transactions for more details on what OCIE found during recent examinations.

Good luck with your compliance efforts in 2020, and feel free to reach out to Hardin Compliance Consulting if you need any help!

Recommended Resources

 California Consumer Privacy Act

Cash Solicitation and Referrals

Compliance

Conflicts of Interest and Disclosures

Cybersecurity

Failure to Supervise

Mutual Fund Advisors

 Private Funds, Hedge Funds and Private Equity

Protecting Seniors and Vulnerable Investors

Proxy Voting

 Regulation BI, Form CRS, and Conflicts of Interest

Standard of Conduct for Investment Advisers

 

Photo by Carl Ibale on Unsplash

Partner with Hardin Compliance

If you want an independent review of your compliance program, Hardin Compliance can help.  Call us today at 1.724.935.6770, or visit our website at www.hardincompliance.com for more information.

____________________________________________________________________________________

 Hardin Compliance Consulting provides links to other publicly-available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance.  The information in this e-newsletter is for general guidance only.  It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind.