RANSOMWARE ATTACKS! Is Your Firm Ready? OCIE issued a risk alert warning investment advisers, broker dealers, and investment companies that increasingly sophisticated ransomware attacks are being carried out on many financial services market participants. The perpetrators of these attacks use phishing e-mails to gain access to a firm’s computer systems by tricking the recipient into opening an attachment. The attachment unleashes malware that provides the perpetrator with access to a firm’s systems and denies access to the firm until a ransom is paid. OCIE told registrants “to monitor the cybersecurity alerts published by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), including the updated alert published on June 30, 2020 relating to recent ransomware attacks.”
OCIE also included a list of industry best practices for cyber breaches, encouraging firms to focus on ways to operate critical applications if the primary system is unavailable. OCIE also encourages firms to ensure “geographic separation of back-up data and writing back-up data to an immutable storage system in the event primary data sources are unavailable.” This risk alert is a MUST READ for investment advisers, broker-dealers and investment companies given the aggressiveness of these attacks in this work-from-home environment. Contributed by Jaqueline M. Hummel, Partner and Managing Director.
SEC Examination Initiative: LIBOR Transition Preparedness. The transition away from LIBOR as a global reference rate stands to impact brokers, advisers, public and private funds, transfer agents, and other SEC registrants in varying degrees. Unlike other OCIE risk alerts that summarize recent examination deficiencies, OCIE’s latest risk alert is preemptive. OCIE intends to use the exam process to assess firm readiness for the transition, and registrants should be prepared to demonstrate their impact analysis of the LIBOR transition on its: “(i) business activities; (ii) operations; (iii) services; and (iv) customers, clients, and/or investors.”
More specifically, firms should have identified their exposure to any LIBOR-linked contracts that extend beyond the expected discontinuation date, and be ready to demonstrate thoughtful consideration of its operational plans, disclosures and client reporting about how the firm is handling the transition. Registrants are encouraged to monitor the Alternative Reference Rates Committee (ARRC) website for updates and best practices related to the transition.
Firms with any commercial or financial contracts that use LIBOR as the reference rate should ensure that their analysis and planning efforts are well organized and documented. And, for firms that haven’t yet completed an impact analysis, there is no time like the present. Contributed by Cari A. Hopfensperger, Senior Compliance Consultant.
Florida Adopts “Senior Safe” Legislation. Florida, the sunshine seniors’ capital of the U.S., has become the 30th state to enact a Senior Safe-based statute. The Protection of Specified Adults’ Act took effect on July 1, 2020. This is a significant development as approximately 4.9 million senior citizens reside in Florida, and one in five Florida residents is 65 years or older, according to the U.S. 2018 Census. Florida also updated its adult protective services’ law requiring state-registered investment advisers and broker-dealers to immediately report suspected abuse of seniors and vulnerable persons. Additional highlights of Florida’s law include:
Other states like California, Texas, Ohio, and New Jersey have already adopted similar laws. Contributed by Carolyn W. Mendelson, Senior Compliance Consultant.
SEC Issues Supplemental Guidance Concerning Proxy Voting Responsibilities of Investment Advisers. The SEC recently adopted new rules applicable to proxy advisory firms. These rules contain exemptions from certain requirements associated with proxy solicitations that can be leveraged by proxy advisors, subject to various conditions. These conditions require proxy advisors to: (1) share its vote recommendations with an issuer before or at the same time they are provided to the proxy advisors’ clients, and (2) notify clients in a timely manner if or when an issuer releases additional information in response to the recommendation before the meeting.
How do these new requirements impact RIAs that engage proxy advisors? Given that issuers will have an opportunity under the new rules to release new information after a proxy advisor’s vote recommendation is released, the SEC is next turning its attention to automated ballot submission services.
Many RIAs use automated voting in an effort to streamline their ballot voting process on standard agenda items. In a typical workflow, the voting service is configured to automatically submit ballots in accordance with standard proxy voting guidelines, unless overridden by the RIA. To address the potential that RIAs do not consider the issuer’s new information if their automated ballots have already been submitted in accordance with the proxy advisor’s recommendation, the SEC issued guidance on voting responsibilities of RIAs, supplementing its prior thoughts on this topic. The guidance recommends that advisers consider additional information provided by issuers in response to a proxy advisor’ recommendations, and provide “full and fair” disclosure regarding the automated voting process.
More specifically, RIAs should take action on the suggestions in the supplemental guidance, including:
While the new rules and supplemental guidance passed in a 3 to 1 vote, there are disapproving voices on the Commission and in the industry that are concerned that these actions will not improve transparency, and will only make life more complicated for RIAs seeking to leverage proxy services for the benefit of their clients. Notwithstanding, there is also hope that in adapting to these new rules, proxy advisors will develop new reports and tools to assist RIAs in complying with the new guidance. Contributed by Cari A. Hopfensperger, Senior Compliance Consultant.
SEC Finds Private Fund Advisers Lax in Disclosing Conflicts, Allocating Fees and Expenses, and Monitoring Inside Information. OCIE published a Risk Alert on Observations from Examinations of Investment Advisers Managing Private Funds. The big takeaways for private funds mangers are that OCIE is digging deep into private funds and aggressively pursuing conflicts of interest that “appear to be inadequately disclosed”, like allocating investments to certain clients but not others, the adviser and its principals having pre-existing ownership interests in portfolio companies, and only selectively offering co-investment opportunities. OCIE also found fund managers guilty of failing to disclose the conflicts among clients investing in the same portfolio company but at different capital levels, and providing preferential liquidity rights to “seed” investors pursuant to side letters. The bottom line is that OCIE is targeting fund managers for (i) providing preferential treatment to certain investors without adequately disclosing its practices to other investors, and (ii) not following disclosed procedures that resulted in investors overpaying fees and expenses. OCIE also faulted fund managers for sloppy management of material non-public information (MNPI).
None of these findings should surprise private fund managers. The SEC has been targeting the lack of disclosures and perceived preferential treatment given to some investors since the passage of the Section 402 of the Dodd-Frank Act, which required many private fund advisers to register with the SEC. Private fund managers should scrutinize their disclosures, compare their policies and procedures to actual practices, and re-consider their treatment of MNPI. Finally, examiners continue to look for, and find, undisclosed conflicts of interest. Fund managers should review this risk alert carefully, comparing OCIE’s findings to their current disclosures to ensure they have covered all their bases. Contributed by Jaqueline M. Hummel, Partner and Managing Director.
FINRA’s New Gateway and Changes to Form U4 User Interface. With anticipated completion in July, FINRA has been rolling out its replacement for its Firm Gateway with a new system called the FINRA Gateway. This may be confusing for some because many in the industry referred to the Firm Gateway as the FINRA Gateway already, but regardless the new platform has a completely different look and feel. Note that the FINRA Gateway is not currently supported in Internet Explorer. The new Gateway, which is being implemented in stages, initially provides compliance functions, such as research, reporting and responding to requests. As a lifeline, FINRA is still providing users with quick links back to their ‘classic’ applications and features, as well as resources for using the new FINRA Gateway, including a FAQ and several upcoming webinars.
In Information Notice – 6/25/20: FINRA Gateway – Changes to Form U4 User Interface and Access to Continuing Education, FINRA highlights changes to the manner in which firms and their personnel access FINRA’s registration and continuing education applications. FINRA also provides dates for when these changes are anticipated to occur. Primarily, registered persons or those seeking registration will be required to use FINRA’s Financial Professional Gateway (FinPro) for managing registration information and completing Regulatory Element Continuing Education. These changes are scheduled to start October 5, with the Regulatory Element Continuing Education changes scheduled for November 9. Contributed by Doug MacKinnon, Senior Compliance Consultant.
How FINRA’s Amended Membership Application Program Rules Impact You NOW. Often, when you read about changes to the Membership Application Program rules, you might keep scrolling with the thought that you will read them if and when they ever apply to your firm’s situation. The amendments going into effect on September 14, 2020, will apply to your firm!
Specifically, FINRA will require mandatory materiality consultations for business expansions involving a single “Covered Pending Arbitration Claim,” unpaid arbitration award, or unpaid arbitration settlement. A “Covered Pending Arbitration Claim” is defined by new FINRA Rule 1011(c)(1) as “[a]n investment-related, consumer initiated claim filed against the Associated Person in any arbitration forum that is unresolved; and whose claim amount (individually or, if there is more than one claim, in the aggregate) exceeds the hiring member’s excess net capital.” That means, it is now FINRA member firms’ responsibility to seek a Materiality Consultation BEFORE hiring even one associated person with a Covered Pending Arbitration Claim or unpaid arbitration awards/settlements to be involved in sales. FINRA’s Business Expansion Safe Harbor provided by IM-1011-1 cannot be relied on in cases where these situations exist. To comply with the amended rule, FINRA members need to identify Covered Pending Arbitration Claims and outstanding arbitration awards/settlements before extending an offer of employment and before registering such individuals with their firm.
We recommend working with your firm’s HR department to develop procedures to identify these events (e.g., amend pre-hire questionnaires/attestations, review FINRA’s Web CRD Background Check prior to extending an offer of employment) and seek a Materiality Consultation, when necessary. The remaining amendments…well, you can read if you plan to file a continuing membership application. Contributed by Rochelle A. Truzzi, Managing Director.
FINRA Amends Rules to Address Reg BI. FINRA amended its Suitability Rule 2111, CAB Suitability Rule 211, and Non-Cash Compensation Rules 2310 and 2320 to “provide clarity on which standard applies and to address potential inconsistencies with […] Reg BI.” The amendments to these rules:
Please be sure to amend your written policies and procedures to address FINRA’s changes to the Suitability and Non-cash Contribution rules. Contributed by Rochelle A. Truzzi, Managing Director.
Do your Communications on Private Placement Offerings Pass the Test? If your firm creates, reviews, approves, distributes, or uses retail communications concerning private placements, FINRA’s Regulatory Notice 20-21 is a must-read. First, FINRA reminds us that private placements sold by member firms generally must be filed with FINRA in accordance with Rules 5122 and 5123.
The majority of private placement offering documents meet the definition of retail communication, as provided under FINRA Rule 2210. Paragraph (d)(1) of the Rule requires that all member communications be fair, balanced, and not misleading. FINRA reminds its members that “[…] communications that promote the potential rewards of an investment also must also disclose the associated risks in a balanced manner.”
FINRA has identified common deficiencies associate with these retail communications and cautions its members about the: (1) use of third-party prepared materials; (2) presentation of benefits and associated risks; (3) proper forecasting of issuer operating metrics; (4) misrepresentation of distribution rates; and (5) use of unwarranted forecasts or projections of investment performance prohibited by Rule 2210(d)(1). Offering documents and sales materials prepared by a third party and distributed by a FINRA member become communications with the public, whether or not the FINRA member assisted in the preparation of the documents; and, therefore, must comply with Rule 2210. FINRA notes that providing risk disclosure in a separate document or a different section of a website does not substitute for disclosure contained in, or integrated with, a specific retail communication.
Member firms are prohibited from projecting or predicting returns to investors such as yields, income, dividends, capital appreciation percentages, or any other future investment performance. However, a member may include, “[…] reasonable forecasts of issuer operating metrics (e.g., forecasted sales, revenues, or customer acquisition numbers) provided the communication also includes clear explanations of the key assumptions underlying the metrics presented along with the key risks that may prevent the achievement of the forecasted metrics.” FINRA provides its members with items for consideration when using forecasts of issuer operating metrics.
When a retail communication contains a discussion of distribution rates, member firms should be sure not to state or imply that a distribution rate is a “Yield” or “Current Yield” or that the investment in the program is comparable to a fixed-income investment, such as a bond or note. The member must clearly identify the composition of all distributions (e.g., return of principal, cash flows from operations, loan proceeds). FINRA goes on to provide necessary disclosures regarding distribution rates to comply with Rule 2210.
FINRA warns members that the use of internal rates of return (IRR) in communications concerning privately placed new investment programs with no operations or that operate as a blind pool would be, “inconsistent with the prohibition on unwarranted forecasts or projections in Rule 2210(d)(1)(f). This would not preclude the discussion of internal rates of return for investment programs where the holding matured or all holdings in the pool have been sold. FINRA provides additional guidance about the disclosure of internal rates of return calculated following the Global Investment Performance Standards (GIPS).
Throughout the notice, FINRA references previously issued notices that dive into each topic further. I encourage you to re-read the referenced notices along with Notice 20-21. Finally, FINRA members may want to enhance their existing written procedures regarding retail communication or private placements to address and reduce the risk of stumbling over one or more of the common deficiencies noted by FINRA. Advisers to private funds that use a FINRA-member firm as a placement agent should also review this FINRA notice. Contributed by Rochelle A. Truzzi, Managing Director.
Do You or Your Associates Dabble in Digital Assets? FINRA continues to encourage firms to keep their Risk Monitoring Analyst (i.e., Regulatory Coordinator) informed if the firm or any of its associated persons or affiliates engage in activities related to digital assets, even if those assets are non-securities. Notice 20-23 includes a list of the types of activities of interest to FINRA. We recommend updating your annual compliance questionnaire or Code of Ethics questionnaire to include an inquiry into such activities. It is up to each firm whether to inform FINRA since notification is not required. However, to demonstrate the execution of your supervisory duties, you should know and document your associated persons’ outside business activities and private investments, including those involving digital assets. Contributed by Rochelle A. Truzzi, Managing Director.
SEC Updates Filing Threshold to Rule 17h Reporting Requirements for Broker-Dealers. The SEC issued an order on June 29 to update the filing threshold for broker-dealers’ Form 17-H filings. The thresholds, which had not been updated in 30 years, increases from $20 million to $50 million, provided the broker-dealer maintains less than $1 billion in total assets and meets certain other conditions (including that it does not hold funds, does not carry customer accounts, etc.). The changes are intended to increase the overall efficiency of the 17-H process and reduce reporting burdens on smaller broker-dealers. Contributed by Doug MacKinnon, Senior Compliance Consultant.
Photo Credits: Photo by timJ on Unsplash.