Ascendant Shortlisted for Two Global Compliance Awards
Ascendant is proud to have several team members honored by being shortlisted for C5’s 2018 Women in Compliance Awards. The international awards highlight the top achievers and teams in the compliance industry, embodying the efforts of an evolving and dynamic profession.
Jackie Hallihan
Ascendant’s Executive Director Jacqueline Hallihan has been shortlisted for the Lifetime Achievement Award for Service to the Compliance Industry, which honors the most influential woman who throughout their career has shown dedication and commitment to influence the advancement of the compliance community.
Jackie has over 25 years’ regulatory and risk management experience, and as the founder of National Regulatory Services, helped pioneer the compliance resource business. She went on to found one of the industry’s key member organizations, the National Society of Compliance Professionals (NSCP) non-profit. Last fall, she was honored for her efforts during the organization’s 30th anniversary celebration. A key member of Ascendant’s team since the firm’s inception, Jackie continues to assist firms of all sizes across the regulatory landscape.
In addition, Ascendant was shortlisted for Compliance Consulting Team of the Year, one of only three U.S. teams to gain the honor. The award is open to all providers of consulting services where the team is led by a woman or can demonstrate that the women on the team contribute significantly to the team’s overall success.
Ascendant has several women in key leadership positions including Jackie Hallihan; Korrine Kohm, Director; Allison Fraser, Director; and Eugenie Warner, Senior Consultant & Associate General Counsel. Our female consultants continually lead some of our most successful client engagements, delivering compliance services to firms with billions in assets under management.
Tech Transforms Compliance Role in 2017
CSS Chief Regulatory Officer Jeanette Turner was quoted in a recent Ignites article on how “Tech Transforms Compliance Role in 2017.”
A flood of new reporting requirements and a shift in regulators’ expectations has made technology a critical component of fund companies’ compliance work in 2017.
Chief Compliance Officers’ use of technology “is no longer an alternative, but a necessity,” said Todd Moyer, chief operating officer at Confluence, a Pittsburgh-based data management service provider.
For one thing, the SEC has invested heavily in tools to help its staffers dig through massive amounts of information to flag instances of firms engaging in potentially risky strategies or transactions and identify questionable conduct.
“What we’re seeing is firms following the SEC’s lead, and trying to figure out how to do more with less, and using technologically internally to see if there’s anything you should be looking at or problems you need to get ahead of,” said Turner.
SEC Delays Form N-PORT Submission Requirements
On Friday, December 8, 2017, the SEC issued a Temporary Rule that provides a nine-month delay of the filing dates for certain registered investment companies to submit data using the new Form N-PORT via the EDGAR system. The SEC delayed the initial reporting requirement for Form N-PORT, giving the agency time to review data security for EDGAR and its other systems. For larger fund groups with net assets in excess of $1 billion, the compliance deadline of June 1, 2018 remains the same, but the initial filing has been delayed for nine months until April 30, 2019.
These larger fund groups will still be required to gather and maintain all the data required by Form N-PORT as of the original reporting date (June 1, 2018) and such information will be subject to examination by the SEC staff. However, they will not need to submit an initial Form N-PORT filing until April 30, 2019. For smaller firms, the compliance and submission deadlines have been delayed by nine months with a compliance date of March 1, 2020 and initial filing due April 30, 2020.
Larger Firms
For larger firms (funds that together with other investment companies in the same “group of related investment companies” have net assets of $1 billion or more as of the end of the most recent fiscal year of the fund), the compliance date remains June 1, 2018 and the first reporting period remains the month of June 2018 (due July 30, 2018). However, for the first nine months of reporting – until the March 2019 reporting period (due April 30, 2019) – firms will not submit electronically via EDGAR. Instead, firms will maintain the reports in their records and make them available to the SEC upon request.
This modified reporting regime also applies to the Form N-PORT questions added as a result of the Liquidity Risk Management Programs adopting release. The deadline for those questions remains the same.
As before, the first six months of reporting via EDGAR will remain non-public. Thus, reporting for March 2019 (due April 30, 2019) through August 2019 (due September 30, 2019) will be non-public. As before, portfolio information attached as exhibits for Form N-PORT for the first and third quarters of a fund’s fiscal year will still be made public during this six-month period.
| Reporting Milestone | Relevant Date |
| Compliance date | June 1, 2018 |
| First reporting date [1] | July 30, 2018 (covering June 2018 reporting period) |
| First report submitted via EDGAR [2] | April 30, 2019 (covering March 2019 reporting period) |
Smaller Firms
For smaller firms, the compliance date is delayed by nine months so that smaller firms will still benefit from starting one year after larger firms. The new compliance date is March 1, 2020, and the first reporting period is March 2020 (due April 30, 2020). The first report will be submitted electronically via EDGAR.
| Reporting Milestone | Relevant Date |
| Compliance date | March 1, 2020 |
| First reporting date | April 30, 2020 (covering March 2020 reporting period) |
Form N-Q
Until firms are submitting Form N-PORT via EDGAR (March 2019 reporting period for larger firms and March 2020 reporting period for smaller firms), firms must continue to report Form N-Q. This means that starting June 1, 2018, larger firms must prepare reports for both Form N-Q and Form N-PORT. The new rescission date for Form N-Q is May 1, 2020, so that smaller firms can submit their final Form N-Q report for the month of February 2020.
Correspondingly, the compliance dates for the amendments to the certification requirements of Form N-CSR will be March 1, 2019 for larger firms and March 1, 2020 for smaller firms.
Form N-CEN
There are no modifications to the Form N-CEN reporting requirements. Firms must still report via EDGAR. The initial Form N-CEN filing is due for both larger and smaller funds 75 days after the end of the fiscal year ending on or after June 1, 2018.
Effect on Liquidity Risk Management Rule
Form N-PORT includes additional reporting requirements, specifically requiring an open-end fund (excluding money market funds) to report monthly position-level and aggregate liquidity classification information, the percentage of highly liquid investments segregated to cover derivative transaction margin requirements and highly liquid investment minimums to the SEC. The Liquidity Risk Management rule’s compliance date is December 1, 2018 for larger funds and June 1, 2019 for smaller funds. The Temporary Rule modified the initial EDGAR filing date for the Liquidity Risk Management classification reporting requirements on Form N PORT until April 30, 2019 (relating to March 31, 2019 data) for larger fund and smaller funds the filing date was delayed until April 30, 2020 (relating to March 31, 2020 data). Similar to Form N-PORT, larger funds must gather and maintain all of the data required by the Liquidity Risk Management rule as of the original compliance date (i.e., January 30, 2019 relating to December 31, 2018 data). Smaller funds do not need to maintain data as of the original compliance date.
Conclusion
While these changes delay the electronic submission deadline, larger firms will still need to be prepared to comply with Form N-PORT’s requirements as of June 1, 2018. In practice, this means that firms should continue their Form N-PORT preparations according to the schedule in place prior to the December 8, 2017 announcement.
[1] This report and all reports submitted before April 30, 2019 will not be electronically submitted to EDGAR. Instead firms will maintain the reports in their records and make them available to the SEC upon request.
[2] The first 6 months of EDGAR reporting (for March 2019 through September 2019) will remain non-public, except that portfolio information attached as exhibits for the first and third quarters of a fund’s fiscal year will still be made public.
This post was co-written by Peter Guarino of Ascendant Compliance Management and Jeanette Turner of Advise Technologies. Ascendant and Advise are both part of Compliance Solutions Strategies, a global RegTech platform providing comprehensive solutions and services for compliance professionals.
To learn more about Form N-PORT and how you can prepare, please contact Ascendant or Advise.
MiFID II and PRIIPs Data Quality-Priority #1
In a recent whitepaper we published on SEC Reporting Modernization, we talked about how “timely, accurate, complete and consistent data are required for Forms N-PORT and N-CEN for two key reasons: these are public filings, and there are consequences to late or erroneous filings.” Not surprisingly, the same could also be said for the wave of European regulation due to arrive in January 2018 in the form of MiFID II and PRIIPs as asset managers attempt to successfully integrate the new regulations into their operations.
Let’s consider the risks first: the data that fund companies have to send under MiFID II and PRIIPs is for all intents and purposes public data, in that it goes to the fund managers’ distribution partners and then on to the wider public. The quality of that data as it’s delivered (our colleagues in Silverfinch take care of that delivery) will have an impact on the perception of the fund manager by the distribution partner. Subpar data, errors or incomplete information will not endear the fund manager to their distribution clients, as it exposes those distributors to mis-selling litigation risk. And then there’s the investors themselves – these individuals need this information in order to make informed choices on their investments, so the least they can expect is that the data is accurate.
There are broader regulatory and reputational consequences of failing to ensure the data is up to scratch – while the European regulators might have held back on use of the whip when it came to Solvency II in 2016, all the indications are that they’re going to be particularly strict on the adoption of PRIIPs and its implementation.
So what are the obstacles to generating complete and quality data? Again, it’s the same issues that we identified in our N-PORT whitepaper: “Investment management businesses have many intricate, highly connected moving parts, all of which consume and produce vast swaths of data on a daily basis. As a result, the firm will often have many fragmented silos of data, often overlapping with different levels of operational attention, update frequency and quality”.
Thus, if a fund manager is attempting to send out consistent, quality data for its MiFID II and PRIIPs clients, they will struggle if they don’t try to tackle these institutionally ingrained traps.
And here is the part that’s central to everything we believe: if you adopt a plan to tackle MiFID II or PRIIPs independently of each other, you’re actually contributing to the headwinds that we warn of – creation of silos, all with different procedures and protocols. If you deal with these rules separately from your data protocols or processes for other regulations, you’re making life more complicated and increasing the risk of wayward data leaving your company. If you process incoming data for one set of regulations without taking into account how that data might inform another set of rules, you’re just adding to the inconvenience that your internal functions face.
There really is only one solution – to deal with your data quality processes in one go and apply this system to all the tasks that this data might be find itself used for, whether that’s regulation, sales, MIS or business planning. That’s what we do at Accudelta, and it’s what fund managers need now more than ever with the onslaught of MiFID II and PRIIPs.
Transparency Spreads to FINRA Exam Findings
On December 6, 2017, FINRA did something it has never done before: It released a summary report of its examination findings. While FINRA has annually released an examination priorities letter, this report is a first for examination findings. Why now? Credit FINRA’s new president and CEO, Robert W. Cook.. Since joining FINRA in 2016, Cook has been meeting with member firms and listening to their feedback concerning how FINRA can improve. Such meetings have been part of FINRA’s comprehensive self-evaluation and organizational improvement initiative called FINRA360. In a November 2017 FINRA webcast, Cook stated that, “We’re looking at a series of process improvements in our examination program, particularly our ‘cycle’ examination program, with a view to announcing those sometime in the next few months.” (Stay tuned for FINRA’s update on such improvements.)
As you dig into the report’s details, one cautionary note to bear in mind – FINRA pointed out that the 14-page report, “does not represent a complete inventory of observations about the industry, does not imply that any issues discussed exist at any firms,” and, perhaps most importantly, firms should not interpret the report’s findings “as creating new legal or regulatory requirements or new interpretations of existing requirements.” The report goes on to say, “There should be no inference, however, that FINRA requires firms to implement any specific practices described in this report that extend beyond the requirements of existing securities rules and regulations.”
So, what has FINRA been finding on its examinations? Here’s a summary:
Not surprisingly, with cyber-crime leading the headlines on an almost weekly basis, cybersecurity heads the list of findings, as FINRA found that broker-dealers have increased their focus on “cybersecurity challenges over the past two years, including at the executive management level.” Ascendant has observed the same, as cybersecurity risks are often at the top of senior management concerns when they’re asked about key risks facing their firms. The report lists six cybersecurity areas where firms could implement measures to improve their cybersecurity, leading with system access management, where the report states, “Some firms FINRA examined did not address basic access management issues such as terminating departing employees’ access to firm systems on a timely basis.” The lack of ongoing formal ITrelated risk assessments and vendor management due diligence processes are also noted in the report. The remaining cybersecurity concerns include:
- Risk assessments – conducting a formal process to assess critical assets and the potential threats
- Vendor management – reviewing a current or prospective vendor’s cybersecurity preparedness, including contract provisions regarding data breaches. FINRA also noted that in organizations in which firms leveraged their parent company programs, that the parent’s cybersecurity obligations were not properly documented, such as in a service level agreement.
- Branch offices – branch offices generally have weaker controls around data security and incident reporting.
- Segregation of duties – ensuring that developers don’t have access to live data.
- Data loss prevention – implementing controls to prevent the transmission of critical information, such as account numbers or social security numbers.
Another highlighted topic concerns practices surrounding outside business activities and private securities transactions – FINRA Rules 3270 and 3280, respectively. The report stated “that Firms implemented various tools to identify individuals involved in undeclared Outside Business Activities (OBAs) and Private Securities Transactions (PSTs), including monitoring correspondence, fund movements, marketing materials, employee online activities and customer complaints. This also included monitoring for evidence of involvement in OBAs or PSTs the firm had prohibited.”
The report went on to list several other findings, summarized here:
- Anti-Money Laundering – Firms were observed with inadequate procedures to detect and report suspicious activity, poor clarity around the assigned responsibility for monitoring, a lack of resources for AML monitoring and the failure to obtain independent testing of the AML program.
- Product Suitability – FINRA observed that some firms failed to meet their suitability obligations to customers, specifically with respect to selecting appropriate mutual fund share classes and by recommending complex products without a reasonable basis to believe that the product was suitable in light of the client’s risk tolerance and investment time horizon. Further, FINRA noted that some firms failed to provide adequate training with respect to suitability issues.
- Best Execution – FINRA expressed concern regarding the duty of best execution at firms that route or execute customer orders. FINRA found that some firms “failed to implement and conduct an adequate regular and rigorous review” of execution quality, including failing to compare execution quality against other competing markets.
- Other topics:
- Market access controls
- Alternative investments held in Individual Retirement Accounts
- Net capital and credit risk assessments
- Order capacity
- Regulation SHO
- TRACE reporting
A Few Takeaway Tips
These observations are consistent with areas where Ascendant has assisted clients over the past year. As a response to the report, we offer a few key takeaways:
- First, closely review the report with special emphasis on any topics that impact your business model and then revisit your firm’s written policies and procedures (“WSPs”) to ensure that concerns discussed in the report are being addressed.
- Next, review those WSP sections for any material gaps.
- Test to ensure that the policies are being adhered to. For example, if your WSPs call for supervisory or compliance oversight of sales practice exception reports that identify red flags, make sure the oversight is being completed adequately, including documentation of the reviews. That said, it’s always an interesting exercise to perform a word search of your WSPs for the terms “review, analysis, and report.” Often, the search results will highlight reviews and/or reports required by your WSPs that may have been long forgotten or overlooked, especially, if you firm utilizes an off-the-shelf manual that has not been fully tailored. Testing is a crucial step.
- Finally, take advantage of practices described in the report, as FINRA points out, “This report also describes certain practices that FINRA has observed to be effective in appropriate circumstances, which other firms may be able to use as a resource in tailoring their compliance and supervisory programs to their business.”
Cherish Your Regulatory Data
It’s clear to me that firms that have adopted a strategic approach in their response to regulation tend to view their regulatory data as an asset.
Firms with a strategic approach view regulation as a common thread impacting all of their peers market-wide, and so look for the opportunity in their response, as opposed to a threat that must be addressed. They are the firms that when faced with new compliance and regulatory changes, take a pause to assess the situation before jumping headlong into yet another tactical response.
With the right attitude, the outcomes improve. Firms that are able to infuse this positive mind-set across their business tend to avoid build-up of regulatory data silos. Silos are one of the biggest impediments to efficient regulatory response; for why place identical data points that can be used for multiple regulations in different locations? However, this requires a top-down strategic watchfulness that’s often hard to put into practice. More often we find firms that aspire to the strategic vision and as a result are able to minimize the number of silos to which they are exposed. These firms automatically seek to engage a vendor that has a unified approach to their regulatory data model, such that each new engagement is a delta to the previous one. Where they have siloed approaches, they seek to address these over time and realign previous tactical approaches back to their strategic vision. Progressively, they are overcoming the data silo snare.
However, once in decade, a rulebook comes along that defies a completely strategic approach – a good example here would be the arrival of the European Union’s MiFID II, which impacts investment managers and distribution firms globally. There are very few businesses that can claim to have a coordinated, consistent and strategic response to all of the various threads that make up MiFID II. The breadth of the directive and related regulation and the multitudinous areas of focus simply prevent a firm with typical resources being able to address it strategically. Similarly the number of vendors with an offering that addresses each of the typical MiFID II program streams can be counted on one hand.
But that’s not a reason to give up – aspirations count. If you approach MiFID II as a rag bag of unconnected demands that can be parceled away to disparate parts of your business, don’t be surprised when your response: 1. doesn’t work, 2. interferes with business continuity, and 3. costs more than you imagined. You should attempt to put coherence into your approach, even in an imperfect manner, and you’ll find it an easier pill to swallow and an endeavor that might already have overlap with lots of other rulebooks across your business, making life considerably easier for your staff and clients. Try it!