Compliance Solutions Strategies (CSS) is now part of Confluence
Titelbild

Blog Masonry Full Width

We're quite the bloggers
Juli 30, 2020

SEC’s New Committee Begins Review of Form CRS Filings

The SEC’s Divisional Standards of Conduct Implementation Committee launched its review of Form CRS from a cross section of RIAs and BDs to assess compliance with the content and format requirements. Initial observations from the Committee have identified examples of relationship summaries that may lack certain disclosures or could be clearer or otherwise improved. The Committee also indicated the summaries reviewed to date generally reflect effort by firms to meet the content and format requirements, and have identified good examples of simple, clear disclosures.

The inter-Divisional Standards of Conduct Implementation Committee was established when Form CRS was adopted and includes representatives from the SEC’s Division of Investment Management, Division of Trading and Markets, Division of Economic and Risk Analysis, and Office of Compliance Inspections and Examinations.
The Committee will share best practices and provide feedback on the filings and is planning to host a roundtable this fall to share additional thoughts following the review of the initial filings.

The Committee stated, “Particular firms may need to consider ways to improve their relationship summaries and determine whether any specific amendments, or broader change in their overall approach, would be appropriate.”

CSS has also been reviewing compliance with the requirements by reviewing a sampling of public filings, utilizing its tools to identify where refinements are needed, and deficiencies exist. We will be publishing our own observations soon.

The SEC encouraged firms to continue to review and refine their relationship summaries, and familiarize themselves with the specific requirements of Form CRS by reviewing the Instructions to Form CRS, the Form CRS Adopting Release, the Frequently Asked Questions on Form CRS, and the Small Entity Compliance Guide.

For more information on CSS’s Form CRS Automator and Reg BI compliance services, please contact us at: FormCRS@cssregtech.com.

Juli 14, 2020

Proposed Amendment to 13F – What This Really Means?

The SEC released a proposed amendment to Form 13F on July 10 to update the reporting threshold for institutional investment managers and make other targeted changes. The threshold has not been adjusted since the Commission adopted Form 13F over 40 years ago.

New Proposed Reporting Threshold:

The proposal would raise the reporting threshold to $3.5 billion from the current $100M threshold – which would reflect proportionally the same market value of U.S. equities that $100 million represented in 1975, when 13F was first adopted. The new threshold would retain disclosure of over 90% of the dollar value of the holdings data currently reported while eliminating the Form 13F filing requirement and its attendant costs for the nearly 90% of filers that are smaller managers. In addition, since the initial 13F thresholds were established in 1978, the Commission has added other data collection tools, including N-PORT.

Other Proposed Changes:

  • SEC would review threshold every five years and make recommendations, if any, to the Commission.
  • Eliminate option to not report “de minimis” positions. (i.e. both less than 10k shares and less than $200k value). All positions would be required to be listed.
  • Managers would also be required to report additional numerical identifiers to enhance the usability of the information provided on the form; and
  • amend the instructions relating to requests for confidential treatment of Form 13F information.

Substantial Reduction in Visibility – Disagreement among SEC Commissioners:

SEC Commissioner Allison Herren Lee issued a public statement voicing opposition when the proposed changes were announced. In her statement, Commissioner Lee noted that the change in reporting threshold would substantially reduce visibility into portfolios controlling $2.3 trillion in assets and eliminate access to information about discretionary accounts managed by more than 4,500 institutional investment managers.

Among the critiques, Commissioner Lee disputed the SEC’s ability to raise the threshold at all as a matter of law (a plain reading of the Rule enacted by Congress specifically permits the SEC to lower the threshold, but does not grant similar authority to raise it. see section 13(f)(1).)

Timeline:

The proposal will be published in the Federal Register, followed by a 60-day comment period. Possible to see a Final Rule before year-end, but not certain.

Adoption:

We expect to see a lower threshold than the proposed $3.5B, when a final Rule is adopted. Under the current proposal, 90% of filers (i.e. more than 4,500 institutional investment managers) would no longer be subject to reporting.

CSS will be monitoring public commentary as its posted during the 60-day comment period and will continue to update on likelihood of passage as this plays out. For more information or to speak with our regulatory experts, email us at: info@cssregtech.com

Juli 13, 2020

SEC Issues New Cyber Risk Alert to Financial Firms

Financial firms have a bigger target on their backs at the moment, according to a new risk alert issued July 10, 2020 by the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE).  This new risk alert on ransomware cautions investment advisers, broker-dealers, and investment companies that OCIE has recently observed a marked increase in cyberattacks targeting SEC registrants and the service providers to such registrants. The ransomware usually infiltrates firm networks through phishing, and OCIE highlights that through its coordination with federal, state, and local authorities investigating incidents, the level of sophistication of these recent cyberattacks has increased. The current risk alert follows on the heels of another ransomware risk alert issued by OCIE in 2017 when the WannaCry ransomware was causing widespread disruption to financial firms.

In particular, OCIE warns registrants about new variants of the Dridex ransomware currently being used by hackers, which was previously noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) at the end of June. This malware is dangerous because it has the ability to detect when users visit financial websites and install keyloggers and capture screenshots (which may include account numbers), in addition to the usual ransomware functionality of locking files to hold for ransom and deleting files.

One large registrant disclosed last week that it suffered a cybersecurity attack, a sign that these attacks aren’t just theoretical.

The good news for financial firms is that OCIE notes several practices to strengthen operational resiliency, including ways to enhance incident response plans and business continuity procedures, security awareness training programs such as conducting phishing testing for staff, and the importance of regular vulnerability scanning and network perimeter testing.

CSS is pleased to be at the forefront of helping clients manage their cybersecurity risks through services including phishing testing, security awareness training, vulnerability scanning, penetration testing, dark web monitoring for compromised credentials and drafting of incident response plans and BCPs. Please contact us at cybersecurity@cssregtech.com to inquire about how we can help make your firm stronger in protecting your data and that of your clients.

Juli 3, 2020

UPDATE: CTFC Issues No-action Letters for Temporary Relief in Response to COVID-19 Pandemic

In March, the CFTC issued several no-action letters aimed at providing temporary relief from certain recordkeeping, operations requirements, and some reporting deadlines. The CFTC announced in June that it would extend many of the no-action relief letters that were set to expire on June 30 due to COVID-19. The updates are highlighted in the summary table below.

In addition, the CFTC offers a coronavirus-focused webpage, cftc.gov/coronavirus, which includes eight of the nine No-Action letters as well as a Customer Advisory to raise awareness of potential scams during this turbulent time.

Finally, CFTC Chairman Heath Tarbert recently published an op-ed covering his thoughts on the pandemic and market volatility. It can be read by clicking here.

[table-wrap bordered=”true” striped=”true”]

Registrant Summary* Citation
DCMs and SEFs Relief from time-stamps if responsible personnel is absent. A recording of date/time is still required to be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-02
FCMs and IBs Relief from recording oral communications if personnel required to use recorded lines are absent from their normal business site. A written record of the communication, with date/time and other key information must be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-03
FCMs and IBs Relief from time-stamps if responsible personnel is absent. A recording of date/time is still required to be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-03
FCMs and IBs Relief of CCO Annual Report to the Commission no later than 30 days after the report was due, for any report due to the Commission prior to September 1, 2020. CFTC Letter No. 20-03
FBs Relief from recording oral communications if personnel required to use recorded lines are absent from their normal business site. A written record of the communication, with date/time and other key information must be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-04
FBs Relief from time-stamps if responsible personnel is absent. A recording of date/time is still required to be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-04
FBs Relief to FB from physical location provided by contract market if FB’s written BCP requires FB’s absence. Extended to Sept. 30, 2020 CFTC Letter No. 20-04
FBs Relief from Introducing Broker’s registration solely due to FB’s absence if FB’s written BCP requires FB’s absence. Extended to Sept. 30, 2020 CFTC Letter No. 20-04
RFEDs Relief from recording oral communications if personnel required to use recorded lines are absent from their normal business site. A written record of the communication, with date/time and other key information must be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-05
RFEDs Relief from time-stamps if responsible personnel is absent. A recording of date/time is still required to be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-05
SDs Relief from recording oral communications if personnel required to use recorded lines are absent from their normal business site. A written record of the communication, with date/time and other key information must be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-06
SDs Relief from time-stamps if responsible personnel is absent. A recording of date/time is still required to be maintained. Extended to Sept. 30, 2020 CFTC Letter No. 20-06
SDs Relief of CCO Annual Report to the Commission no later than 30 days after the report was due, for any report due to the Commission prior to September 1, 2020. CFTC Letter No. 20-06
SEFs Relief for the failure to comply with the following Commission regulations: 37.205(a)-(b), 37.400(b), 37.406, 37.1000(a)(1), and 37.1001 to the extent that non-compliance arises from the inability of SEFs to record voice communications as a result of the displacement of voice trading personnel from their normal business sites in connection with the COVID-19 pandemic response. 7 conditions accompany this relief in the letter. Extended to Sept. 30, 2020 CFTC Letter No. 20-07
SEFs or SEF CCOs Relief for a 60-day period for failure to submit an ACR pursuant to regulation 37.1501(f)(2), if ACR is due prior to September 1, 2020 and ACR is submitted no later than 120 days after the end of SEFs fiscal year. CFTC Letter No. 20-08
SEFs or SEF CCOs Relief for a 60-day period for filing 4th quarter financial reports pursuant to regulation 37.1306(d), due prior to September 1, 2020 and no later than 120 days after the SEF’s fiscal year. CFTC Letter No. 20-08
DCMs Relief from certain audit trail requirements pursuant to CEA sections 5(d)(4) and (10). 3 conditions accompany this relief in the letter. Further, relief is subject to self-regulatory functions and compensating controls should be implemented. Extended to Sept. 30, 2020 CFTC Letter No. 20-09
CPOs Relief for filing an annual report on form CPO-PQR pursuant to regulation 4.27 for Small or Mid-Sized CPOs; and,

Relief until July 15, 2020, for filing Q1 2020 report on form CPO-PQR pursuant to regulation 4.27 for Large CPOs. Extended to July 15, 2020

 CFTC Letter No. 20-11
CPOs Relief for 45 days after the due date for filing Pool annual reports with the NFA and distributing certified financial statements to pool participants, pursuant to regulations 4.7(b)(3) and 4.22(c), for reports due on or before April 30, 2020. Extended to July 15, 2020 CFTC Letter No. 20-11
CPOs Relief for 45 days after the end of the reporting period for distributing monthly or quarterly participant pool statements, pursuant to regulations 4.7(b)(2) or 4.22(b)(3), due on or before April 30, 2020. Extended to July 15, 2020 CFTC Letter No. 20-11
FB’s Relief from registration as an IB for 30.5 FBs to handle US Futures Market Orders, until September 30, 2020, subject to certain conditions being met as indicated in the letter. CFTC Letter No. 20-12
FCMs and IBs Relief to address net capital treatment of covered loans under the CARES Act until September 1, 2020. CFTC Letter No. 20-15
Principals and APs Relief for failure to submit a fingerprint card with Form 8-R until July 23, 2020 or within 30-days of the NFA’s announcement of its resumption of fingerprint processing. CFTC Letter No. 20-16
Various Extension of COVID-19 Letters set to expire June 30, 2020 extended to September 30, 2020. CFTC Letter No. 20-19

[/table-wrap]

*This summary is a quick highlight of the No-Action letters published related to COVID-19. Not all details are included in this summary. Please review the entire corresponding No-Action letters for complete additional details.

Juli 1, 2020

LIBOR No More: SEC Focuses on LIBOR Transition Preparedness

LIBOR, formerly the London Interbank Offered Rate, has been used extensively in the United States and globally as a “benchmark” or “reference rate” for various commercial and financial contracts, including corporate and municipal bonds and loans, floating rate mortgages, asset-backed securities, consumer loans, and interest rate swaps and other derivatives. With the discontinuation of LIBOR expected in 2021, the SEC has identified that it will have a significant impact on the financial markets and may present a material risk for SEC-registered investment advisers and broker-dealers.

On June 18, 2020, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a Risk Alert highlighting the risks associated with the discontinuation and transition away from LIBOR. OCIE identified registrant preparedness for the transition away from LIBOR as an examination program priority for FY 2020. As such, OCIE intends to engage with registrants through examinations to assess their preparations for the expected discontinuation of LIBOR and the transition to an alternative reference rate. OCIE will review whether and how advisers have evaluated the potential impact of the LIBOR transition on the organization’s: (i) business activities; (ii) operations; (iii) services; and (iv) customers, clients, and/or investors.

OCIE will be looking at the plans advisers have developed and steps taken to prepare for the LIBOR discontinuation, including the firm’s operational readiness, any enhancements or modifications to systems, controls, processes, and risk or valuation models associated with the transition to a new reference rate or benchmark. Additionally, OCIE will review how registrants will identify and address any potential conflicts of interest associated with the LIBOR discontinuation and the adoption of alternative reference rates.

In an effort to help empower compliance professionals with the tools they may need to assess their organization’s preparedness for the LIBOR discontinuation, OCIE provided a sample document request letter. Information they intend to review include the following:

  • Documentation or descriptions of any performance composites or performance advertising that use a benchmark that could potentially be affected by the LIBOR Transition and any remediation plans.
  • Written assessments, strategic plans (including remediation plans, as applicable), roadmaps, or timelines prepared by or for registrant regarding preparation for the LIBOR Transition, including the consideration of alternative reference rates.
  • Documentation of any risk management matrices or risk inventories of registrant that reference the LIBOR Transition, including a description of any LIBOR Transition-related vulnerabilities or exposure covered by the matrix or inventory.

Key take-away: If your organization has not already done so, begin the process of identifying existing business contracts that extend past 2021 to determine their exposure to LIBOR. Perform an assessment of the discontinuation of LIBOR and how it will impact your organization. The SEC has previously encouraged market participants to identify, evaluate, and mitigate other consequences the discontinuation of LIBOR may have on their business, such as on strategy, products, processes, and information systems. To speak to our regulatory experts, please email info@cssregtech.com.

Juni 25, 2020

Private Fund Risk Alert: Here is How Some Fared in Their Examinations; Will You Have the Same Deficiencies?

The Office of Compliance Inspections and Examinations (“OCIE”) released its expected Private Fund Risk Alert to highlight compliance issues observed in examinations of private equity and hedge fund registered investment advisers. The stated intention of the Risk Alert is to assist private equity and hedge fund advisers to effectively review and enhance their respective compliance programs. OCIE, in other words, provided the industry with OCIE’s expectations regarding the implementation of a compliance program to comply with applicable laws, rules, fiduciary duty to clients, and obligations to investors.

We already have seen a steady stream of private fund enforcement actions. We expect to see a continued stream of private fund examinations. Notably, this Risk Alert was for private equity and hedge fund registered advisers, but the guidance is useful to other private fund registered advisers as well, such as real estate fund managers, and also to non-registered private fund advisers and exempt reporting advisers (exempt reporting advisers technically are not registered advisers).  In short, are you ready for your OCIE examination?

The Risk Alert organized the compliance issues, also referred to as deficiencies, into three categories: (1) conflicts of interest, (2) fees and expenses, and (3) policies and procedures relating to material non-public information (“MNPI”).  OCIE reported that many of the deficiencies resulted in, or as OCIE put it, “may have caused” investors in the private funds to pay more in fees and expenses “than they should have” or resulted in investors not being informed of relevant conflicts of interest. Read between the lines here: you can have a compliance failure that results in a deficiency letter, or even an enforcement action, in situations where there is no proof of actual investor financial harm.

Here is a Risk Alert summary in brief, organized in parallel to OCIE’s categories and followed by a few tips:

Conflicts of Interest: OCIE reported that the following conflicts often appear inadequately disclosed, eliminated, mitigated, and/or managed, in violation, OCIE said, of Section 206 of the Investment Advisers Act of 1940 (“Advisers Act”) and/or Rule 206(4)-8 thereunder.[1] These conflicts and, primarily their lack of disclosure, relate to:

  • allocations of investments (e.g., preferential treatment, inconsistent implementation)
  • multiple clients investing in the same portfolio company (e.g., clients investing at different levels of a capital structure)
  • financial relationships between investors or clients and the adviser (e.g., economic relationships, seed investors, other select investors)
  • preferential liquidity rights (e.g., side letters that could harm other investors if exercised)
  • private fund adviser interests in recommended investments (e.g., pre-existing ownership interests, referral fees)
  • co-investments (e.g., failing to follow disclosed opportunity allocation processes)
  • service providers (e.g., agreements with commonly controlled entities)
  • fund restructurings (e.g., discounted pricing, investor options, economic benefits to the adviser)
  • cross-transactions (e.g., disadvantaged pricing).

Fees and Expenses: OCIE reported that the following fee and expense issues also often appear as violations of Section 206 or Rule 206(4)-8:

  • allocation of fees and expenses (charging in a manner inconsistent with fund documentation and causing some investors to overpay)
  • operating partners (misleading investors as to who bears their costs)
  • valuation (inappropriately overvalued holdings or not in accordance with expected processes)
  • monitoring/board/deal fees and fee offsets (compensation to affiliates that caused investors to overpay management fees and accelerated fees)

MNPI/Code of Ethics: OCIE reported that the following issues appear to be deficiencies under Advisers Act Section 204A or the Code of Ethics Rule, Rule 204A-1:[2]

  • Section 204A. Advisers did not adequately address risks stemming from:
    • employees interacting with “insiders” of publicly traded companies, outside consultants arranged by expert network firms, and/or “value add investors” (such as corporate executives or financial professional investors) in order to asses whether MNPI “could have been exchanged” (emphasis added)*
    • employees who “could” obtain MNPI through their ability to access office space or systems of the adviser or adviser affiliates that had MNPI (emphasis added)*
    • employees who periodically had access to MNPI about issuers of public securities, for example, in connection with a private investment in public equity.

*Note that OCIE found deficiencies even where it was not clear whether MNPI actually was exchanged or obtained.

  • Code of Ethics Rule. Overall, advisers failed to establish, maintain, and enforce Code of Ethics provisions reasonably designed to prevent “the misuse of MNPI.” This included, failing to:
    • enforce Restricted Lists
    • have defined policies and procedures for adding and removing securities to and from the Restricted List
    • enforce requirements on gifts and entertainments
    • correctly identify individuals as “access persons” (an important term in particular regarding who must submit holding and quarterly transaction reports)
    • require access person to correctly and timely submit holdings and transactions reports, including for preclearance

So, there is a plethora of information to digest, even if the concerns are not new to you. Compliance, to the regulators, is not just about having a successful fund or happy, non-complaining investors.  Regulators want your processes correct, not just the end result.

Here are some additional takeaways:

  • Compliance teams are better served when they document, document, document—this is to get credit where credit is due.
  • Sound “Risk Management” means having effective policies and procedures, which means they must be in writing, tailored, reviewed, tested, implemented, monitored, followed, and so on.
  • Advisers must have written policies and procedures on material non-public information, even where the risk of actual insider trading could be considered low, and even where the adviser itself does not trade in public securities. Investment decision-making and rationales should be well-documented; prove the negative, that you did not need or use any material non-public information.
  • Conflicts of interest mapping needs have evolved. We have always understood that the SEC expects certain core documents to be in place, namely, the Code of Ethics, Compliance Manual, and Risk Inventory. In today’s environment, that may not always be sufficient. Some advisers may need another core document: the Conflicts of Interest Chart.
  • COVID-19 will amplify the use and concerns on some of the identified topics, for example, on expense sharing, fund restructurings, preferential liquidity rights, cross-transactions, and valuation.

We would like to help you develop and enhance your Compliance Program. Utilize our expertise and industry awareness. Contact us at info@cssregtech.com to review your policies and procedures, provide you with Mock SEC Exam Services, or for any number of compliance services and products. This Risk Alert validates to management teams of private fund advisers that compliance is integral to the business—even when all the investors are sophisticated, accredited, institutional, and/or qualified.

[1] Advisers Act Section 206 prohibits investment advisers from employing any device, scheme, or artifice to defraud any client or prospective client, and from engaging in any transaction, practice, or course of business which operates as a fraud or deceit upon any client or prospective client. Rule 206(4)-8 prohibits investment advisers to pooled investment vehicles from (a) making to investors and/or prospective investors any untrue statement of a material fact or omitting to state a material fact necessary to make the statements made not misleading and/or (b) otherwise engaging in any act, practice, or course of business that is fraudulent, deceptive, or manipulative with respect to any investor or prospective investor.  Note that both the Section and the Rule apply to all advisers, whether or not the advisers are registered or required to be registered.

[2] Advisers Act Section 204A requires that investment advisers establish, maintain, and enforce written policies and procedures to prevent the misuse of MNPI. (Note that even exempt reporting advisers must have policies and procedures to prevent the misuse of MNPI.) The Code of Ethics Rule, which in fact only expressly applies to registered advisers and those required to be registered (although other advisers might do well to consider similar protocols) sets forth minimum requirements for a Code of Ethics or similar document that prescribes standards of behavior for employees as well as reporting of the personal holdings and trading of certain employees known as “access persons.”