MiFIR Final Report Analysis
On 30 March 2021, ESMA published the final report on the back of the consultation paper from 24 September regarding MiFIR transaction reporting and reference data reporting. While some of the suggestions from the consultation were cut out from the final report, there are still many proposed changes worth taking note of as they are quite significant.
The final report is of special interest to asset management companies where ESMA now proposes an extension to the reporting requirements under MiFIR article 26 to include AIFM/UCITS management companies providing MiFID services. This will level the playing field with the investment firms that have already been reporting since 2017.
There is no doubt this will provide challenges for the buy-side due to data management issues and the increased regulatory burden that on-boarding another EU transaction reporting regime will require.
One thing that is clear is that ESMA is taking a strategic approach to consolidate the reporting regimes as much as possible. The final report contains alignment with different aspects of EMIR, MAR and the benchmark regulation, finding common ways of reporting where possible. One specific provision that ESMA foresees is the use of the issuer LEI for reference data purposes. While some aspects of the proposed adjustments – such as the use of UTI – were ruled out, there are still multiple aspects where ESMA clearly sees a benefit of adopting similar standards and aligning the regulations.
Another important suggestion relates to including the SI approach to OTC derivatives trading. This would deem Systematic Internaliser (SI) traded OTC derivatives in scope for transaction reporting as well as reference data reporting. This would of course mean a slightly bigger reporting burden for the sell-side, and also that more instruments are in scope for reporting, as the uToTV concept will also still be in play. In essence, any transaction executed through an SI would need to be reported by both the SI and the counterparty (also when it relates to instruments that are not traded on a trading venue) broadening the scope of MiFIRa. While the volumes will increase as a result, some intricate checks of the OTC derivative can surely be abolished by the investment firms, hopefully making the in/out of scope assessment simpler.
Some more data-specific amendments that ESMA has suggested include removing the short sale indicator, but also the inclusion of three new data points:
- An indicator for buy-back programs
- information on MiFID client categories
- A specific provision around transactions pertaining to aggregated orders resulting in the execution of a transaction
Now the ball is in the hands of the European Commission to adopt these proposals and feed them into any review of the transaction reporting regime in MiFIR. The expectation is that the Commission will fully adopt the legislative proposals.
The full report can be found here: https://www.esma.europa.eu/sites/default/files/library/esma74-362-1013_final_report_mifir_review_-_data_reporting.pdf
For more information on the proposed updates to the regulations or on global transaction reporting, please contact us at info@cssregtech.com.
Public Pension Fund Independent Compliance Reviews
Many state and local government pension funds use third-party investment advisers to manage assets within their pension plans. Pension fund managers are drawn to engaging professional advisers to provide expertise to a range of investment strategies and asset classes. The strategies offered by investment advisers provide pension fund managers opportunities to diversify their funds’ investments and achieve various performance targets. In fact, it has become increasingly common for pension funds to invest in alternative investments, such as hedge, real estate and private equity funds, in addition to traditional asset classes and strategies.
Pension fund managers have an extensive due diligence process to screen potential investment advisers for their programs. Today, such due diligence goes beyond examining an investment adviser’s investment process, research and execution capabilities. The due diligence process also includes evaluating an investment adviser’s operational and compliance excellence and cybersecurity controls.
Investment advisers managing assets for a pension plan are expected to have a robust compliance program in place. In addition to requiring the adviser to evaluate the effectiveness of its compliance program as required by Rule 206(4)-7 under the Investment Advisers Act of 1940, pension fund managers often have additional diligence requirements. Some pension funds engage consultants to conduct due diligence over an adviser’s activities, including compliance. Other fund managers, such as the New York City pension plans, require investment advisers to obtain an independent compliance review every three years.
An independent compliance review entails a compliance consultant or similar group conducting a due diligence review of the investment adviser’s compliance program. This review generally consists of reviewing policies and procedures, assessing the adviser’s annual compliance review process, and conducting interviews with adviser staff.
CSS Compliance Services professionals have a wealth of industry experience that makes us uniquely qualified to conduct an independent compliance review and assist your firm with fulfilling its contractual obligations to your pension fund clients. Our experience includes, among other things, building and leading due diligence teams for manager-of-manager advisers that advised pension plans and serving as Chief Compliance Officers to advisers managing pension assets. We have sat on both sides of the table with respect to due diligence reviews; on the one side, conducting reviews, and on the other side, responding to due diligence inquiries. When serving as an investment adviser to a government pension plan, have CSS conduct an independent compliance review designed to meet the requirements of any government pension plan. Learn more about our Pension Adviser Independent Review (“PAIR”) services at info@cssregtech.com.
SEC Releases 2021 Examination Priorities
On March 3, 2021, the SEC’s Division of Examinations (“Division”) released their examination priorities (“Release”) for 2021. The Release represents the ninth year of the Division publishing their priorities. In the Release’s introduction, the Division leadership notes that investment advisers and market participants effectively delivered services as designed and adapted to remote work in the face of challenges presented during the COVID-19 pandemic. In fiscal year 2020, the Division conducted 2,952 examinations, issued over 2,000 deficiency letters and referred over 130 cases to the Division of Enforcement.
This post focuses on the general examination priorities contained in the Release. My colleague EJ Yerzak addresses the cybersecurity related priorities in a separate post.
Protection of Retail Investors
As in prior years, the Division prioritizes the protection of retail investors, including seniors, teachers, military personnel and those saving for retirement. Examinations will focus on how RIAs and broker-dealers meet their respective standards of conduct. Examinations of RIAs will assess, among other things, whether an RIA provides advice, including with respect to account and program types, that is in the best interest of its clients. For a broker-dealer, examinations will consider a firm’s compliance with Reg BI, including the effectiveness of written supervisory procedures. In December 2020, the Division issued a release outlining its examination focus with respect to Reg BI. The Division will also assess a firm’s compliance with Form CRS. In examinations of Form CRS filings during 2020, the Division noted that some filings lacked readability, contained inadequate disclosure of disciplinary requirements and even identified hundreds of firms that failed to timely file a Form CRS.
Examinations of RIAs and broker-dealers will focus on key themes related to protecting retail investors, including sales practices and the adequacy of disclosures. In considering sales practices, examinations will focus on the appropriateness of recommendations including the selection of account types, conversions and rollovers, and products, especially higher risk products such as structured products, leveraged/inverse ETFs, private placements and microcap securities.
The importance of disclosure is stressed throughout entire Release. Examinations will focus on the adequacy of disclosures with respect to conflicts of interest, including fees, expenses, revenue sharing, compensation for execution, fees related to turnkey asset management providers (“TAMPs”). In addition, the adequacy of disclosure regarding product risks, including disclosures related to new or enhanced risks resulting from the pandemic, such as increased risks of municipal securities in light of pandemic impacts upon such issuers.
Financial Technology, Innovation and Digital Assets
The Division will prioritize examinations of new technology providers, including Robo-Advisers, automatic asset allocation and fractional share purchases. Examinations will focus on whether firms are operating consistently with their representations and handling customer orders in accordance with customer instructions. In light of the run in certain securities in January 2021 and the market stresses created, this issue is timely for the SEC and likely to draw extensive scrutiny. A new priority this year is examining controls around alternative data, including compliance around the creation, receipt and use of such data.
With respect to recommendations or advice with respect to digital assets, examinations will focus on acting in the client’s best interest, portfolio management and trading practices, safety of client funds and assets, pricing and valuation, effectiveness of compliance programs and controls and supervision of a representatives outside business activities.
Environmental, Social and Governance (“ESG”) Factors
With the rise in client demand for ESG sensitive products, examinations will focus on how firms promote the use of ESG factors in the management of client portfolios. Specifically, examinations will consider the consistency and adequacy of disclosures, reviewing to determine that practices match the disclosures, including reviewing advertising for false or misleading statements and considering whether proxy voting is aligned with ESG strategies.
Other Themes
Anti-Money Laundering (“AML”) Programs. Examinations of broker-dealer and mutual fund AML programs will consider whether programs are tailored to the Firm, the effectiveness of policies and procedures, customer due diligence and robust and timely independent testing.
LIBOR Transition. With the pending discontinuation of LIBOR as a reference rate, Firms should consider their exposure to LIBOR, preparations to transition a new reference rate and client disclosures.
Compliance Programs. Examinations will consider the strength of a RIA’s compliance program, including account selection, portfolio management practices, custody, best execution, business continuity and valuation. In addition, examinations will evaluate a firm’s compliance culture, tone at the top and the sufficiency of compliance resources.
Mutual Funds and ETFs. Examinations of mutual funds and ETFs will review the adequacy of disclosures, valuation, filings, personal trading, liquidity, security lending and money market fund stress testing and board oversight.
Private Fund Advisers. Private fund examinations will consider preferential treatment of clients in funds with liquidity issues, including the use of gates and suspensions of withdrawals. In addition, fees and expenses, funds with high concentration of structured products and the impact of economic conditions on private fund portfolio companies will be high priorities.
Conclusion
As in prior years, the Division of Examinations has set forth an aggressive agenda and stays attuned to key market risks.
What is the First Document SEC Examiners Read? Form CRS
Peter Driscoll, Director of the SEC’s Division of Examinations, told attendees at the Investment Adviser Association meeting March 4, 2021 that Form CRS is a priority for SEC examiners. Mr. Driscoll stated, “We identified hundred of firms that did not file Form CRS that we thought should have. A large number of those we contacted did not respond to us.” The Division is planning to open exams for the “hundreds” of firms who haven’t filed Form CRS and those that didn’t respond to SEC inquiries about the filing.
Mr. Driscoll, talking about the importance of Form CRS, said it is the first document examiners read, himself included. Then examiners “dig into Form ADV.”
Advisers and broker-dealers should take action regarding the heads up on what’s coming in their next exam by reviewing the accuracy of their firm’s Form CRS and tracking closely against the instructions and Form CRS FAQs.
We have an innovative technology tool that does just that—tracks to dozens of responses on a firm’s Form ADV or BrokerCheck as well as each requirement of the instructions and the FAQs. “There is no easier way to track the accuracy,” said Keith Marks, Executive Director of CSS. “Plan now for your Form ADV annual updating amendment and material changes to Form CRS.”
For more information on Form CRS or help preparing for an exam, email us at FormCRS@cssregtech.com.
SEC Expects Updated Cybersecurity / BCP Policies: Takeaways from the SEC’s 2021 Exam Priorities
The Securities and Exchange Commission has released its 2021 Examination Priorities a little later this year than in years past, but investment advisers shouldn’t waste any time in tackling the hot button issues that will inform the agency’s exams this year for cybersecurity. After a year that saw many firms switch to remote work environments and upend their communications systems and ways of doing business, the regulator made it clear that it expects registrants to have documented the changes they made and adjusted their risk management practices accordingly.
Highlights of the 2021 Exam Priorities in the areas of cybersecurity include:
- A continued focus on the compliance and operational challenges around supervision of remote staff
- Information security and operational resiliency remain a priority. The SEC states that the pandemic has exacerbated the risks of endpoint security, data loss, remote access, communications systems, and vendor oversight. The exam staff plans to assess whether firms have implemented reasonable controls around intrusion detection, vendor due diligence and oversight, (3) phishing, (4) incident response, and (5) risks associated with remote workforces using cloud-based and mobile applications to store client data.
- Anti-money laundering
- ESG themes, which permeate the priorities list throughout. In terms of cyber and IT risk, the regulator plans to examine whether firms’ business continuity plans are updated to reflect reasonably foreseeable risks due to climate change
- A focus on material impacts to portfolio companies owned by private funds
Action Items
While some firms have thoughtfully documented changes in their programs over the past year, CSS recommends that every advisory firm take a close look at whether they have incorporated the following specific recommendations into their compliance and cybersecurity programs:
- Update the Compliance Manual, Information Security Policy, and/or Business Continuity Plan to note any new communications tools used by the firm. This may include new videoconferencing and collaboration tools such as Zoom or Microsoft Teams. If you are using these systems now and didn’t use them previously, then your policies and procedures might be out of date.
- Confirm that you conducted due diligence on any new vendors used during the prior year, and refresh your due diligence on all vendors in light of increased cyber incidents. For example, the Solarwinds Orion hack may have impacts to some of the third parties your firm uses. It is a good opportunity to add a few questions to this year’s due diligence to ask your vendors about any exposure to the Solarwinds incident.
- If any exceptions to existing Information Security Policies were made during the past year as an accommodation to staff working remotely, make sure that those exceptions have been adequately documented. (For example, if your firm was unable to keep laptops patched because staff were working from home, then you may have allowed an exception to your firm’s patching policy.) It is a best practice in information security that a formal Exceptions Policy govern the approval of any exceptions. Approvals, such as to allow staff to use personally owned computers for business purposes or to lengthen the time between password changes, should be specifically documented with an approval date and an expiration date for the exception. After all, exceptions are meant to be temporary. If a need for an exception continues to exist, the firm should re-confirm and extend the date for the exception. Exceptions lasting longer than one year may be indicative that the policy itself needs to be revised, rather than having the exception persist.
- Storage of confidential information in hard copy at personal residences can pose a privacy issue. Periodically assess whether staff are securely handling confidential information and remind them of the importance of safeguarding information through compliance attestations and/or security awareness training.
- Cyber professionals have warned that phishing attacks have increased considerably over the past year and that ransomware continues to evolve (see the SEC’s Cybersecurity Ransomware Alert and Credential Compromise Risk Alert) Consider retaining a vendor to manage phishing testing and to conduct ongoing monitoring of compromised passwords on the dark web for your staff.
- ESG informs a big part of SEC’s efforts this year and that extends to BCP. While many BCP’s likely already mention that they are designed to cover risks of business disruption due to significant weather events, the SEC’s focus on ESG presents an opportunity to revisit your BCP and confirm what risks it is designed to address. CSS recommends adding a very specific mention of the risk of significant weather events caused by climate change and environmental factors. In addition, if you have not done so already, add pandemics and other significant health events as reasonably foreseeable risks to the BCP. Take the opportunity to review your Form ADV disclosure as well, particular Part 2A Item 8, and whether it makes sense for your firm to discuss ESG and pandemics as material risks.
- For private fund advisers, impacts to portfolio companies are a focus of the SEC. This means that private fund advisers should be conducting assessments of their portfolio companies’ risks. In addition to operational risks stemming from COVID-related economic issues such as office and factory closures, cybersecurity risks can have a significant impact on a portfolio company’s valuation and in turn impact fund valuation. CSS can assist private fund advisers in conducting cybersecurity assessments of portfolio companies.
For more information on CSS’s Cybersecurity Services or to speak with a cybersecurity expert, please email: cybersecurity@cssregtech.com
New Marketing Rule Effective May 4, 2021
On March 5, 2021, the new Marketing Rule for SEC registered RIAs was published in the Federal Register. The effective date for the rule is now set as May 4, 2021, and the required compliance date is November 4, 2022.
The race is on as RIAs need to revamp their approaches to social media and take advantage of the new rules for paid and unpaid testimonials and endorsements. But the hurdles along the way are formidable, and in this compliance contest, you cannot take the hurdles just one at a time. Are you ready for marketing reviews?
- Work through the 430-page, 1075 footnote final release
- Expect guidance from the SEC on the status of no action letters and more guidance on other tough questions also
- Remove major sections of existing policy and substitute replacement policies
- Work through the concepts of adoption and entanglement that will be important to revamping content marketing approaches, including on social media
- Meet with and educate management
- Meet with and educate marketing/IR
- Meet with and educate marketing submitters from across the business
- Create new agreements and disclosures for paid testimonials and endorsements from current solicitors, as applicable
- Identify related performance, extracted performance and hypothetical performance, including target performance and predecessor performance
- Review all marketing materials per new general prohibitions
RIAs have a long window in which to comply with the new Marketing Rule if business does not push to move faster…a big IF. More than likely businesses will start asking when they can be in compliance. Have your thoughtful answer ready. For more guidance on the Marketing Rule, contact our regulatory experts: info@cssregtech.com.