Regulation Best Interest, Cybersecurity Top Concerns at IAA 2019 Compliance Conference
The Investment Adviser Association (IAA) represents the interests of investment advisers in Washington D.C., and the IAA Investment Adviser Compliance Conference 2019 was a forum for the discussion of future potential rulemaking. Cybersecurity and Fiduciary Rule considerations were headline topics, with custody and marketing right behind. The following is a summary of key issues discussed during the two-day event:
The Fiduciary Rule: Regulation Best Interest (BI)
During a fireside chat that formally kicked off the event, SEC Commissioner Robert Jackson, Jr. expressed that Regulation BI is designed to make clear throughout the industry that financial service providers must place the interests of investors above their own interests. He further noted that the “cost of conflicted advice is high” and that we need more evidence on the subject. Although he voted to move the rule proposal ahead, Commissioner Jackson does not support the current proposal as final because the SEC’s “economic analysis was not a serious attempt” to evaluate the effects of the rule.
Cybersecurity and Privacy
Cybersecurity remains a complex and evolving issue in the advisory world, with Commissioner Jackson expressing a belief that cyber crime is a “war against our lifestyles.” Conference attendees agreed in a poll, ranking cybersecurity as the greatest compliance challenge for 2019. Commissioner Jackson noted that he believes that public companies need a bright-line rule regarding when to report cyber breaches in 8-K’s.
In a private equity session, panelists agreed that cyber reviews should be a standard part of the due diligence of portfolio companies. It is crucial for PE firms to determine evaluation strategies for portfolio companies as well as how active they need to be to establish privacy and security programs both at the beginning and throughout the relationship. Commissioner Jackson offered reassurance that the SEC does not punish firms trying to do the right thing. OCIE Chief Counsel Daniel Kahl also indicated that the industry could expect future risk alerts pertaining to Regulation S-P and regulation S-ID, but Sharanya Mitchell, Senior Global Regulatory Counsel and Chief Privacy Officer of Cohen & Steers Capital Management, does not believe new federal legislation will happen in this area before the adoption of the California Consumer Protection Act.
Custody
Division of Investment management Director Dalia Blass stated that the SEC is “reviewing the Custody Rule holistically” and looks forward to more industry input. This echoes back to her 2018 appearance at the same conference, where she acknowledged “there are so many big questions in the custody space.”
Marketing
Director Blass also reiterated that marketing is on the Commission’s short-term agenda, as we had learned in SEC Chair Jay Clayton’s year-end Reg Flex update. She indicated that the staff anticipates presenting the Commission with recommendations in the near future. The rule adopted in the early 1960s predated the internet, and the “current regime does not sync well with the current real-world environment.”
“When I go to Amazon I review ratings by others,” she added, saying that the prohibition on testimonials presents challenges and is “not in line with how folks currently live their lives.”
Overall, there was not a lot of detail about what the rules will say but in totality, it represents a forewarning that compliance will have more changes ahead.
Ascendant/CSS offers a broad service program designed to ensure strong cyber practices at portfolio companies, including our powerful cybersecurity solution, Shield. Additional solutions include our trading surveillance and compliance software, Sentry; and our regulatory reporting and filing platform, Consensus, which handles filings including Form PF, Form ADV, Form N-Port, and more. Contact us to learn more.
A Year On: Transaction cost reporting under PRIIPS and MiFID II
In the runup to 1 January 2018, financial firms the world over rushed to select service providers for the various tools required to comply with PRIIPS and MiFID II. Decisions were not necessarily made with validation that the products, vendors or data sources they had selected were indeed best-suited to the firm’s needs, but rather with the goal of ensuring that the selected solution allowed the firm to “check the boxes” related to the RTS.
A year on, firms are rethinking some of those decisions. While many of their selections will be fine for the time being, others turned out to be underwhelming, if not altogether vaporware. Still others were Band-Aid decisions that were suitable for the immediate need, but not the long term. Transaction cost calculations are proving to be a notably affected area, with a surprising number of clients rethinking their product selection, particularly as costs and charges transparency and regulatory audits make headlines.
Cybersecurity Drives SEC to Modify Timing of Form N-PORT Filings
The SEC announced on Wednesday, Feb. 27 that it approved an interim final rule amending the timing requirements for filing Form N-PORT. Reports will now be prepared monthly but submitted to the SEC quarterly. In addition, the deadline to submit the reports has been changed from 30 days to 60 days. In a release announcing the change, the SEC said the adjustments would reduce cybersecurity risk.
This is a significant change for filers and comes just before Larger Fund Groups (fund groups with net assets of $1 billion or more as of the most recent fiscal year-end) were to begin reporting on EDGAR.
At a glance:
- 30 days after the end of each month, funds must maintain in their records the information required in Form N-PORT. The information must be made available to the SEC upon request.
- 60 days after the end of each fiscal quarter, funds file all three monthly N-PORT reports on EDGAR
- As before, the reports for the third month of each quarter (the “quarter-end report”) will become publicly available upon filing
- As before, the reports for the first and second months of the quarter will remain non-public
- As before, the first six months of reports (i.e., reports for quarters ending March 31, 2019-August 31, 2019) will be kept non-public to allow the funds and the SEC to adjust technical specifications and data validation processes
Compliance dates
- Larger Fund Groups that have been complying with Form N-PORT reporting requirements since June 1, 2018 will continue to maintain information in their records until the new EDGAR reporting date, which takes effect on April 1, 2019.
- Smaller Fund Groups have an N-PORT compliance date of June 1, 2019. The compliance date for filing reports on EDGAR is April 1, 2020.
First report for Larger Fund Groups
- Larger Fund Groups have been complying with Form N-PORT requirements since June 1, 2018 by maintaining the information in their records. They have not been required to maintain this information in XML.
- Because Larger Fund Groups with fiscal quarters ending in March or April might not be prepared to file all three months of reports at quarter-end (because the information is not already in XML):
- Larger Fund Groups with March quarter-end are exempt from reporting for January and February data
- Larger Fund Groups with April quarter-end are exempt from reporting February data
First N-PORT reporting dates for Larger Fund Groups:
Fiscal Quarter-End |
First N-PORT report filed on EDGAR by |
Report data for |
| March 31, 2019 | May 30, 2019 | March 2019 |
| April 30, 2019 | July 1, 2019 (because June 29 is a Saturday) | March, April 2019 |
| May 31, 2019 | July 30, 2019 | March, April, May 2019 |
The rule amendment reflects the Commission’s awareness of the sensitivity of the data that it collects as well as the associated cybersecurity risks. With this change, the SEC will collect the same volume of data but reduce potential cybersecurity risks that arise from maintaining sensitive, non-public data on EDGAR. That the SEC can access the monthly data maintained in a fund’s records is key to this compromise.
For more on our Form N-PORT filing solution Consensus, click here.
For more information on our compliance services, cliquez ici.
Why Attend Ascendant CSS Compliance Conferences? So Many Reasons
Consider joining us in Miami from April 15-17 to examine the implications of new and evolving regulations and technologies, explore innovative ways to look at foundational compliance topics, and deconstruct developing rules and initiatives. There are so many reasons to join us. Have a look!
https://youtu.be/UWA6nmWtos4
Need More Information?
Overview | Agenda | Speakers | Travel & Accommodations | Registration
Shareholder Monitoring and Disclosures: Keeping One Step Ahead of the Front Office
Fresh from our London conference “Looking at the Year Ahead – Global Compliance and Data Priorities” – a rousing success! – we’ll cover takeaways from a key panel discussion on shareholder monitoring and disclosures.
Two of the best in the business were in the house (or should we say “in the brewery,” an amazing London venue that dates back to 1750): Darren Fox, Partner at Simmons & Simmons, and my colleague Mike Marmo, Product Manager at CSS. Together, they paired as a complementary set of experts from the legal and data sides, respectively. So let’s explore the areas they covered, and here we’ll also reveal what they saw as the top pain points – as well as some unexpected ones – faced by asset managers.
JOIN US: Sign up for our upcoming Roundtables on Global Threshold Monitoring in Amsterdam, Dublin or London. Click for more info!
For the uninitiated, we can quickly define the topic discussed: Shareholder filing obligations are imposed by local regulators when reaching certain ownership percentages in issuers (often starting as low as 1-3 percent) or short positions in issuers (as low as 0.01%) based in those local jurisdictions. Additional filing requirements often apply if the issuer is involved in a takeover bid, does business in a certain protected industry, or chooses to impose its own additional filing thresholds.
Shareholder disclosure affects most or virtually all of the asset management industry, as a big show of hands in the room confirmed. The biggest challenge? The attendees from the industry were more split on this point, but a top concern was keeping up with the various local regulations across the world. The point was addressed with invaluable detail from Darren Fox who, among his several roles at Simmons & Simmons, heads up Navigator, the global law firm’s regulatory database of shareholder disclosure rules. He stressed that investment managers, which are among his clients that may trade in securities across several dozen jurisdictions at any one time, are served well by (1) closely monitoring regulatory news developments around the world, and (2) engaging a partner – be it a compliance consultant, a platform for monitoring holdings, a law firm or otherwise – with global experience and expertise in shareholder disclosure matters.
Top pain point: Aggregation of holdings across affiliates
Surprise pain point: Position limits (maximum number of contracts you can hold in certain categories of derivative products)
Having the right reporting data was another major concern expressed. This was confirmed by Mike Marmo, whose experience as product head of CSS shareholder reporting platform Signal brought several thorny issues to light. These include identifying the relevant issuers (especially where dual- or cross-listed) and calculating holdings (with derivatives and delta calculations complicating matters). He added that properly sourcing third-party reference data – be it takeover panel lists published by regulators, registries maintained by ESMA or other databases – is a key to conquering the challenge.
Top pain point: Issuer shares outstanding data
Surprise pain point: ETF/index holdings
The discussion shifted back to Darren for yet another challenge: how to submit the filings once your holdings have reached a threshold in a particular issuer. While having to adhere to tight filing deadlines (as little as one day in some cases), a shareholder’s tasks such as navigating submission portals and handling local language requirements are common sources of frustration. As Darren and others noted, such obstacles can cause unexpected delays in filing, and therefore should be squarely addressed by investment managers well before reaching a filing threshold.
Top pain point: Which party notifies? Fund, manager, parent, appointee, etc.
Surprise pain point: Accurately transferring your data to the disclosure form
Thanks for reading. To learn more about our position limit monitoring and shareholding disclosure solution, visit our Signal page, and for more in-depth information on the topic consider joining us for our next compliance conference, held in Miami from April 15-17!
[post_cta header=”What can Signal do for you?” intro=”Read our Shareholding Disclosure case study” button=”Download” button_link=”#casestudy–signal” button_link_type=”modal”]
[post_cta header=”Sign up to our mailing list to have the latest regulatory updates delivered directly to your inbox.” button=”Submit” button_link=”#newsletter–signal” button_link_type=”modal” xclass=”cstrat-product__cta–alt”]
The Challenges of Building a Global Compliance Program
Compliance programs face challenges in balancing global requirements with local exceptions while incorporating the fast pace of regulatory change, addressing critical business needs and obtaining the necessary resources necessary to manage the program. Trends and thinking on the subject were center stage at the recent CSS London event “Looking at the Year Ahead – Global Compliance and Data Priorities.”
Innovative technology and support solutions are key to success, according to the panel comprised of John Walsh of Eversheds Sutherland LLP, and Keith Marks and Jackie Hallihan of CSS. The trio set the stage with context around the origin of the standards leading to the evolution of the compliance program and evolving role of the Chief Compliance officer.
The program emphasized the “Culture of Compliance,” and identified the many building blocks comprising the compliance program, including ownership participation, validation of functions, administration of the program, and quality of the execution.
Cited as keys of a compliance program were the following elements:
- Written policies and procedures (compliance manuals)
- Ongoing evaluation of a program through dynamic annual and periodic reviews
- Risk assessments
- Enterprise risk management
- Training employees and supervised persons
- Big data analysis
The panel agreed that solid compliance training, which is dynamic and evergreen, is fundamental to preventing violations of rules and regulations and critical to strengthening a compliance program. Throughout the day, several of the event panels touched on the critical need for investment management and financial services firms to conduct forensic data analytics of trading data.
In a discussion of the global vs. local regulatory challenges facing the industry, the panel stressed the need to articulate and apply consistent standards of conduct and compliance processes across all operations, and to implement local differences. John Walsh stressed the importance of maintaining a global framework, subject to local exceptions.
Additional challenges discussed included practical ways to foster a positive ethical tone at all levels of the organization, managing and mitigating third-party risk, and technology solutions for staying current with regulatory and enforcement trends around the globe.
To adequately and effectively design policies and procedures to detect and prevent violations of laws and regulations, panelists agreed on the importance of regular compliance and business reviews, as well as maintaining availability to employees, and to remain understandable to employees.
Other key topics included the evolution of due diligence in a compliance program, including background checks pursuant to local law, due diligence of critical third-party vendors, and privacy and cybersecurity assessments.
The important and sensitive role of surveillance was debated by the panel. Keith Marks remarked how analytics and predictive intelligence applies to conduct and culture, and John Walsh highlighted challenges and opportunities from emerging technologies. Hallihan, passionate about dynamic training tools and workflow technology, cites the need for firms to embrace emerging technology tools that ease the burden and facilitate a solution.
Data protection regulation and cybersecurity threats remain a high risk. The panel touched on the vast array of regulations as examples of the global challenge, with GDPR, the California Consumer Privacy Act, New York Department of Financial Services’ Cybersecurity Regulation, and federal Regulation S-P, for example.
Another impending challenge is the EU’s Securities Financing Transactions Regulation (SFTR), with T+1 reporting. Financing transactions (SFTs) reporting by investment fund managers is expected to commence Q1 2020. Central to industry concern is the managers ability to accurately report and obtain the data needed to report timely and accurately, a problem that CSS addresses through its SFTR solution.
Other trending regulatory examples to manage are Liquidity Management, Reporting Modernization, Trade and Transaction Reporting, Model Management; and Change Control Processes.
The challenges of global compliance continue to grow, but with innovative technology and support solutions, they can be managed.