Firms Encouraged Not to Overlook Oct. 1 Books and Records Changes
While changes to Form ADV on October 1, 2017 have been well-publicized, we encourage firms not to overlook the other changes to Books and Records requirements put forth in the SEC’s final rule release, effective October 1, 2017.
The changes to the Rule relate to the retention of documents regarding the calculation of performance data.
- Rule 204-2(a)(16): The Rule (provision 16) currently requires that advisers maintain records supporting performance claims in communications that are distributed to ten or more persons. The SEC has amended this provision by removing the 10 person condition and replacing it with “any person” (other than a person affiliated with the adviser). As of October 1, for any communications that include performance information (including information referring to performance prior to October 1), you must maintain materials that demonstrate how the performance was calculated.
- Rule 204-2(a)(7): This Rule (provision 7) currently requires that advisers maintain certain categories of written communications sent and received by advisers. The SEC has amended this provision to require advisers to also maintain originals of all written communications received and copies of written communications sent by an investment adviser relating to the performance or rate of return of any or all managed accounts or securities recommendations.
|
Rule |
Changes |
| Rule 204-2(a)(16) | (16) All accounts, books, internal working papers, and any other records or documents that are necessary to form the basis for or demonstrate the calculation of the performance or rate of return of any or all managed accounts or securities recommendations in any notice, circular, advertisement, newspaper article, investment letter, bulletin or other communication that the investment adviser circulates or distributes, directly or indirectly, |
| Rule 204-2(a)(7) | (7) Originals of all written communications received and copies of all written communications sent by such investment adviser relating to (i) any recommendation made or proposed to be made and any advice given or proposed to be given, (ii) any receipt, disbursement or delivery of funds or securities, (iii) the placing or execution of any order to purchase or sell any security, or (iv) the performance or rate of return of any or all managed accounts or securities recommendations: Provided, however:
(A) That the investment adviser shall not be required to keep any unsolicited market letters and other similar communications of general public distribution not prepared by or for the investment adviser, and (B) That if the investment adviser sends any notice, circular or other advertisement offering any report, analysis, publication or other investment advisory service to more than 10 persons, the investment adviser shall not be required to keep a record of the names and addresses of the persons to whom it was sent; except that if such notice, circular or advertisement is distributed to persons named on any list, the investment adviser shall retain with the copy of such notice, circular or advertisement a memorandum describing the list and the source thereof |
Firms are encouraged to revisit their policies and procedures and ensure that such records are being captured and retained.
For more information regarding Ascendant products or services, please contact us at (860) 435-2255 or at info@ascendantcompliance.com.If you haven’t already, click here to sign up for our complimentary Ascendant 2017 Form ADV Toolkit and receive valuable content such as templates, checklists and commentary from our consulting team, all delivered through our proprietary software system, the Ascendant Compliance Manager.
If It’s New It’s Worrying; If It’s News It’s Really Worrying
There are three reasons sub-advisers need to catch up fast on N-PORT:
- Someone else’s regulation has become YOUR problem
We’ve come across this issue many times over the past few years but it’s becoming more noticeable that whatever the direction of regulation, no matter who the intended target, there are plenty of companies indirectly affected. No more so than when data is a key part of the regulatory mix; because financial product sponsors outsource many of their services when reporting on those aspects of their operations the regulated company needs data from its delegates.
And so it is with SEC Fund Modernization. While the rules are aimed very much at mutual fund sponsors, the reach strays well into other territories, most notably into the sub-advisory community. When a fund sponsor uses a delegate to sub-advise on a fund, or portion of a fund, or indeed where the sponsor is using an affiliate management firm, the adviser running the mandate will have to make their data available as cleanly and timely as if they were a regulated entity themselves. Do sub-advisers have a choice here? Of course they do, but opting out of their Form N-PORT obligations means losing the mandate.
- The burden on sub-advisers is significant
The breadth of information that sub-advisers are required to provide is substantial. We’re talking liquidity, portfolio and risk data, all provided on the same monthly basis that regulated firms have to follow. Where that adviser or affiliate does not operate their own 40 Act fund(s), this problem becomes even more acute. To many sub-advisers, who work in the institutional space or operate outside of the US, this effort will be new to them. What’s more worrying is that it might also be NEWS to them – if it is then the work has to start right now. Fund companies are working on their test data from as early as November. To meet the needs of the mutual fund client, the sub-adviser is likely to require outside help in making sure the collection and delivery of Form N-PORT data is as smooth and efficient as possible, and fits in with the fund’s filing preparation time frame.
- Collecting data from multiple sources isn’t easy
We’re experts on dealing with data for financial firms – even more so when that data is applied to regulation. Regulatory data needs to be filed on time to the SEC in the correct format, no ifs, no buts. The hurdle for those regulated firms when compiling their data is that is comes in from a range of sources – many mutual fund sponsors could be dealing with 10 or more sub-advisers, each compiling the data in their own particular format in their own time. It’s quite clear that the system as outlined here isn’t going to work.
We strongly advise mutual fund sponsors to establish a separate project stream focused on ensuring the data arriving from outside the business is delivered in the desired format and timeframe. Our preference is for fund companies to get outside help from data experts who can ensure that all data, both external and internal, is fed into the same central repository, so that it can be extracted in a consistent fashion, ready for delivery to the SEC.
For more information on how Accudelta can help with fund sponsor and sub-adviser Form N-PORT preparations, please contact us.
The SEC Data Breach And Impact On New Reporting Rules
The U.S. Securities and Exchange Commission disclosed recently that its Electronic Data Gathering, Analysis and Retrieval (EDGAR) system, a comprehensive database of filings by public companies and other industry participants, was hacked in 2016 and that the intruders may have traded on the information. The announcement comes on the heels of the mutual fund industry requesting revisions to new SEC rules and reporting requirements, partly due to significant concerns over cybersecurity at the SEC.
The EDGAR breach perfectly illustrates those concerns at the same time that…
The full article can be accessed on the Law360 website.
SEC Offers Regulatory Relief to Advisers Affected by Hurricanes
On September 28, 2017, the SEC provided regulatory relief to individuals and entities subject to the ’33 Act, ’34 Act and ’40 Act who were affected by Hurricanes Harvey, Irma or Maria. The relief came in the form of conditional exemptions from certain requirements.
The hurricanes, which struck between August and September of 2017, devastated large swaths of the Caribbean as well as areas of Texas, Louisiana and Florida. Advisers located in these regions have experienced issues ranging from loss of power to destruction of infrastructure. The SEC has used its statutory authority to offer relief to those affected by the storms.
Regarding registered investment advisers, the relief came in four main initiatives:
- Advisers affected by Hurricane Harvey will have their ADV filing requirements considered satisfied if: (1) their deadline for filing fell between August 25 and October 6, 2017; (2) the Adviser couldn’t meet their filing deadline because of Hurricane Harvey; and (3) the Adviser submits their Form ADV filing by October 10, 2017.
- Advisers affected by Hurricane Irma will have their ADV filing requirements considered satisfied if: (1) their deadline for filing fell between September 6 and October 18, 2017; (2) the Adviser couldn’t meet their filing deadline because of Hurricane Irma; and (3) the Adviser submits their Form ADV filing by October 19, 2017.
- Advisers affected by Hurricane Maria will have their ADV filing requirements considered satisfied if: (1) their deadline for filing fell between September 20 and November 1, 2017; (2) the Adviser couldn’t meet their filing deadline because of Hurricane Maria; and (3) the Adviser submits their Form ADV filing by November 2, 2017.
- Advisers affected by Hurricane Harvey, Hurricane Irma or Hurricane Maria will be considered to have satisfied their requirement to deliver written disclosure statements to their advisory clients if: (1) the client’s mailing address has a zip code for which mail service has been suspended as the result of Hurricane Harvey, Hurricane Irma or Hurricane Maria; and (2) the Adviser promptly delivers the written disclosure either (i) if requested by the client or (ii) at the earlier of November 2, 2017 or the resumption of mail service.
This should be welcomed relief for those affected by any of these storms. For further information on how Ascendant can help those affected, please contact us today.
SEC Discloses Cybersecurity Breach That May Have Led to Insider Trading
The determination of hackers to exploit existing cybersecurity vulnerabilities of government agencies and businesses shot to the forefront again last Wednesday, when SEC Chair Jay Clayton revealed that the commission’s EDGAR database had been hacked in 2016 through a software vulnerability in the test filing component of the system.
According to Clayton, the breach was originally discovered last year and the vulnerability was patched soon afterward. However, just last month as part of an ongoing assessment of the SEC’s cybersecurity risk profile that the chairman initiated upon taking office, it was determined that the hack “may have provided the basis for illicit gain through trading.” Specifically, the SEC said while they did not believe the intrusion resulted in unauthorized access to personally identifiable information, jeopardized the Commission’s operations or resulted in any systemic risk, it did lead to unauthorized access to nonpublic information.
According to the SEC’s statement, the EDGAR system receives and processes over 1.7 million corporate disclosure filings per year, an invaluable collection of documents that includes quarterly earnings reports and mergers and acquisitions statements.
Clayton said that an investigation into the matter is continuing, and that the Commission is coordinating with the appropriate authorities as it continues to prioritize efforts to promote effective cybersecurity practices.
“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” Clayton said. “We must be vigilant. We also must recognize—in both the public and private sectors, including the SEC—that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”
Clayton reiterated principles and components of the SEC’s internal cyber initiative, which should sound familiar to industry participants, including:
- A focus by senior management on cybersecurity is important to identify and mitigate risk;
- The SEC “periodically assesses the effectiveness of its cybersecurity efforts” through penetration testing, monitoring, independent verification, and third party assessments and audits; and
- The SEC’s Information Security Program follows the NIST framework.
Notably, Clayton did not discuss encryption.
He also stated that the SEC recognizes there is “no single correct approach to cybersecurity” and said the OCIE Risk Alert published in August “was not intended to provide a checklist of required practices, but rather to share” information that may be to useful to firms’ cybersecurity planning.
A breach at the SEC is especially distressing news to the industry, as it’s coming at a time when more information than ever is being sent to regulators, including personally identifiable information, nonpublic information and specific firm trading data. The SEC is aware of the enormous risk to the industry; a breach could result in identify theft, insider trading/market manipulation, and discovery and use of trade secrets and other proprietary data, for example.
The SEC’s news also comes on the heels of the disclosure of the recent Equifax breach, which compromised the personal information of as many as 143 million people.
These incidents coincide with National Cybersecurity Awareness Month coming up in October and serve as important reminders to all companies who have access to sensitive information: work on cybersecurity is both crucial and continuous. As hackers evolve, so must we.
Please contact Ascendant at info@ascendantcompliance.com if you are interested in receiving information about our cybersecurity testing and cybersecurity risk assessment services, including network penetration testing, vulnerability scanning, social engineering testing, NIST cybersecurity framework compliance, and cybersecurity policy gap analysis.
CSS Consensus Partners with Bloomberg for SEC 22e-4 Reporting
Compliance Solutions Strategies’ Advise Technologies unit and Bloomberg today announced a joint regulatory reporting solution for mutual funds needing to comply with the liquidity risk reporting requirements stipulated by SEC 22e-4.
For many open-ended funds, extracting portfolio-level liquidity data and identifying the necessary information needed for SEC reporting can present an array of operational challenges. The Form N-PORT module in CSS’ Consensus RMS platform is designed to simplify this reporting.
“With rigorous reporting requirements and a 2018 deadline, firms are trying to find ways to automate Form N-PORT and N-CEN reporting,” said Ethan Wishnick, Consensus Managing Director for SEC Reporting Modernization. “By combining Advise’s proven reporting solution and Bloomberg’s use of machine learning to estimate liquidity risk, we are ready to help firms meet their obligations.”
SEC 22e-4, adopted as part of the new SEC modernization rules, requires affected firms to report liquidity risk metrics on Form N-PORT. Under the rule, open-end funds, including mutual and exchange-traded funds, are required to classify assets into liquidity buckets or “tiers,” based on how quickly they could be converted to cash. The SEC estimates the rule will cost firms about $1.4 billion in one-time costs and $240 million annually after that as financial firms implement liquidity-risk management programs to mitigate redemption risk.
Through the partnership, both Bloomberg and CSS customers will now be able to leverage Bloomberg’s LQA tool, which provides liquidity risk analytics about portfolio investments, and automates custom monthly reporting for the SEC.
“By integrating LQA’s data with Advise Technologies’ solution, Bloomberg is able to provide a complete reporting workflow solution that allows funds to more efficiently manage and comply with SEC 22e-4’s regulatory obligations,” said Naz Quadri, Head of Liquidity and Enterprise Quant Group at Bloomberg.
Initial support for Form N-PORT and Form N-CEN was added to Consensus RMS earlier this year. Consensus RMS is used by over 1100 managers to file reports such as 13F, Form PF, Form ADV, CPO-PQR, and numerous others. It includes data validations, flexible data loading, team collaboration functionality, a full audit trail, and e-filing to the SEC. Consensus RMS is supported by the Advise Best Practices team, which provides industry interpretations to clients.
Bloomberg LQA provides coverage for government, agency, corporate and municipal bond securities as well as global equities and ETFs. Bloomberg reference data and evaluated pricing (BVAL) customers can now access the Global Liquidity Score produced by LQA for securities that are part of the customer’s regular data requests at no additional cost.
Bloomberg LQA is part of a suite of regulatory and accounting data sets that help compliance professionals at banks, asset managers, insurers and other financial organizations navigate an increasingly complex and data-intensive requirements. To learn more please visit Bloomberg.