BCP, ADV and other SEC Targets Discussed at NEBDIAA
Big data is now embedded into the fabric of the SEC and will likely inform the selection of examination targets for the foreseeable future, based upon comments from Mayeti Gametchu, Assistant Regional Director of the Boston Office of the U.S. Securities and Exchange Commission. Assistant Regional Director Gametchu spoke to an audience of financial services firms at the recent quarterly meeting of the New England Broker Dealer and Investment Adviser Association (NEBDIAA), who were gathered at the Federal Reserve Bank of Boston. Joining her on the panel were Kara Brown and Elizabeth Marino, both counsel with Sidley Austin’s Boston office. Below are a few select takeaways from the wide-ranging panel discussion.
BCP’s and Transition Plans
The SEC is joining other regulators who have already addressed business continuity planning and transition planning to some extent.
In June, the SEC proposed new Rule 206(4)-4 to require investment advisers to adopt written business continuity and transition plans. The proposed rule mandates specific components to address, but appears to give some flexibility in how those items are addressed at a firm. The rule stems from the sweep exam conducted following Hurricane Sandy, during which examiners observed a wide disparity in the business continuity practices of firms. The SEC understands that every firm has different processes and different vendors, and may address BCP risks differently, but recognizes that all advisers should be doing something.
There has been some industry backlash over the fact that the rule is proposed as an anti-fraud rule rather than under the Compliance Programs rule, because if the rule is adopted, advisers who have BCP deficiencies would run the risk of a fraud finding. Assistant Regional Director Gametchu stated that firms should not worry that it is a fraud rule and not get caught up in the specific statutory authority, because essentially it is a policies and procedures rule.
The transition planning component is intended to address the “other” types of disruptions to an adviser’s business, such as bankruptcy, loss of key personnel, and acquisitions that result in an assignment of advisory contracts. The SEC is looking at these issues now, even in advance of the rule being adopted. If they see key personnel who appear close to retirement or similar factors in play, they are going to ask how the firm is prepared.
ADV Amendments
No surprise here, but the ADV amendments adopted by the SEC are part of the SEC’s big data initiative designed to help effectively deploy the SEC’s limited examination resources more effectively, and to help identify firms to examine for risk-based examinations. The ADV rules are effective in October 2017.
There are more requirements to disclose details for separately managed account positions. The practice of using outsourced CCOs and the use of social media sites controlled by the adviser now have to be disclosed, and these feed into the risk rating for a firm. The fact that an adviser is using an outsourced CCO or works with an outside compliance consultant is not, in and of itself, indicative of a higher risk at the firm or a lower risk at a firm. They are all just factors that will be looked at in identifying which firms to examine because the SEC is resource-strained and is conducting risk-based exams to be more effective.
Other Focus Areas of the SEC
Areas the SEC is trying to get more information on as well as where it is inquiring at firms during exams include:
- Robo-advisers, high-speed trading, algos/quantitative models, and any system where computers are making decisions
- Supervision, particularly for recidivist employees (see the related SEC Risk Alert issued on Sept. 12)
- Dual registrants (there are a lot of issues relating to the recommendation of affiliated products, and that conflicts of interest are not adequately disclosed at firms)
- A continuation of the ReTIRE initiative which began in 2015 and is not going away any time soon, and,
- Subadvisory due diligence; specifically, are subadvisory practices adequately and accurately disclosed?
Top 10 Reasons to Attend Ascendant’s San Diego Conference
AML. DOL. Big Data. Election 2016.
The list of rulemaking changes, technology advancements and possible policy shifts is enough to send you hiding for cover under your desk. Educating yourself is your best option for assisting your firm with the continually evolving regulatory landscape.
Ascendant’s fall Compliance Conference will be held at the Loews Coronado Bay, San Diego, September 26-28, 2016, offering the latest expert insight on key compliance topics, including common risks, best practices, and solutions ─ along with other key regulatory initiatives, exam priorities and critical focus subjects. Watch the video below for some of the top reasons to join us in San Diego. For registration information, cliquez ici.
CCO Liability – Line in the Sand
In an October 2013 speech that delved into CCO liability, SEC Chair Mary Jo White said, “(a)lthough we do occasionally bring enforcement actions against compliance personnel, compliance officers who perform their responsibilities diligently, in good faith, and in compliance with the law are our partners and need not fear enforcement action.”
As the saying goes, actions speak louder than words, so until the SEC draws a hard straight line in the sand indicating the level of follow-through/due diligence by a chief compliance officer (CCO), there will be a need for protecting yourself against escalating defense cost. Remember, a CCO needs to fight for his or her reputation to ensure future employment. The “broken window” approach does not allow for settlement without an admission of guilt. This is contrary to the CCO’s goal of continuous employment and a secure financial future.
3Recently, I attended the Investment Company Institute (ICI) Compliance Conference in Washington, DC that reinforced the belief that CCOs need to protect themselves and that not everything is warm and fuzzy with the regulators. As a matter of fact, from my perspective as an insurance broker dealing with investment industry claims regularly, the concerns go beyond the SEC and carry over to the DOL. It makes you wonder how closely the two agencies are working together when initiating investigations against investment management firms.
As stated at the ICI Conference, “Notwithstanding those reassurances, the SEC has brought actions against CCO’s for negligence in conducting reviews of client accounts and for failing to put policies and procedures into place. These cases seem to fall outside the more egregious actions one would expect of enforcement action. Orders stating that the CCO was responsible for “implementation” of firm’s policies and procedures prompted dissent from former Commissioner Gallagher, who believes that the SEC is trending toward strict liability for CCO’s actions. This sends “a troubling message that CCOs should not take ownership of their firm’s compliance policies and procedures, lest they be held accountable for conduct that, under (the Rule), is the responsibility of the adviser itself.”
The point is, the CCO is a target, and the legal defense costs are going to add up. Don’t expect the regulators to reimburse you, even if you come out on top. This is demonstrated by the Thomas Delaney case that recently went through an EAJA (The Equal Access to Justice Act) administrative hearing to recoup attorney fees and litigation expense. Within the SEC Initial Decision Release No. 976 Administrative Proceeding File No. 3-15873, it states the following
The Division acknowledges that its position encompassed two charges – aiding and abetting, on the one hand, and causing, on the other.” Div. Resp. at 8. But it argues that Delaney’s victory on the aiding and abetting charge is meaningless for EAJA purposes because it was not a “discrete” portion of the proceeding. Id. at 8-10. I reject the Division’s assertion, for which it cites no legal precedent, that claims cannot be discrete if they involve the same underlying facts. Although I found, and the parties agree, that similar evidence was relevant to both the aiding and abetting claim and the causing claim (see Initial Decision at 49; Delaney Supp. Resp. at 4; Div. Resp. at 9-10), this does not displace Congress’s creation of different substantive law standards and remedies for the two distinct theories of secondary liability.
The bottom line is this: defense costs continue and they add up whether you did something wrong or not. This creates the need to consider an individual liability policy for Chief Compliance Officers. Unless the firm’s bylaws appoint the CCO as a corporate officer and/or filed with the state in which the firm is incorporated, they are under no obligation to indemnify the CCO’s legal fees. As a matter of fact, the CCO could be at odds with his/hers employer; thus, they may withhold any indemnification. There is an insurance product that provides the necessary defense costs, including situations where the employer withholds indemnification for a certain period of time. Keep in mind that the employer’s liability policy may not have the appropriate coverage in place and that it’s the employer who owns and controls the insurance policy, not you, the CCO.
Andrew J. Fotopulos is President of Starkweather & Shepley Insurance Corp. of Massachusetts and their Financial Institution Practice Group. He also developed CCO Protect (www.ccoprotect) offered through RISCO Insurance, the wholesale division of Starkweather & Shepley Insurance.
L'analyse post-négociation Zero-Day n'arrêtera pas les coureurs avant
On July 19, U.S. authorities arrested HSBC Holdings PLC’s global head of foreign exchange cash trading for his involvement in a series of trades effected in December 2011. The trades in question are nothing more than front-running. Here’s the gist of what happened:
Cairn Energy, a UK-listed oil and gas producer, approached HSBC in 2011 to convert $3.5 billion in proceeds from the sale of an Indian subsidiary to pounds. With the knowledge of a large buyer entering the market for sterling, the HSBC foreign exchange desk engaged in aggressive buying in the days and hours leading up to the conversion. On the day of the conversion, the HSBC desk liquidated their position generating $3 million in profits for the bank on top of the $5 million in fees tied to the client’s transaction.
I have no idea whether or not these trades were flagged by internal surveillance teams and simply swept under the rug, but I can assure you that this type of activity, combined with such a serious breach of client confidentiality, is very detectable with the right tool set.
So what is the right tool set? One that doesn’t focus on zero-day analysis.
Zero-day refers to the number of days between the time a trade is effected and some external event (like a client’s pending currency conversion). The post-trade analysis on the day of the currency conversion likely didn’t raise any questions. You have an FX desk selling out of pounds and a client buying into pounds. This is exactly what you would expect. But what did the days leading up to the conversion look like?
Probably something like this:
Source: Ascendant Compliance Manager
This is an example of a 3-month rolling volume profile analysis where the light blue line represents the FX client trades and the dark blue line represents HSBC trades in the cash market for GBP. It is evident that a pattern of escalating bank trades emerges shortly after Cairn Energy approached HSBC. If rolling volume profiles were put in front of a trading surveillance analyst in real-time each day, this most certainly would have raise a red flag.
Of course, this is a very simplified example. The complexity of the bank’s FX transactions surrounding this event would require a more sophisticated analysis, and potentially, the analysis of trades in other markets. But in an event like this, one thing is certain – it is impossible to rely on systems that ignore the tremendous amount of data available to us in the transaction history. Post-trade analysis that begins and ends with the days trading activity is simply ineffective.
Prepare for Business Continuity Planning Rule
The SEC is proposing a new rule 206(4)-4 under the Investment Advisers Act of 1940 that would require SEC-registered investment advisers to adopt and implement written business continuity and transition plans in order to legally operate under SEC jurisdiction.
The rule would also require advisers to review the plan at least once annually.
If adopted, the rule would have significant impact on investment advisers. In this ComplianceCast Minute, Ascendant’s Gena Dirani discusses the proposal, its key requirements and corresponding compliance concerns.
NFA CPOs/CTAs, Beware Late Filing Penalties
For firms registered with the National Futures Association (NFA) as commodity pool operators (CPOs) or commodity trading advisors (CTAs) and are required to file NFA Form PQR or PR, you better start getting those filings in on time! The self-regulatory organization recently amended its Compliance Rule 2-46 to impose a $200 late fee for each business day that members are late with their filings. This late fee will become effective for all such filings starting on September 30, 2016.
The NFA uses the information contained in these filings made by CPOs and CTAs by integrating them into its risk management system. This information assists the organization in determining which member firms to examine, and helps in identifying firms that warrant additional monitoring. However, the NFA has historically experienced problems with firms submitting late filings of Forms PQR or PR, despite stepping up efforts to follow-up with those late filers.
Starting on September 30, for Form PQR, the late fee will apply to the CPO entity and will not be assessed on each pool operated by the CPO that has a late filing. The idea is of course to reduce the number of late filers, and to impose the same practice the NFA currently adheres to with respect to late financial filings made by futures commission merchants, Forex dealers and introducing broker members. Additionally, the organization indicated that the imposition of late fees will not preclude the NFA from taking disciplinary action against firms under NFA’s Compliance Rules for failure to comply with the filing deadlines – a very clear message that NFA is taking the issue of late filers quite seriously.
More information on this amendment to the rules can be found in the organization’s May 31, 2016 Submission Letter to the CFTC.
If you have questions about your Form PQR or PR filings, please call us at 860-435-2255 or email info@ascendantcompliance.com for more information.