In a recent NSCP Currents article, Giselle Casella addressed what every compliance office must know about cyber-security. One of the more compelling lessons was what can be learned from enforcement actions dealing with cyber-security.
Cyber-security enforcement actions fell into the following groupings:
- Inadequate security policies and procedures;
- Failure to enforce policies and procedures;
- Failure to conduct periodic cyber-security assessments;
- Failure to respond to cyber-security deficiencies;
- Failure to protect company networks and client information;
- Failure to protect non-public personal information;
- Failure to have an adequate firewall or anti-virus software;
- Failure to have adequate user access protocols;
- Inadequate oversight of third-party vendors; and
- Failure to adequately respond to cyber-attacks.
This list demonstrates that enforcement actions focus on every aspect of company life.
For example, these actions focus on written policies and procedures, their existence and adequacy. Taking the next step, these enforcement actions demonstrate that there is a focus on follow through; it is great to have policies and procedures, but you must follow them.
Likewise, what is the security architecture at the firm? Does the firm have adequate systems and software to stave off cyber-attacks? Do you have proper oversight of third-party vendors?
Even if you have the best policies and procedures, you may still be subject to attack. In those instances, you are going to be reviewed for the adequacy of the response.
In order to avoid these enforcement actions, it is important for firms to take a granular approach from the ground up. Are you WSPs adequate? When was the last time the firm tested its system for outside attacks? What is your response plan in the event of a breach?
If you cannot readily answer these questions, you are not prepared. Learn from the mistakes of others, and take preventative action to make certain that history does not repeat itself.
* Photo from freedigitalphotos.net
Now that summer has come to its unofficial end, it seems as though the SEC forgot to check its calendar back I May because it has been conducting exams at a breakneck pace as reported in the Investment News. These exams have focused, in part, on those investment advisors who have never been examined.
You may recall at the beginning of the year that the SEC made it an exam priority to focus on investment advisors who, for one reason or another, have never been subject to an examination. The SEC has targeted about 1,000 of those entities, which should represent about a quarter of the 15% of all investments advisors who have never been examined.
What should be the take away from the SEC’s focus on investment advisors being examined for the first time?
For one, it is a clear message that you should jump start the review of your operation. Are your WSPs up to date? Have you reviewed your policies and procedures regarding AML, custody of client funds, use of social media, and avoidance of insider trading?
If the answer to any of these questions is no, now is the time to take preventative action and revisit these, among other issues, to make sure that your house is in order. Either you do it now, or have the SEC do it for you later. The decision is yours.
* photo from freedigitalphotos.net
The SEC Division of Investment Management determined that a solictor may receive a fee for the soliciation of clients for registered investment advisers notwithstanding a Commission administrative order against her. See Matter of Stephanie Hibler, https://www.sec.gov/litigation/opinions/2013/34-70140.pdf.
In deciding to allow the solicitor to receive cash solicitation fees, the SEC staff noted in its response letter that the Commission vacated the portion of the order barring her from being associated with an investment adviser. The staff also noted that she will conduct any cash solicitation arrangement entered into with any registered investment adviser in compliance with the terms of Investment Advisers Act of 1940 Rule 206(4)-3, except for the investment adviser’s payment of cash solicitation fees. Finally, the staff considered the fact that she has complied with the terms of the order and will continue to do so, except for those portions vacated by the Commission.
This decision seems to primarily rely upon the fact that the Commission had previously lifted the bar in place. Thus, we should not all go crazy thinking the SEC is opening the floodgates for barred securities professionals to re-enter the business.
The SEC’s Division of Investment Management issued updated guidance regarding the definition of “knowledgeable employees” under Rule 3c-5 of the Investment Company Act of 1940. See Managed Funds Ass’n, SEC No-Action Letter, avail. 2/6/14, https://www.managedfunds.org/wp-content/uploads/2014/02/Staff-Response-to-MFA-3c-5-Letter-Final-Outgoing-2-6-14-no-sigs.pdf
The SEC staff explained that “private funds” include private equity funds, hedge funds, and other pooled investment vehicles, excluded from the definition of an “investment company.” Investment Company Act Rule 3c-5 permits a knowledgeable employee of a private fund – “covered fund”- or a knowledgeable employee of an affiliated person managing the investments of a covered fund – “affiliated management person”- to invest in a covered fund, without being subject to certain conditions under Investment Company Act Section 3 that otherwise apply.
The SEC staff clarified the definition of a knowledgeable employee by analyzing the various categories of the term under Rule 3c-5. The staff confirmed that it will not recommend enforcement action against covered funds if they treat certain employees of covered separate accounts as knowledgeable employees. The staff further explained that other employees may also qualify as knowledgeable employees, depending on the facts and circumstances.
The letter recommended that investment managers maintain a written record of employees that have been “permitted to invest in a Covered Fund as knowledgeable employees” and should be able to explain why a particular employee qualifies as a knowledgeable employee.
This guidance provides a road map for those employees acting in this type of fund sphere.
The SEC’s Division of Investment Management said it will not object if an investment adviser pays a cash fee for the solicitation of advisory clients, although a federal district court injunctive order precluded it. RBS Sec. Inc., SEC No-Action Letter, avail. 11/26/13, http://www.sec.gov/divisions/investment/noaction/2013/rbssecurities-11252013-section 206.htm.
In granting relief, the staff noted especially that the firm otherwise will conduct any such cash solicitation arrangement in compliance with Investment Advisers Act of 1940 Rule 206(4)-3. Rule 206(4)-3 prohibits an investment adviser from paying a cash fee to any solicitor subject to a court injunction related to the purchase or sale of a security. The staff especially noted counsel’s representations that:
- It will conduct any cash solicitation arrangement with an investment adviser registered or required to be registered under Section 203 of the act in compliance with the terms of Rule 206(4)-3, except for the investment adviser’s payment of cash solicitation fees to it;
- The judgment does not bar or suspend it from acting in any capacity under the federal securities laws;
- It will comply with the terms of the judgment; and
- For 10 years from the date the judgment was entered, it and any investment adviser with which it has a solicitation arrangement will disclose the judgment to each person whom it solicits at least 48 hours before the person enters into an advisory contract, or at the time the person enters into such a contract, provided the person may terminate the contract without penalty within five business days.
In short, the SEC has opened the door on these cash solicitations.
Adjustments to the SEC’s enforcement function is enabling it to be more aggressive with individuals and corporations when pursuing allegedly violative behavior.
The SEC’s ongoing push to strengthen penalties for wrongdoing attempts to further deter current and future bad actors, stiff monetary penalties and sanctions not only punish alleged violations but send clear signals of the SEC’s intolerance of wrongdoing. Thus, the focus with the SEC should be on:
- if circumstances surrounding the case justify expending SEC resources and if the agency should be targeting the alleged violations in the first place;
- if the SEC’s settlement position is too aggressive, given the context of the assertions of wrongdoing;
- if the SEC’s legal theory makes sense; and
- if bringing the case might make bad law.
In sum, there is a very tight rope one walks when dealing with the SEC on these issues.
FINRA proposed amendments to the organization’s arbitration code would tighten the definition of “public” arbitrator for FINRA arbitration purposes.
In a release, FINRA said the proposed rule changes would provide that a person who worked in the financial industry “for any duration” during his or her career would always be classified as a non-public arbitrators. It added that “professionals who represent investors or the financial industry as a significant part of their business would also be classified as non-public, but could become public arbitrators after a cooling off period.” Further, FINRA indicated that the proposed amendments would “reorganize the definitions” to make it easier to determine the correct arbitrator classification. The proposed rule change, approved by FINRA’s Board of Governors, will be submitted to the SEC for approval.
This is somewhat shortsighted on FINRA’s part. Having only non-public arbitrators while placing a “Scarlet A” on others will not result in better arbitrations.
FINRA proposed a rule to bar brokers and their firms from requiring customers to consent to the removal of a dispute from the Central Registration Depository as a condition of settling the disagreement.
In a release, FINRA said the proposal was intended to ensure that the CRD system continues to contain relevant information. The proposal was approved by FINRA’s board of governors. It was submitted to the SEC, who signed off on the rule change. The Rule went into effect on July 30, 2014.
Candidly, this is going to be a disaster for the BDs and brokers. Many arbitration claims have little or no merit and cause stains on the records of many good people. Expungements are the only way to even the playing field.
At the halfway point of the year, the Sutherland Asbill firm has issued its report on FINRA’s fines to date. That report reflects that, although fines are on a record pace this year, the number of actions by FINRA is behind pace. So what does this mean?
The first step is to look at the top enforcement issues to date. In descending order, the top issues are:
- Books and records
- Anti-money laundering
- Net capital
- Unregistered securities
- Trade reporting
Even though these may not be the sexiest issues that FINRA addresses, it tells you something. FINRA, at least this year, is focusing on technical issues that may have broader market or customer implications, such as books and records, net capital and anti-money laundering. At the same time, the focus on unregistered securities could mean a heightened focus on Reg D offerings.
The fact that the fines are larger than last year also reflects that FINRA may be primarily focused on larger cases. This is not to say that FINRA is not focused on the more garden-variety enforcement actions as it has in the past; just that it is going fishing for bigger fish this year.
This dubious top five list should serve as an alert to all member firms. Have you reviewed your rules and procedures on these areas of focus? If not, you should because you may need to tighten up your procedures. FINRA appears to be looker for bigger cases; don’t let your firm be among them.
* photo from freedigitalphotos.net
The U.S. District Court for the Southern District of New York dismissed a New York law malpractice and fraud claims by convicted inside trader Winifred Jiau against her former attorney. See Jiau v. Hendon, http://www.bloomberglaw.com/public/document/Jiau_v_Hendon_Docket_No_112cv07335_SDNY_Sept_28_2012_Court_Docket.
Prosecutors contended that in her role as an employee of an expert network company, Jiau obtained inside information about public companies through professional and personal contacts and sold the information to portfolio managers at hedge funds, who traded on the inside data. A jury convicted Jiau on conspiracy and securities fraud and the defendant then sued her lawyer for malpractice. The court found no claim.
Although this turned out well for the lawyers, it should remind everyone of the potential dangers in these representations.