We were recently reminded of how difficult it is to re-register for a position in the securities industry after being barred.  See https://www.sec.gov/litigation/admin/2021/ia-5682.pdf.

On February 9, 2021, the United States Securities and Exchange Commission refused to let a former investment adviser re-register, claiming that the barred adviser had not demonstrated “extraordinary circumstances” to merit re-entry .  In particular, the Commission noted that the barred adviser had not paid his penalty, initially, imposed in 2011.  The Commission also rejected his arguments that, by working with an actual registered adviser, he would be appropriately supervised.  However,  the Commission found that the person had failed to submit sufficient evidence to demonstrate this supervision.

As a result, the barred adviser was not let back into the business, demonstrating the difficulty for others, who seek to follow in his path.  We are not suggesting it is impossible, but those barred persons interested in re-entering the securities industry should seek out securities counsel prior to making any filing.

In what has become a yearly occurrence, FINRA has notified its member firms about its intent regarding the member firms’ compliance programs.  See https://www.finra.org/rules-guidance/guidance/reports/2021-finras-examination-and-risk-monitoring-program.

This year, FINRA combined its Report on Examination Findings and Observations (an analysis of prior examination results) and the Risk Monitoring and Examination Program Priorities Letter (planned areas of review) into “FINRA’s Risk Monitoring and Examination Activities Report.”  This new report is 46 pages long, and very dense.  It is meant to assist member firms on what they should be reviewing, analyzing, and remediating, including, but not limited to, AML; OBAs; sales and communications, specifically, Regulation BI, Form CRS, private placements and variable annuities; compliance; cybersecurity; “game-like” trading platforms; best execution and trade routing; and, of course, net capital and customer protection.

In sum, FINRA looks like it is planning a busy year, meaning member firms will be even more busy.  It is strongly suggested that member firms seek seasoned securities counsel to prepare for this onslaught.

In December  2020, the New York State Attorney General altered its filing rules to align with those required by the SEC’s requirements for a Regulation D Rule 506 offering.  Now, for a Rule 506 offering in New York, the issuer must only file a  copy of the federal Form D with New York’s Investor Protection Bureau instead of the former pre-offer Form 99 within 15 days of the first sale within or from New York.   See https://ag.ny.gov/sites/default/files/13-nycrr-10-unofficial.pdf.   The Form D filing would then be submitted online through the Electronic Filing Depository (“EFD”) system developed by the North American Association of Securities Administrators (“NASAA”).  Essentially, with these changes, New York has joined the rest of the states in standardizing their Form D notice filings for Rule 506 offerings.

For many years, the New York State Attorney General required an issuer that conducted a Rule 506 offering to submit a Form 99 prior to making a first offer or sale in New York pursuant to New York General Business Law, Chapter 20, Article 23-A (“Martin Act”).   This oddity is the result of the Martin Act’s regulation of securities dealers as opposed to the regulation of offerings like other states and the federal government.   Thus, to conduct a Rule 506 securities offering, an issuer would have to “register” as a dealer by filing the Form 99 with the Investor Protection Bureau prior to the first sale or offer.  Such a registration would be valid for 4 years, and also required a consent to service of process, among other things.

This position was not universally accepted and a number of noted securities practitioners held the position that New York’s Rule 506 filing requirements were pre-empted by federal law, in particular, The National Securities Markets Improvement Act of 1996 (“NSMIA”).  This position was described in a position paper prepared by The Committee on Securities Regulation of the New York State Bar Association in August 2002.   We note that the New York State Attorney General never adopted this position.

Nonetheless, the new rules eliminate the Form 99 filing requirement, as well as the other filings, and substitute the Form D filing, providing a 4 year dealer registration period beginning on the date of the filing.   There are also filing fees associated with the Form D filing of either $300 or $1,200, depending on the size of the offering.  We also note that, if the issuer files an Amended Form D with the SEC, it will also have to file the same with New York as a “supplemental filing,” and have to pay a $30 filing fee.  Further, any annual amendment to a Form D for any offering, beyond the 4 year filing period, will incur a similar registration renewal fee.

The use of Form 99 filings or renewals ceased on February 1, 2021, but an issuer my still use the Form 99 registration number through the 4 year period, and amended Form 99s will be accepted from these issuers through December 2, 2024, but cease after that date, with the issuer required to file through the EFD system.   However, an issuer could file a Form D through the EFD system even if its Form 99 filing is still valid, but it will have to pay all required registration fees, supply all relevant information, and use a new identification number as well as obtain a new registration date.  Finally, once the EFD system is utilized, an issuer must use it for all future filings, but it is important to note that this system does not apply to real estate securities who will continue to use the old system.

In short, New York has finally entered the modern age and joined the federal government and its sister states in streamlining the Rule 506 filing process.

In a stark 3-2 vote along political lines, the SEC announced today that it was proposing new rules relating to finders.  Essentially, if the proposed rules are, ultimately, approved, the SEC will sharply change the position it has maintained for over 8 decades, allowing unregistered finders to sell securities to the investing public while receiving transaction based compensation.  See https://www.sec.gov/news/press-release/2020-248.  

If approved, the proposed rules would permit 2 categories of finders.  Both types of finders would be allowed to solicit accredited investors for investments in various issuers.   There are restrictions on the activities the finders could engage in as well as certain disclosure requirements for one category.  Nonetheless, the breadth of the proposed rules is significant because it represents a sea change from the SEC’s previous position that any transaction based compensation paid to persons who solicit investors would require broker-dealer registration.

These proposals also apparently conflict with recent state activities on finders and business brokers.  For example, the State of New York proposed actually registering finders.   See https://securitiescompliancesentinel.foxrothschild.com/broker-dealer-registration/fox-rothschilds-securities-industry-group-members-ernie-badway-and-alex-kerzhner-publish-alert-on-nysags-pandemic-rule-making-on-finders-and-business-brokers/.  

There is a 30-day comment period for these proposed rules after publication in the Federal Register, and the SEC is encouraging interested parties to comment.

Recently, the Office of Compliance Inspections and Examinations (“OCIE”) released an alert to broker-dealers and registered investment advisers regarding the risks associated with credential stuffing.  See https://www.sec.gov/files/Risk%20Alert%20-%20Credential%20Compromise.pdf.

Credential stuffing is an automated attack on web-based user accounts and direct network login account credentials. Cyber attackers obtain lists of usernames, email addresses, and corresponding passwords from the “dark web,” and then use automated scripts to try to compromise user names and passwords on other websites. OCIE believes that credential stuffing is emerging as a more effective way for attackers to obtain unauthorized access to customer accounts and/or BD or RIA firm systems rather than traditional “brute force” password attacks, attempts to guess a password using numerous combinations. The successful attack, using either method, allows access to customer accounts and, possibly, the firms’ systems, allowing for the theft of customer and firm accounts.

The OCIE staff observed an increase in the frequency of credential stuffing attacks, and BD and RIA failures to mitigate the risks of such attacks.   The findings included problems with the use of systems hosted by third-party vendors and personally identifiable information (“PII”) through the website of BD or RIA.  Such use would facilitate  an attacker’s ability to control a customer account at the firm or the customer’s accounts at other institutions according to the OCIE report.

OCIE determined that customers using the same password or login usernames were a prime target for these attacks.  Further, OCIE suggested that firms update their Regulation S-P and Regulation S-ID policies and programs to address these risks. Similarly, OCIE found certain practices could protect client accounts, including, but not limited to: (1) policies and procedures relating to updating and improving passwords; (2) employing Multi-Factor Authentication (“MFA”), where multiple “verification methods” authenticate the person logging in to an account; (3) Completely Automated Public Turing test to tell Computers and Humans Apart (“CAPTCHA”), requiring users to confirm they are actual humans and not automated scripts; (4) improving controls to detect and prevent multiple login “fingerprints” for sessions, along with the use of a web application firewall (“WAF”) to detect and inhibit credential stuffing attacks; and (5) monitoring the dark web.

Firms should consider their current practices, and any potential limitations of those practices.  Further, firms should consider if the firm’s customers and staff are properly informed on securing their accounts.  If not, OICE strongly recommends that improvements be made quickly.

In sum, BDs and RIAs should remain vigilant and proactively address emergent cyber risks; review their customer account protection safeguards; identity theft prevention programs; and consider updating such programs or policies as necessary. Firms should seek out experienced securities counsel to assist in these tasks and engage their customers in this process because, like the Pandemic, we are all in this together.

Money service businesses received a reprieve last week that will make cryptocurrency firms very happy since they will be able to more easily expand across the United States. The Conference of State Bank Supervisors (“CSBS”) – 48 state regulators – agreed on a regulatory system for money services’ businesses, including a single set of supervisory rules and exam program conducted by state regulators.

The new regime applies to nearly 80 large payment and cryptocurrency firms, doing business of over $1 trillion annually. In recent years, state regulators have been working together to address complaints that the state-by-state supervisory system is redundant and overly burdensome. Cryptocurrency firms, typically are licensed state by state, but, under the new arrangement, a group of state examiners will jointly supervise a business, instead of individual states. This approach should be more efficient with states sharing information; however, states may still conduct independent examinations.

In short, this new regime should make it easier for cryptocurrency firms to operate. However, seasoned counsel is still necessary to manage this new path for cryptocurrency firms.

The United States Securities and Exchange Commission (“SEC”) adopted amendments to the definitions of both accredited investor under Securities Act of 1933 (“Securities Act”) Regulation D Rule 501 and qualified institutional buyer (“QIB”) under Securities Act Rule 144A.

Under the new accredited investor definition, the following parties would now be considered accredited investors: (1) designated professionals, such as those persons currently holding, in good standing, the FINRA Series 7, Series 65 and Series 82 licenses, others may follow; (2) private fund knowledgeable employees, including, but not limited to,  executive officers, directors, general partners, trustees, advisory board members, or other affiliated fund persons overseeing the fund’s investments or investment activities, but it does not include those persons performing solely clerical, secretarial or administrative functions; (3) rural business investment companies (RBICs); (4) family offices and family clients; and (5) entities meeting $5 million investment threshold.  The SEC also indicated that limited liability companies (“LLC”) meeting the $5 million asset test are accredited investors, and that their managers were considered executive officers.  QIBs now include: (1) LLCs, who own and invest at least $100 million in securities of non-affiliated issuers; and (2) any institutional investor meeting the $100 million threshold.

The SEC did not change the current dollar test limits.  However, the SEC permitted those persons, who cohabit together to be considered a “spousal equivalent,” for the purposes of determining accredited investors, thus, allowing the pooling of resources for the test.

This was a modest movement by the SEC to broaden the definitions of both accredited investors and QIBs.  It will be interesting to see if these definitional changes actually expands the pool of investors.  Nonetheless, it is critical that those persons seeking to raise money from investors seek out securities counsel to ensure proper adherence to these new definitions, among other things.

FINRA’s National Adjudicatory Counsel (“NAC”), recently, affirmed a disciplinary panel decision significantly sanctioning a broker-dealer for paying unregistered persons and entities.  See https://www.finra.org/sites/default/files/2020-07/NAC_2014042606902_Silver-Leaf_062920.pdf.

FINRA alleged, among other things, that a broker-dealer paid transaction-based compensation to “unregistered finders,” and non-registered entities owned by its registered persons.   Ultimately, the NAC agreed that, over a 3 year period, the broker-dealer paid and/or shared certain transaction-based compensation with unregistered finders and entities affiliated with registered persons, rather than paying the registered persons directly. The NAC noted that the broker-dealer had previously been warned after an examination by the United States Securities and Exchange Commission’s (“SEC”) Staff, but it seemed to ignore this warning, and then went onto wrongfully pay over $2 million to these unregistered persons and entities.

The writing has been on the wall for some time.  FINRA Rules prohibit FINRA members from paying such transaction-based compensation to non-members, and this position has been consistent.  See NASD Notice to Members 05-18.  FINRA has been clear that broker-dealers violate industry rules if they pay transaction-based compensation in connection with nearly all securities transactions to an unregistered person or entity.  Additionally, the NAC made it clear that broker-dealers could not pay transaction-based compensation to entities affiliated with its registered persons, rather than paying the registered persons directly, relying upon the SEC’s previously published guidance.

In sum, broker-dealers should consult with secured securities counsel before entering into business relationships with “finders” or third parties that raise business opportunities. Member firms may not pay success compensation to these parties.  Finally, there are no exemptions– pay the registered representatives, not their companies.

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) conducted a series of examinations into private fund advisers. See the SEC risk alert here. To say the least, OCIE was not pleased with the results, indicating a significant percentage of these advisers had compliance issues.  In particular, OCIE found problems with: (1) conflicts of interest; (2) fees and expenses; and (3) material non-public information policies and procedures.

OCIE found that these private advisers had numerous conflicts of interest issues, noting that these issues may be violations of the Investment Advisers Act of 1940 (“Advisers Act”). In particular, the conflicts of interest related to: (1) investment allocations; (2) multiple clients; (3) financial relationships between clients/investors and the adviser; (4) preferential liquidity rights; (5) advisers having interests in recommended investments; (6) coinvestments; (7) service providers; (8) fund restructurings; and (9) cross-transactions. OCIE believed these conflicts were not being addressed by private fund advisers. Such commentary indicates that the SEC Staff will take action in the future if it continues.

Additionally, OCIE indicated problems with fees and expenses allegedly being perpetrated by private fund advisers. For example, OCIE found the difficulties with: (1) fee and expense allocations with sharing of expenses, among other things; (2) fees and expenses for “Operating partners” without adequate disclosure; (3) valuation; and (4) monitoring/board/deal fees and fee offsets. These items may create financial irregularities causing greater problems in the operation of the funds, and, as such, the SEC Staff may consider these problems to rise to the level of actual Advisers Act violations.

Finally, OCIE identified ethical issues relating to the use and handling of material non-public information. OCIE found that private fund advisers needed to establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of non-public material information in that the private fund advisers had to address insiders, outside consultants, and employees. Private fund advisers also apparently were missing procedures involving trading restrictions, gifts and entertainment, among other things.

In short, these findings should serve as a wake-up call for private fund advisers. It demonstrates the need for proper procedures in consultation with securities counsel before the SEC Enforcement Staff comes knocking at the door.