The Office of Compliance Inspections and Examinations (or OCIE) recently issued a Risk Alert that identified the five most frequent compliance topics that arising from OCIE examinations. These compliance topics include the following:

  1. Deficient compliance programs,
  2. Late or insufficient filings,
  3. Violations of the custody rule,
  4. Code of Ethics compliance deficiencies, and
  5. Books and records.

Among other things, OCIE noted that it continues to see untailored “off-the-shelf” manuals, deficient or non-existent annual reviews, as well as the systemic failure to follow procedures. So what does this all mean?Core Values

It would certainly appear from OCIE’s analysis that firms continue to take the easy way out when it comes to compliance. There is nothing per se wrong with an “off-the-shelf” compliance manual. The impropriety comes when the firm does nothing to modify that manual to conform to its business model. Not conforming a compliance manual to your individual circumstances is no different from not having a manual.

Equally problematic are the lack of meaningful annual reviews. Any annual review must be meaningful to have any regulatory significance. A meaningful review can look differently from firm to firm, but there are a few components were noting.

First, everyone at the firm must participate in the review process. Compliance comes from the tone at the top. Second, the firm should employ a checklist of required elements, and those that may be firm specific. Third, correct any deficiencies found through this process.

Compliance is not easy. But don’t take the easy way out. Having a robust compliance program takes hard work. Do it now, or pay the SEC later.

According to Fortune, outgoing Securities and Exchange Commission Chair Mary Jo White is refusing to delay adoption of new rules and regulations.  Senate Republicans–in particular the Senate Banking Committee’s top two Republicans, Chairman Richard Shelby and Mike Crapo–requested White delay adopting new rules until after Trump takes office.  However, as reported by Reuters, White responded to Shelby and Crapo on December 12th, stating that she intends to move forward with derivative reforms mandated by Dodd-Frank, including capital and margin requirements for swap dealers, and a limit on how mutual funds and exchange-traded funds use derivatives to leverage returns.

BoardThere remain obstacles to these rules.  First, because two commissioner positions remain vacant, there are only three remaining commissioners, of which there must be a quorum to pass the new rules.  The other two commissioners, Kara Stein and Michael Piwowar, are democrat and republican, respectively.  Second, Congress could quite easily reverse any new rules within 60 legislative days of becoming final, which the Republican-controlled Congress could very well vote to do.

Thus, the takeaway is that firms must still monitor proposed new rulemaking under White’s SEC for the next few weeks, while also keeping an eye on what Congress will do in response to any new rules promulgated over the next month or so.

Following up on our earlier report that Mary Jo White, the chair of the Securities and Exchange Commission, will step down at the end of the Obama administration, news of other departures within the SEC has begun to spread.  The latest is Keith Higgins, head of the Division of Corporation Finance, who announced his plans to leave the SEC in January.  According to Sarah N. Lynch at Reuters, Higgins was oversaw the adoption of many rules pursuant to the 2012 Jumpstart Our Business Startups (JOBS) Act.

CEO treeOther top SEC officials who have recently announced their planned departures include: Stephen Luparello (Trading and Markets Division Director), Mark Flannery (Chief Economist), Matthew Solomon (Chief Litigation Counsel), and James Schnurr (Chief Accountant).

According to Lynch, Andrew Ceresney (SEC Enforcement Director), who worked alongside White prior to joining the SEC, both in private practice and at the U.S. Attorney’s Office in New York City, declined to comment on any plans to leave the SEC.

As we noted previously, these departures will continue to pave the way for President-Elect Trump to to deregulate the financial sector.

According to Tatyana Shumsky at the Wall Street Journal, the Securities and Exchange Commission has increased efforts to regulate the use of accounting metrics that do not conform to the U.S. Generally Accepted Accounting Principles, known as non-GAAP.  The SEC’s endeavor began through its division of corporation finance, which issued new compliance guidelines and sent more non-compliance letters to companies than it had in the past.  More recently, the SEC’s enforcement division is getting involved and has been probing companies on their non-GAAP financial reporting practices, as reported by the WSJ.  Indeed, according to Michael Maloney, chief accountant of the SEC’s enforcement division is looking into violations of rules governing non-GAAP metrics.  “It is a focus in within the division, we are looking closely at it,” Mr. Maloney told the American Institute of CPAs conference in Washington on Tuesday, as reported by Shumsky.

money and calculatorThe takeaway for companies that use non-GAAP metrics in their financial reporting is that the SEC has signaled their intent to increase regulation and enforcement in this area.  Be sure your compliance team has reviewed your non-GAAP financial reporting practices, particularly in light of the SEC’s division of corporate finance’s new compliance guidelines, which can be found here: https://www.sec.gov/divisions/corpfin/guidance/nongaapinterp.htm

The latest post-election domino has fallen.  Mary Jo White, the chair of the Securities and Exchange Commission, will step down at the end of the Obama administration.  White announced her departure on Monday, paving the way for Trump to implement his plan to deregulate the financial sector. In addition to replacing White, Trump will be able to fill two openings on the five-member commission, according to Renae Merle of the Washington Post.  Thus, it is clear that Trump will be able to reshape the direction of the SEC and quickly pursue a path towards deregulating Wall Street.

Board

Financial institutions, firms, brokers, counsel, and investors should all keep a close eye on potential replacements that Trump is considering, as they will have an immediate impact on securities regulation, or lack thereof.  It is now abundantly clear that the regulatory landscape is about to undergo a major shift.  Stay tuned.

Consistent with the ongoing guidance/requirements from the SEC and FINRA, all firms must have and enforce data security policies and procedures.  Even the best policies and procedures may, however, not protect the firm in every instance.  So what do you do if there is a breach?19196909_s

One of the most important things to determine is what law governs.  In other words, if you have clients in all 50 states, it is possible that there are 50 different data breach laws that may be implicated.  Fox Rothschild LLP has a free app, Data Breach 411, which provides an overview of state data breach laws.

Knowing what you need to know is imperative when assessing a data breach.

 

 

On Monday, September 12, 2016, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced that a “Supervision Initiative” will take place across the country.

OCIE staff will conduct focused RIA examinations of firms employing or contracting with supervised persons, who have a disciplinary history.  OCIE plans to evaluate the effectiveness of RIA compliance programs, supervisory oversight practices, and disclosures to clients and prospective clients, concentrating on the potential risk disclosures arising from financial arrangements initiated by supervised persons with a disciplinary history.  OCIE’s justification for this targeted examination is its belief that firms, who hire those with disciplinary histories, are more likely to have future disciplinary issues arising from these individuals’ conduct.

Frankly, this announcement should come as no surprise to anyone.  The SEC has made it abundantly clear over the years it does not like people who have disciplinary histories working for regulated entities.  However, the SEC always seems to fail to consider that, for a significant part of the securities industry, disciplinary histories have become the norm given the ease where people may make complaints against registered persons, and how expensive and difficult the regulators have made fighting unfounded allegations.  Numerous registered persons have had to make the difficult choice of agreeing to resolve disciplinary charges simply because the price of fighting them would be too great.

Conveniently, the SEC ignores this fact and instead will seek to further stigmatize many hard working and honest members of the securities community.

 

The SEC has repeatedly included issues around social media in its annual exam priorities for investment advisers. With the SEC’s recent release of a final rule on the subject, the SEC has taken that “exam priority” to the next level.

Under this new rule, investment advisers will have to complete an additional component to their annual Form ADV filed with the SEC. In doing so, investment advisers will have to disclose their addresses for Twitter, Facebook and LinkedIn. So what’s the point?

By requiring this disclosure, the SEC can better focus on each examined firm’s use of social media. Undoubtedly, the SEC will use this information when framing its examination of individual firms.

The SEC can also use this information on an ongoing basis to assess what firms are putting out there on social media. The industry has to assume that the SEC will be doing more with this information than just tucking it away for examination purposes.Core Values

This new rule should incentivize you to review your social media policy, assuming that you have one. If you do not have one, you need to have one prepared.

You should also monitor the information that your firm is putting out there on social media. Does it confirm with SEC rules? Rest assured. If you are not minding the store, the SEC will.

Back in April, the Securities and Exchange Commission sought public comments on modernizing certain business and financial disclosure requirements in Regulation S-K.  In their Concept Release, the SEC noted that some investors and interest groups have “expressed a desire for greater disclosure of a variety of public policy and sustainability matters, stating that these matters are of increasing significance to voting and investment decisions.”

48936020 - man pointing at the brown picture of oil industry components and green eco energy arranged in circle, earth in the centre, concept of environmentIn response to the SEC’s request for comment, numerous environmental groups pressed the SEC to require disclosure of environmental, social, and governance risks in companies’ public filings.  According to Law360’s Juan Carlos Rodriguez, last week the Sierra Club, Greenpeace, Friends of the Earth and several other groups urged the SEC to create uniform environmental, social, and governance (“ESG”) disclosure requirements for companies, which would enable investors to identify companies that reflect their values.

However, as Rodriguez noted in his article, there were others who cautioned the SEC against going too far with ESG disclosures.  For example, the American Fuel & Petrochemical Manufacturers advised the SEC that “Such supplemental discussion beyond the bounds of mandated disclosure enriches the public discussion of ESG issues, but may not be material and should not be conflated with disclosures made pursuant to Regulation S-K according to the longstanding principles of financial relevance and materiality upon which the securities markets rely.”

The takeaway here is that the SEC will likely begin to require ESG disclosures from companies in their public filings.  Rodriguez explained that the SEC’s investor advisory committee has noticed a “significant and growing” number of investors who rely on sustainability and other public policy disclosures to better understand a company’s long-term risk profile.  Thus, while it is unclear what those ESG disclosure requirements will be, it is likely that some additional regulations and disclosures will be forthcoming, so plan accordingly.

To read more, please visit: http://www.law360.com/environmental/articles/820522

The SEC recently created a new position associated with cybersecurity; senior adviser to the chair for cybersecurity (Christopher R. Hetner). Mr. Hetner has an extensive background in information technology and, in particular, cybersecurity.

19196909_sAccording to the SEC, Mr. Hetner will be responsible for (i) coordinating cybersecurity efforts across the SEC; (ii) engaging with external stakeholders; and (iii) enhancing SEC mechanisms for assessing broad-based market risk. This appointment could have a wide-ranging on the industry.

As we know, the SEC has made cybersecurity an exam priority over the last few years. The SEC is also actively conducting cybersecurity investigations and undertaking enforcement actions where appropriate. According to Chairperson White, the SEC is looking to bolster its risk-based approach. So what does this mean on a day-to-day basis?

Understand that the SEC has just upped the stakes. By retaining an industry expert who is solely focused on data-security related issues, the industry must be prepared for the SEC and FINRA to come after firms regardless if the firm sustains a breach or clients suffer harm as a result. Firms with weak or no data-security programs will surely be targeted.

Are you prepared to handle this even more focused mission of the SEC? If not, you need to more fully review you systems and procedures, both internally and externally facing. Are you testing your systems and procedures on a regular basis? If not, you better start.

The SEC is prepared; are you?