Articles Tagged with OCIE

Published on:

By

SEC Risk Alert regarding safety of customer records and cloud vendor diligence.

As part of its cybersecurity sweep, the SEC has examined risks related to the storage of customer records and information by investment advisers on cloud-based storage platforms and issued a Risk Alert, “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features.” The sweep focused on vendor due diligence and oversight and registered advisers’ monitoring of data and customer information safety.  Among other information, OCIE sought vendor contracts (including service level agreements); vendor reviews; risks assessments of cloud service providers, including data encryption, data loss prevention, books & records exposure, identity and access management; and policies and procedures and their alignment to technology standards.

The Risk Alert identified as the main compliance issues related to cloud-based storage (i) Misconfigured network storage solutions (inadequately configured security settings to protect against unauthorized access; lack of policies and procedures addressing the security configuration);  (ii) Inadequate oversight of vendor-provided network storage solutions (lack of, or inadequate, policies, procedures, contractual provisions that security settings on vendor-provided network storage solutions were configured in accordance with the firm’s standards); and (iii) Insufficient data classification policies and procedures (firms’ policies and procedures did not identify the different types of data stored electronically by the firm and the appropriate controls for each type of data).

The Risk Alert encourages investment advisers to review their practices, policies, and procedures with respect to the electronic storage of customer information and to consider any necessary improvements, and to actively oversee vendors.  The SEC included helpful recommendations for cyber/cloud risk management, including the implementation of policies and procedures designed to support the initial installation, on-going maintenance, and regular review of the network storage solution; guidelines for security controls and baseline security configuration standards to ensure that each network solution is configured properly; and vendor management policies and procedures that include, among other things, regular implementation of software patches and hardware updates followed by reviews to ensure that those patches and updates did not unintentionally change, weaken, or otherwise modify the security configuration.

Please contact your counsel at Pillsbury’s Investment Funds Group if you need help with reviewing and enhancing your cloud storage and related policies.

Published on:

By

In a press release issued by the Securities and Exchange Commission on December 20, 2018, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its 2019 Examination Priorities.

This year’s examination priorities, although not exhaustive, are divided into 6 categories:

  1. Compliance and risk at registrants responsible for critical market infrastructure;
  2. Matters of importance to retail investors, including seniors and those saving for retirement;
  3. FINRA and MSRB;
  4. Digital assets;
  5. Cybersecurity; and
  6. Anti-money laundering programs.

Read the OCIE 2019 Examination Priorities in full HERE.

Published on:

By

The Office of Compliance Inspections and Examinations (OCIE) of the SEC issued a Risk Alert yesterday providing a list of the most frequently identified compliance issues relating to the Advertising Rule (Rule 206(4)-1) under the Investment Advisers Act of 1940.  These compliance issues were identified as part of the OCIE examination of investment advisers:  misleading performance results, misleading one-on-one presentations, misleading claim of compliance with voluntary performance standards, “cherry-picked” profitable stock selections, misleading selection of recommendations and insufficient/inaccurate compliance policies and procedures.

Compliance with the Advertising Rule has long been, and remains, a favorite focus of the SEC.  In an age of fundraising challenges, investment advisers must balance the pressing need of appealing to prospective clients with adherence to precise regulatory standards.  Each marketing piece should go through rigorous internal review and sign-off procedures and, as necessary, outside counsel evaluation.  Investment advisers are urged to pay special attention to any form of performance or track record marketing.

Click here for the full Risk Alert. Contact your Pillsbury attorney for additional assistance.

Published on:

By

Earlier this month, the SEC announced the creation of its Office of Risk and Strategy  to operate within its Office of Compliance Inspections and Examinations (OCIE).  The new office will consolidate and streamline OCIE’s risk assessment, market surveillance, and quantitative analysis teams and provide operational risk management and organizational strategy for OCIE.

Headed by Peter B. Driscoll, a former E&Y auditor with law and CPA degrees, the Office of Risk and Strategy will lead the OCIE’s risk-based and data-driven National Examination Program.  Mr. Driscoll emphasized at the Investment Adviser Association’s annual compliance conference in Washington that private equity funds and private fund advisors would “continue to be a big focus” for the exam unit as well this year.  While this is no surprise, Driscoll also added that the focus on hedge funds will zero in on such areas as portfolio management, trading and back-office operations.  This may suggest a broader, deeper and more focused scrutiny on hedge funds than just the trading offenses we are familiar with from national headlines.

The SEC has been busy: it has visited at least 25% of ‘never-before-examined’ advisers, numbering over 700, which surpasses the SEC’s own goal.  There is no reason to expect the SEC’s enthusiasm to decline in this area in 2016.  If you are a hedge fund manager that has never been examined before, you may get a knock on your door this year.

Published on:

By

(This article was published in the first February 2016 issue of “The Review of Securities and Commodities Regulation” and is reprinted here with permission.)

The last half of 2015 has been characterized by a lot of debate and press attention on the role of the Chief Compliance Officer (“CCO”) at investment advisers. It has attracted attention within the highest levels at the SEC as reflected in a series of public statements and speeches, including the public disagreement of two Commissioners on whether or not there is a new trend targeting CCOs. While this debate has been unusual, it has led to a healthy and productive discussion about the CCO’s role. Below, we will discuss in turn: (a) recent statements over the past six months by SEC leaders about CCOs and whether or not there is a new trend targeting them, (b) what qualities are essential to an effective CCO and whether or not the job should be outsourced, and (c) how an effective compliance leader can prevent and detect any problems and be truly effective in preparing the firm for SEC examinations.

CONTINUE READING… 

Published on:

By

On January 11, the Office of Compliance Inspections and Examinations (OCIE) of the SEC announced its 2016 Examination Priorities (“Priorities”). To promote compliance, prevent fraud and identify market risk, OCIE examines investment advisers, investment companies, broker-dealers, municipal advisors, transfer agents, clearing agencies, and other regulated entities. In 2016, OCIE will continue to rely on the SEC’s sophisticated data analytics tools to identify potential illegal activity.

This year, private fund advisers should pay attention to the following OCIE Priorities:

  • Side-by-side management of performance-based and asset-based fee accounts: controls and disclosure related to fees and expenses
  • Cybersecurity: testing and assessments of firms’ implementation of procedures and controls
  • High frequency trading: excessive or inappropriate trading
  • Liquidity controls: potentially illiquid fixed income securities – focus on controls over market risk management, valuation, liquidity management, trading activities
  • Marketing / Advertisements: new, complex, and high risk products, including potential breaches of fiduciary obligations
  • Compliance controls: focus on repeat offenders and those with disciplined employees

Highlights for other market participants:

  • Never-Before-Examined Investment Advisers and Investment Companies: focused, risk-based examinations will continue

  • Broker-Dealers

    :

    • Marketing / Advertisements: new, complex, and high risk products and related sales practices, including potential suitability issues
    • Fee selection / Reverse Churning: multiple fee arrangements – recommendations of account types, including suitability, fees charged, services provided, and disclosures
    • Market Manipulation: pump and dump; OTC quotes; excessive trading
    • Cybersecurity: testing and assessments of firms’ implementation of procedures and controls
    • Anti-Money Laundering: missed SARs filings; adequacy of independent testing; terrorist financing risks
    • Registered representatives in branch offices – focus on inappropriate trading
    • Retirement Accounts: suitability, conflicts of interest, supervision and compliance controls, and marketing and disclosure practices
  • Public Pension Advisers: pay to play, gifts and entertainment
  • Mutual Funds and ETFs: liquidity controls – potentially illiquid fixed income securities
  • Immigrant Investor Program: Regulation D and other private placement compliance

For additional details, visit the SEC’s Examination Priorities for 2016. Please call an Investment Funds and Investment Management Attorney to discuss your firm’s risk areas.

Published on:

By

The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released a “Risk Alert” on November 9, 2015, the purpose of which is to raise awareness of compliance issues observed in connection with the examination of registered investment advisers and investment companies that outsource their Chief Compliance Officers (“CCO”) to unaffiliated third parties.

We encourage our registered investment adviser clients, including hedge fund and private equity managers, that have outsourced their firm’s CCO function to compliance service providers or other third parties to carefully review the following SEC risk alert summary and review their outsourcing arrangement in view of the SEC’s observations.

Outsourced CCO Initiative

The OCIE staff (the “staff”) conducted 20 examinations as part of an Outsourced CCO Initiative to evaluate the effectiveness of compliance programs and outsourced CCOs by considering a number of factors such as:

  • Whether the CCOs appropriately identified, mitigated, and managed compliance risk;
  • Whether the compliance program was designed to reasonably prevent, detect and remedy violations of federal securities laws;
  • Whether there was open communication between those with compliance responsibilities and service providers;
  • Whether the CCOs have authority to influence compliance policies and procedures of the registrants and had sufficient resources to carry out their responsibilities; and
  • Whether compliance was an important part of the registrants’ culture.

Observations of successfully outsourced CCOs

The staff observed compliance strength in outsourced CCOs with the following characteristics:

  • Regular and often in-person communication between the CCOs and registrants;
  • Strong relationships between the CCOs and registrants;
  • Registrants’ support of the CCOs;
  • CCOs having independent access to documents and information; and
  • CCOs having knowledge of the registrants’ business and regulatory requirements.

Observations of unsuccessfully outsourced CCOs

The staff observed compliance weakness in outsourced CCOs with the following characteristics:

  • CCOs providing compliance manuals based on templates not tailored to the registrants’ businesses and containing inappropriate policies and procedures;
  • CCOs visiting registrants’ offices infrequently, conducting limited annual reviews of documents or insufficient evaluation and assessment of training pertaining to compliance matters;
  • CCOs not performing critical control testing procedures and lacking documentation to evidence testing of control procedures;
  • Critical areas of the registrants’ operations were not identified by CCOs resulting in certain compliance policies and procedures not being adopted, including those necessary to address conflicts of interest;
  • CCOs using generic checklists to gather pertinent information regarding the registrants;
  • Registrants providing incorrect or inconsistent information to the CCOs about firm business practices;
  • Lack of follow-up by CCOs with registrants to resolve discrepancies; and
  • CCOs having limited authority within the registrants’ organizations to improve adherence to compliance policies and procedures and implement necessary changes in disclosure practices, such as fees, expenses and other areas of client interest.

Conclusion

The staff reminds registrants that CCOs, whether direct employees, contractors or consultants, must have sufficient knowledge and authority to fulfill their role. In addition, each registrant is responsible for the adoption and implementation of its compliance program and accountable for any deficiencies.

Finally, the staff emphasizes that all registrants, and especially those that use outsourced CCOs, may find the issues identified in the Risk Alert useful to evaluate whether (i) their business and compliance risks have been appropriately identified (ii) policies and procedures are tailored to the specific risks their businesses encounter and (iii) their respective CCOs have the necessary power to effectively perform their responsibilities. Registrants and their funds are advised to review their business practices regularly to determine whether the practices are consistent with compliance obligations under Rule 206(4)-7 under the Investment Advisers Act of 1940 and Rule 38a-1 under the Investment Company Act of 1940.

Please contact the Investment Funds and Investment Management Group if you would like to discuss the SEC alert or need help reviewing your outsourcing arrangement.

Published on:

By

The regulatory environment for SEC-registered advisers has become more complex as the result of a more aggressive and interconnected Securities and Exchange Commission (SEC). The connecting hub within the SEC is the Office of Compliance Inspection and Examination (OCIE), which serves as the “eyes and ears” of the SEC. The OCIE often is the first line of contact between an investment adviser and a potential referral to the SEC Enforcement Division’s Asset Management Unit (AMU), which is devoted exclusively to investigations involving investment advisers, investment companies, hedge funds and private equity funds.

The OCIE’s three main areas of focus for their 2015 exam priorities are (i) protecting retail investors, (ii) issues related to market-wide risks, and (iii) data analysis as a tool to identify registrants engaging in illegal activity.

Overlapping with the OCIE’s frontline examination role is the Compliance Program Initiative, which began in 2013 by sanctioning three investment advisers for ignoring problems within their compliance programs. The Compliance Program Initiative is designed to address repeated compliance failures that may lead to bigger problems. As such, any issues raised in a deficiency letter resulting from an examination are ripe for follow-up as the starting point of a subsequent examination. In the current regulatory environment—where violations of compliance policies and procedures can serve as the basis of enforcement actions—investment advisers and their compliance professionals need to pay close attention to the implementation, follow-through and updating of every aspect of their compliance program.

READ MORE…

Read this article and additional publications at pillsburylaw.com/publications-and-presentations.  You can also download a copy of the Client Alert.

Published on:

By

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) recently released its annual examination priorities.  In 2015, OCIE will focus on three primary “themes” involving broker-dealers, investment advisers and transfer agents:

  1. Retail Investors – OCIE will look at important matters for retail investors and investors preparing for retirement including whether the products, advice, services and information being offered to them is consistent with current laws, rules and regulations;
  2. Market-Wide Risks – this is a broad theme which focuses on structural risks and trends involving whole industries or multiple firms; and
  3. Data Analytics – OCIE continues to increase its ability to analyze large amounts of data to identify registrants that may be conducting illegal activity.

Retail Investors – Advisers to retail investors and investors saving for retirement will be scrutinized by the SEC in 2015. The OCIE will assess fee selection where the adviser offers a variety of fee arrangements as well as reverse churning. Further, where advisers recommend moving retirement assets from employer-sponsored plans into other investments or accounts, OCIE will examine whether the sales practices used were improper or misleading. OCIE will also be reviewing the suitability of complex or structured products and higher yield securities and how well representatives in branch offices are being supervised by the home office.  The SEC may have an interesting opportunity to demonstrate whether it is serious in going after those who target seniors.

On February 5, 2015, SEC Commissioner Luis A. Aguilar and Investor Advocate, Rick A. Fleming, gave speeches at The American Retirement Initiative Winter Summit about advocating for investors saving for retirement and protecting elderly investors from financial exploitation.

Under the umbrella theme of “retail investors,” the OCIE will be assessing alternative investment companies and the focus of the exams will be (i) liquidity, leverage and valuation; (ii) the way the funds are marketed; and (iii) the internal controls, staffing, funding and empowerment of boards, compliance and back-offices. Mutual funds with material exposure to interest rate increases will be reviewed by OCIE to ensure they have the appropriate compliance policies and procedures and trading and investment controls in place to prevent their disclosures from being misleading and to be sure their investment and liquidity profiles are consistent with the fund’s disclosures.

Assessing Market-Wide Risks – The OCIE will focus in 2015 on structural risks and trends that involve whole industries or multiple firms. In collaboration with the Division of Trading and Markets and the Division of Investment Management, the OCIE will monitor the largest asset managers and broker-dealers. Through a risk-based approach, the OCIE will conduct annual examinations of all clearing agencies that have been designated systemically important. Furthering the OCIE’s 2014 efforts to examine the cybersecurity preparedness of registrants, 2015 will see a continuation of the initiative and an expansion of the initiative to include transfer agents. OCIE will also be looking into whether firms are giving priority to trading venues due to credits or payments for order flow, thus violating their best execution duties.

Data Analytics – The OCIE has made strides in developing data analytics that it can use to identify and examine firms and other registrants that may be engaged in fraudulent or illegal activity. The examination initiatives the OCIE will be using data analytics to examine include recidivists, microcap fraud, excessive trading and anti-money laundering.

Other Initiatives – Along with the primary themes discussed above, the SEC will continue to examine never-before examined investment advisers and newly registered municipal advisers. Advisers to private equity funds can expect to have their fees and expenses examined as a result of OCIE’s observed high rates of deficiencies. In addition to examining proxy advisory service firms, OCIE will also look at investment advisers’ compliance with their fiduciary duty to vote proxies on their investors’ behalf.

Advisers and broker-dealers should always be prepared for an SEC examination and ensure all written policies and procedures are in place and regularly audited for efficacy and compliance. Should you be subject to an examination, any deficiencies noted by the SEC should be addressed and rectified in a timely manner.

Published on:

By

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) recently released its Examination Priorities for 2015.  The priorities represent certain practices and products that OCIE believes present a potentially higher risk to investors and/or the integrity of the US capital markets.  In 2015, OCIE’s priorities focus on issues involving investment advisers, broker-dealers and transfer agents and are organized into three thematic areas:

  1. Examining important matters to retail investors and investors saving for retirement, such as whether the information, advice, products and services offered is consistent with applicable law.  Specifically, OCIE has identified the following examination priorities:
  • Fee Selection and Reverse Churning – Where an adviser offers a variety of fee arrangements, OCIE will focus on recommendations of account types and whether they are in the best interest of the client at the inception of the arrangement and thereafter, including fees charged, services provided, and disclosures made about such relationships.
  • Sales Practices – OCIE will assess whether registrants are using improper or misleading practices when recommending the movement of retirement assets from employer-sponsored defined contribution plans into other investments and accounts, especially when they pose greater risks and/or charge higher fees.
  • Suitability – OCIE will evaluate registered entities’ recommendations or determinations to invest retirement assets into complex or structured products and higher yield securities and whether the suitability of the recommendations or determinations are consistent with existing legal requirements.
  • Branch Offices – OCIE will focus on registered entities’ supervision of registered representatives and financial adviser representatives in branch offices, and attempt to identify branches that may be deviating from compliance practices of the firm’s home office.
  • Alternative Investment Companies – OCIE will continue to assess alternative investment companies and focus on: (i) leverage, liquidity and valuation policies and practices; (ii) factors relevant to the adequacy of the funds’ internal controls, including staffing, funding, and empowerment of boards, compliance personnel, and back-offices; and (iii) the manner in which such funds are marketed to investors.
  • Fixed Income Companies – OCIE will determine whether mutual funds with significant exposure to interest rate increases have implemented compliance policies and procedures and investment and trading controls sufficient to ensure that their funds’ disclosures are not misleading.
  1. Assessing issues related to market risks.  Specifically, OCIE has identified the following examination priorities:
  • Large Firm Monitoring – OCIE will continue to monitor the largest broker-dealers and asset managers to assess risks at individual firms.
  • Clearing Agencies – OCIE will continue to examine all clearing agencies designated as “systemically important” under the Dodd-Frank Act.
  • Cybersecurity – OCIE will continue to examine broker-dealers and investment advisers’ cybersecurity compliance and controls and expand these examinations to include transfer agents.
  • Potential Equity Order Routing Conflicts – OCIE will assess whether firms are prioritizing trading venues based on payments or credits for order flow in conflict with their best execution duties.
  1. Analyzing data to identify and examine registrants that may be engaging in illegal activity, such as excessive trading and penny stock, pump-and-dump schemes. Specifically, OCIE has identified the following examination priorities:
  • Recidivist Representatives – OCIE will continue to try to identify individuals with a history of misconduct and examine the firms that employ them.
  • Microcap Fraud – OCIE will continue to examine broker-dealers and transfer agents that aid and abet pump-and-dump schemes or market manipulation.
  • Excessive Trading – OCIE will continue to analyze data from clearing brokers to identify and examine brokers that engage in excessive trading.
  • Anti-Money Laundering – OCIE will continue to examine firms that have not filed suspicious activity reports (SARs) or provide customers with direct access to markets of higher-risk jurisdictions.

In addition, OCIE has identified other examination priorities for 2015, including:

  • Municipal Advisors – OCIE intends to examine newly registered municipal advisors to determine whether they comply with recently adopted SEC and Municipal Securities Rulemaking Board rules.
  • Proxy Services – OCIE intends to examine proxy advisory service firms and investment advisers’ compliance with their fiduciary duty in voting proxies on behalf of investors.
  • Never-Before-Examined Investment Companies – OCIE will conduct focused, risk-based examinations of registered investment company complexes that haven’t been examined before.
  • Fees and Expenses in Private Equity – this continues to be an area that OCIE is focused on.
  • Transfer Agents – OCIE intends to examine transfer agents, particularly those involved with microcap securities and private offerings.