We urge our clients to consult Pillsbury’s comprehensive COVID-19 Resource Center for information regarding Responding to a Global Crisis, Business Interruption, Cybersecurity, Employer Concerns and other general matters related to the COVID-19 pandemic. We also recommend the following specific measures to mitigate risks of business interruption and regulatory noncompliance resulting from the COVID-19 pandemic.
The California Consumer Privacy Act (CCPA), a broad statute which imposes new data privacy obligations on certain companies that do business in California, will become effective on January 1, 2020. Fund managers and other investment advisers (“Advisers”) and certain of their affiliates that are currently subject to data privacy laws pursuant to the Gramm-Leach-Bliley Act (GLBA) or the UK General Data Protection Regulation (GDPR) may have additional obligations to consider and prepare for as the CCPA compliance deadline approaches.
SEC Risk Alert regarding safety of customer records and cloud vendor diligence.
As part of its cybersecurity sweep, the SEC has examined risks related to the storage of customer records and information by investment advisers on cloud-based storage platforms and issued a Risk Alert, “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features.” The sweep focused on vendor due diligence and oversight and registered advisers’ monitoring of data and customer information safety. Among other information, OCIE sought vendor contracts (including service level agreements); vendor reviews; risks assessments of cloud service providers, including data encryption, data loss prevention, books & records exposure, identity and access management; and policies and procedures and their alignment to technology standards.
The Risk Alert identified as the main compliance issues related to cloud-based storage (i) Misconfigured network storage solutions (inadequately configured security settings to protect against unauthorized access; lack of policies and procedures addressing the security configuration); (ii) Inadequate oversight of vendor-provided network storage solutions (lack of, or inadequate, policies, procedures, contractual provisions that security settings on vendor-provided network storage solutions were configured in accordance with the firm’s standards); and (iii) Insufficient data classification policies and procedures (firms’ policies and procedures did not identify the different types of data stored electronically by the firm and the appropriate controls for each type of data).
The Risk Alert encourages investment advisers to review their practices, policies, and procedures with respect to the electronic storage of customer information and to consider any necessary improvements, and to actively oversee vendors. The SEC included helpful recommendations for cyber/cloud risk management, including the implementation of policies and procedures designed to support the initial installation, on-going maintenance, and regular review of the network storage solution; guidelines for security controls and baseline security configuration standards to ensure that each network solution is configured properly; and vendor management policies and procedures that include, among other things, regular implementation of software patches and hardware updates followed by reviews to ensure that those patches and updates did not unintentionally change, weaken, or otherwise modify the security configuration.
Please contact your counsel at Pillsbury’s Investment Funds Group if you need help with reviewing and enhancing your cloud storage and related policies.
This is a reminder about the upcoming annual compliance deadlines that may or may not apply to you.
Please click HERE to open a summary chart of the filing deadlines.
Please feel free to contact us if you have questions or need assistance with any of these filings.
Pillsbury IFIM Group
This alert contains a summary of the primary annual and periodic compliance-related obligations that may apply to investment advisers registered with the Securities and Exchange Commission (the “SEC”) or with a particular state (“Investment Advisers”), and commodity pool operators (“CPOs”) and commodity trading advisors (“CTAs”) registered with the Commodity Futures Trading Commission (the “CFTC”) (collectively with Investment Advisers, “Managers”). Due to the length of this Alert, we have linked the topics to the Table of Contents and other subtitles for easy click-access.
This summary consists of the following segments: (i) List of Annual Compliance Deadlines; (ii) New Developments; (iii) 2018 National Exam Program Examination Priorities; (iv) Continuing Compliance Areas; and (v) Securities and Other Forms Filings.
Read this article and additional Pillsbury publications at Pillsbury Insights.
The Office of Compliance Inspections and Examinations (OCIE) of the SEC issued a Risk Alert yesterday providing a list of the most frequently identified compliance issues relating to the Advertising Rule (Rule 206(4)-1) under the Investment Advisers Act of 1940. These compliance issues were identified as part of the OCIE examination of investment advisers: misleading performance results, misleading one-on-one presentations, misleading claim of compliance with voluntary performance standards, “cherry-picked” profitable stock selections, misleading selection of recommendations and insufficient/inaccurate compliance policies and procedures.
Compliance with the Advertising Rule has long been, and remains, a favorite focus of the SEC. In an age of fundraising challenges, investment advisers must balance the pressing need of appealing to prospective clients with adherence to precise regulatory standards. Each marketing piece should go through rigorous internal review and sign-off procedures and, as necessary, outside counsel evaluation. Investment advisers are urged to pay special attention to any form of performance or track record marketing.
Click here for the full Risk Alert. Contact your Pillsbury attorney for additional assistance.
The following are some of the important annual compliance obligations investment advisers either registered with the Securities and Exchange Commission (the “SEC”) or with a particular state (“Investment Adviser”) and commodity pool operators (“CPOs”) or commodity trading advisors (“CTAs”) registered with the Commodity Futures Trading Commission (the “CFTC”) should be aware of.
This summary consists of the following segments: (i) List of Annual Compliance Deadlines; (ii) 2017 Enforcement Priorities In The Alternative Space; (iii) New Developments; and (iv) Continuing Compliance Areas.
Table of Contents
- 3(c)(1) funds should update their offering documents to reflect $2.1 million net worth requirement.
- Assets under management threshold remains unchanged at $1 million.
- Only new client relationships entered and new investors admitted in private funds after August 15, 2016 are affected; new contributions by pre-August 15 investors are grandfathered.
The Securities and Exchange Commission (the “SEC”) issued an order on June 14, 2016 raising the net worth threshold for “qualified clients” in Rule 205-3 under the Investment Advisers Act of 1940, as amended (the “Advisers Act”). Effective August 15, 2016, the dollar amount of the net worth test increased from $2 million to $2.1 million. The dollar threshold of the assets-under-management test has not changed and remains at $1 million. Adjustments to the dollar thresholds for the assets-under-management and net worth tests under Rule 205-3 are made pursuant to section 418 of the Dodd-Frank Act and section 205(e) of the Advisers Act and are intended to reflect inflation. The adjusted amounts would reflect inflation from 2011 until the end of 2015.
Under the Advisers Act, an investment adviser is generally prohibited from receiving performance fees or other performance-based compensation. Section 205(e) of the Advisers Act provides for an exemption to this prohibition and Rule 205-3 under the Advisers Act permits an investment adviser to receive performance fees only from “qualified clients.” The increased threshold affects private funds that rely on the exception to the definition of investment company provided in section 3(c)(1) of the Investment Company Act (“3(c)(1) Funds”) which, under the rule, are allowed to pay performance-based fees if their investors are qualified clients. Accordingly, 3(c)(1) Funds must amend their offering documents to conform to the new qualified client net worth threshold.
Grandfathering: Subject to the transition rules of Rule 205-3, the June 2016 SEC order generally does not apply retroactively to clients that entered into advisory contracts (including investors that invested in a private fund) prior to the August 15, 2016 effective date.
On July 14, 2016, the Securities and Exchange Commission (SEC) announced an enforcement action against RiverFront Investment Group, LLC, a registered investment adviser serving as sub-adviser to clients in wrap fee programs established by various sponsors. The enforcement action resulted from RiverFront’s materially inadequate disclosure about changes in its trading practices and attendant transaction costs which exceeded wrap fees and caused millions of dollars in extra transaction costs for its clients.
In its role as sub-adviser, RiverFront had discretion to determine whether to send trades to sponsor-designated broker-dealers (whose costs were covered under the wrap fee program) or to other brokers in which case the clients would pay additional transaction costs. Wrap fee programs enable clients to pay one fee to cover a bundle of services, including, for example, trading, investment management and custody. From 2008 to 2011, RiverFront disclosed on its Form ADV that trades were “generally” executed through designated broker-dealers. It also disclosed that it may trade away in an effort to obtain best execution on behalf of its clients. A “trade away” is the practice of sending trades to a broker-dealer that has not previously been designated. In 2009, RiverFront started trading away significantly more transactions and charging clients fees that were not included in the annual wrap fee. However, in its annual Form ADV amendment filings from 2009 to 2011, RiverFront did not change its disclosures to reflect the frequency of its trade aways.
It was RiverFront’s failure to accurately and timely disclose on its Form ADV its trading practices and the potential for additional transaction costs that resulted in the SEC sanctions. The SEC held that RiverFront willfully violated Sections 207 and 204(a) of the Investment Advisers Act of 1940 and Rule 204-1(a) thereunder.
The SEC imposed sanctions against RiverFront, namely:
- censorship; and
- a $300,000 fine.
RiverFront also undertook to disclose quarterly on its website the volume of trades executed with non-designated brokers and the costs to be passed onto clients.
The RiverFront enforcement action serves as a reminder to investment advisers to review their Forms ADV to ensure that trading practices, costs and other material information regarding their advisory businesses are adequately and accurately disclosed. Please contact an Investment Funds and Investment Management Group attorney for assistance with issues pertaining to Form ADV disclosure and related matters.
The SEC Press Release can be found here.
The full text of the SEC order can be found here.
In line with the Securities and Exchange Commission’s (SEC) goal to enhance regulatory safeguards in the asset management industry, the SEC yesterday released a proposed new rule and rule amendments under the Investment Advisers Act of 1940. The proposed new rule 206(4)-4 would require SEC-registered investment advisers to adopt and implement written business continuity and transition plan (BCP) and review the plan’s adequacy and effectiveness at least annually. The proposed amendment to rule 204-2 would require such advisers to keep copies of all BCPs that are in effect or were in effect during the last five years, and any records documenting the adviser’s annual review of its BCP.
The proposed rule is designed to address operational and other risks (internal or external) related to a significant disruption (temporary or permanent) in the investment adviser’s operations. Operational risks and disruptions generally include natural disasters or calamities, cyber-attacks, system failures, key personnel departure, business sale, merger, bankruptcy and similar events.
Under the proposed rule, an SEC-registered adviser should develop its BCP based upon risks associated with the adviser’s business operations and must include policies and procedures that minimize material service disruptions and address the following critical elements:
- System maintenance and data protection
- Pre-arranged alternate physical locations
- Communication plans
- Review of third-party service providers
- Transition plan in the event of dissolution or inability to continue providing advisory services
The comment period will be 60 days after the proposed rule is published in the Federal Register.
A full copy of the proposed rule is available HERE.