FINRA fined a large broker-dealer $1.25 Million for failing to conduct adequate background checks on over 10,000 non-registered associated persons over a 7-year period. For these non-registered persons, the BD relied on less comprehensive background checks conducted by its bank affiliate, which was required by the banking laws. The required Exchange Act background checks include a review of regulatory actions in addition to criminal activity. A FINRA official warned that “member firms must live up to their responsibility as a gatekeeper protecting investors from bad actors.”
This case is similar to an action against another bank-affiliated broker-dealer back in 2017. Large firms with multiple regulated affiliates must ensure compliance with each regulatory regime. Compliance with one financial services statute does not necessarily mean compliance with another. Firms should hire compliance specialists with substantive backgrounds in the applicable laws and regulations.
The SEC fined an investment adviser and its two principals for failing to disclose compensation received for recommending a third-party investment fund and for not registering as a broker-dealer. The adviser received a 1.25% up-front payment and trailing fee from the manager of a private fund that the respondents recommended. The adviser did disclose that it would receive compensation but did not disclose the conflict of interest resulting because the fees received exceeded its customary 1.00% asset management fee, thereby creating a financial incentive to recommend the fund. Because the compensation was transaction-based, the respondent was required to register as a broker-dealer, and the principals needed to obtain their relevant securities licenses.
The interesting twist here is that the SEC doesn’t really describe why the compensation should be characterized as transaction-based, triggering broker-dealer registration, rather than permissible asset-based compensation. Instead, the SEC relies more on the source of the compensation (e.g. the product sponsor) rather than a direct fee charged to the client. Could the firm have avoided the broker-dealer registration charges if it assessed the 1.25% fee on the client rather than collect it as revenue sharing from the product sponsor? This may be an economic distinction without a difference, but the SEC will view it through a different regulatory lens.
The SEC fined a large technology company $100 Million for misleading shareholders in public filings about breaches of its policies protecting user information. The firm was also fined $5 Billion by the FTC. According to the SEC, the firm knew in 2015 that a researcher had violated its policies by obtaining and transferring confidential user data to a third party research firm. Regardless, the defendant’s public filings for the next two years presented the risk of misappropriated data as hypothetical even though the researcher had already transferred the data and admitted the scheme to the defendant. The SEC charged the company with violating the securities laws by issuing several misleading public filings.
Last February the SEC issued cybersecurity guidance to public companies about their obligations to fully disclose cybersecurity risks and incidents. If public companies didn’t take the SEC seriously then, we expect that the combined $5.1 Billion in fines will garner attention. For asset managers and broker-dealers, in addition to implementing required customer data protections, they must also consider their disclosures in Form ADV and Form BD as well as any relevant offering documents.
The staff of the SEC’s Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert reporting significant compliance and supervision deficiencies. Based on data collected from a 2017 sweep of over 50 advisers, OCIE found significant weaknesses in how firms hired, supervised, and disclosed information about employees with disciplinary histories. The OCIE staff also cited frequent compliance deficiencies including failures to supervise how fees are charged, what marketing materials are distributed, and whether remote workers complied with firm policies. OCIE also discovered that many advisers allocated compliance responsibilities but failed to assign those responsibilities or neglected to require documentation. The OCIE staff recommends that advisers “reflect on their practices” and implement such best practices as enhanced hiring due diligence, background checks, heightened supervision, and remote-office monitoring.
How many times must OCIE warn the industry about compliance, and how many enforcement actions will it take, before firms implement a legitimate compliance program? An investment adviser should spend at least 5% of revenue on compliance, hire a dedicated Chief Compliance Officer, adopt tailored policies and procedures, test the program every year, and prepare a written compliance report of deficiencies and remediation.
A private fund portfolio manager was barred from the industry and ordered to pay $749,000 in disgorgement and fines for intentionally inflating swap valuations and concealing his activities. According to the SEC, the PM, whose compensation was directly tied to fund performance, convinced management to use a discretionary valuation model for certain swaps and swaptions. Without telling management, he then began using discretionary inputs rather than default values for pricing. The SEC asserts that he used different discount curves to maximize valuations, fund performance, and his own compensation. The SEC further alleges that he hid his activities by lying to the fund administrator and third party brokers. Within 16 months after discovery of the mispricing, the firm reimbursed clients, shut down what had been a $375 Million fund, and ceased operations.
Firms should seriously re-consider tying portfolio management compensation directly to fund performance, especially where the PM is responsible for Level 3 (non-exchange traded) fair-valued securities. For both the C-suite and compli-pros, this case shows how a failure to properly supervise one bad employee can blow up your firm. As for the PM (and any other potential wrongdoer), the industry bar will make it difficult to find a job to get out of the six-figure hole resulting from the wrongdoing.
A large REIT manager, together with its CEO and CFO, agreed to pay over $60 Million in disgorgement, interest and penalties for inflating incentive fees and taking reimbursement for significant expenses. The SEC asserted that the defendants, contrary to disclosures and agreements, used their insider positions to calculate incentive fees in a manner that unjustly enriched themselves over the investors to whom they owed a fiduciary duty. The SEC also charged the defendants with collecting millions in expense reimbursements as part of various merger transactions. The SEC accused the defendants of securities fraud and falsifying books and records.
Firms should use some third party (e.g. fund administrator, LPA committee) to calculate, or at least confirm calculations, of fees collected from clients. When management can exercise arithmetic discretion to pay itself, regulators will scrutinize the calculations.
A large broker-dealer agreed to pay $26.4 Million in client reimbursements and fines for failing to supervise traders that lied to customers about CMBS and RMBS transactions over a multi-year period. The SEC asserts that the traders misled customers about bond prices, bids/offers, compensation, and ownership in very opaque secondary trading markets. The SEC alleges that targeted reviews of electronic correspondence would have uncovered the illegal activity, thereby constituting a failure to supervise in violation of Section 15(b)(4)(E) of the Exchange Act. As part of the remediation, the firm has implemented additional procedures for targeted reviews of communications relating to transactions that fall within certain risk-based parameters.
The most interesting legal point is that the SEC argues that the failure to implement compliance policies and procedures that would have uncovered wrongdoing can serve as a predicate for a failure to supervise charge. In the past, the regulators generally separated the compliance program from the supervisory obligations. Does this mean that a compli-pro can be charged with aiding and abetting his/her firm’s failure to supervise if the compliance monitoring program fails to detect wrongdoing?
Last month, the SEC adopted Regulation Best Interest for broker-dealers making recommendations to retail clients and adopted the new Form CRS requiring advisers and broker-dealers to provide standardized disclosure to retail customers. Companion releases included an interpretation of an adviser’s fiduciary responsibilities as well as the contours of the “solely incidental” exception to adviser registration for broker-dealers. The CCS team has spent the last few weeks reviewing the new regulatory information and offer the following summaries. Please feel free to contact Jay Haas, Mark DeAngelis, Suzette Hagan or Larry Clay directly if you want to ask any deeper questions.
Regulation Best Interest: The CCS Summary by Jay Haas
Form CRS: The CCS Summary by Mark DeAngelis
Fiduciary Interpretation: The CCS Summary by Suzette Hagan
“Solely Incidental”: The CCS Summary by Larry Clay
The SEC fined an unregistered investment adviser and barred its principal from the industry for making false representations in marketing materials primarily to professional athletes. The SEC asserts that the adviser, which terminated its SEC registration in 2008 but continued to market its investment advisory services through 2018, baldly lied about its assets under management, clients, management, and employees. The firm emailed its misleading brochure to over 80 prospects over a 12-month period and included a cover email that also included significant misrepresentations. The SEC alleges violations of the Advisers Act’s antifraud rules.
Just because you do not register with the SEC does not mean that you are exempt from its antifraud rules. Section 206 applies to any statement made by an investment adviser, whether registered or unregistered, that could defraud any client or prospective client.
In a joint statement, staffs of the SEC’s Division of Trading and Markets and FINRA’s Office of General Counsel, raised significant regulatory concerns for broker-dealer firms deemed to have custody of digital assets. The joint statement questions how a broker-dealer could comply with the customer protection rule (15c3-3), especially the obligation to safeguard customer assets. The regulators, noting that $1.7 Billion worth of digital assets were stolen in 2018, express concern about how to adequately guard against fraud and theft. They also ask how to reverse transactions made in error and how to properly control digital assets. The SEC and FINRA staffs are also concerned about SIPA protection for the firm and its clients. The next step is continued dialog with the industry: “The Staffs encourage and support innovation and look forward to continuing our dialogue as market participants work toward developing methodologies for establishing possession or control over customers’ digital asset securities.”
Now, what? Will the SEC, in conjunction with the industry, offer some solutions to these difficult questions? Or, will the regulator continue to push the crypto-industry to the Wild West corners of the securities markets including offshore jurisdictions and private networks?