A private equity fund has agreed to pay over $1.6 Million in fines and client reimbursement for mis-allocating expenses to its fund. The SEC charges that the PE firm unlawfully charged legal, hiring, and employee and consulting expenses to the fund. The SEC interprets the organizational documents as only permitting “normal operating expenses,” including “all routine, recurring expenses incident to” their own operations. The SEC faults the firm for failing to adopt and implement appropriate compliance procedures including multiple levels of expense review, escalation procedures and oversight.
OUR TAKE: PE firms continue to struggle with expense allocation issues, failing to understand that a fiduciary cannot use a managed fund as a piggy bank to pay firm expenses. Proper compliance procedures should prevent firms from crossing the fiduciary line.
A hedge fund manager agreed to pay $7.9 Million in disgorgement and a $5 Million fine for using the assets of newer funds to pay the expenses of older funds. According to the SEC complaint, which was filed in 2010 and related to allocations made between 2005 and 2008, the respondent used assets from more recent funds to pay legal and administrative fees of older funds that could not raise cash because they held illiquid securities. The SEC claims that the respondent replaced the cash with overvalued illiquid securities. The SEC continues litigation with respect to charges that the hedge fund manager overvalued securities and made misrepresentations.
OUR TAKE: The long arm of the law can reach back a long way. The older funds began to have liquidity problems as far back as 2004, which caused the respondent to raise more assets to pay off old expenses. And, the litigation continues.
A large insurance company agreed to pay a total of $5.5 Million to settle charges brought by 32 states resulting from the loss of critical consumer information attributable to a criminal data breach. According to the Settlement Agreement, the respondent lost the data for 1.27 million customer across the country when hackers exploited a security breach created when the respondent failed to implement a security patch. As part of the settlement, the insurance company agreed to appoint a security patch supervisor, implement security patch policies and procedures, and perform internal assessments. The New York State Attorney General criticized the respondent for its “true carelessness while collecting and retaining information from prospective customers, needlessly exposing their personal data in the process.” He warned, “This settlement should serve as a reminder that companies have a responsibility to protect consumers’ personal information regardless of whether or not those consumers become customers. We will hold companies to account if they don’t.”
OUR TAKE: The NYS Attorney General implies that companies can be held liable for data breaches that result from simple negligence rather than recklessness or intent. A solid compliance program that includes a robust cybersecurity assessment can help defend charges that a firm acted negligently.
The SEC Office of Compliance Inspections and Examinations (OCIE) released the results of its Cybersecurity 2 sweep initiative. OCIE reviewed policies and procedures and assessed cybersecurity preparedness of 75 firms with respect to governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response. OCIE found that most firms have adopted policies and procedures, conducted penetration tests and vulnerability scans, used a system to prevent data loss, installed software patches, adopted response plans, and conducted vendor risk assessments. OCIE recommended that registrants better tailor policies and procedures, conduct enhanced employee training, replace outdated systems, and ensure remediation of identified vulnerabilities. OCIE warned that cybersecurity “remains one of the top compliance risks for financial firms” and that it “will continue to examine for cybersecurity compliance procedures and controls, including testing the implementation of those procedures and controls at firms.”
OUR TAKE: Advisers, broker-dealers, and funds that fail these compliance best practices risk falling behind their competitors and incurring the wrath of the OCIE examiners. Compliance officers must become conversant in the required elements of an adequate cybersecurity program and implement the required policies and procedures, testing, and remediation.
The SEC fined and barred from the industry the principal of a purported private equity firm for looting one fund to pay another by inflating the valuation of an underlying security transferred between the funds. The SEC pleads that the defendant transferred a worthless interest in a start-up company to one of the funds and then had another fund buy that interest at a $2.8 Million valuation in order to pay off investors in the transferring fund. The SEC contends that the defendant failed to (i) properly value the security with third-party input, (ii) disclose the inherent conflicts of interest and (iii) comply with statements made in the offering memorandum. Neither the fund manager nor the principal were registered in any capacity, but the SEC was able to uncover the wrongdoing as a result of litigation brought by the Colorado Division of Securities.
OUR TAKE: The state securities regulators serve a valuable function ferreting out fraud and other wrongdoing by firms that fail to register with the SEC and might otherwise go undetected.
The SEC instituted enforcement proceedings against an adviser that it accuses of falsely claiming SEC registration eligibility. The SEC alleges that the adviser initially registered by claiming that it had over $500 Million in assets under management and a year later changed its ADV to claim eligibility as a mid-sized adviser ($25-$100 Million AUM) domiciled in New York and/or Wyoming. However, the SEC maintains that the adviser never had any clients or assets under management. The SEC further accuses the adviser of soliciting clients using the false ADVs.
OUR TAKE: SEC registration has become a qualifying criterion for larger clients who feel more secure with an SEC-regulated firm that has more than $100 Million in AUM. Consequently, firms may feel the pressure to stretch their numbers to qualify, which could result in a painful enforcement action. There is no shortcut to success.
A broker-dealer was censured, fined $200,000, and ordered to hire an independent compliance consultant for failing to file Suspicious Activity Reports. The SEC argues that the firm should have further investigated millions of penny stock transactions whereby customers deposited large blocks of penny stocks, liquidated them, and transferred the cash proceeds. The SEC faults the BD for blindly accepting customer representations that the shares were exempt from registration under Rule 144. The firm’s policies and procedures required a reasonable investigation into money laundering red flags. The firm’s CCO has also been charged with wrongdoing.
OUR TAKE: Anti-Money Laundering compliance and the timely filing of SARs remain priority issues for both the SEC and FINRA. FinCEN may also weigh in with criminal penalties including huge fines and jail time.
The SEC imposed a $3 Million civil monetary penalty on a dually registered RIA/BD for retaining prepaid advisory fees, collecting revenue sharing payments from fund companies, and failing to invest in the lowest-cost share classes available. The respondent billed clients at the beginning of each quarter, but the SEC charges that the adviser’s services – portfolio management, trade execution, performance reporting and account servicing – occurred during the quarter. Therefore, the SEC maintains that the respondent unlawfully retained the prepaid advisory fees when clients terminated before the conclusion of a quarter. The SEC also charges the firm for failing (i) to fully disclose conflicts of interest when receiving revenue sharing and marketing support payments from fund companies and (ii) to utilize the lowest share classes available. The SEC cites violations of the Adviser’s Act’s antifraud provision (206(2)) and the compliance rule (206(4)-7).
OUR TAKE: Charging advisory fees at the beginning of a period drops you into choppy regulatory waters. As the SEC asserts here, how does a firm justify this practice when it has not yet performed services? This practice comes under more scrutiny when a firm fails to refund the fees to terminating clients, thereby creating a financial penalty for clients to sever a relationship.
The SEC censured and fined a private fund manager for failing to disclose that one of its funds invested in an affiliate fund formed to help grow the manager’s business by acquiring other advisers. Although the respondent ultimately made disclosure through the fund’s financial statements, the audited financials were delivered 9 months after they were required to be delivered pursuant to the Advisers Act’s custody rule (206(4)-2). Also, the firm failed to retain an auditor subject to PCAOB inspection, as required by the Advisers Act. The SEC noted that advisory clients would not have paid any fees had they invested directly in the acquisition fund rather than through the fund in which they intended to invest, which was focused on foreign currencies.
OUR TAKE: Failure to disclose cross-transactions between affiliate funds will not go undetected. Eventually, the fund manager must deliver audited financial statements, which will require disclosure. The Advisers Act requires advance disclosure (and consent) of conflicts transactions. There is no win in kicking the disclosure down the road until financials are completed.
The SEC censured and fined a fund manager and its principal and barred the principal from serving as a chief compliance officer for incorrectly claiming exemption from Advisers Act registration and its requirements. The SEC contends that the principal, which managed a registered investment adviser, created an affiliate to manage two private funds and then claimed an exemption from registration because the funds had less than $150 Million. The SEC maintains that the affiliate was required to register because it was under common control with the registered adviser and shared office space, employees and technology. The SEC alleges that the private fund adviser hoped to avoid the custody rule’s audit requirements and compliance requirements. The SEC cites Section 208(d) of the Advisers Act, which prohibits a person from doing indirectly any act which would be unlawful if done directly.
OUR TAKE: This case has significant implications for larger organizations. If a firm operates a registered investment adviser affiliate, the SEC, based on this action’s reasoning, would prohibit the firm from claiming an exemption registration for an unregistered fund manager under the same roof. The SEC is using the regulatory flexibility to integrate advisers under one Form ADV as a regulatory weapon to force registration on otherwise exempt affiliates.