The CCO should review the compliance manual or WSPs and ensure s/he understands and undertakes all designated responsibilities. If the CCO can’t or won’t follow the procedures, then s/he must revise the procedures to satisfy regulatory requirements while reflecting the firm’s accurate allocation of authority.
The SEC has issued and investigative report that advises public companies to enhance internal accounting controls to prevent losses from cyber-related frauds. The SEC report describes frauds at 9 issuers that involved spoofing emails and false vendor invoices that resulted in significant losses when internal employees transferred funds to the wrongdoers. One of the companies made 14 wire payments, resulting in a loss of over $45 Million. Another paid 8 invoices totaling $1.5 Million. Although the SEC did not bring enforcement actions against these registrants, the SEC alleges that the companies violated their obligations to implement internal accounting controls sufficient to ensure transactions are only permitted with management’s authorization. In particular, the SEC advises companies to review and enhance their payment authorization and verification procedures and employee training. SEC Chairman Jay Clayton warned: “Cyber frauds are a pervasive, significant, and growing threat to all companies, including our public companies.”
OUR TAKE:You’ve been warned. The SEC gave these 9 companies a pass, but we don’t expect the same treatment for future violators who should now take action to prevent spoofing and email cyber-frauds.
OUR TAKE: The no-action position reflects the reality of how most funds operate. The Board has very little ability to perform due diligence independent of the work performed by the Chief Compliance Officer, so it makes sense to rely on the representations. The big open question is whether this position increases CCO liability, thereby creating additional due diligence requirements.
OUR TAKE: Unlike the SEC, the state securities regulators have the power to pursue criminal penalties including prison time. Regardless of what happens at the federal level, the states appear ready to flex their enforcement muscles.
An FBI sting operation ensnared an unlawful non-U.S. based securities dealer that offered securities-based swaps without registering. The Austrian-based defendant operated an internet-based platform that offered contracts for difference, which operated as securities-based swaps based on publicly-traded U.S. equity and indexes. An undercover FBI agent opened an account with nothing more than a username and a password and traded CFDs with bitcoin. The platform served as the counterparty and collected the bid-ask spreads. The SEC charges the platform with failing to register the securities offering and the platform as a broker dealer. The SEC also asserts that the CFDs were required to be traded on a registered securities exchange.
OUR TAKE: We love innovation and technology. However, when you apply new technologies to a highly regulated industry, you must follow the same rules as everybody else. Trading in securities with U.S. persons implicates the whole panoply of U.S. securities regulation including the regulation of the offering, the parties, and the venue. Also, never assume that law enforcement or the regulators won’t find you. Your competitors and clients have an interest in helping the investigators find those who are cutting regulatory corners.
OUR TAKE: Performing audits of registered advisers, broker-dealer, or public companies involves a thorough understanding of the applicable securities laws and accounting standards. Accounting firms should not undertake engagements without retaining a compli-pro that can help navigate the regulatory waters. Advisers and broker-dealers should not retain a firm that lacks a track record of practicing in this area.
The SEC censured and fined a private fund manager for failing to timely deliver audited financial statements to limited partners. Since the firm registered in 2012, it did not meet the 120-day deadline required by the custody rule (206(4)-2) with respect to 178 audits of 440 funds, a 40% failure rate. In some cases, no financial statements were ever delivered. The SEC faults the firm for failing to implement required policies and procedures to ensure delivery of the financial statements in accordance with the custody rule even though the firm, for most of the funds, had engaged a PCAOB audit firm to conduct the audits. The SEC also cites violations of the compliance rule (206(4)-7) for failing to conduct annual reviews of the adequacy and effectiveness of the compliance program.
OUR TAKE: Hire a compliance officer – either in-house or through a compliance services firm. These types of regulatory missteps can be easily avoided if you retain a professional that knows the rules and has the responsibility and authority to implement them. If you don’t, you subject your firm to a debilitating and humiliating public enforcement action.
An investment adviser platform was fined and censured for receiving fund revenue sharing from a custodian and clearing firms it recommended without proper disclosure. The platform had more than 150 independent investment adviser representatives and 200 registered representatives working out of more than 100 offices. The SEC criticizes weak disclosure that failed to fully describe the conflict of interest when the firm recommended a custodian that kicked back 2 basis points on assets. The SEC also maintains that the firm violated disclosure, fiduciary and best execution obligations when it recommended mutual fund share classes that paid back 12b-1 fees to the firm and its reps when lower fee share classes were available. The firm did not meet its obligations with vague website disclosure that described how the firm “may” receive compensation but failed to fully inform all clients about how fees were paid or calculated.
OUR TAKE: The RIA platform business is extremely competitive, with many firms competing to recruit successful RIA teams. The real cost of an enforcement action like this is the reputational and competitive threat during the recruiting process. Also, as platforms compete for business and margins shrink, the incentives to accept (questionable) revenue sharing increases.
For first time visitors, please complete the information below to gain access to our blog and compliance resources. If you are a returning user, please Login.