The SEC’s Enforcement Division has created a new Cyber Unit targeting “cyber-related misconduct.” The new Cyber-Unit will target market manipulation schemes using electronic and social media, hacking schemes, account intrusions, and the dark web. The Co-Director of the SEC’s Enforcement Division labeled cyber-related threats as one of the “greatest risks facing investors and the securities industry.”
OUR TAKE: We suspect that this Cyber Unit will ultimately morph into its own office (See OCIE, Whistleblowers). If you have been on vacation in the woods for the last 3 years and have not yet retained a third party firm to test your cybersecurity readiness, we recommend moving quickly to catch up to the rest of the industry.
A private equity firm agreed to pay over $3.4 Million to settle charges that it failed to allocate broken deal expenses to co-investment funds as far back as 2004. The private equity funds reimbursed the respondent for broken deal expenses including costs incurred to develop, negotiate, and structure potential transactions that were never consummated. The SEC faults the firm, which registered in 2012, for failing to disclose that the funds would pay the broken deal expenses allocable to co-investment vehicles utilized by insiders. The SEC asserts violations of the Advisers Act’s antifraud provision (206(2)) and the compliance rule (206(4)-7) for failing to implement a written compliance policy or procedure governing broken deal expense allocation practices.
OUR TAKE: The SEC reaches all the way back to 2004 to calculate disgorgement even though the firm did not register until 2012. Private fund firms that registered in 2012 should re-examine their expense allocation practices for years prior to 2012 and consider LP reimbursement before the SEC brings a public enforcement case.
The IA/BD subsidiary of a large bank agreed to pay almost $1.3 Million in disgorgement and a $1.1 Million fine for putting wrap fee clients in funds that paid a 12b-1 fee back to the selling reps. The SEC faults the firm for failing to recommend that clients move assets into lower-fee share classes as those classes became available over time. Although the firm disclosed that it may receive 12b-1 fees, it did not disclose that it actually received those fees and that lower classes were available. The SEC noted that the IA/BD made changes to qualified accounts but failed to implement similar changes to non-qualified accounts. In addition to best execution, fiduciary, and disclosure violations, the SEC criticized the firm’s compliance program because the respondent failed to update its compliance policies and procedures as institutional share classes became available.
OUR TAKE: A compliance program is not a static exercise that you can set and forget. As the markets and the business changes, firms must continuously review policies and procedures to determine if they still make sense given new realities. In this case, the wider availability of institutional share classes necessitated changes to the firm’s compliance practices.
FINRA fined a large broker-dealer $1.5 Million for failing to properly maintain electronic brokerage records. According to FINRA, the respondent’s ATS business failed to maintain over 100 million trading records in “write once, read only” (WORM) format over a 6-year period. FINRA also faults the BD for failing to maintain duplicate copies of over 300 million orders placed over the same period. The failures also resulted in charges that the firm did not have adequate audit or compliance procedures. FINRA said the required records and formats are necessary for regulatory examinations and internal audits.
OUR TAKE: The IT folks must connect with the compi-pros to understand the specific regulatory requirements for electronic data retention. Then, the compli-pros must determine how to implement effective audit and compliance surveillance. The most dangerous phrase in financial services: “That’s not my job.”
The SEC’s Office of Compliance Inspections and Examinations has issued a Risk Alert citing common investment adviser marketing and advertising compliance issues. OCIE, drawing on over 1000 examinations and its recent “Touting Initiative,” cited several deficiencies: (i) misleading performance results including failure to present performance net of fees, comparisons to inapplicable benchmarks, and hypothetical/back-tested performance, (ii) misleading claims about compliance with voluntary performance standards (i.e. CFA Institute), and (iii) cherry-picked performance and misleading presentations of past specific recommendations. The SEC also criticized advertising that cited third party awards or rankings without proper explanation. The SEC urges advisers to “assess the full scope of their advertisements and consider whether those advertisements are consistent with the Advertising Rule, the prohibitions of Section 206, and their fiduciary duties, and review the adequacy and effectiveness of their compliance programs.”
OUR TAKE: OCIE generally issues these types of Risk Alerts in advance of bringing enforcement actions. Although the SEC has not generally brought enforcement cases solely on the basis of misleading performance claims, this Risk Alert may signal a change in enforcement policy.
The SEC fined and censured a private equity manager and its principals for unlawfully charging the fund both portfolio company expenses and adviser overhead expenses. The PE manager charged the fund certain consulting expenses provided to a portfolio company without offsetting the management fee as required by the LPA. The PE manager also charged overhead expenses including employee compensation, rent, and the costs of responding to the SEC examination/enforcement. The SEC charges that the expenses were not authorized in the fund’s organizational or disclosure documents. The SEC asserts violations of the Advisers Acts antifraud provisions as well as the compliance rule (206(4)-7) for failing to adopt and implement reasonable policies and procedures. As part of its remediation, the PE firm agreed to hire a new Chief Compliance Officer.
OUR TAKE: It really is better to build a legitimate compliance infrastructure before the SEC arrives rather than in response to an enforcement action. An ounce of compliance prevention can avoid the reputation-crushing havoc of an SEC enforcement action.
An RIA was censured and agreed to pay disgorgement for failing to offer the lowest-fee mutual fund share classes available and failing to adequately disclose compensation paid to its affiliated broker-dealer. The RIA recommended third party mutual funds to 403(b) and IRA clients, who directed the investments. The SEC faults the respondent for recommending Class A shares that paid 12b-1 fess to its affiliated broker and failing to make available lower-fee institutional shares. The SEC also cites the insufficiency of various disclosures that generally discussed payment of 12b-1 fees but failed to specifically explain that an affiliate would receive the trailers. The SEC charges the RIA with violations of the compliance rule (206(4)-7) for failing to adopt and implement adequate policies and procedures around conflicts of interest, disclosure, and mutual fund share class selection.
OUR TAKE: We believe that the SEC wants advisers to offer the lowest share class available and refrain from accepting any form of revenue sharing compensation. We think that the SEC will find inadequate even the most robust disclosures and procedures because of the inherent conflict of interest.
A large custody bank agreed to pay $32.3 Million to settle allegations that it charged undisclosed commissions and mark-ups as part of its transition management services to large plans and sovereign wealth funds. According to the SEC, the respondent’s scheme involved bidding for transition management projects with artificially low commission schedules and then charging undisclosed mark-ups and concealing those mark-ups when reporting to clients. The SEC’s investigation included emails and recorded conversations where internal employees (i) referred to such concealed mark-ups as a “rounding error,” (ii) committed to “make it work” internally when forced to bid at low commission rates, (iii) bragged that they would “back the truck up” when describing the undisclosed commissions, and (iv) vowed that “This can of works stays closed” when discussing their scheme. A client’s consultant ultimately discovered the undisclosed commissions.
OUR TAKE: You do know that your emails are retained and your conversations are recorded? Right? The bad old ways of hoping you won’t get caught just have no place in the modern regulatory world where compliance officers, clients (and their consultants), and regulators all review sales activity and disclosure.
The SEC issued a cease and desist order against the Head of Regulatory Reporting of a large investment bank for causing violations of the firm’s customer protection rule. As previously reported, the firm agreed to pay $415 Million to settle the charges. The SEC faults the respondent, who also served as the Financial and Operational Principal, with misleading regulators about the true purpose of certain synthetic transactions intended to reduce the amount held in the firm’s reserve account. The SEC cites FINRA’s handbook which prohibits any window dressing designed to reduce the reserve formula.
OUR TAKE: It is noteworthy that the Head of Regulatory Reporting was the only individual specifically charged by the SEC in this action even though the firm paid a staggering settlement. Regulatory officers, including CCOs and FINOPs, continue to be targeted by the regulators.