Hardin Joins Forces with Foreside Financial Group, New York Proposes CCO Liability Framework, Cybercriminals Pose as Regulators in Flurry of Phishing Scams
New Name and Look, Same Great Service
On June 22, 2021, we announced that Hardin Compliance Consulting joined Foreside Financial Group, one of the nation’s premium regulatory compliance consulting firms. Foreside is headquartered in Portland, Maine, with numerous regional offices, including offices in New York, Boston, Columbus, Berwyn, Milwaukee, and now Pittsburgh, with clients in every state and internationally. Over the next couple of weeks, we will be retiring the Hardin Compliance Consulting name and logos and replacing them with Foreside. For those of you that have come to depend on Hardin’s blog posts and regulatory insights, rest assured that we will continue to provide our thought leadership as part of the Foreside Team. To opt-in to Foreside’s Thought Leadership, Insights Blog Posts and other regulatory communications, click here. Contributed by Jaqueline Hummel, Partner and Managing Director.
For Investment Advisors and Broker-Dealers
2021 Phishing Season is Open. Almost daily, it seems there is an announcement of a new phishing scam targeting financial services firms. This latest attack involves cybercriminals posing as FINRA by blasting our inboxes with phishing attempts using the “gateway-finra.org” domain name. Please share FINRA Notice 21-20 with your registered personnel, noting that FINRA does not contact registered personnel directly. FINRA will only correspond with your firm’s designated contact person(s). Additionally, it seems this year’s phishing season is not just for Broker-Dealers. NFA Notice I-21-17 warns of similar fraudulent phishing emails.
Finally, since good (and bad) things often come in three’s, the Commonwealth of Virginia’s Division of Securities and Retail Franchising (the “Division”) also issued an alert to advisors on June 24th that included a sample of the fraudulent email notifying recipients that the Division changed its fees for IAs and containing a hyperlink to what looks like a secure site. The Division stressed in the alert that it has not changed its fees, the hyperlink ending in .zip is not connected to the Division (legitimate links should end in .gov), and that emails from the Division typically contain its letterhead. Be vigilant – we wonder what state will be next. Contributed by Rochelle M. Truzzi, Managing Director and Cari A. Hopfensperger, Managing Director.
For Investment Advisors
NY Bar Proposes Guidelines on CCO Liability for SEC – Will the Staff Listen? Ever since the passage of Advisers Act Rule 206(4)-7 (the Compliance Program Rule”), the SEC has increasingly placed Chief Compliance Officers in their crosshairs. To many in the industry, the SEC seems to impose a strict liability standard on CCOs, finding them guilty for compliance failures after the fact, while at the same time providing little or no guidance about what actions would have been reasonable under the circumstances. (Check out our prior blog post on CCO Liability). In October 2020, SEC Commission Hester Peirce spoke to the National Society of Compliance Professionals (virtually) and addressed the issue, discussing the need for the SEC to provide better guidance about “when it will bring enforcement actions against compliance officers.” The New York City Bar Association’s Compliance Committee, along with the Securities Industry and Financial Markets Association (“SIFMA”), the American Investment Council, and the Association for Corporate Growth, heard her request and developed the Framework for Chief Compliance Officer Liability in the Financial Sector (the “Report”).
In the Report, the New York City Bar Association’s Compliance Committee asks the SEC to consider whether charging a CCO with misconduct would fulfill the SEC’s regulatory goals. The Committee reminds the SEC that CCOs are the “boots on the ground,” making decisions in real-time with limited guidance from regulators and relatively limited factual clarity. Moreover, although they are on the firing line, they have no protection or regulatory requirements for support. Therefore, the SEC should carefully consider whether bringing a case against a CCO will protect investors.
The Report addresses cases typically brought against CCO, such as for a “wholesale failure” in carrying out the assigned responsibilities, and urging the Staff to consider the following factors:
- Whether the CCO made a good faith effort to fulfill his/her/their responsibilities?
- Was the failure at issue related to a fundamental aspect of a compliance program?
- Did the CCO have opportunities to cure the lapse?
- Was it a one-off mistake or part of a pattern?
- Was there any guidance issued by the SEC on the issue?
- Were there other aggravating factors, such as previous deficiencies discussed with the CCO or a disregard for CCO’s responsibilities?
The Report also addresses cases brought against CCOs as a result of active participation in the fraud. In those situations, the Report urged the SEC to consider whether there was a pattern of obstruction or false statements by the CCO and whether the CCO cooperated when confronted with obstruction. The Report requests that the SEC consider mitigating factors before bringing a charge against a CCO, including whether the CCO had the tools and resources to do the job, the extent the CCO voluntarily discloses the issue and cooperates, and whether the firm implemented policies and procedures in good faith. Contributed by Jaqueline Hummel, Partner and Managing Director.
Remain Vigilant On Share Class Selections. True to its word, the SEC continues to uncover disclosure failures regarding revenue sharing arrangements, compensation-related conflicts of interest, and self-interested share class recommendations. The following are recent cautionary tales of firms that did not self-report and paid the price:
If you have questions or concerns regarding your firm’s share class selection process, revenue sharing arrangements, or disclosures, we can help! Contributed by Rochelle M. Truzzi, Managing Director.
BDC and Principals Charged with Breaching Fiduciary Duty Through Conflicted Transactions. The SEC settled charges against VII Peaks Capital, LLC (“Peaks”), a registered investment advisor, for breaching its fiduciary duty by engaging in transactions that benefitted the firm and disadvantaged an affiliated BDC and its investors. The SEC charged Peaks with breaching its fiduciary duty to its BDC, engaging in undisclosed transactions that were not approved by the BDC’s board, failing to disclose conflict of interests related to its collection of sizable due diligence fees, and reporting those fees as belonging to the BDC when they were, in fact, being given to Peaks. As a result, Peaks was hit with a cease-and-desist order and required to pay a settlement totaling $1.03 million.
In related actions, the SEC also charged Gurprit Chandhoke (co-owner and managing member of Peaks) for his participation in transactions that put his interests ahead of those of the BDC’s. Those charges resulted in Chandhoke being suspended for 12 months and paying a settlement of over $194,000. Additionally, the SEC also charged the BDC’s CFO, Michelle McDonald, for signing off on the transfer of the due diligence fees, without board approval, to Peaks. As a result, MacDonald agreed to a cease-and-desist order and paying a fine of $20,000. Contributed by Doug MacKinnon, Senior Compliance Consultant.
Bloggers are Solicitors Too! The SEC’s case against Emperor Investments, Inc. (“Emperor”) highlights a few fundamentals of SEC regulation. First, you can’t say you beat the market if you didn’t have money invested in the market. Second, if you pay for referrals, you have to tell the referred clients.
In this case, Emperor, a robo-advisor, marketed its performance record on its website, stating that it had outperformed the market for the past 11 years. However, Emperor had only been in business for two years, and the longer track record was based on modeled returns. The firm’s actual trading record was much less stellar and was not included on the site. Emperor also paid bloggers for publishing favorable articles about the firm and including a hyperlink to Emperor’s website. The bloggers received payments for the reviews and the referrals. Under the Cash Solicitation Rule, Emperor was supposed to have a written agreement with the bloggers and should have required the bloggers to provide referred clients with disclosures about the arrangement. Emperor’s reign lasted less than two years and ended up costing its owners $25,000 in penalties. The lesson learned from this case is that it is easy to register as an investment advisor but hard to meet all the regulatory burdens. Contributed by Jaqueline Hummel, Partner and Managing Director.
Worth Reading, Watching and Hearing
Key Takeaways from President Biden’s Cybersecurity Executive Order. The National Law Review summarizes the main components of the order designed to strengthen the federal government’s response to cybersecurity risk. Although focused on the healthcare industry, this short King & Spalding Client Alert also highlights key best practices from the order.
FINRA Withdraws Proposed Expungement Rule Changes It Has Worked On For Four Years After Pushback From SEC. Ulmer & Berne LLP addresses this move which caught some in the industry by surprise.
Catch up on state-related privacy updates with Texas Joins Other States With New Texas Data Breach Notification Requirement: Is This A New Trend? by Jackson Lewis PC; and Colorado’s Consumer Data Protection Act has passed – What’s In it? by Manatt, Phelps & Phillips, LLP. Husch Blackwell LLP also offers this helpful resource for state-by-state information.
PCAOB board member shakeup. In an unprecedented move, the SEC announced big changes to PCAOB board membership in this press release. See Chair Gensler Overhauls PCAOB by Faegre Drinker and Statement on The Commission’s Actions Regarding the PCAOB – Pierce & Roisman.
Filing Deadlines and To-Do List for July 2021
- Form 13H: Following an initial filing of Form 13H, all large traders must make an amended filing to correct inaccurate information promptly (within ten days) following the quarter-end in which the information became stale. Recommended due date: July 10, 2021. (Note: Neither the SEC nor its staff has provided guidance on the definition of “promptly” for Form 13H.)
HEDGE/PRIVATE FUND ADVISORS
- Form PF for Large Liquidity Fund Advisors: Large liquidity fund advisors must file Form PF with the SEC on the IARD system within 15 days of each fiscal quarter-end. Due date is July 15, 2021.
- Blue Sky Filings (Form D). Advisors to private funds should review fund blue sky filings and determine whether any amended or new filings are necessary. Generally, most states require a notice filing (“blue sky filing”) within 15 days of the first sale of interests in a fund, but state laws vary. Did you know that Hardin Compliance Consulting offers a convenient and economical blue sky filing service to help firms manage this complicated monthly task? Learn more here and give us a call to discuss your needs further. Due July 15, 2021.
- FINRA Accounting Support Fee. Quarterly invoice to support the GASB budget. Based on the municipal securities the firm reported to the MSRB. De Minimis firms (that owe less than $25) will not receive an invoice. If applicable, check WebCRD’s E-Bill for your invoice, which should arrive this month.
- Customer Complaint Quarterly Statistical Summary. For complaints received during the second FINRA Rule 4530 requires Firms to submit statistical and summary information regarding complaints received during the quarter by the 15th day of the month following the calendar quarter. Due July 15, 2021.
- Quarterly FOCUS Part II/IIA Filings. For Quarter ending June 30, 2021. FINRA requires that member firms file a FOCUS (Financial and Operational Combined Uniform Single) Report Part II or IIA quarterly. Clearing firms and firms that carry customer accounts file Part II and introducing firms file Part IIA. Due July 26, 2021.
- Quarterly Form Custody. SEC requires that member firms file Form Custody under Securities Exchange Act Rule 17a-5(a)(5) for the quarter ending June 30, 2021. Due July 26, 2021.
- Supplemental Statement of Income (“SSOI”). For the quarter ending June 30, 2021. FINRA requires firms to submit additional, detailed information regarding the categories of revenues and expenses reported on the Statement of Income (Loss) page of the FOCUS Report Part II/IIA. Due July 29, 2021.
- Supplemental Inventory Schedule (“SIS”). For the month ending June 30, 2021. The SIS must be filed by a firm that is required to file FOCUS Report Part II, FOCUS Report Part IIA or FOGS Report Part I, with inventory positions as of the end of the FOCUS or FOGS reporting period, unless the firm has (1) a minimum dollar net capital or liquid capital requirement of less than $100,000; or (2) inventory positions consisting only of money market mutual funds. A firm with inventory positions consisting only of money market mutual funds must affirmatively indicate through the eFOCUS system that no SIS filing is required for the reporting period. Due July 29, 2021.
- Annual Reports for Fiscal Year-End May 31, 2021. FINRA requires that member firms submit their annual reports in electronic form. Firms must also file the report at the regional office of the SEC in which the firm has its principal place of business and the SEC’s principal office in Washington, DC. Firms registered in Arizona, Hawaii, Louisiana, or New Hampshire may have additional filing requirements. Due July 30, 2021.
- SIPC-3 Certification of Exclusion from Membership. For firms with a Fiscal Year-End of June 30 AND claiming an exclusion from SIPC Membership under Section 78ccc(a)(2)(A) of the Securities Investor Protection Act of 1970. This annual filing is due within 30 days of the beginning of each fiscal year. Due July 30, 2021.
- SIPC-6 Assessment. For firms with a Fiscal Year-End of December 31. SIPC members are required to file for the first half of the fiscal year a SIPC-6 General Assessment Payment Form together with the assessment owed within 30 days after the period covered. Due July 30, 2021.
- SIPC-7 Assessment. For firms with a Fiscal Year-End of May 31. SIPC members are required to file the SIPC-7 General Assessment Reconciliation Form, together with the assessment owed (less any assessment paid with the SIPC-6) within 60 days after the Fiscal Year-End. Due July 30, 2021.
- Form N-MFP. Form N-MFP (Monthly Schedule of Portfolio Holdings of Money Market Funds) reports information about the fund’s holdings as of the last business day of the prior calendar month and must be filed no later than the fifth business day of each calendar month. Due date is July 7, 2021.