By Jaqueline Hummel, Managing Director
Every year, investment advisors registered with the SEC face the thankless task of reviewing their policies and procedures to determine their adequacy and effectiveness as required by Rule 206(4)-7. The review requires updating the firm’s compliance program to reflect changes to relevant regulations and new regulatory guidance. Here’s a cheat sheet for compliance officers, summarizing the regulatory developments from 2021.
For All Advisors: Update Your Policies and Procedures to Reflect the SEC’s New Marketing Rule
The most significant change was the modernization of the Advertising and Cash Solicitation Rules (Rules 206(4)-1 and 206(4)-3) under the Advisers Act. The SEC merged these into a single rule, the “Marketing Rule,” codified in Rule 206(4)-1, which becomes effective on November 4, 2022. Advisors can choose to comply with the new rule now or wait until November 2022.
Additionally, the SEC adopted amendments to its books and records rule (Rule 204-2) and to Form ADV to meet the new rule’s requirements. Rule 204-2 requires advisors to keep records of all disseminated advertisements, as defined under the Marketing Rule. For oral advertisements, testimonials, or endorsements, firms must maintain either written documentation or recordings. The SEC has also added recordkeeping burdens for firms using performance data, hypothetical or back-tested performance, testimonials or endorsements, and third-party ratings with potential clients.
Form ADV Part 1A now includes a new item 5.L. that requires advisors to disclose whether their advertisements include performance results, specific investment advice, testimonials, endorsements, third-party ratings, and hypothetical performance and predecessor performance. This item also requires advisors to disclose whether they paid any cash or non-cash compensation for the use of testimonials, endorsements, or third-party ratings in advertisements. But advisors preparing their annual updating amendments for filing by March 31, 2022, do not have to complete this item if they have not adopted compliance with the rule. Rather, they can wait until the next annual update to be filed in March 2023.
For more information and tips on updating policies and procedures, check out our blog posts: The New Marketing Rule and the Seven Prohibitions: Sneaky, Sloppy, Tricky, Shifty, Iffy, Flimsy, and Dicey, My Advisor is the GOAT!!! Seven Tips for Using Testimonials and Endorsements under the SEC’s New Marketing Rule and Roll Up Your Sleeves: Advisors Using Performance Advertising Have a Heavy Lift Under New Marketing Rule.
Based on this new rule, here are our recommendations:
Revise Current Policies and Procedures to Address the Marketing Rule.
Firms will need to update their policies and procedures by November 22, 2022, to comply with the Marketing Rule’s requirements, including (to the extent not already addressed):
- Changing the definition of advertising to include communications that offer advisory services to existing or prospective clients or investors in a private fund advised by the advisor and to exclude one-on-one communications, oral communications, and information in a statutory or regulatory notice, filing, or other required communication.
- Requiring that any investment advice and performance data used in advertisements be presented in a fair and balanced manner.
- Allowing testimonials and endorsements to be used in advertisements as long as required disclosures are provided and, in some cases, requiring the advisor to enter into agreements with the promoters.
- Allowing third-party ratings in advertisements if appropriate disclosures are provided and certain other conditions are met.
- Requiring certain disclosures to be provided when presenting investment performance in advertisements.
Update Record-Keeping Rules to Comply with Marketing Rule
Advisors should also address these record-keeping responsibilities in their policies and procedures:
Maintain Evidence to Back Up Claims. The rule requires advisors to “have a reasonable basis to believe that they can substantiate materials claims of fact upon demand by the Commission.” (p. 70 of the adopting release) The SEC provided examples of materials facts requiring proof, including performance data, portfolio manager credentials, and the number of investment products a firm offers. To meet this new obligation, advisors should be careful when describing their performance or investment process. An excellent way to do that is to include specific details. For example, it is much easier to prove that a firm’s performance beats a particular benchmark if the advertisement contains the specific period when that happened. Additionally, if an advisor wants to discuss how its performance has low volatility, include the volatility measure being used.
Keep Documentation to Support Hypothetical, Model, and Back-Tested Performance. Advisors using hypothetical performance, testimonials, and endorsements have new record-keeping burdens. They must document how they determined that the hypothetical performance shown is relevant to the intended audience’s financial situation and investment objectives. Moreover, firms must be able to show that the intended audience has the “expertise and resources to understand hypothetical performance.” To meet this burden, advisors could use criteria such as previous investments with the firm, minimum net worth, and prior investing experience. In the final release, the SEC said that advisors could also rely on the fact that investors meet specific “regulatory defined categories” such as qualified purchasers, qualified clients, and qualified institutional buyers.
Proof that Testimonials and Endorsements Meet the Rule’s requirements. Firms using testimonials or endorsements must maintain records establishing how they determined that they met the requirements of the Marketing Rule. The SEC’s final release provided the following examples:
To have a reasonable belief, an advisor may provide the required disclosures to a promoter and seek to confirm that the promoter provides those disclosures to investors. For example, if a blogger or social media influencer is endorsing and referring clients to the advisor through his or her website or platform, the advisor may provide such blogger or influencer with the required disclosures and confirm that they are provided appropriately on his or her respective pages. The advisor may choose to include provisions in its written agreement with the promoter, requiring the promoter to provide the required disclosures to investors.
Additionally, firms must maintain records of any written or oral advertisements, testimonials, or endorsements. Where recording is not feasible, advisors should create scripts or written descriptions of the testimonials or endorsements used with potential clients.
Copies of Questionnaires for Third-Party Ratings. For third-party ratings, advisors must retain a record of their determination that the “questionnaire or survey used in the preparation of the third-party rating is structured to make it equally easy for a participant to provide favorable and unfavorable responses and is not designed or prepared to produce any predetermined result.” Additionally, firms must retain copies of questionnaires or surveys used to prepare a third-party rating included in an advertisement.
Implementing these changes will take time, expertise, and effort, so firms should begin the process now, especially if they are engaging in performance advertising, the use of testimonials and endorsements, using hypothetical or back-tested performance, and promoting third-party ratings.
For Private Fund Managers and Firms That Charge Performance Fees: Revise Your Documents to Reflect the Updated Definition of Qualified Client
The SEC updated Advisers Act Rule 205(a)(1), which allows investment advisors to charge performance fees to “qualified clients.” Effective August 16, 2021, the net worth threshold for “qualified clients” has been increased from $2.1 million to $2.2 million, and the assets-under-management test has increased from $1 million to $1.1 million. Advisors and fund managers who charge performance fees should ensure that their client onboarding process and fund documentation are updated to reflect this change.
For Retail Advisors: Comply with DOL Prohibited Transaction Exemption 2020-02
A watershed regulatory change affecting many retail investment advisors is the Department of Labor’s Prohibited Transaction Exemption 2020-02 (“PTE 2020-02”). This exemption, titled Improving Investment Advice for Workers & Retirees, allows investment advisors and broker-dealers to receive otherwise prohibited compensation, including commissions, 12b-1 fees, revenue sharing, and mark-ups and mark-downs in certain principal transactions. At the same time, however, the DOL expanded the definition of fiduciary advice under ERISA to include recommendations about rollovers and IRA investments. This means that financial institutions and investment professionals who make rollover recommendations may be engaging in a prohibited transaction if the advisor receives ongoing payments for this advice unless an exemption (like PTE 2020-02) applies.
PTE 2020-02 went into effect on February 16, 2021, but the DOL and the IRS agreed to extend their non-enforcement policy resulting in two deadlines for compliance. First, the DOL and IRS decided not to pursue prohibited transaction claims against firms that “are working diligently and in good faith to comply” with the “Impartial Conduct Standards” (as required by PTE 2020-02) until February 1, 2022. Second, the DOL and IRS will not enforce the specific documentation and disclosure requirements for rollovers in PTE 2020-02 until June 30, 2022. For a more in-depth analysis, check out What Advisors Should Know About Giving Rollover Advice After January 31, 2022.
To comply with the Impartial Conduct Standards, advisors should consider:
- Documenting the due diligence performed on investment products offered to clients. Consider developing a product review process to select investment products that meet client investment goals, including reviewing the product’s performance record, reasonability of fees, and any potential conflicts of interest. The process should also consider the risks and conflicts associated with the products. Once products are selected, the firm should continue to monitor performance, fees, and risks. Documenting that the firm has done its homework is critical.
- Evaluate the types of products and services the firm offers to determine whether they are appropriate for specific kinds of clients. Consider developing guidelines for financial advisors, including a recommended list. Recommendations of products should be based on predetermined guidelines, not on incentives.
- Provide advisors training to understand what information they need from clients to open accounts and develop an investment plan. In addition, the training should address where the documentation should be maintained.
- Supervise advisors to retirement investors to ensure that the recommendations are appropriate. Ensure that a supervisor reviews and signs off on new accounts and changes to investment strategies for existing accounts.
To prepare for the disclosure requirements, advisors should start working on:
- Incorporating language to acknowledge that they are ERISA fiduciaries. This language can be in the Form ADV Part 2A and as part of the standard investment management agreement. The DOL included its preferred language in response to Question 13 of its FAQs on PTE 2020-02.
- Developing a process to compare a retirement investor’s current investments and services, whether in a 401K plan, an IRA with another firm, or another type of account (e.g., a commission-based account compared to a fee-based account), as part of the onboarding process. This will require gathering information about the client’s current financial situation and investment goals, as well as information about the client’s existing 401(k) plan, to prepare a comparison of fees and expenses, services, and investments options of the plan to the IRA solution the firm recommends (or from IRA to IRA).
- Educating clients on options regarding the 401(k) plan’s assets and the advantages and disadvantages of a 401K to an IRA, or from IRA to IRA, as applicable.
- To the extent practicable, providing clients with a side-by-side comparison of fees and expenses, services, and investments options of the client’s current 401(k) plan to the IRA solution the firm recommends.
- Conducting an annual review of the firm’s compliance with the conditions of PTE 2020-02 and documenting the results in a written report to a “Senior Executive Officer” of the financial institution.
- Performing a comparison of the fees and expenses of investment products offered by the firm with similar products to prove that the firm’s fees are reasonable.
For All Advisors: Keep Tabs on Changes to State Law as States Adopt New Continuing Education Requirements for Investment Advisor Representatives
In state regulatory action, Mississippi became the first state to adopt the North American Securities Administrators Association (NASAA) Model Rule on Investment Adviser Representative Consulting Education (the Model Rule). The Model Rule requires IARs to complete twelve hours of continuing education (CE) annually, including six hours on ethics and professional responsibility and six hours focused on products and practice. Maryland and Vermont followed suit in 2021, and Wisconsin joined the group in 2022. Michigan and Nevada remain pending but are also expected to implement their CE rules in 2022.Although a registered investment advisory firm can be registered with, and subject to, the SEC’s jurisdiction, IARs are subject to state regulation and are generally required to register in the state (or states) where they have a place of business. Firms should find out whether their IARs are now subject to these requirements and adopt policies and procedures to address them.
|CE Requirements Effective January 1, 2022 |
Completion of credits due Dec. 31, 2022
CE Requirements Effective January 1, 2023
Completion of credits due Dec. 31, 2023
CE Requirements Proposals Pending Adoption
If adopted in 2022, requirements will be effective January 1, 2023
Mutual Fund Advisors: Adopt Policies and Procedures to Address New Derivatives and Valuations Rules
Like the SEC’s new Marketing Rule, there are rule changes under the Investment Company Act of 1940 (the “40 Act”) adopted in 2020 with lengthy runaways running out into 2022. Impacted advisors or subadvisors to mutual funds should review their investment practices and compliance programs and plan accordingly for necessary updates.
Derivatives Rule: Originally adopted in October 2020, Rule 18f-4, Use of Derivatives by Investment Companies, takes its cue from the Liquidity Rule (Rule 22e-4), as it requires in-scope funds to (1) adopt a written derivatives risk management program overseen by a program manager and reviewed at least annually for effectiveness, (2) enforce a maximum level of fund leverage risk that is based on a relative “Value at Risk” or “VaR” test, and (3) implement board oversight and reporting. Requirements will apply to funds’ “derivatives transactions,” which is defined in the rule and excludes transactions in derivatives “that do not impose any future payment obligation of a fund.” The SEC also voted to amend Forms N-LIQUID (re-named Form N-RN), N-PORT, and N-CEN.
Valuation Rule: The SEC adopted a new valuation rule (Rule 2a-5) and a corresponding recordkeeping rule (Rule 31a-4) in 2020. With a compliance date of September 8, 2022, Rule 2a-5 establishes an updated regulatory framework for fund valuation practices, including a threshold for when a fair value is required and a definition for “readily available” market quotes. Under the new rule, funds will be required to manage valuation-related risks, test any fair value methodologies used, and monitor the use of third-party pricing vendors.
For All Advisors: Adopt Best Practices From the SEC’s Risk Alert Issues Raised In Risk Alert on Investment Advisors’ Fee Calculations
Advisory fees always receive a lot of attention during SEC examinations because, as noted in the Risk Alert, “every dollar an investor pays in fees and expenses is a dollar not invested for the investor’s benefit.”
To address the deficiencies highlighted in the Risk Alert, advisors should consider:
- Developing written policies and procedures outlining the billing process, addressing how fees are calculated, and who is responsible for overseeing the process.
- Reviewing Form ADV Part 2A, investment management agreements, and other disclosures to ensure that they are consistent and that they address (i) the timing of fee billing (e.g., monthly, quarterly, in advance, or in arrears), (ii) the values used to calculate advisory fees (e.g., month-end accounts values or average daily account values), (iii) the effect of cash flows on fees, (iv) whether fees are negotiable, (v) any additional fees such as minimum fees, platform administration fees, and wrap fee program fees, and (vi) available discounts.
- Adopting a robust account onboarding process that requires a review to ensure that that billing information for each client is consistent with the investment management agreement and correctly entered into the billing system.
- Centralizing the billing process and instituting quality controls to ensure that fees charged to clients are consistent with advisory contracts, disclosures, and firm procedures.
- Developing checklists and other tools to help reconcile fee calculations with the investment management agreements to ensure consistency.
- Instituting periodic transactional testing of fees (such as by operations or accounting during the invoicing process) and forensic testing by compliance (such as during the annual compliance program review) to ensure that the fees are calculated according to the investment management agreement’s terms.
For a more detailed analysis of this risk alert, check out our blog post, Risk Alerts: SEC Again Finds Litany of Failures in RIA Fee Calculations, Puts Robo Advisors on Alert to Pay Attention to Compliance.
For Wrap Fee and Retail Advisors: Adopt Best Practices From the SEC’s Risk Alert: Observations from Examinations of Investment Advisors Managing Client Accounts That Participate in Wrap Fee Programs.
Although this Risk Alert refers to wrap programs, the best practices discussed can apply to all retail advisors. With references to “fiduciary duty” and “clients’ best interest” sprinkled liberally throughout this alert, the SEC provides a roadmap for meeting these duties.
- Get Information and Use it to Select the Right Product for Each Client. Advisors should, at a minimum, collect the following information: “retirement goals, current employment status, investment time horizon, stated financial objectives (e.g., capital appreciation), risk tolerances (e.g., conservative or aggressive), amount to invest, age, income, investment income needs, net worth, savings, planned spending from the account, dependents, liabilities, and other investment assets not managed by the advisor.” In addition, advisors should have a written process for selecting an appropriate account type, investment product, and asset allocation.
- Schedule Periodic Reminders to Clients to Discuss Material Changes to Investment Goals and Objectives. Clients have a responsibility to keep advisors informed of changes to their financial situation, retirement goals, and risk tolerances. Advisors should send periodic reminders to clients with their financial advisor’s name, email address, and phone number to ensure this happens. Make the process easy for clients.
- Educate Clients About Fees and Clients About Wrap Fee Programs. The SEC highlighted the importance of discussing with clients the differences between wrap programs and other types of accounts by addressing fees, expenses, and additional costs. The staff also focused on disclosing conflicts related to wrap fees programs, including telling clients when advisors have an incentive not to trade client accounts because they may have to pay ticket charges. Firms should also include in their Form ADV Part 2A disclosure that clients may incur more costs by participating in a wrap fee program than by selecting another type of account. Clients should be encouraged to discuss the differences in types of accounts with their financial advisors.
- Be Frank About Fees. The SEC wants clients to understand all the fees they are paying. Specifically, the staff noted that it is a best practice to include disclosures addressing charges imposed by mutual funds or ETFs, including fees embedded in the price of the fund, transfer fees, and additional charges for types of trades, like options trading. The SEC also highlighted other expenses that advisors should disclose to clients, including “transfer taxes, margin account balances, odd-lot differentials, early settlement fees (i.e., fees that may be charged when clients exit investment positions or withdraw cash), and custodial expenses on certain types of investments and services (e.g., spreads, clearing costs, reporting fees, processing fees, or revenue sharing fees).” Clients who receive a statement with fees and expenses they were not expecting will feel misled by their advisor. Being upfront about the costs of investing can help avoid disappointment and client complaints.
- Testing to Ensure Financial Advisors are Following the Rules. The firm’s compliance program should include a written process for selecting investment products in the client’s best interest, training for investment professionals on the process, and testing to validate the selection. Testing could include periodic review of account documentation by the compliance team to ensure investments are consistent with the information provided by the client. Alternatively, a firm could establish an account review committee to review investment selections initially and annually. Financial advisors should have guidance on how to select appropriate investment products. The process should be reviewed to ensure that it is, or is not, working.
- Best Execution Testing for Wrap Programs. The SEC provided some excellent advice on performing the best execution review for wrap programs. For example, the SEC noted that if underlying wrap program managers are frequently “trading away,” clients may not be getting best execution, so advisors should monitor this activity. Other best practices include monitoring whether wrap accounts are infrequently traded or charged commissions inappropriately.
- Identifying Infrequently Traded Accounts for Review. Firms should have criteria for determining when it’s appropriate to move a client from a wrap program to another type of account. For example, clients in wrap programs with little trading activity may be better off in a different kind of account. Therefore, advisors should consider a periodic review of client accounts defined as “infrequently traded” to evaluate whether the client would be better off in another type of account.
Advisors should read this alert and consider whether they might have similar issues, including whether client accounts are being appropriately monitored, accounts reviews are being documented, disclosures sufficiently describe conflicts, and compliance programs address risks specific to their business.
For Advisors that Offer Automated Digital Advisory Services and Manage Model Portfolios, Review Policies and Procedures to Address Issues Raised in the Risk Alert: Observations from Examinations of Advisors that Provide Electronic Investment Advice.
The SEC’s Division of Examinations issued a Risk Alert focused on advisors that offer automated digital advisory services, also known as “robo-advisors.” Compliance problems identified by SEC staff included firms’ failure to get and retain sufficient information to determine suitability, misleading performance advertising, inadequate disclosures, and failure to comply with the Investment Company Act’s Rule 3a-4 safe harbor provisions (allowing advisors to avoid having to register as an investment company for providing the same or similar investment advice on a discretionary basis to a large number of clients).
Advisors that provide automated digital advisory services should consider adopting the following best practices outlined in the Alert:
- Tailoring their compliance programs to their business model, paying particular attention to the process for determining that the investment advice provided is in the clients’ best interest, documenting periodic best execution reviews, and ensuring that disclosures reflect actual practices.
- Including disclosure in Form ADV Part 2A of “the assumptions and limitations of the algorithm used to manage client accounts (e.g., if the algorithm is based on modern portfolio theory, a description of the assumptions behind and the limitations of that theory)” and “a description of the particular risks inherent in the use of an algorithm to manage client accounts (e.g., that the algorithm might rebalance client accounts without regard to market conditions or on a more frequent basis than the client might expect; that the algorithm may not address prolonged changes in market conditions).”
- Establishing a process for testing software, such as algorithms, to ensure it is working as expected. Best practices include periodic testing that involves software developers and portfolio management, compliance, and IT staff.
- Safeguarding algorithms from unauthorized changes. Like any system containing sensitive information, firms should control access to their software and periodically review access logs.
If relying on the exemption from registration as an investment company under Rule 3a-4 of the Investment Company Act, advisors should ensure they can meet this safe harbor’s conditions. For more details, check out our blogs posts. Traditional RIAs can Learn from Robo-Advisors’ Advertising Mistakes and Risk Alerts: SEC Again Finds Litany of Failure in RIA Fee Calculations, Puts Robo Advisors on Alert to Pay attention to Compliance.
Firms that Engage in Fixed Income Principal and Cross Trades Should Review Risk Alert – Observations Regarding Fixed Income Principal and Cross Trades by Investment Advisors from An Examination Initiative
This is the second risk alert in as many years issued by the SEC’s Division of Examinations on principal and cross trading (the first published in 2019, Investment Adviser Principal and Agency Cross Trading Compliance Issues). The 2021 Risk Alert on Fixed Income Principal and Cross Trades discusses common deficiencies and identifies best practices from several years of examinations. Investment advisors should seriously consider adopting at least some of the key recommendations, including:
- “Adopt and enforce compliance policies and procedures that: (1) incorporate all applicable legal and regulatory requirements; (2) clearly articulate the activities covered by the advisors’ written compliance policies and procedures; (3) set standards that address the firms’ expectations for each of these activities; (4) include supervisory policies and procedures; and (5) establish controls to determine whether policies and procedures are being properly followed and documented in the required manner.”
- Conduct testing for compliance with policies and procedures.
- Place conditions, qualifications, or restrictions on the execution of principal trades, cross trades, or both within clients’ accounts, such as one or more of the following:
- Verify that cross transactions only occur when there is a need by both the buyer and the seller and that securities meet each participating client’s investment objectives.
- Ensure that no ERISA accounts participate in principal or cross trades (unless an ERISA prohibited transaction exemption applies).
- Confirm that the trades receive the best price and best execution (e.g., several required independent prices for the assets obtained from third-party broker-dealers).
- Verify that the advisor, affiliated persons, and supervised persons do not receive commissions or any other compensation for these trades.
- Provide clients with full and fair disclosure of all material facts surrounding principal and cross trades.
For Mutual Fund Managers: Address the Deficiencies in the Risk Alert – Observations from Examinations in the Registered Investment Company Initiatives.
The SEC’s Division of Examinations highlighted key findings identified during recent examinations of more than 200 mutual funds and 100 advisors in this risk alert. At the heart of these exams is a focus on areas impacting retail investors, including: (1) the effectiveness of policies and procedures to address risks, such as disclosures, conflicts of interest, and portfolio compliance; (2) disclosures made by funds in shareholder communications; and (3) fund governance practices, including those used by boards to oversee advisors. In addition, the Alert identifies deficiencies and best practices related to perennial topics such as monitoring investment restrictions, best execution, soft dollars, principal and cross trading, and advertising. It also calls attention to more specific policies and procedures to monitor senior securities, asset segregation, and compliance with Investment Company Rule 35d-1, also known as the “Fund Names Rule.”
Mutual fund advisors should consider whether they have sufficiently developed their policies and procedures to address these areas. Firms should also consider whether they are properly maintaining their liquidity risk management programs and overseeing the use of any liquidity classification vendor. Fund managers should assess policies and procedures that guide fair value determinations. Firms should address potential conflicts of interest (such as when a portfolio manager is permitted to provide input into a valuation determination) and implement procedures to oversee third-party pricing vendors.
For Advisors Offering Digital Assets: Update Your Compliance Programs to Address the Risks Noted by the SEC in Its Risk Alert – Division of Examinations’ Continued Focus on Digital Asset Securities.
Advisors looking to incorporate crypto-currency and other digital assets into their investment line-up should be aware of the SEC’s concerns. The SEC’s Risk Alert on digital assets discusses the compliance challenges raised by investments in digital assets and observations made by the Division’s staff during recent examinations. For investment advisors, the most significant risks include understanding the nature of the digital asset (e.g., whether it is a security or a currency) and its execution and settlement risks. In addition, the Alert warns advisors that deal with digital assets that they should have compliance policies and procedures to deal with the unique risks associated with due diligence, risk assessment, custody, disclosure, and valuation of digital assets.
Advisors That Incorporate Environmental, Social, and Governance Factors Should Address Deficiencies Cited in the Risk Alert: The Division Of Examinations’ Review of ESG Investing
Given the increase in investor demand for ESG-focused financial products, regulators, issuers, financial advisors, investors, and other stakeholders struggle with developing global securities regulations to address these factors. As a result, the SEC published a risk alert sharing weaknesses observed on the topic of ESG investing by investment advisors and registered investment companies. In a nutshell, the Alert reconfirms the ongoing risks and challenges that stem from a lack of standardized ESG terminology and compliance programs that are not keeping pace with their firm’s increased ESG-related activities.
The best practices recommended by the staff include:
- Including Form ADV disclosures about the firm’s approach to ESG that are simple and clear and explain how investments are evaluated using goals established under global ESG frameworks, such as the UN-sponsored Principals for Responsible Investment or Sustainable Development Goals.
- Adopting detailed, comprehensive investment policies and procedures that include contemporaneous documentation of the ESG factors considered in specific investment decisions at all stages in the process (e.g., research, due diligence, selection, and monitoring).
- Integrating compliance personnel into the ESG-related processes so they can provide meaningful reviews of firms’ public disclosures and marketing materials, test the adequacy and specificity of existing ESG-related policies and procedures, evaluate whether firms’ portfolio management processes align with their stated ESG investing approaches, and test the adequacy of documentation of ESG-related investment decisions and adherence to clients’ investment preferences
For Retail Advisors: Review Form CRS
The SEC’s Enforcement Division continued to pursue advisors in 2021 for undisclosed conflicts of interest, inadequate disclosures, and compliance program failures. Form CRS (customer relationship summaries) seemed to provide the lowest hanging fruit, and the Division brought 21 cases in 2021 (and more this year) against investment advisors for failure to timely file and deliver Form CRS. The SEC’s Standards of Conduct Implementation Committee provided a guidance statement on how to improve Form CRS.
For All Advisors: Prepare to Update Cybersecurity Policies and Procedures
In 2021, the SEC made good on its goal of targeting cybersecurity breaches with three actions against investment advisors (IA Release 5839, IA Release 5834, and IA Release 5840) for violations of Regulation S-P (Rule 30(a), or the “Safeguards Rule.”) In each, an unauthorized third party hacked into the advisors’ cloud-based email systems and gained access to clients’ personally identifiable information (“PII”). After discovering the initial hack, the advisors notified the affected clients of the breach, offered them identity theft protection services, and recommended that employees and independent contractors use multi-factor authentication (“MFA”) to access email accounts. With the benefit of 20/20 hindsight, the SEC found that the firms failed to act quickly enough to implement MFA across their entire organizations. These actions, along with the SEC’s recent rule proposal requiring advisors to adopt and implement written cybersecurity policy and procedures, make it clear that the Commission expects firms to have a plan in place and respond quickly when client data is at risk.
Firms can help guard against cyber-attacks by requiring the use of cybersecurity tools, such as MFA, for all customer and client accounts. Other steps firms should consider:
- Fixing weaknesses identified in your cybersecurity program.
- Training personnel on how to deal with cybersecurity issues.
- Adopting cybersecurity monitoring tools to detect unauthorized activity.
- Performing due diligence on third-party vendors to understand how they safeguard sensitive data.
- Implementing security technology, such as email encryption, secure file sharing, and VPNs for remote access.
- Testing your security protocols through a tabletop or simulation exercise to run through specific scenarios to determine how well your firm responds, escalates, and communicates the cyber-breach.
Good luck with your compliance efforts in 2022!
 The [Derivatives R]ule will apply to a “fund,” defined as a registered open-end or closed-end company or a BDC, including any separate series thereof. The rule will therefore apply to mutual funds, ETFs, registered closed-end funds, and BDCs. The rule’s definition of a “fund” excludes money market funds regulated under rule 2a-7 under the Investment Company Act (“money market funds”), as proposed. Adopting Release, page 34.