Email Us - BUSDEV@FORESIDE.COM 1-866-251-6920

OCIE and FINRA Set Exam Priorities, FINRA Issues Cybersecurity Tips, and SEC Finds More Undisclosed Conflicts: Regulatory Update for February 2019

For Investment Advisers: SEC Actions

OCIE Announces 2019 Examination Priorities: The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) released its 2019 exam priorities on December 20, 2018.  OCIE’s priorities haven’t changed much from 2018, and include topics addressed in the 2018 Risk Alerts and the feedback received from OCIE’s outreach program.  OCIE’s six “themes” for 2019 are:

  1. Protection of retail investors, including seniors and those saving for retirement;
  2. Compliance and risk management for firms responsible for critical market infrastructure, such as clearing firms, securities exchanges, transfer agents, and compliance with Regulation SCI which requires written policies and procedures surrounding technology and systems infrastructure;
  3. Oversight of FINRA & MSRB and their operations, regulatory programs and examination quality;
  4. Scrutiny of broker-dealers, investment advisers, and trading platforms dealing with digital assets, including cryptocurrencies, coins, and tokens;
  5. Cybersecurity issues, focusing on advisory firms with multiple branch offices and firms that have merged with other RIAs.  OCIE continues to stress the importance of risk assessments, access rights, vendor management, training, and data loss prevention.
  6. Anti-Money Laundering Programs in broker-dealers, focusing on whether broker-dealers are filing Suspicious Activity Reports (SARs), independently testing their AML program and identifying suspicious and illegal activities.

As discussed in 2018 Risk Alerts, OCIE will continue to focus on disclosure of fees and expenses and conflicts of interest.  Unsurprisingly, the receipt of 12b-1 fees and mutual fund share class selection continue to be hot topics, along with arrangements with affiliated service providers.  A newer area of concern is securities-backed non-purpose loans and lines of credit.  OCIE will be reviewing the incentives received by advisers and broker-dealers for recommending these loans.  Financial exploitation of seniors is another area of concern, so firms should address this issue in their compliance programs.  Contributed by Heather Augustine, Senior Compliance Consultant

 Regulatory Review 2018: HCC put together a list of the top regulatory hot buttons from 2018 to help you focus your compliance efforts in 2019.

11 Key Takeaways for Updating your Compliance Program in 2019: HCC put together a review of the regulatory landscape in 2018, with a list of 11 recommendations for updating your compliance program.

Investment Advisers Compliance to Do List for 2019: For investment advisers, private and hedge fund managers:  a handy list of regulatory deadlines for 2019 for updating your compliance calendar.

Form ADV Update deadline: Procrastinators beware!  Investment advisers with a fiscal year end of December 31 have until Sunday, March 31, 2019, to file the Form ADV update.  IARD will be open on March 31, from 10am-6pm Eastern Time.  Consequently, the deadline for filing an annual updating amendment will NOT be extended to Monday, April 1, 2019.

For Broker-Dealers:  FINRA Actions 

FINRA Provides Additional Guidance to Enhance your Cybersecurity Program:  FINRA’s Report on Selected Cybersecurity Practices – 2018 is a follow-up to its initial Report on Cybersecurity Practices, published in 2015.  FINRA’s 2018 report highlights effective practices used by member firms to address emerging cybersecurity threats.  It focuses on member firms’ primary challenges and the most frequent examination findings.  These topics include branch office controls, social engineering by hackers, identification and mitigation of internal threats, penetration testing and managing mobile devices.  The Report’s Appendix is a great resource that provides a list of core cybersecurity controls for small firms.  As you review your cybersecurity program in 2019, consult FINRA’s Cybersecurity page for additional resources that will help you strengthen your program.  Contributed by Rochelle Truzzi, Senior Compliance Consultant

Broker-Dealer Compliance to Do List for 2019: For broker-dealers, a list of regulatory deadlines for 2018.

Broker-Dealer 2018 Regulatory Year in Review: A summary of 2018 rule changes, enforcement actions and regulatory developments for broker-dealers for 2018.

Broker-Dealers! Be Sure to Whitelist  FINRA announced, though Firm Gateway, that it will begin sending Information Request email notifications to firms using Amazon Simple Email Service (SES).  To ensure you continue to receive FINRA’s notices regarding Information Requests, FINRA suggests that you work with your IT department/provider to whitelist the email address, noreply@finra.orgContributed by Rochelle Truzzi, Senior Compliance Consultant

2019 Annual Entitlement User Accounts Certification Process:  This year, the certification window will open on April 22nd and end on June 21st.  FINRA will send a notification to the firm’s Super Account Administrator (SAA) to complete the certification through WebCRD/IARD.  Contributed by Rochelle Truzzi, Senior Compliance Consultant

FINRA 2019 Annual Risk Monitoring and Examination Priorities Letter FINRA:  On January 22, 2019, FINRA published its annual Examination Priorities Letter.  This year FINRA broadened the scope of its priorities letter to include specific areas of focus on risk monitoring.  As in prior years, the letter addresses specific examination topics but does not include many of the mainstay topics that have been repeatedly covered.  Stay tuned for our blog post on these priorities!  Contributed by Doug MacKinnon, Senior Compliance Consultant

For Hedge Fund Managers – NFA Member Firms  

NFA Members Need to Update Cybersecurity Programs: On January 7, 2019, the National Futures Association (“NFA”) amended its interpretative Notice 9070 on Information Systems Security Programs, (the “Cybersecurity Notice”).  The amendment states that NFA members are required to train their employees upon hiring and at least annually and identify the topics covered by the training program.   Members are also required to notify the NFA of cybersecurity incidents (1) resulting in a loss of capital, or a loss of customer or counterparty funds, and (2) if the NFA member is required to notify customers or counterparties under state or federal law.  The amendment also changed the approval requirements for a member’s Information System Security Program (ISSP).  The Cybersecurity Notice is effective on April 1, 2019. Contributed by Jaqueline Hummel, Partner and Managing Director

CPOs required to Implement Internal Controls:  The NFA issued Interpretive Notice “NFA Compliance Rule 2-9: CPO Internal Controls System” (the “Internal Controls Notice”) that requires Commodity Pool Operators (CPOs) to establish a system of internal controls designed to deter fraud, safeguard customer funds, and ensure the accuracy of financial reports.  The control system should also assure that the CPO complies with its regulatory requirements.  The Internal Controls Notice will be effective on April 1, 2019.  Contributed by Jaqueline Hummel, Partner and Managing Director

Lessons Learned from Recent SEC and FINRA Cases

SEC Cries Foul for Failure to Disclose Private Equity Fund Expense Allocation Practices:  The SEC fined private fund manager, Lightyear Capital, $400,000 for making its private funds pay costs and expenses without making its employee funds and co-investors bear their fair share.  Lightyear managed four private equity funds, its “Flagship Funds,” and three “Employee Funds” that allowed its employees to invest alongside the Flagship Funds.  Lightyear also allowed co-investors to participate in the acquisition of some portfolio companies purchased by the Flagship Funds.

The Flagship Funds’ organization documents disclosed that certain expenses, such as legal, consulting, insurance and broken deal expenses, would be paid with fund assets.  What annoyed the SEC was that Lightyear did not disclose that the Employee Funds did not pay their share of these fees despite receiving the benefits of these services and investing alongside Flagship Funds.  Similarly, co-investors invested alongside the Flagship Funds and did not pay a proportional share of post-closing expenses.  Again, the SEC slammed Lightyear for not disclosing this practice to the Flagship Fund investors.  Lightyear also received fees from portfolio companies in the Flagship Funds, which were used to offset the management fees paid by the funds.  Lightyear had agreements to share some of these fees with some of its co-investors.  Again, this practice was not disclosed to Flagship Fund investors, who did not receive the benefit of a greater offset to the fund management fees as a result of this fee-sharing arrangement.

This case is just another in a long line of enforcement actions against private equity managers for failures to disclose conflicts of interest.  The lesson learned is that although the disclosure in your offering documents may be accurate, it might not be complete.  Side-by-side management and fee sharing arrangements are traditional areas of conflicts and should be scrutinized for potential negative effects on clients and investors.  Contributed by Jaqueline Hummel, Partner and Managing Director

Plus Ça Change, Plus C’est La Même Chose: Robo-Advisers and Advertising Issues:  Hedgeable, Inc. (“Hedgeable”) and Wealthfront Advisers LLC (“Wealthfront”) ran afoul of the anti-fraud provisions and advertising rules under the Advisers Act.  The SEC found that both firms engaged in misleading advertising practices and making false statements.  Hedgeable presented better-than-average composite returns as compared to a custom index of two competitor firms.  However, the SEC found that the composite reflected less than 4% of Hedgeable’s client accounts, and the custom index returns were based on approximations rather than actual returns of trading activity by the competitors.  The SEC also found errors in the adviser’s return calculations, insufficient oversight, and a lack of supporting documentation.  Wealthfront published a white paper to its website describing its tax loss harvesting program, including a proprietary process to monitor taxable accounts to avoid wash sales.  In fact, the SEC found that Wealthfront did not monitor program accounts for wash sales for the three years the white paper was available, and as a result, more than 30% of program clients experienced wash sales.  Wealthfront also retweeted comments made by clients which constituted prohibited testimonials and compensated referral sources without sufficient disclosures and documentation as required by the cash solicitation rule.  Both firms agreed to censure and Hedgeable’s and Wealthfront’s penalties were $80,000 and $250,000, respectively.

Although it’s noteworthy that these enforcement actions mark the first against robo-advisers, the compliance issues raised are broadly applicable.  All advisors benefit from well-developed policies and procedures for calculating and reporting performance that include proper documentation and supervisory reviews and approvals.  Similarly, advisers should evaluate their process for preparing white papers, RFPs, and due diligence questionnaires with the goal being a final product that is accurate and does not contain misleading information, including descriptions of sometimes technical and nuanced services or functionality.  Contributed by Cari Hopfensperger, Senior Compliance Consultant

12b-1 Enforcement Continues:  In an all-too-familiar story, investment adviser representatives (IARs) for American Portfolios Advisors Inc. (“Advisory Portfolios”) and PPS Advisors Inc. (“PPS”) received 12b-1 fees from mutual fund investments in certain share classes (primarily class A shares) when lower cost share classes (primarily class I shares) of the same funds were available to their clients through wrap programs sponsored by the firms.  The SEC found that both firms failed to disclose related conflicts of interest, violated their best execution responsibilities, and lacked sufficient policies and procedures for share class selection.  According to the SEC’s findings, both firms’ disclosures directly contradicted actual practices employed by IARs, rather than suffering from an inappropriate use of the word “may,” as has been the SEC’s findings in similar enforcement actions.  The Form ADV Part 2B for the IARs also lacked disclosure related to the 12b-1 compensation they received.  PPS lacked written policies and procedures while American Portfolios had, but did not implement them.  Together, penalties for both firms (including a separate action against PPS’ CEO/CIO) totaled over $1.8 million.  The SEC noted that both firms had been contacted by the SEC about these violations before the launch of last summer’s SCSD Initiative, so they were ineligible to participate.

The SEC order stated that American Portfolios had $6.2 billion in assets under management and 200+ IARs, while PPS had just over $350 million, approximately 10 IARs, and it ceased advising clients, withdrawing its SEC registration in March 2018.  According to American Portfolios’ most recent Form ADV, it appointed a new CCO in January 2018.  Large or small, the monetary and reputational impacts of these enforcement cases on advisers are significant, especially in this high-profile initiative.  Advisers facing this conflict must take great care when crafting related disclosures and implement robust share class section policies and procedures in line with those disclosures.  Firms should conduct initial and periodic training, so employees understand these procedures.  Compliance officers should also follow up with testing to determine whether there is a disconnect between practices and disclosures over time.  Contributed by Contributed by Cari Hopfensperger, Senior Compliance Consultant

Worth Reading  

For 2019: 10 Takeaways from the Country’s Seniors Laws:  Bressler Amery Ross provides some important stats for RIAs and BDs.

The SEC on Rollovers – The Agency says RIAs are Fiduciaries:  Fred Reish and Joan Neri talk about SEC expectations when it comes to IRA rollovers.

Private Funds Regulatory Compliance Calendar 2019: Awesome planning tool for private funds and advisers by Paul|Weiss.

Guardians of the (Compliance) Galaxy: Lessons from SEC and FINRA Enforcement Actions Against Compliance Officers (December 2017 to September 2018): I need a hero![1]  Eversheds Sutherland published this super-hero spin on enforcement lessons for brokers and advisers.

What’s Good for the Goose: Protecting against Vendor Cybersecurity Risk: Peri N. Mahaley of the Pillsbury Policyholder Pulse Blog provides practical considerations to help firms evaluate the cybersecurity risk associated with vendor relationships.

2019 Ethics and Compliance Predictions: Michael Volkov outlines key compliance topics for 2019.  First up for Mr. Volkov – an ethical culture: “As a pure economic matter, an ethical culture is the most cost-effective control that a company can implement.”

Remedies and Relief in SEC Enforcement Actions: A glimpse behind the curtain of SEC Enforcement as presented in Oct. 2018 in a speech by Steven Peikin, Co-Director, Division of Enforcement.

2018 Review: SEC Continues Active Oversight of Registered Private Fund Managers: Kirkland & Ellis shares their retrospective on 2018 with an eye to the future.

Filing Deadlines and To Do List for February 2019


  • Form 13F: Form 13F (institutional manager) quarterly filing for Q4 2018 is due within 45 days after the end of the calendar quarter, on February 14, 2019.
  • Form 13H: Form 13H (large trader) annual filing is due for advisers that already have a Form 13H filing obligation by February 14, 2019 (Not required if the quarterly amendment was filed for the fourth quarter.)
  • Form 13D & 13G: Annual amendments are due for advisers that have changes to disclosure information on previously filed 13D or 13G forms on February 14, 2019.


  • Form PF for Large Hedge Fund Advisers must be filed within 60 days of each quarter end on the IARD system. Due March 1, 2019.
  • Initial Form PF for Hedge Fund Advisers that have reached $1.5 billion regulatory assets under management (“RAUM”) attributable to hedge funds as of December 31, 2018 must make initial filing (the initial quarterly Form PF filing within 60 days of quarter end if an adviser’s hedge fund RAUM exceeds $1.5 billion as of the previous quarter end).  Due March 1, 2019.


  • Form PR should be filed with National Futures Association (“NFA”) by registered Commodity Trading Advisors for the year ended December 31, 2018, by February 14, 2019.  This filing satisfies the CFTC annual and NFA 4th quarter filing requirements for Form PR.
  • Reaffirm YOUR CPO and CTA Exemptions: Firms that claim exemptions from Commodity Pool Operator (“CPO”) registration under CFTC Rule 4.5 or CTFC Regulation 13(a)(3) (the “de minimis exemption”), or Rules 4.13(a)(1), 4.13(a)(2), 4.13(a)(5), and firms that claimed an exemption from Commodity Trading Adviser (“CTA”) registration pursuant to CFTC Rule 4.14(a)(8) must re-affirm those exemptions annually within 60 days of the calendar year end – by March 1, 2019. As noted by the NFA in New & Notes 1-17-24, “[f]ailure to affirm an active exemption from CPO or CTA registration will result in the exemption being withdrawn on March 4, 2019. NFA Notice I-18-25 contains guidance FAQs and Notice I-19-02 related to this annual affirmation process.
  • CFTC CPO-PQR Form (All Schedules): Large Commodity Pool Operators are required to file Form CPO-PQR annually with the NFA by March 1, 2019.


  • Form OBS: For the Quarter ending December 31, 2018.  Unless subject to the de minimis exception, all clearing, self-clearing, and carrying firms and those firms that have a minimum dollar net capital requirement equal to or greater than $100,000 and at least $10 million in reportable derivatives and other off-balance sheet items must submit Form OBS as of the last day of a reporting period within 22 business days of the end of each calendar quarter via eFOCUS.  Firms that claim the de minimis exemption must affirmatively indicate through the eFOCUS system that no filing is required for the reporting period.  Due February 1, 2019.
  • Rule 17a-5 Monthly and Fifth FOCUS Part II/IIA Filings:  For the period ending January 31, 2019. For firms required to submit monthly FOCUS filings and those firms whose fiscal year-end is a date other than a calendar quarter.  Due date February 26, 2019.
  • Annual Audit Reports for the Fiscal Year-End December 31, 2018:  FINRA requires that member firms submit their annual audit reports in electronic form.  Firms must also file the report at the regional office of the SEC in which the firm has its principal place of business and the SEC’s principal office in Washington, DC. Firms registered in Arizona, Hawaii, Louisiana, or New Hampshire may have additional filing requirements.  Due March 1, 2019.
  • Supplemental Inventory Schedule (“SIS”): For the month ending January 31, 2019. The SIS must be filed by a firm that is required to file FOCUS Report Part II, FOCUS Report Part IIA or FOGS Report Part I, with inventory positions as of the end of the FOCUS or FOGS reporting period, unless the firm has (1) a minimum dollar net capital or liquid capital requirement of less than $100,000; or (2) inventory positions consisting only of money market mutual funds.  A firm with inventory positions consisting only of money market mutual funds must affirmatively indicate through the eFOCUS system that no SIS filing is required for the reporting period.  Due March 1, 2019.
  • SIPC-7 Assessment: For firms with a Fiscal Year-End of December 31, 2018.  SIPC members are required to file the SIPC-7 General Assessment Reconciliation Form together with the assessment owed (less any assessment paid with the SIPC-6) within 60 days after the Fiscal Year-End. Due March 1, 2019.
  • SIPC-6 Assessment: For firms with a Fiscal Year-End of July 31, 2018.  SIPC members are required to file for the first half of the fiscal year a SIPC-6 General Assessment Payment Form together with the assessment owed within 30 days after the period covered.  Due March 2, 2019.
  • SIPC-3 Certification: of Exclusion from Membership: For firms with a Fiscal Year-End of January 31, 2019, AND claiming an exclusion from SIPC Membership under Section 78ccc(a)(2)(A) of the Securities Investor Protection Act of 1970.  This annual filing is due within 30 days of the beginning of each fiscal year.  Due March 2, 2019.


Partner with Hardin Compliance

Need help with filing your Form ADV update or want an independent review of your compliance program?  Hardin Compliance can help!  Call us today at 1.724.935.6770, or visit our website at for more information.


Hardin Compliance Consulting provides links to other publicly-available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance.  The information in this e-newsletter is for general guidance only.  It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind.

 Photo by Albert Dehon on Unsplash

[1] Copyright credit: Bonnie Tyler