Official Newsletter of Gordian Compliance Solutions, LLC.

SEC REGULATORY UPDATES

Department of Labor Issues
Temporary Enforcement Relief

 

On March 10, 2017, the Department of Labor (“DOL” or “Department”) issued a temporary enforcement policy surrounding the implementation of its forthcoming DOL Fiduciary Rule.[1] The temporary policy offers enforcement relief in light of the Fiduciary Rule’s 60-day implementation delay.[2] The DOL’s temporary enforcement policy is reproduced as follows:[3]
 

  1. In the event the Department issues a final rule after April 10 implementing a delay in the applicability date of the fiduciary duty rule and related PTEs [“prohibited transaction exemptions”], the Department will not initiate an enforcement action because an adviser or financial institution did not satisfy conditions of the rule or the PTEs during the “gap” period in which the rule becomes applicable before a delay is implemented, including a failure to provide retirement investors with disclosures or other documents intended to comply with provisions of the rule or the related PTEs.
 
  1. In the event the Department decides not to issue a delay in the fiduciary duty rule and related PTEs, the Department will not initiate an enforcement action because an adviser or financial institution, as of the April 10 applicability date of the rule, failed to satisfy conditions of the rule or the PTEs provided that the adviser or financial institution satisfies the applicable conditions of the rule or PTEs, including sending out required disclosures or other documents to retirement investors, within a reasonable period after the publication of a decision not to delay the April 10 applicability date. The Department will also treat the 30-day cure period under Section IX(d)(2)(vi) of the BIC Exemption and Section VII(d)(2)(v) of the Principal Transactions Exemption as available to financial institutions that, as of the April 10 applicability date, did not provide to retirement investors the disclosures or other documents described in Section IX(d)(2)(vi) of the BIC Exemption and Section VII(d)(2)(v) of the Principal Transactions Exemption.
 
As of April 4, 2017, the DOL has confirmed a 60-day delay will go into action, moving the April 10 compliance date to June 9, 2017.[4]   The 60-delay will be published in the Federal Register on April 7, 2017.

 
[1]Field Assistance Bulletin No. 2017-01, Department of Labor (March 10, 2017)
[2]29 CFR Part 2510, Department of Labor (April 4, 2017)
[3]Field Assistance Bulletin No. 2017-01, Department of Labor (March 10, 2017)
[4]29 CFR Part 2510, Department of Labor (April 4, 2017)

Regulatory Risk Alert Details Five
Most Frequent Compliance
Violations by Advisers

 

On February 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) issued a risk alert covering the five most common compliance violations resulting in formal deficiency letters.[1]
 
The OCIE’s list is as follows:

  1. Compliance Rule Violations
    Rule 206(4)-7 under the Investment Advisers Act of 1940 (“Advisers Act”) requires that a registered investment adviser create policies and procedures reasonably designed to prevent violations of the Adviser’s Act, conduct an annual review of those procedures, and task a Chief Compliance Officer (“CCO”) with administering the compliance program.[2] The OCIE noted violations in each aspect of this rule, including a failure to document and conduct the annual review, maintaining stale compliance manuals (with outdated staff or processes), and instances where the compliance program was not followed or reasonably tailored to the advisor’s business model.[3]

     
  2. Regulatory Filings (Errors & Inaccuracies)
    The OCIE’s risk alert highlighted that examiners found a large number of reporting errors and inaccuracies contained in adviser Form ADVs, Form PFs, and Form Ds.[4] The risk alert highlights insufficient disclosures and untimely filings creating the most reporting deficiencies.[5]

     
  3. Custody Rule Violations
    Unsurprisingly, OCIE’s risk alert noted that confusion surrounding the SEC’s custody rule as another source of compliance deficiencies.[6] First, many advisers failed to recognize their custody obligations by virtue of the online access they maintained for client accounts (i.e. having access to client usernames and passwords).[7] Second, improperly conducted “surprise” audits also contributed to a high number of deficiencies and a violations of the custody rule.[8] Finally, the OCIE noted that confusion surrounding the level of authority advisers possessed over client accounts resulted in formal custody deficiencies as well.[9] Custody continues to be a hot-button issue.

     
  4. Code of Ethics Rule Violations
    Much like the Compliance Rule above, Rule 204A-1 requires investment advisers to establish a code of ethics that covers, among other things, “standard (or standards) of business conduct that you require of your supervised persons, which standard must reflect your fiduciary obligations and those of your supervised persons.”[10] Rule 204A-1 also contains provisions that require the code of ethics to identify firm access persons, establish procedures for review of personal securities transactions, and create a firm reporting mechanism for code of ethics violations.[11] OCIE noted, among other things, that many advisers maintained deficient codes of ethics that lacked mandatory procedures under the rule, untimely reporting of personal securities transactions, and failed to identify firm access persons.[12]

     
  5. Books & Records Rule Violations
    Deficiencies noted by the OCIE fell into three major categories when it came to Adviser’s Act Rule 204-2 [13] (Books & Records Rule) violations: 1) failure to maintain all required records 2) inaccurate record keeping with respect to omissions or 3) contradictory or inconsistent recordkeeping across firm documentation.[14]
 
After examining the OCIE’s risk alert, it’s clear that an organized annual review process (coupled with sufficient CCO oversight) would allow CCOs uncover and correct these deficiencies prior to a regulatory exam. The compliance annual review is an essential tool (and requirement) for CCOs and compliance professionals to test their compliance program.
 
For questions regarding your annual review process and the state of your compliance program, please contact your Gordian consultant.

 
[1]The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers, Office of Compliance Inspections and Examinations (February 7, 2017)
[3]The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers, Office of Compliance Inspections and Examinations (February 7, 2017)
[4]Id.
[5]Id.
[6]Id.
[7]The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers, Office of Compliance Inspections and Examinations (February 7, 2017)
[8]Id.
[9]Id.
[11]Id.
[12]The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers, Office of Compliance Inspections and Examinations (February 7, 2017)
[14]The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers, Office of Compliance Inspections and Examinations (February 7, 2017)

Ninth Circuit Affirms Whistleblower Protections Under Dodd-Frank
 

On March 8, 2017, the Ninth Circuit Court of Appeals held that a company’s retaliation against a whistleblower would be actionable under Dodd-Frank if the whistleblower only reported internally to company management.[1]
 
Digital Realty Trust Inc. (“Digital Realty”) terminated Paul Somers shortly after he reported possible violations of securities laws internally to management.[2] Somers filed suit for the alleged federal and state securities violations, as well as for violation of Dodd-Frank’s whistleblower anti-retaliation provisions based on the timing of termination.[3] Digital Realty moved to dismiss the case citing that Dodd-Frank’s whistleblower protections do not apply to Somers since he never reported externally to the United States Securities & Exchange Commission (“SEC”),[4] and therefore, could not be considered a whistleblower under the statute.[5]
 
The Ninth Circuit’s 2-1 decision held that Dodd-Frank’s anti-retaliation provisions would apply to Somers and to similar individuals who internally report violations as whistleblowers. The Court highlighted that reading the whistleblower protections to only cover external reporting to the SEC “would make little practical sense and undercut congressional intent,”[6] as evidenced by similarly situated internal whistleblower protections afforded by the Sarbanes-Oxley Act of 2002 and the Securities Exchange Act of 1934.[7] The Ninth Circuit noted that Digital Realty’s narrow reading “would do nothing to protect these employees from immediate retaliation in response to their initial internal report.”[8]
 
Expansion of Dodd-Frank whistleblower protections should come as no surprise. Over the past year we’ve seen the SEC and other courts strongly uphold the whistleblower protections under Dodd-Frank and it’s expected that this trend will continue for the foreseeable future. Chief Compliance Officers should ensure their firm’s practices allow for unencumbered employee reporting of potential violations of securities laws, while avoiding inadvertent or purposeful retaliation against potential whistleblowers that come forward.

 

[2]Somers v. Digital Realty Trust Inc., No. 15-17352 (9th Cir. 2017) at 5
[3]Id.
[4]Id.
[5]Id.
[6]Somers v. Digital Realty Trust Inc., No. 15-17352 (9th Cir. 2017) at 10
[7]Id.
[8]Id.

Cybersecurity Watch:
EDGAR Phishing Scam

 

Hackers always look for new ways to obtain personal information and their latest deception finds them posing as the SEC to take advantage of financial firms.[1] On March 7, 2017, cybersecurity company FireEye uncovered a detailed scam where public filers were emailed from the SEC’s online filer system, EDGAR, regarding “Important changes on Form 10-K and Instructions.”[2] The email contained this single line of text, a Word document attachment, and was sent from an filings@sec.gov account.[3] FireEye’s assessment concluded that the EDGAR scam was perpetrated by F1N7, a financially motivated threat group that typically employs point-of-sale malware in their phishing schemes.[4]
 
FireEye’s observations provide a reminder for registered investment advisers regarding the evolving nature of cyber threats. Chief Compliance Officers should work to stay informed of any new cyber threats or phishing scams and incorporate these case studies as part of their compliance training. At a higher level, Chief Compliance Officers also should work with their IT vendors to ensure that firm systems are resilient against existing cyber threats, while assessing the effectiveness of current firm systems as part of the required annual review under Rule 206(4)-7.[5]

 

[3]Id.
[4]Id.
[5]17 CFR 275.206(6)-7(b): “Review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation”
Facebook
Facebook
Twitter
Twitter
Website
Website
LinkedIn
LinkedIn
Copyright ©2016 Gordian Compliance Solutions, LLC., All rights reserved.

“You are receiving this email as you are a valued client to our mailing list. Please forward this Newsletter to anyone you think might benefit from this information.”

Our mailing address is:
235 Montgomery Street, Suite 1120 San Francisco, Ca 94104

unsubscribe from this list    update subscription preferences