SEC Urges Advisers to Broaden Focus Ahead of Examinations
In recent remarks, Igor Rozenblit, the head of the Private Funds Unit at the U.S. Securities and Exchange Commission (the “SEC”) urged advisers preparing for examinations not to be overly focused on the major recurring topics addressed in recent SEC speeches, including marketing, portfolio management (including fees), conflicts of interest, safety of client assets, and valuation methods, at the risk of ignoring other compliance issues that may be present within the firm. Mr. Rozenblit noted that due to the diversity and breadth of private funds, SEC speeches generally cover those key issues that are repeatedly found within the private equity industry, and he cautioned that solely focusing on these issues will leave firms vulnerable and unprepared to address other deficiencies that may be present.
Mr. Rozenblit further highlighted that most problems arise when a firm’s practice deviates from the industry standard and suggested that advisers reflect on where their firm may differ from market practice. SEC examiners are broadening their knowledge of the private equity industry and have increasing familiarity with fund documents, which helps them detect abnormal provisions in the documents. However, Mr. Rozenblit did make it explicitly clear that abnormal conduct doesn’t necessarily mean “improper” conduct.
New BEA Reporting Requirements for Financial Services Transactions with Foreign Persons
In May, the U.S. Department of Commerce’s Bureau of Economic Analysis (the “BEA”) issued a final rule (the “Final Rule”), amending the regulations with respect to persons required to file the BE-180 Benchmark Survey of Financial Services Transactions Between U.S. Financial Services Providers and Foreign Persons for the 2014 fiscal year (the “BE-180”).1 Prior to the issuance of the Final Rule, only those persons contacted by the BEA were required to make a filing. However, the Final Rule now requires filing by each U.S. person (including individuals, corporations, partnerships, and other entities) that is a financial services provider that had transactions (either in sales or purchases) directly with foreign persons in all financial services combined in excess of $3 million during its 2014 fiscal year, regardless of whether such U.S. person is contacted by the BEA. The BE-180 must be filed by October 1, 2015.2
Under the Final Rule, a “financial services provider” includes entities engaged in financial advisory activities, including portfolio management, investment advice and “all other financial investment activities.” Further, the scope of reportable financial services is very broad and includes, among other things, financial management services (including fees received from non-U.S. private equity funds, mutual funds, hedge funds, ETFs, trusts and mutual funds), financial advisory and custody services, brokerage services, underwriting and private placement services, credit-related services, securities lending services, electronic funds transfer services, and other similar financial services. The definition is purposefully broad to capture any “U.S. person” providing any type of financial service to a “non-U.S. person” and is specifically contemplated to include private fund advisers.3 Reporters will be required to provide data on total sales and/or purchases of each of the covered types of financial services transactions and must disaggregate the totals by country and by relationship to the foreign person.
The $3 million threshold applies on a consolidated basis; therefore, in determining whether or not a financial services provider meets the requirements for reporting, it must add up the value of all financial service transactions to foreign persons in which it and each of its subsidiaries engaged in its 2014 fiscal year. Entities with less than $3 million in transactions to report must file an exemption claim only if they are notified by the BEA of an obligation to file.4
The new BE-180 form for this 2014 benchmark survey is not yet available. In addition, the BEA has noted that it will consider releasing additional guidance with respect to BE-180, particularly to investment advisers, possibly in the form of expanded instructions and “Frequently Asked Questions” prior to the deadline. We will continue to update our clients with respect to any new developments or guidance released by the BEA.
Failure to report can lead to civil and criminal penalties. The Final Rule is available here.
OCIE Publishes 2015 Examination Priorities
The National Examination Program, which is administered by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”), recently published its Examination Priorities for 2015 (“2015 Exam Priorities”). At five pages, the 2015 Exam Priorities is less than half the length of the 2013 and 2014 examination priorities.
In the 2015 Exam Priorities, OCIE listed the following priorities that are of particular interest to private equity clients:
- Fees and Expenses in Private Equity. OCIE has observed a high rate of deficiencies among advisers to private equity funds in connection with fees and expenses and will continue to conduct focused examinations in this area.
- “Alternative” Funds. OCIE will continue to assess funds investing in alternative assets, offering returns uncorrelated with the stock market, and using alternative investment strategies, with a particular focus on (i) leverage, liquidity, and valuation, (ii) the adequacy of the funds’ internal controls, and (iii) the manner in which the funds are marketed to investors.
- Cybersecurity. OCIE will continue to examine broker-dealers’ and investment advisers’ compliance efforts and controls in connection with cybersecurity-related risks.
While OCIE expects to allocate significant resources to the examination issues above and described in the 2015 Exam Priorities, its staff will also continue to conduct examinations focused on risks, issues, and policy matters arising from market developments and new information learned from examinations or other sources. The 2015 Exam Priorities is available here.
SEC Increasing its Focus of FCPA
At a conference on March 12, 2015, SEC Enforcement Director Andrew Ceresney said that the agency will pursue more claims this year for bribery violations under the Foreign Corrupt Practices Act (the “FCPA”). Mr. Ceresney stated that the SEC has already pursued more FCPA cases in the first five months of fiscal year 2015 than it did in all of fiscal year 2014. He also stated that the SEC is very focused in particular on internal controls. Part of the increase in claims is the result of the development of the SEC’s own in-house analytics, which has allowed the SEC to develop cases on its own for the first time.
SEC Provides Guidance on Use of “Bad Actor” Waivers
The SEC’s Division of Corporate Finance recently issued long-awaited guidance to clarify how it processes “Bad Actor” waiver requests, detailing four broad factors it considers when deciding whether or not to grant a request for waiver from automatic disqualification under Rule 506 of Regulation D. The four factors considered include:
- Who was responsible for the misconduct? The SEC heavily considers the role of the bad actor with respect to the party seeking the waiver. For example, the SEC takes a more negative view if the party seeking the waiver was the one responsible for the misconduct or if an individual (such as an executive officer, director or other control person) committed the misconduct and such individual continues to exert influence on the operations of the entity seeking the waiver. Conversely, if the misconduct was committed by one or more individuals and the entity seeking the waiver subsequently removed or terminated its associate with such individuals, the SEC would generally view such actions favorably in light of the request.
- What was the duration of the misconduct? Isolated incidents will be viewed more favorably than misconduct that occurred repeatedly over an extended period of time.
- What remedial steps have been taken? The SEC’s analysis of remedial steps taken focuses primarily on what the requesting entity has done to prevent similar misconduct from happening in the future and mitigate the possibility of future violations. Specifically, the SEC would look to any changes or improvements made to the requesting entity’s policies, procedures and practices.
- The potential impact if a waiver is denied. The SEC contemplates the impact that denying the waiver would have on the requestor and third parties such as investors, clients, and customers and whether a disqualification would be a disproportionate hardship in light of the parties involved in, and the nature of, the misconduct.
In addition, the guidance advised that no single factor is dispositive, and the burden is on the applicant to show good cause under the circumstances for why the waiver should not be denied. The guidance is available here.
SEC’s Office of Compliance Inspections and Examinations Provides Summary of Cybersecurity Examination Sweep
OCIE’s National Examination Program recently examined a cross-section of the financial services industry, including 57 registered broker-dealers and 49 registered investment advisers, to better understand how cybersecurity legal and compliance issues are being addressed, and to assess various firms’ vulnerability to cyber-attacks. The examiners analyzed firms’ policies and practice information in five major categories: 1) identification of cybersecurity risks; 2) establishment of cybersecurity governance; 3) identification of risks associated with remote access to client information; 4) identification of third party and vendor risk; and 5) detection of unauthorized activity. In addition to the review of documents, examiners also held interviews with key personnel and discussed cybersecurity and preparedness for cyber-attacks.
OCIE noted that it will continue to focus on cybersecurity using risk-based examinations. In the summary of observations, the following are of particular interest to private equity clients:
- Written Information Security Policies. The vast majority of examined broker-dealers (93%) and advisers (83%) have adopted written information security policies. Most of the broker-dealers (89%) and the majority of the advisers (57%) conduct periodic audits to determine compliance with these information security policies and procedures. While there are often written policies in place, the policies and procedures generally do not address how firms determine whether they are responsible for client losses associated with cyber incidents. The policies and procedures of only a small number of the broker-dealers (30%) and the advisers (13%) contain such provisions.
- Cyber-Related Attacks. Most of the examined firms reported that they have been the subject of a cyber-related incident. A majority of the broker-dealers (88%) and the advisers (74%) stated that they have experienced cyber-attacks directly or through one or more of their vendors. The majority of the cyber-related incidents are associated with malware and fraudulent emails. Over a quarter (26%) of broker-dealers reported losses related to fraudulent emails of more than $5,000, and of those broker-dealers, one-quarter (25%) of the losses were the result of employees not following the firms’ identity authentication procedures.
- Perceived Employee Misconduct. Firms identified misconduct by employees and other authorized users of the firms’ networks as a significant concern, but only a small proportion of the broker-dealers (11%) and the advisers (4%) reported incidents in which an employee or other authorized user engaged in misconduct resulting in misappropriation or damage to the firms’ networks.
- Cybersecurity Policies and Third Parties. The examined firms’ cybersecurity risk policies relating to vendors and business partners revealed varying findings. Most of the broker-dealers incorporate requirements relating to cybersecurity risk into their contracts with vendors and business partners (72%). In contrast, few of the advisers who were examined incorporated such requirements (24%).
- Periodic Risk Assessment. The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. Fewer firms apply these requirements to their vendors. A majority of the broker-dealers (84%) and approximately a third of the advisers (32%) require cybersecurity risk assessments of vendors with access to their firms’ networks.
OCIE’s full summary is available here.
SEC Sets July Compliance Date for New Pay-to-Play Rules
The SEC recently announced that its compliance date for its ban on third-party “pay-to-play” solicitations will expand to municipal advisers at the end of July. The “pay-to-play” rules prohibit registered investment advisers from paying a third party to solicit business from government clients, unless such solicitor is regulated by the SEC, including investment advisers, broker-dealers, and now municipal advisors. Under the “pay-to-play” provisions, advisers are subject to a two-year ban on receiving compensation from a public pension plan or other investment vehicle if a top official at the adviser makes a political contribution to a candidate who could exert influence with respect to the management of the adviser or funds it manages.
Notwithstanding the July 31, 2015 compliance date, the SEC will allow time for the Financial Industry Regulatory Authority (“FINRA”) and the Municipal Securities Rulemaking Board (“MSRB”) to finalize and adopt their own pay-to-play rules. In the “Frequently Asked Questions,” the SEC noted that it would not recommend an enforcement action under the “pay-to-play” rules against an investment adviser or its covered associates under rule 206(4)-5(a)(ii)(i) of the Advisers Act until the later of (i) the effective date of such a FINRA pay-to-play rule and (ii) the effective date of such a MSRB pay-to-play rule.
The regulated industry has been anticipating this deadline be set since the SEC forecasted its occurrence in June 2012. A copy of the SEC Release is available here. The “Frequently Asked Questions” are available here.
Federal Reserve Extends Volcker Rule Deadline for Legacy Funds
The Federal Reserve Board (“FRB”) recently approved an order under section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (commonly known as the “Volcker Rule”) to extend by one year the deadline for banking entities to conform certain investments with the Volcker Rule. The Volcker Rule generally prohibits insured depository banks and their affiliates, as well as any foreign bank that has a branch or agency in the United States, from engaging in proprietary trading and from acquiring or retaining ownership interests in, sponsoring, or having certain relationships with a hedge fund or private equity fund. The previous deadline for banking entities to conform their investments in and relationships with covered funds and foreign funds that were in place before December 31, 2013 (“Legacy Covered Funds”) was July 21, 2015; however, the FRB has now extended this deadline to July 21, 2016. This extension grants banking entities additional time to conform their Legacy Covered Fund investments to the limitations imposed by the Volcker Rule or divest them. The FRB’s blanket extension for Legacy Covered Fund investments avoids administrative burdens that would be imposed by the expected need to process applications for thousands of individual covered fund investment extensions, and industry concerns about the need for costly fund restructurings or the adverse economic consequences associated with forced sales of nonconforming covered fund investments.
The FRB also stated its intention to further extend this compliance deadline to July 21, 2017, when it is permitted to adopt such extension next year.
The extension does not apply to investments in, and relationships with, covered funds put in place on or after December 31, 2013, or proprietary trading activities. Proprietary trading undertaken on a separate account basis by investment managers on behalf of all investments made in a covered fund, relationships related to investments in a covered fund, and proprietary trading activities made on or after December 31, 2013 must be in conformance by July 21, 2015.
Treasury Adopts Amendment to Large Position Reporting Rules
The Department of the Treasury is amending its rules for reporting large positions in certain Treasury securities. Large Position Reports (“Reports”) must be submitted to the Treasury by entities, including registered investment companies and registered investment advisers, in response to a notice from the Treasury requesting large position information on a specific issue of a Treasury security. The Reports must be filed by defined reporting entities controlling positions that equal or exceed the reporting threshold specified in the notice within four business days of the issuance of such notice. Previously, the threshold had been $2 billion. Since the adoption of the rules in 1996, such reporting is rare and has only happened fourteen times. The Treasury adopted changes to these rules that became effective March 10, 2015, and such new rules apply to any future Reports that the Treasury requests.
The largest change replaces the current $2 billion minimum reporting threshold with a percentage-based concept, where a Report must be filed if any one of eight listed criteria is met (i.e., eight specifically listed mathematical formulas that result in an amount that exceeds the threshold announced by the Treasury in the Federal Register). In calculating those thresholds, rather than a $2 billion minimum, the Treasury may only require reporting of a position that represents a minimum that is 10% of the amount outstanding of the specified Treasury security.
Other changes to the rules include:
- Elimination of exemptions for foreign central banks, foreign governments, and international monetary authorities and the request that these entities (along with U.S. Federal Reserve Banks), voluntarily submit Reports when they meet or exceed a reporting threshold;
- Establishment of an additional reporting threshold for the number of futures, options on futures, and exchange-traded options contracts controlled by the reporting entity for which the specified Treasury security is deliverable;
- Replacing the concept of the “reportable position” with a requirement that defined reporting entities must file a Report if any one of eight criteria is met;
- Revising the format for the reporting of positions in the specified Treasury security and establishing a two-column format for the reporting of gross “obligations to receive” and gross “obligations to deliver” as well as the gross quantity of securities borrowed and the gross quantity of securities lent;
- Expanding the components of a position to include futures, options on futures, and options (both exchange-traded and over-the-counter) and establish a two-column format for reporting net positions in these contracts;
- Providing an option for a reporting entity to identify the type(s) of business it engages in and to identify its overall investment strategy with respect to positions in the specified Treasury security; and
- Consolidating relevant guidance in the Large Position Reports Rules.