Insights from Winston & Strawn
OCIE Announces Examinations of Supervision Practices At Registered Investment Advisers
The Securities and Exchange Commission’s (“SEC”) Office of Compliance, Inspections and Examinations (“OCIE”) issued a Risk Alert on September 12th announcing an initiative to examine the supervision practices and compliance programs of registered investment advisers that employ or contract with supervised persons that have a history of disciplinary events in the financial sector (the “Supervision Initiative”). The Supervision Initiative was one of several risk-based initiatives identified in OCIE’s 2016 Examination Priorities. The Risk Alert puts advisers on notice that they should implement policies and procedures specific to the increased risks presented by employees with disciplinary history, which may include heightened supervision of such persons.
The Supervision Initiative will focus on evaluating the effectiveness of advisers’ compliance oversight and controls to mitigate the risks that supervised persons with a history of disciplinary events may pose to advisory clients. The examinations will include the following key areas:
- Compliance Program. Rule 206(4)-7 under the Investment Advisers Act of 1940 (the “Advisers Act”) requires each adviser to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act. Examiners will review registered advisers’ practices surrounding their hiring, ongoing reporting obligations, employee oversight, and complaint handling. OCIE noted that an important component of the examinations is to evaluate whether the advisers “foster robust compliance cultures and tone at the top.”
- Disclosures. Examiners will review registered advisers’ practices regarding their disclosures of regulatory, disciplinary, or other actions, with a focus on assessing the accuracy, adequacy, and effectiveness of such disclosures, including those in the Form ADV.
- Conflicts of Interest. Examiners will assess conflicts of interest that a registered adviser or supervised person may have, with a particular focus on conflicts that may exist with respect to financial arrangements (e.g., unique products, services, or discounts) initiated by supervised persons with disciplinary histories.
- Marketing. Examiners will review registered advisers’ advertisements, including pitch-books, website postings, and public statements, to identify any conflicts of interest or risks associated with supervised persons with disciplinary histories.
OCIE will evaluate information from a variety of sources in order to identify exam candidates, including: (i) disciplinary information that is reported on an adviser’s Form ADV; (ii) information about other legal actions (e.g., private civil actions) not required to be reported on Form ADV, but which are nonetheless relevant to the advisory services offered to clients; and (iii) information from SEC enforcement actions, which barred or suspended individuals from certain financial industries.
Firms should review their particular risks, practices, policies, and procedures against the focus areas identified in the Risk Alert and consider making any appropriate changes to strengthen their programs.
Feature: New York State’s Proposed Cybersecurity Regulation
Several U.S. companies have been victims of high-profile hackings and fraud schemes. In a long-anticipated response to these cybersecurity breaches, New York Governor Andrew M. Cuomo on September 13thannounced the proposal of what he termed a “first-in-the-nation” regulation aimed at protecting New York State from the threat of cyber-attacks. Pursuant to the rule, financial institutions regulated by the New York State Department of Financial Services (“NYDFS”) would be required to establish a cybersecurity program; adopt a written cybersecurity policy; designate an internal cybersecurity officer responsible for executing, supervising and administering its new program and policy; and adopt policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third parties. The proposed regulation also requires banks to notify the NYDFS of any material data breach within 72 hours of its occurrence. Large banks already have systems in place to guard against such cyberattacks, so the biggest impact of the new regulation is expected to be on small banks and insurers, which may now need to bring their cyber programs up to at least a minimum standard.
Governor Cuomo stated that the regulation would “guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.” NYDFS Superintendent Maria Vullo added that”[r]egulated entities will be held accountable and must annually certify compliance with this regulation by assessing their specific risk profiles and designing programs that vigorously address those risks.”
This proposal deviates from what is already in the Federal Financial Institutions Examination Council (“FFIEC”) cybersecurity assessment guidelines, especially in the areas of data encryption and authentication. The FFIEC requires banks to encrypt “sensitive” data such as customer data and confidential business information, but New York’s regulation goes a step further by requiring banks to encrypt all “nonpublic” information (most data falls under that category).
Initial feedback on the proposal is generally positive. Simone Petrella, chief cybersecurity officer at CyberVista, which trains businesses to deal with digital threats, called the proposal “a good first step.” Doug Johnson, senior vice president of payments and cybersecurity policy at the American Bankers Association, added that New York’s proposed regulations basically “harmonize” with what banking regulations look like on a national scale, as requiring an internal cybersecurity officer would be in accordance with with the national requirement to have a key figure in charge of physical security. Petrella commended the idea of adding that sort of executive to the mix but she warned that there would be “a lot of challenges.” These include the fact that there is a shortage of cybersecurity professionals, which could make it difficult for smaller companies to compete for experienced talent. Both Petrella and Johnson agree that such state regulation is characteristic of a different problem in cybersecurity, which is that states are setting separate cyber regulatory rules rather than maintaining a national standard.
Prior to final adoption, the proposed regulation is subject to a 45-day notice and public comment period following the September 28, 2016, publication in the New York State register.
Banking Agency Developments
OCC to Host Minority Depository Institutions Advisory Committee Meeting
On September 23rd, the Office of the Comptroller of the Currency (“OCC”) announced that it will host a public meeting of the Minority Depository Institutions Advisory Committee on Tuesday, October 18, 2016, beginning at 8:30 a.m., Eastern Daylight Time (“EDT”). The meeting will be held at the OCC headquarters in Washington, D.C. Written statements must be submitted by 5:00 p.m. EDT Tuesday, October 11, 2016.
Federal Reserve Issues FOMC Statement
On September 21st, the Federal Reserve issued a statement on information received since the Federal Open Market Committee (“FOMC”) met in July. The Board and the FOMC also released economic projections and the target federal funds rate projections made by FOMC participants for its September 20-21 meeting.
Treasury Department Developments
Treasury International Capital Data for July
On September 16th, the U.S. Department of the Treasury announced its release of Treasury International Capital data for July 2016.
Securities and Exchange Commission
SEC Adopts Revised EDGAR Filer Manual
The SEC adopted revisions to the EDGAR Filer Manual on September 20th to reflect updates to the EDGAR system, including new submission form types N-MFP2 and N-MFP2/A for money market mutual funds; amendments to permit unregistered money market funds to file a report on submission form types N-CR and NCR/A; and changes to the date format for ABS-EE Asset Data schemas, among other things. The revisions will be effective upon publication in the Federal Register. SEC Release No. 33-10217
Division of Corporation Finance Publishes New Guidance on Employer Offers of Securities
On September 22nd, the SEC’s Division of Corporation Finance updated its Compliance and Disclosure Interpretations (“C&DIs”) on Securities Act Sections and Securities Act Forms. The Division withdrew Question 239.16 of its Securities Act Sections C&DIs and added new C&DI 139.33 under Section 139. Securities Act Section 5. The Division also withdrew Question 226.15 of its Securities Act Forms C&DIs and added new C&DI 126.41 under Section 126. Form S-8. Both of the new C&DIs address whether a company-sponsored 401(k) plan that does not prohibit employee contributions to be invested in employer securities through a self-directed “brokerage window” would require Securities Act registration as an offer of employer securities.
Speeches and Statements
Ceresney Recommends Measures Auditors Should Take to Avoid Enforcement Actions
In the keynote address to the American Law Institute Conference on Accountants’ Liability 2016 on September 22nd, SEC Division of Enforcement Director Andrew Ceresney provided an overview of the SEC’s enforcement work in the area of auditing, including the key elements of the legal and regulatory framework governing enforcement actions against auditors. Ceresney encouraged auditors to ensure that its firm and engagement partners have sufficient capacity and competence to conduct the audit; to plan and properly execute audits so that significant risks are identified and addressed; and to implement robust monitoring processes and training on independence issues.
White Describes Role of International Cooperation in Regulation of Global Securities Markets
In remarks at the International Bar Association Annual Conference on September 21st, SEC Chair Mary Jo White discussed the role of international cooperation and coordination in the regulation of global securities markets as well as the challenges of maximizing the effectiveness of national regulatory regimes. White highlighted how international cooperation impacts the SEC’s work in modernizing the regulation of the asset management industry, its ability to examine foreign registrants for compliance with U.S. securities laws, and the SEC’s FCPA enforcement program.
Chief Accountant Emphasizes New Credit Loss Standard’s Potential to Improve Quality of Financial Reporting
In remarks before the AICPA National Conference on Banks & Savings Institutions on September 21st, SEC Interim Chief Accountant Wesley R. Bricker discussed the Financial Accounting Standards Board’s (“FASB”) new credit loss standard and its importance in enhancing the reliability and credibility of financial reporting. Bricker also discussed how management, audit committees, auditors, and other stakeholders can work together in the transition and implementation activities relating to the new credit loss standard.
SEC to Consider Governance Standards for Clearing Agencies, Shortened Settlement Cycle at Open Meeting
The SEC will hold an Open Meeting on September 28, 2016, to consider final rules to establish enhanced standards for the operation and governance of certain clearing agencies, proposed amendments to certain definitions in Rule 17Ad-22 under the Securities Exchange Act related to clearing agencies, and a proposal to shorten the standard settlement cycle for most broker-dealer transactions from three days after the trade date to two days after the trade date. SEC Sunshine Act Meeting Notice
SEC Updates Money Market Fund Statistics
On September 22nd, the SEC’s Division of Investment Management published updated money market fund statistics. The statistics contain data as of August 31, 2016. Money Market Fund Statistics
SEC Finds Pay-to-Pay Rules Adopted by FINRA and MSRB Equivalent to SEC’s Restrictions
The SEC issued orders on September 20th finding that the pay-to-play rules prohibiting political contributions or payments to third-parties by members to solicit business from government entities adopted by the Financial Industry Regulatory Authority (“FINRA”) and the Municipal Securities Rulemaking Board (“MSRB”) impose substantially equivalent or more stringent restrictions on broker-dealers and municipal advisors than the SEC’s Pay-to-Play Rule under the Investment Advisers Act imposes on investment advisers and is consistent with the objectives of the SEC Pay-to-Play Rule. Broker dealers subject to FINRA’s rules and municipal advisers subject to the MSRB’s rules can now satisfy the “regulated person” test under the SEC’s Pay-to-Play Rule under the Investment Adviers Act.
SEC Announces $4 million Whistleblower Award
On September 20th, the SEC announced that it issued a $4 million award to a whistleblower who supplied the SEC with original information about a fraud that led to a successful enforcement action. SEC Press Release
On September 19th, the SEC released the EDGAR ABS XML Technical Specification (Version 1.3) and theEDGAR Filer Manual (Volume II) EDGAR Filing (Version 38).
Commodity Futures Trading Commission
CFTC Staff to Host a Public Roundtable on CPMI-IOSCO Guidance on CCP Resilience & Recovery
On September 21st, the CTFC announced that it will hold a public roundtable on October 6, 2016, from 9:00 a.m. to 1:30 p.m., to discuss the recent CPMI-IOSCO guidance on central counterparty (“CCP”) resilience and recovery. The roundtable will include panelists from U.S. Derivatives Clearing Organizations, their clearing members, and the customers of their participants. The roundtable will be held in the Conference Center at CFTC’s headquarters in Washington, D.C.
CFTC Adopts Final Rules on System Safeguards Testing Requirements
On September 19th, the CFTC adopted a final rule amending its current system safeguards rules for designated contract markets, swap execution facilities, and swap data repositories, by enhancing and clarifying current provisions relating to system safeguards risk analysis and oversight and cybersecurity testing, and adding new provisions concerning certain aspects of cybersecurity testing. The CFTC also adopted enhanced requirementsfor testing by a derivatives clearing organization of its system safeguards, as well as additional amendments to reorder and renumber certain paragraphs within the regulations and make other minor changes to improve the clarity of the rule text.
Federal Rules Effective Dates
September 2016 – November 2016
Click here to view table.
Exchanges and Self-Regulatory Organizations
Chicago Stock Exchange
CHX Proposes Liquidity Taking Access Delay
On September 16th, the SEC requested comments on a proposal by the Chicago Stock Exchange, Inc. (“CHX”) to amend its rules to adopt the CHX Liquidity Taking Access Delay, which is designed to counteract the microsecond speed advantages exploited by low-latency market participants engaged in latency arbitrage strategies that diminish displayed liquidity and impair price discovery in national market system (“NMS”) securities. The proposal would introduce a 350 microsecond delay in the processing of new incoming orders during the Open Trading State that could immediately execute against one or more resting orders on the CHX book. Comments should be submitted on or before October 13, 2016. SEC Release No. 34-78860
Financial Industry Regulatory Authority
FINRA Board of Governors Announces Rulemaking Items under Consideration at September Meeting
On September 22nd, FINRA announced the rulemaking items that will be considered by the FINRA Board of Governors at its September 2016 meeting. The items under consideration include proposed amendments to FINRA’s rules governing advertising to permit the use of projections of the performance of asset allocation, proposed revisions to the non-public arbitrator definition, and proposed rule amendments that would expedite sending arbitrator selection lists to parties.
FINRA Announces New Members of Its Board of Governors
On September 19th, FINRA announced the results of the election of a Small Firm Governor at its 2016 Annual Meeting. FINRA also announced the appointment of two new public governors to its Board of Governors. FINRA Press Release
International Swaps and Derivatives Association
ISDA Releases Recommendation for Latest Version of FpML
On September 22nd, the International Swaps and Derivatives Association (“ISDA”) issued the recommendation for the Financial products Markup Language (“FpML”) version 5.9. The newest version of FpML, which is an open-source standard for exchanging information for the electronic dealing and processing of derivatives, reflects several developments in regulatory reporting, including the SEC’s reporting requirements for security-based swaps and clarification on the reporting obligations under the revised Markets in Financial Instruments Directive and associated regulation (“MIFID II/MIFIR”). ISDA Press Release
Municipal Securities Rulemaking Board
MSRB Updates Congress on Completion of Regulatory Framework for Municipal Advisors under Dodd-Frank
In a letter to members of Congress on September 19th, the MSRB described its efforts in completing a core regulatory framework for municipal advisors under the Dodd-Frank Wall Street Reform and Consumer Protection Act. The MSRB also discussed the complementary education and transparency initiatives it has undertaken to support the implementation of these rules. MSRB Press Release
NASDAQ OMX Group
NASDAQ Exchanges Propose Changes to Interaction Between Post Only and Non-Display Orders
On September 22nd, the SEC requested comments on The NASDAQ Stock Market LLC’s (“Nasdaq”) andNASDAQ BX, Inc.’s (“BX”) separately filed proposals to amend their respective rules to change the way in which Post Only Orders interact with resting Non-Display orders and preventing the execution of midpoint pegged orders during a crossed market. Comments should be submitted within 21 days of publication in the Federal Register, which is expected the week of September 26th.
SEC Approves Nasdaq’s Proposed Trading Insights Data Service
On September 20th, the SEC issued an order approving Nasdaq’s proposed rule change to add Nasdaq Trading Insights, an optional market data service designed to provide additional information and insight to subscribing market participants regarding their trading activity. The service will be composed of four market data components, including Missed Opportunity –Liquidity; Missed Opportunity – Latency; Peer Benchmarking; and Liquidity Dynamics Analysis. SEC Release No. 34-78886
SEC Approves NYSE Exchanges’ Proposal to Reject Certain Electronic Complex Orders
On September 20th, the SEC approved a proposed rule change filed by NYSE Arca, Inc. (“NYSE Arca”) and NYSE MKT LLC (“NYSE MKT”) to amend their respective rules to allow the exchanges to reject certain directional Electronic Complex Orders that may undermine the effectiveness of risk limitation mechanisms designed to protect Market Makers. SEC Release No. 34-78888
SEC Seeks Comments on Amendment to NYSE’s Proposal to Change Its Co-location Services and Fees
On September 20th, the SEC provided notice of an amendment to the proposed rule change filed by the New York Stock Exchange LLC (“NYSE”) to provide additional information and to establish relevant fees regarding access to various trading and execution services; connectivity to market data feeds and testing and certification feeds; connectivity to third party systems; and connectivity to DTCC provided to Users using data center local area networks. The amendment revises NYSE’s original proposal to align more closely with similar proposals filed by NYSE Arca and NYSE MKT. Comments should be submitted within 21 days of publication in the Federal Register, which is expected the week of September 26, 2016. SEC Release No. 34-78887
SEC Approves NYSE’s Proposed Amendments to Trading Floor Definition
On September 15th, the SEC issued an order approving NYSE’s proposal to amend its definition of the “Trading Floor” to exclude a physical area within fully enclosed telephone booths located in 18 Broad Street and to reflect the renaming of a portion of its physical area and relocation of where NYSE Amex-listed options are traded. SEC Release No. 34-78855
Options Clearing Corporation
OCC Offers Advance Notice of Proposal to Enter Into a New Credit Facility
On September 21st, the SEC provided notice of The Options Clearing Corporation’s (“OCC”) filing of an advance notice in connection with a proposed change in the form of the replacement of a revolving credit facility that OCC maintains for the purpose of meeting obligations arising out of the default or suspension of a clearing member, in anticipation of a potential default by a clearing member, or the failure of a bank or securities or commodities clearing organization to perform its obligations due to its bankruptcy, insolvency, receivership or suspension of operations. Comments should be submitted within 21 days of publication in the Federal Register, which is expected the week of September 26, 2016. The SEC indicated that it had no objection to the changes described in the OCC’s advance notice. SEC Release No. 34-78893
Amid Conflicting Interpretations of SEC Regulations, Claims Against Securities Exchanges Are Preempted
Plaintiff contracts with securities exchange defendants to get data, via a securities information processor, about securities traded on the exchanges. Plaintiff alleged defendants breached their contracts by allowing customers who pay for direct market data feeds from the exchanges to receive market data faster than the securities information processor receives that data, as arising from the incorporation of SEC regulations into the contract. On September 23rd, the Second Circuit found the claims to be preempted, as plaintiff’s interpretation of the SEC’s regulations conflicts with the SEC’s own interpretation. Bats
American Institute of CPAs Warns of Executive Impersonation Scam
The American Institute of CPAs said in a new report that organizations need to take steps in order to prevent a form of cyberattack in which criminals impersonating a top executive fool an employee into transferring huge sums of money. The criminals carry this out by creating an email that closely resembles the victim company’s email and then, in the name of a top-ranking executive, requesting a wire transfer in an email to an employee who is authorized to process such requests. According to CFO on September 23rd, the FBI identified so-called Executive Impersonation as a variation of “Business Email Compromise,” a growing scam that has, to date, cost companies over $3 billion worldwide.
Although Cyberattacks Are More Common, Companies Are Not Reporting Them to the SEC
On September 19th, the Wall Street Journal reported that although companies are getting hacked more often, they are failing to disclose the incidents in their regulatory filings. Chief financial officers say that companies are not reporting many data breaches to the SEC because the damage is not substantial enough to influence an investor’s decision to buy a company’s stock. However, corporate boards have made battling cyberthreats a priority, and spending on defensive measures continues to rise. The SEC has not yet brought a case against a company that failed to disclose a cyberincident, but SEC officials have reportedly not ruled out doing so.
Federal Reserve’s Stress Tests May Violate Law Requiring Transparency in Government Rulemaking
The Committee on Capital Markets Regulation released a paper in which it stated that the Federal Reserve’s stress tests for the largest U.S. bank holding companies may violate the law that requires transparency and accountability in government rulemaking. On September 19th, CFO reported on the committee’s claim that the public notice and comment requirements of the Administrative Procedure Act should apply to the tests that the Board uses to measure whether banks would maintain sufficient capital in a future crisis. According to the Wall Street Journal, the paper could be a preview of a possible legal challenge by the banking industry to the tests. The Journal noted that “[e]ven if banks ultimately decide against action, serious contemplation of such a challenge is somewhat extraordinary … [i]t shows growing frustration among big financial firms with the tests, which have become even more of a burden with superlow interest rates weighing on profits.”