SEC Lays Out Road Map for CCO Skill Set
During a recent speech before chief compliance officers of investment advisers and broker-dealers, Andrew Donohue, Chief of Staff at the U.S. Securities and Exchange Commission (the “SEC”), observed that chief compliance officers (“CCOs”) are confronted with a complex environment that is constantly changing and firms that are innovating and introducing new products and services. Mr. Donohue noted the importance of CCOs staying on top of these developments and changes to meet the evolving requirements of the financial industry.
In his speech, Mr. Donahue emphasized nine key areas of which CCOs should develop a clear understanding and knowledge base in order to increase their effectiveness, including (1) the various laws and regulations applicable to a firm, (2) the firm, its structure and internal operations, (3) how the firm identifies, reviews, and resolves conflicts of interest that may exist, (4) the clients and customers of the firm and what services and products are being provided to them, (5) the compliance and technology resources utilized by the firm and their implications in developing a compliance program, (6) the policies and procedures of the firm and specifically, how they are monitored and applied, (7) the markets and industries in which the firm operates, the investment products and strategies of the firm and any concerns that they may raise, (8) the culture of the firm and (9) what additional information and knowledge is required to maintain an effective compliance program.
Mr. Donohue also highlighted several ways the SEC is working to assist CCOs in supporting their compliance functions and provide them with guidance to preemptively address potential risks within a firm. Such directives include the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) meeting and engaging with senior management of investment advisers to emphasize the importance of setting a “culture of compliance” within a firm and allowing such persons to speak with OCIE staff more informally, outside of the context of an examination or enforcement action. Other SEC support initiatives include the active publishing of materials (including risk alerts and annual examination priorities) to provide concrete guidance to CCOs with respect to those topics the SEC views as important compliance risks and potential pitfalls, and the conducting of seminars and industry-focused outreach events to discuss key risks within the industry, including observed deficiencies, as well as potential areas of improvement.
The full text of Mr. Donohue’s speech is available here.
SEC Chairperson Delivers Keynote Address: “Five Years On: Regulation of Private Fund Advisers after Dodd-Frank”
In October, Mary Jo White, Chairperson of the SEC, gave the keynote speech at the Managed Funds Association conference in New York. Following the fifth anniversary of adoption of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”), Chairperson White addressed the current landscape of regulation and oversight facing the private funds industry in the wake of the financial crisis and the implementation of various Dodd-Frank Act reforms.
Chairperson White emphasized that the fundamental mission of the Dodd-Frank Act is to “protect investors, maintain market integrity, and promote capital formation.” In light of this goal, she described many benefits the Dodd-Frank Act’s comprehensive regulatory regime and reporting requirements provide, including firm transparency (which helps the SEC obtain a more fulsome picture about private funds, their business, operations and relationships), and the ability of the SEC to monitor trends within the broader asset management industry. The data provided by private fund advisers also allows the SEC to have a better understanding of the risk profiles of the asset management industry and the larger financial system as a whole. In her speech, Chairperson White detailed two broad areas of risk affecting private fund advisers: risks impacting the broader asset management industry and financial system and potential risks specific to individual firms.
Specific risks that impact the asset management industry include:
- Risks Arising from Services and Activities. Chairperson White explained that potential risks can cast a wide net across the asset management industry, arising from providing services to the funds, investors and activities of a wide-range of financial market participants. She noted that the SEC was working diligently to propose a series of measures to ensure the regulatory program applicable to private fund advisers would address the challenges and risks posed by an evolving and growing marketplace.
- Operational Risks. Chairperson White described risks that can arise from non-existent, weak, or inadequate processes and systems at a private fund adviser (including those related to third-party service providers). Specifically, she highlighted cybersecurity risks, market stress and transitional risk. With respect to risks arising in connection with the transition of client accounts, Chairperson White announced that the SEC was preparing recommendations to aid advisers in navigating the challenges that arise when an investment adviser had to transition the advisory services of its clients. The recommendations will be aimed at assisting advisers in their assessment of, and planning for, the impact of these transitions, such as transferring management or liquidating a fund, on the investors. She noted that presently, the industry lacks clarity on the risks that might arise when a private fund fails and the forthcoming guidance would help advisers evaluate and plan for a contingency situation in the event it was unable to serve its clients.
- Changes in Broader Regulatory Framework. Chairperson White discussed the broader regulatory framework and systemic risks that indirectly affected private fund advisers, including the Volcker Rule and clearing agency risks.
Chairperson White also addressed firm-specific risks, noting that those were the kind of risks that could harm investors more directly and in a more impactful manner. Chairperson White suggested that private fund advisers could face renewed scrutiny from the SEC with regard to their fiduciary duties owed to investors, specifically citing instances in which advisers cherry-picked investments in performance disclosure, improperly used data for marketing purposes, and failed to disclose the hiring of related parties. While Chairperson White did not confirm that these issues had been escalated to enforcement actions, her comments raise the possibility of future actions. Chairperson White elaborated further on the necessity of proper disclosure of conflicts, noting that disclosure has become a strong investor safeguard. To emphasize this point, she detailed several examples of SEC concern where advisers failed to adequately disclose conflicts with respect to allocation of investment opportunities and allocation of fees and expenses.
Finally, Chairperson White expressed the SEC’s concerns with the fee and expense practices of private equity funds, including with respect to allocation and collection of accelerated monitoring fees without adequate disclosure. Her remarks emphasized the general need to provide investors with the essential information regarding the adviser and its funds to ensure their investment decisions are well-informed.
Chairperson White concluded by noting that strong compliance cultures and programs established by private fund advisers were vital to foster a robust and successful financial system, and in the upcoming five years, she believes the SEC will continue “to build a strong regulatory framework that protects investors while preserving the vibrant diversity of private funds.”
The full text of Chairperson White’s keynote address is available here.
OCIE Reports Observations from Outsourced CCO Initiative
In order to address the growing trend of outsourcing the role of CCOs to third parties, OCIE staff conducted nearly 20 examinations to identify and raise awareness of compliance issues relating to use of such outsourced roles. Summarizing its findings in a recent Risk Alert, OCIE observed that in order to be effective, outsourced CCO’s generally required regular and in-person communication, strong relationships with registrants, sufficient access to registrants’ documents, and knowledge of the registrants’ business and regulatory requirements. More specifically, OCIE identified the following as critical factors affecting outsourced CCO performance:
- Communications: Outsourced CCOs with frequent, ongoing and personal interaction with adviser and fund employees (as opposed to impersonal and infrequent interaction, via electronic communication or pre-defined checklists) developed a better understanding of the registrants’ businesses, operations and risks.
- Resources: Outsourced CCOs who served numerous unaffiliated firms often lacked sufficient resources to perform fulsome compliance duties for the registrants, particularly where the firms serviced were varied in operations, industry and structure, leading to more significant compliance-related issues.
- Empowerment: Outsourced CCOs having the authority to obtain the records they deemed necessary for conducting annual reviews were able to better fulfill their roles than those conducted by CCOs who had to rely on the firm to preselect the records for their review. More specifically, where firm employees had discretion to determine which documents were provided to the outsourced CCOs, the accuracy and completeness of these registrants’ annual reviews appeared to have been compromised.
- Standardized checklists: Outsourced CCOs that utilized generic standardized checklists did not appear to fully capture the compliance risks applicable to the registrant. Outsourced CCOs sometimes lacked sufficient knowledge about the registrant to identify and resolve incorrect or inconsistent responses to standardized questionnaires.
- Policies, procedures, and disclosures: In some situations, the SEC observed outsourced CCOs utilizing compliance manual templates that were not properly tailored to registrant’s businesses and practices, causing compliance deficiencies and/or inconsistencies and resulting in policies and procedures not being followed by firm employees. Furthermore, where an outsourced CCO was not proficient in a registrant’s business and operations, it was unable to identify or resolve such discrepancies.
- Annual Reviews: Outsourced CCO’s responsible for conducting and documenting registrants’ annual reviews, which included testing for compliance with existing policies and procedures, often failed to maintain adequate documentation evidencing the testing. Additionally, when an outsourced CCO had limited authority at a firm, the CCO’s ability to implement changes in disclosure regarding pertinent areas affecting the firm were affected.
Based on its observations, the OCIE staff recommended that registered investment advisers with outsourced CCOs review their business practices in light of the risks it observed to determine whether these practices comport with their responsibilities and confirm that an outsourced CCO is able to establish, implement, monitor and review an effective and robust compliance program.
SEC Considering Mandatory Third-Party Compliance Reviews
The SEC’s Division of Investment Management Director, David Grim, indicated in a recent speech that the SEC may begin requiring third-party reviews for all registered investment advisers, noting that the SEC is considering these mandatory reviews in an effort to better monitor the compliance practices of investment advisers. Within the SEC, the Division of Investment Management is collaborating with OCIE in considering this program, which is intended to address criticism regarding the small number of adviser examinations OCIE conducts annually. In his remarks, Director Grim explained that, “[t]he review would not replace examinations conducted by OCIE, but would supplement them in order to improve compliance by registered investment advisers.”
While this proposal has been raised before by the SEC, it appears to be gaining momentum however many questions remain as to how it would be implemented, including which organization(s) would be responsible for such reviews and what costs would be involved in establishing such a program.
Following Mr. Grim’s speech, former SEC investment management head Norm Champ wrote an op-ed in the Wall Street Journal criticizing the proposal, noting that it imposed a costly burden on registered investment advisers without internally investigating the SEC’s inefficiencies in conducting examinations. In his article, Mr. Champ further noted that the SEC’s plan fails to address the inefficient management within the SEC, and overlooks the SEC’s recent difficulty in collaborating on compliance matters with credit rating firms and proxy advisor firms
The full text of Mr. Grim’s remarks is available here.
Firms Struggle with Third-Party Vender Cybersecurity Compliance
In response to OCIE’s 2015 Cybersecurity Examination Initiative, (as discussed in more detail here) and recent SEC remarks noting it may examine a firm’s practices and controls related to vendor management, investment advisers have been working to address issues arising in connection with third-party vendors, including cybersecurity concerns over shared data.
Many clients are exploring ways to regulate information provided to them by vendors via standardized reports, such as the Service Organization Controls 2 audit or the standard information gathering questionnaire, to provide a baseline of data for vendor oversight. While such reports can help alleviate the burden on vendors of overwhelming data requests, they still tend to be long and complex to fill out, and these reporting tools are also sometimes insufficient to satisfy client demands.
Ultimately, investment advisers and vendors are in agreement that these standards and requirements need to be discussed more thoroughly during the vendor contracting process—an area where few investment advisors have historically focused, but one where vendors are already seeing increased involvement.
FERC Proposes Regulations for Disclosure of “Connected Entities” of Market Participants
The Federal Energy Regulatory Commission (“FERC”) recently proposed to amend its regulations to require additional disclosures from market participants in regional transmission organizations (“RTOs”) and independent system operators (“ISOs”). While the proposal does not broaden the definition of those “market participants” required to make a filing with the FERC, it would replace existing disclosure requirements regarding “affiliates” of market participants with a unified concept, “Connected Entities,” which would include entities having a contractual relationship with such market participants, including asset managers. Market participants would be required to describe the nature of their relationship to such Connected Entities as well as the major provisions of contracts between them, such as start and end dates, a brief description, and renewal provisions. To the extent such information is not already public, it would not be publicly available in this filing.
Many industry groups believe these new requirements are burdensome and inappropriate as related to the disclosure of information about a market participant’s “Connected Entities” and have submitted comment letters to the FERC in this regard.
A copy of the proposed rule is available here.