US DEPARTMENT OF LABOR ISSUES FINAL FIDUCIARY RULE AND RELATED EXEMPTIONS The final US Department Of Labor (DOL) fiduciary regulation (the Final Rule) and other guidance published by the DOL on April 8 will have a significant effect on those who provide investment advice and sell investment products and services to employee benefit plans and Individual Retirement Accounts (IRAs). The Final Rule applies to (1) employee benefit plans that are governed by the Employee Retirement Income Security Act of 1974 (ERISA) (referred to as ERISA plans) and (2) plans and arrangements, including IRAs, that are subject to Section 4975 of the Internal Revenue Code of 1986 (the Code). The latter category includes plans such as Keogh plans that are subject to Section 4975 of the Code but not to ERISA (non-ERISA plans). ERISA plans and non-ERISA plans are referred to as plans. The effective date of the Final Rule is 7 June 2016, but the provisions of the Final Rule will not apply until 10 April 2017, referred to as the applicability date. Limited additional transition relief is available until 1 January 2018, under exemptions released with the Final Rule. Summing up the final rule The Final Rule takes an approach similar to that of the regulation proposed by the DOL in 2015 (the Proposed Rule). That is, the Final Rule expands the definition of fiduciary in the context of plan and IRA investments to cover many routine sales and marketing practices. In effect, after the Final Rule becomes applicable, there will no longer be a seller’s exception for recommendations of investments to smaller plans, plan participants and IRAs. If a financial adviser recommends the purchase of an investment to these potential buyers, it will be a fiduciary, as will its employer. If the financial adviser will receive a fee based on the customer purchasing the recommended investment, the transaction constitutes self-dealing, which is prohibited in the absence of an exemption. To address the prohibited transaction issue, the DOL has issued a best interest contract exemption (the BIC exemption) which is intended to allow investment recommendations to these retail buyers, but the exemption is subject to a number of strict conditions. In addition to the BIC exemption, the DOL also issued a new exemption for certain principal transactions and modified several existing exemptions. Changes from the proposed rule The Final Rule reflects a number of significant changes from the Proposed Rule, including the following: ■ Providing that marketing one’s investment advisory services to a plan (e.g., “hire me”) is not fiduciary advice, unless the marketing includes specific investment recommendations. ■ Deleting appraisals from the definition of fiduciary advice, to be dealt with separately in future guidance. ■ Permitting the use of named investment products in asset allocation models and interactive materials for use by participants in ERISA plans (but not IRAs). ■ Expanding the seller’s exception, referred to as the exception for recommendations to independent fiduciaries with financial expertise. ■ Reducing the disclosure and record-keeping requirements. The Best Interest Contract Exemption was also revised in several respects, including: ■ Deleting the approved asset list. ■ Eliminating the requirement to provide a written contract for ERISA plans, and permitting the written contract to be provided to IRAs and non-ERISA plans at the time the investment transaction is entered into. ■ Providing a mechanism to correct good faith errors without losing the exemption. The final rule – the details The Final Rule spells out when a person will be a fiduciary with respect to a plan or IRA as a result of providing investment advice. As a general rule, a person is an investment-advice fiduciary with respect to a plan or IRA if the person provides to a plan, plan fiduciary, plan participant, IRA or IRA owner the following types of advice for a fee or other compensation, direct or indirect: (1) a recommendation as to the advisability of acquiring, holding, disposing of, or exchanging, securities or other investment property, or a recommendation as to how securities or other investment property should be invested after the securities or other investment property are rolled over, transferred or distributed from the plan or IRA; and www.dlapiper.com | 25 (2) a recommendation as to the management of securities or other investment property, including, among other things, recommendations on investment policies or strategies, portfolio composition, selection of other persons to provide investment advice or investment management services, selection of investment account arrangements (e.g., brokerage versus advisory); or recommendations with respect to rollovers, transfers, or distributions from a plan or IRA. Note: The reference in this definition to the “selection of other persons to provide investment advice” makes it clear that a financial institution or adviser can solicit a plan to retain the financial institution or an affiliate to provide investment advisory services and that the solicitation is not itself fiduciary advice. This clarifying change would cover a response to an RFP from a plan requesting investment advisory services. To be a fiduciary, a person making a recommendation must (1) represent or acknowledge that it is acting as a fiduciary; (2) render advice pursuant to a written or verbal agreement, arrangement, or understanding that the advice is based on the particular investment needs of the advice recipient; or (3) direct the advice to a specific recipient regarding the advisability of a particular investment or management decision with respect to securities or other property of the plan or IRA. A “recommendation” means a communication that, based on its content, context and presentation, would reasonably be viewed as a suggestion that the advice recipient engage in or refrain from taking a particular course of action. As an example of the broad reach of this definition, the regulation notes that presenting a list of securities to a particular recipient will be a recommendation even if no recommendation is made with respect to any one security. Also, in the preamble to the Final Rule, the DOL cautions that call centre employees who are paid only a salary will become fiduciaries if they make specific recommendations to plan participants and IRA owners. Non-recommendations The following activities, however, do not constitute recommendations that will trigger fiduciary status: (1) Providing an investment platform. Marketing or making available to a plan fiduciary a platform from which the plan fiduciary may select or monitor investment alternatives for participants in the plan. The offer of the platform must not take into account the individualised needs of the plan, its participants, or beneficiaries. This exception is intended to provide relief to service providers, such as record-keepers and third-party administrators, who provide a platform or selection of investment alternatives to participants. As one condition of this exception, the platform provider must disclose that it is not providing impartial investment advice or giving advice in a fiduciary capacity. The plan fiduciary selecting the platform must also be independent of the platform provider. (2) Selection and monitoring assistance. In connection with providing an investment platform, identifying investment alternatives that meet objective criteria specified by the plan fiduciary, i.e., considering parameters such as expense ratios, size of fund, type of asset. The platform provider must disclose any financial interest it has in the alternatives it recommends, including the precise nature of such interest. Also, under this exception, a platform provider may respond to an RFP by identifying a limited or sample set of investment alternatives based on only the size of the employer or plan, the current investment alternatives under the plan, or both. Finally, under this exception, the platform provider may provide objective financial data and comparisons with independent benchmarks to the plan fiduciary. However, if a platform provider offers advice that is customised to the needs of the plan, other than as specifically described above, the platform provider will be a fiduciary. To illustrate the fine line that the DOL is drawing in this area, the preamble to the Final Rule states that a platform provider may develop and offer standardised platforms that are segmented by size of plan, e.g., platforms for small, medium and large plans. According to the preamble, the platform provider may offer these segmented platforms to 26 | Financial Services Regulation the fiduciary of a small plan, but if the platform provider states that the small plan platform is appropriate for the small plan, the line is crossed and the platform provider may become a fiduciary. The preamble also confirms that the platform provider exception is available for 403(b) plans that are subject to ERISA. (3) General communications. Providing general communications that a reasonable person would not view as an investment recommendation, such as general circulation newsletters, commentary in publicly broadcast talk shows, remarks in widely attended speeches and conferences, research or news reports prepared for general distribution, general marketing materials, general market data, price quotes, performance reports or prospectuses. (4) Investment education. Furnishing or making available to plan participants and beneficiaries information about the operation of the plan, general financial, investment and retirement information, and asset allocation models and interactive investment materials. This exception for investment education is subject to a number of restrictions, including restrictions that apply when identifying particular investment products or investment alternatives. Generally, asset allocation models and interactive investment materials provided to IRAs may not name specific investments. Transactions not treated as fiduciary advice The following activities would come within the general definition of fiduciary advice, but are excluded under special exceptions: (1) Transactions with independent fiduciaries with financial expertise. This “seller’s exception” allows communications that might otherwise trigger fiduciary status if the plan fiduciary receiving the communication is in a category presumed to be sophisticated about financial matters. These “independent fiduciaries with financial expertise” are presumed to understand that they are receiving a sales pitch and that the prospective “seller” is not acting in their best interest. The specified fiduciaries with financial expertise are (a) a bank, (b) an insurance company, (c) an entity registered as an investment adviser under the Investment Advisers Act of 1940 or registered as an investment adviser with the state in which it has its principal office, (d) a broker-dealer registered with the SEC, and (e) an independent fiduciary that holds, or has under management or control, at least $50 million Note: The Proposed Rule had a similar seller’s exception, but it was based on the number of participants in the plan, rather than the status of the plan’s independent fiduciary as a financial institution or its assets under management. The person providing the investment advice to the independent fiduciary of the plan or IRA must know or reasonably believe that the independent fiduciary is capable of evaluating investment risks independently, both in general and with respect to particular transactions and strategies. Also, the person providing the advice must inform the independent fiduciary that the person is not undertaking to provide impartial advice or to give advice as a fiduciary, and must disclose the existence and nature of the person’s financial interests in the transaction. The independent fiduciary must be independent of the person providing the advice, but apparently does not have to be independent of the IRA owner or the plan sponsor. In addition, this exception will not apply if the person recommending a transaction receives a fee from the plan, plan fiduciary, IRA or IRA owner for the provision of investment advice (as opposed to the provision of other services) in connection with the transaction. Thus, if the conditions are satisfied, this exception would cover the sale of an investment product to a plan represented by an independent fiduciary with financial expertise, as defined in the Final Rule, provided that the seller is not receiving a fee for advising the plan. (2) Swap and security-based swap transactions. This exception allows swap dealers, security-based swap dealers, major swap participants, major security-based swap participants and swap clearing firms to provide advice to plans in connection with these types of swap transactions. The plan must be advised by an independent fiduciary, and the swap dealer, etc., may not receive a fee directly from the plan or plan fiduciary for providing advice (as opposed to other services) to the plan. (The www.dlapiper.com | 27 independent fiduciary is not required to be an “independent fiduciary with financial expertise” as defined in the seller’s exception.) The person providing the advice must obtain a written representation from the plan fiduciary confirming the person’s non-fiduciary status. (3) Advice from employees. Employees of a plan sponsor (or its affiliate), employees of a plan or a plan fiduciary, and employees of an employee organization may provide advice in connection with certain matters without becoming a fiduciary if the employee does not receive compensation for the advice beyond the normal compensation for work provided for the employer and certain other conditions are satisfied. The employer’s job responsibilities cannot include the provision of investment advice, so this exception generally applies to incidental advice. Exception for execution of securities transactions. The execution of securities transactions by a broker, dealer or bank, without any solicitation of the trade and without the provision of any investment advice, does not result in fiduciary status under the Final Rule. However, the broker cannot have any significant discretion in connection with the transaction. For example, the instructions to the broker from the plan or IRA generally must include a price range for the transaction, a time span not longer than five business days, and the maximum or minimum amount to be purchased or sold. Best interest contract exemption The DOL has also revised and finalised the BIC exemption that it proposed last year. The BIC exemption is intended to allow financial institutions and the individual brokers and other advisers who work for financial institutions to market and sell investments to retail plan and IRA investors. The DOL refers to these investors as “Retirement Investors”, defined to include (1) a plan participant or beneficiary who can direct investments or decide to take a distribution, (2) the beneficial owner or an IRA acting on behalf of the IRA, and (3) a retail fiduciary, defined as a plan or IRA fiduciary that is not an “independent fiduciary with financial expertise” as defined in the Final Rule. Note: Under the definition of fiduciary in the Final Rule, marketing of investments to non-retail investors (i.e., plans advised by an “independent fiduciary with financial expertise”) can be done without triggering fiduciary status. Without an exemption such as the BIC exemption, a fiduciary to a plan or IRA cannot recommend an investment to a retail investor if it will receive a fee or other compensation as a result of the recommendation. Deletion of the approved asset list The final BIC exemption does not include the approved list of investment assets that was a feature of the proposed BIC exemption. Thus, any category of asset can be marketed to Retirement Investors, including IRAs, if the conditions of the exemption are otherwise satisfied. In the preamble to the final regulation, however, the DOL states: “The fact that the exemption was broadened [to eliminate the approved asset list] does not mean the [DOL] is no longer concerned about some of the attributes of the investments that were not initially included in the proposed definition of Asset, such as unusual complexity, illiquidity, risk, lack of transparency, high fees or commissions, or tax benefits that are generally unnecessary in these tax preferred accounts. . . . Moreover, the [DOL] intends to pay special attention to recommendations involving such products after the applicability date to ensure adherence to the Impartial Conduct Standards and verify that the exemption is sufficiently protective.” General requirements To rely on the exemption, financial institutions and advisers must do the following: (1) adhere to Impartial Conduct Standards, as defined in the exemption; (2) acknowledge that they are acting as fiduciaries under ERISA or the Code, or both; (3) adopt policies and procedures designed to ensure that advisers adhere to the Impartial Conduct Standards; (4) disclose important information relating to fees, compensation and material conflicts of interest; and (5) retain records demonstrating compliance with the exemption. Impartial conduct standards – the best interest standard. The financial institution relying on the BIC exemption must state that it and its individual advisers will adhere to the following standards (the best interest standard), and 28 | Financial Services Regulation must in fact comply with the standards: (1) The investment advice provided must be, at the time of the recommendation, in the best interest of the Retirement Investor. The adviser must take into account the investment objectives, risk tolerance, financial circumstances and needs of the Retirement Investor, without regard to the financial or other interests of the adviser, the financial institution or any affiliate or related entity, or other party. (2) The compensation of the financial institution, the adviser and their affiliates in connection with the advice must not exceed “reasonable compensation” as determined under ERISA and the Code. (3) Statements by the financial institutions and the adviser to the Retirement Investor must not be materially misleading when they are made. In the preamble to the BIC exemption, the DOL makes comments about the best interest standard that may be intended to make it more workable: ■ “Without regard to the financial or other interests of the adviser” does not preclude the receipt of fees or other compensation by the adviser. ■ The best interest standard “does not impose an unattainable obligation on advisers and financial institutions to somehow identify the single ‘best’ investment for the Retirement Investor out of all the investments in the national or international marketplace, assuming that such advice were even possible.” ■ “An adviser and financial institution do not have to recommend the transaction that is the lowest cost or generates the lowest fees without regard to other relevant factors.” Despite these statements in the preamble, however, the burden of proof will be on the financial institution or adviser, and it may be difficult for a financial institution or adviser to establish that its recommendations do not take into account the fees that it will receive, and that the recommended investment is in the best interest of the client or customer. Written contract requirement In the case of investment advice provided to an investor that is an IRA or Non-ERISA Plan, the financial institution must enter into a written contract with the investor, to be signed by the investor and the financial institution, stating that the financial institution and its advisers are fiduciaries and warranting that they will comply with the Impartial Conduct Standards, including the best interest standard. The contract must be entered into prior to or at the same time as the execution of the investment transaction that results from the investment advice. If the investment advice precedes the signing of the contract, the contract must by its terms apply to the period prior to the signing of the contract. The DOL has suggested that a financial institution might comply with this timing requirement by incorporating the written contract into its account opening procedures. The written contract may include an arbitration provision, but it may not include exculpatory language limiting the financial institution’s or the adviser’s liability for violation of the contract. Also, the contract may not preclude the investor’s participation in a class action lawsuit to enforce the terms of the contract. This written contract requirement was included for IRAs and non-ERISA plans because the DOL has no enforcement authority over such entities. The written contract requirement does not apply to ERISA plans, but such plans can sue under ERISA to enforce the requirements of the fiduciary regulation and the obligations undertaken pursuant to the BIC exemption. Quotas, bonuses, other differential compensation As part of the required policies and procedures to prevent conflicts of interest, the financial institution must not use quotas, appraisals, performance or personnel actions, bonuses, contests, special awards, differential compensation or other actions or incentives that are intended or would reasonably be expected to cause advisers to make recommendations that are not in the best interest of a Retirement Investor. The DOL will permit the payment of differential compensation to advisers for different investment products, but solely in cases where the additional compensation reflects a neutral factor, such as the additional effort that may be needed to sell more complex investment products, such as variable annuities. www.dlapiper.com | 29 Note: The DOL has said that it is not mandating level fees and that other compensation arrangements are permissible. However, in many contexts, these required policies and procedures will require advisers to be compensated using a level fee arrangement. Apparently a financial institution that employs brokers or other advisers may receive differential compensation in connection with investment transactions, e.g., due to the different costs associated with different products, such as equity funds vs. fixed income funds, provided that the advisers who sell the investments are paid using a level fee or other method that avoids or mitigates conflicts of interest. Disclosure The required disclosure includes disclosure of material conflicts of interest and the policies that have been adopted to mitigate them, typical fees and service charges, payments (if any) to be received from third parties in connection with the accounts, and whether the financial institution offers proprietary products. In addition, the financial institution must maintain a website with this information. The disclosures do not have to be repeated for sales of the same investment product within one year of the original disclosure, unless there are material changes. Level fee fiduciary If a financial institution or adviser that is a fiduciary charges a level fee − that is, a fee based on a fixed percentage of the value of the assets under management or a set fee that does not vary with the particular investment recommended − then a streamlined set of requirements will apply in lieu of certain of the above requirements. The fiduciary must acknowledge its fiduciary status, and it must comply with the Impartial Conduct Standards, including the best interest standard. Also, if the level fee fiduciary recommends that a Retirement Investor roll over assets from a plan to an IRA, the fiduciary must document the specific reasons for the recommendation and why it was in the best interest of the Retirement Investor. The documentation must consider the alternatives to the rollover, including leaving the assets in the Retirement Investor’s current employer’s plan, taking into account whether plan administrative expenses are paid by the employer or the plan. If an adviser recommends converting a commission based account to a level fee account, the adviser must document why that is in the best interest of the Retirement Investor. Note: Although the DOL seems to favor level fee arrangements, the DOL expressed concern in the preamble that an adviser might recommend the conversion of an inactively traded commission account to a level fee advisory fee account, where the conversion would significantly increase the costs paid to the adviser or the financial institution. The DOL would not consider such advice to be in the best interest of the client or customer. If the adviser, financial institution or any affiliate receives sales commissions in addition to the level fees, the streamlined procedures of the level fee exception will not apply, and the arrangement will have to comply with the full requirements of the BIC exception. Proprietary products and third-party payments The BIC exemption explicitly permits a financial institution to restrict an adviser’s recommendations to proprietary products or to investments that generate third-party payments. Under this provision, the financial institution and adviser are deemed to satisfy the best interest standard, provided that they satisfy a number of conditions. The exception requires additional disclosure to the Retirement Investor of the conflicts involved. In addition, the financial institution must reasonably conclude that the limitations on the universe of recommended investments and material conflicts of interest will not result in unreasonable compensation or cause the financial institution or its advisers to recommend imprudent investments, and the financial institution must document in writing the bases for these conclusions. Also, the recommendations must be based on the investment objectives, risk tolerance, financial circumstances and needs of the Retirement Investor, and not the financial or other interests of the Adviser. Observation: The conditions that apply to the sale of proprietary products and the receipt of third-party payments present a high threshold, one that may not be easy for a financial institution or adviser to meet. Sellers of relatively low-fee proprietary investments may be able to make the case that they qualify, but many financial institutions and advisers will find it difficult to accept the risk that they can be second-guessed by 30 | Financial Services Regulation Retirement Investors or the DOL: “Your proprietary products are more expensive than certain generic investment alternatives. Prove that the Retirement Investor is not disadvantaged, and prove that you have not taken your fees (or third-party payments) into account in making the recommendation.” Exception for purchase of insurance and annuity contracts The BIC exemption generally does not apply to compensation received in connection with a principal transaction. However, the BIC exemption includes an exemption for the purchase of an insurance or annuity contract from an insurance company that has a pre-existing service provider or party in interest relationship to the plan or IRA, a transaction that would otherwise be a prohibited transaction. Certain conditions must be satisfied, including that (1) the compensation for any services rendered in connection with the transaction must be reasonable and (2) the terms of the transaction must be at least as favourable as terms available in an arm’s length transaction. Note: Insurance agents and brokers who recommend and sell variable annuities, indexed annuities and similar annuities to Retirement Investors must comply with the requirements of the BIC exemption in the same manner as the sellers of other investment products. Sellers of fixed rate annuities, however, may rely on amended prohibited transaction 84-24, which imposes somewhat less stringent conditions. Notice to DOL. A financial institution must notify the DOL before receiving any compensation if it intends to rely on the BIC exemption. The notice does not have to identify clients or transactions, and a single notification will suffice. The BIC exemption generally has the same applicability date as the Final Rule, that is, it applies to transactions on or after 10 April 2017. However, during a transition period between 10 April 2017 and 1 January 2018, only a limited set of conditions will apply. For example, the requirement to enter into a contract with non-ERISA plans and IRAs will not apply during the transition period. Exemption for pre-existing transactions Transition relief is provided for securities or other investment property acquired before the applicability date under the Final Rule, subject to disclosure and reasonable compensation conditions. The pre-existing investment transition relief also applies to investments made after the applicability date pursuant to a systematic purchase program established before that date. The transition relief also covers additional investment advice with respect to the pre-existing investments after the applicability date, such as whether to sell or continue to hold the investments, subject to a limited set of conditions, including a reasonable compensation condition. Additional follow-on investments in the pre-existing investments that are made after the applicability date will not be subject to transition relief unless they are made under a systematic purchase program. Principal transaction exemption In 2015, the DOL proposed a new exemption that would allow an investment advice fiduciary to engage in the sale and purchase of certain debt securities to or from a plan or IRA, where the investment advice fiduciary is acting as a principal in the transaction. The DOL has now finalised that exemption with some modifications, as follows: ■ The revised principal transaction exemption covers interests in unit investment trusts and certificates of deposit, as well as the debt instruments covered by the proposed exemption. ■ The revised exemption does not include a requirement to obtain two independent price quotes for the debt securities involved. ■ The revised exemption does not require disclosure of the mark-down or mark-up of the debt investments purchased or sold. ■ The revised exemption eliminates the contract requirement for ERISA plans (similar to the contract requirement in the BIC exemption), and provides that the contract requirement for non-ERISA plans and IRAs may be satisfied at any time prior to or at the time the investment transaction is completed. ■ The revised exemption contains streamlined disclosure requirements, compared to the proposed exemption. ■ The revised exemption includes a mechanism for correcting good faith violations of the disclosure conditions. ■ The revised exemption covers “riskless principal transactions”, as defined below. www.dlapiper.com | 31 The final version of the exemption covers purchases and sales of “principal traded assets”. In the case of purchases by a Retirement Investor, a principal traded asset is defined as a debt security, a certificate of deposit or an interest in a unit investment trust. For this purpose, a debt security includes a registered debt security issued by a US corporation, an agency debt security, an asset backed security guaranteed by an agency or by a government sponsored enterprise, and a US Treasury security. In the case of sales by a Retirement Investor, a principal traded asset includes any securities or other investment property. The broader definition for sales by a plan or IRA is intended to enhance the liquidity of investments for such investors. In the case of the purchase of a debt security, the adviser must determine that the debt security possesses no more than a moderate credit risk, and that it is sufficiently liquid that it could be sold at or near its carrying value within a reasonably short period of time. The preamble to the exemption states that the “moderate credit risk condition” is intended to identify investment grade securities, although the DOL acknowledges that the Dodd-Frank Act does not permit explicit reliance on credit ratings. In addition, the final principal transaction exemption covers “riskless principal transactions” involving principal traded assets. A riskless principal transaction is a transaction in which a financial institution, after having received an order from a Retirement Investor to buy or sell a principal traded asset, purchases or sells the asset for the financial institution’s own account to offset the contemporaneous transaction with the Retirement Investor. Commenters on the proposed principal transaction exemption had told the DOL that many transactions with plans are carried out as riskless principal transactions, and that such transactions are similar to agency transactions in which a financial institution acquires an investment for an investor without taking title to the investment. This type of transaction does not involve the risk that a financial institution will “dump” an unfavorable investment it has made on the Retirement Investor. The conditions for application of the principal transaction exemption are similar to the conditions of the BIC exemption. The financial institution that engages in the transaction with a Retirement Investor must adhere to the best interest standard, acknowledge fiduciary status, avoid misleading statements, disclose fees and material conflicts of interest and adopt policies and procedures designed to mitigate conflicts of interest. These requirements must be included in a written contract if the transaction is with an IRA or non-ERISA plan. The financial institution must also seek to obtain best execution of the transaction. Amended exemptions The DOL finalised a number of changes to existing prohibited transaction exemptions (PTEs), generally in line with the proposed changes to exemptions in 2015. Two key changes were the incorporation of the Impartial Conduct Standards into existing exemptions, and the revision of certain exemptions to exclude IRAs, forcing them to rely on the BIC exemption. The changes to the exemptions, which will be effective on 10 April 2017, include the following: ■ PTE 84-24 was amended to limit that exemption to fixed rate annuity contracts, and to exclude plan and IRA purchases of annuities that do not fit the definition of fixed rate annuity contracts. Those other annuity contracts, i.e., variable annuities, indexed annuities and similar annuities, now must qualify for exemption under the BIC exemption. In addition, PTE 84-24 was amended to incorporate the Impartial Conduct Standards (although not the contract requirement) for transactions covered by the exemption and to eliminate the exemption for IRA purchases of investment company securities. ■ PTE 86-128 and parts of PTE 75-1, which permitted the receipt of fees in connection with certain mutual fund and other securities transactions entered into by plans and IRAs, were amended to include the Impartial Conduct Standards and to exclude IRAs from the exemption, forcing them to rely on the BIC exemption. ■ PTE 75-1, which allowed broker dealers to extend credit to a plan in connection with the purchase or sale of securities, was amended to extend the exemption to the receipt of fees for the extension of credit to a plan or IRA by a broker dealer to avoid a failed securities transaction. Please contact firstname.lastname@example.org, or email@example.com for further information. 32 | Financial Services Regulation IMPORTANT CHANGES TO AML RULES FOR INVESTMENT ADVISERS COMING THIS YEAR The Financial Crimes Enforcement Network of the US Department of the Treasury (FinCEN) published a proposed rule in August 2015 which scoped certain investment advisers into the definition of “financial institution” and subjected them to certain requirements under the anti-money laundering (AML) program and Bank Secrecy Act (BSA). The comment period for the proposed rule ended on 2 November 2015, during which time the agency received 31 comments from trade associations, banking and non-banking organizations, credit unions and individuals, among others. In the proposed rule, FinCEN would require investment advisers that are registered or are required to be registered with the SEC (generally those with US$100 million or more in regulatory assets under management, or those not regulated by a state authority) to maintain AML programs and to file reports of suspicious activity. FinCEN noted, however, that it may consider expanding the scope in the future to include small and mid-sized advisers because they are also at risk for “abuse by money launderers, terrorist financers, and other illicit actors.” By scoping SEC-regulated investment advisers into the definition of “financial institution” under the BSA at this time, FinCEN would also require these investment advisers to abide by the requirements of the BSA that are generally applicable to financial institutions and allow for coordination between FinCEN and the SEC for application and examination of the requirements. By amending the definition of “financial institution”, FinCEN believes that it is closing the door to potential financers of terrorism or money launderers who could otherwise take advantage of investment advisers’ lack of AML programs and/or BSA compliance to gain access to the US financial system. FinCEN also proposes to delegate its authority over enforcement of the rule to the SEC, which already regulates the registered investment advisers to whom this rule applies. Under the BSA, regulated institutions are required to monitor and report suspicious activity and comply with Currency Transaction Report (CTR) filings, the recordkeeping requirements for certain transmittals of funds over US$3,000, and information sharing requests pursuant to the USA PATRIOT Act. The new requirement for investment advisers to file CTRs replaces the existing Form 8300 for the receipt of cash or negotiable instruments in an amount greater than US$10,000. The risk-based AML requirements that would be applicable to investment advisers include a written AML program, approved by the board of directors or trustees of the investment adviser and made available to FinCEN or the SEC upon request. At this time, FinCEN is not imposing the burdensome customer identification program requirements or certain other requirements of the BSA on investment advisers, but expects to do so in subsequent rulemaking issued jointly with the SEC. In connection with the proposed rule, FinCEN posed several questions to potential commenters regarding the risk for abuse by money launderers and terrorist financers: whether the rule adequately captures the institutions that are most vulnerable to this risk; whether foreign advisers should also be captured in the definition of “financial institution”; and what the potential burden may be on the regulated institutions. These and other issues will likely be addressed in the final rule, which will likely be published by FinCEN in 2016. As proposed, investment advisers would have six months from the date on which the rule becomes final to implement and comply with its requirements. We also anticipate further joint rulemakings between SEC and FinCEN in the coming months. Please contact firstname.lastname@example.org or email@example.com for further information. EXPANDING PERSONAL LIABILITY FOR CHIEF COMPLIANCE OFFICERS: MINNESOTA FEDERAL COURT DECISION, PROPOSED NEW YORK REGULATION CONTINUE THE TREND A recent decision from a federal district court and a proposed regulation from the New York State Department of Financial Services provide even more reason for compliance officers at financial institutions to install robust anti-money laundering compliance programs. Under the district court decision and proposed regulation, chief compliance officers would be personally subject to both civil and criminal liability if their institution’s anti-money laundering compliance programs are incapable of detecting and stopping illicit transactions. In January, a federal district court held that the compliance officers of financial institutions can be held civilly liable for failing to ensure their institution’s compliance with the www.dlapiper.com | 33 Bank Secrecy Act of 1970’s anti-money laundering provisions. In U.S. Dep’t of Treasury v. Haider, No. 0:15-cv-01518 (D. Minn.), the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) alleged that MoneyGram’s former chief compliance officer − Thomas Haider − failed to take sufficient action to terminate, and failed to file Suspicious Activity Reports (SARs) in relation to transactions he had reason to believe were related to money laundering, fraud, or other illegal activity. FinCEN fined him US$1 million and brought action in federal court to collect the fine. Haider sought dismissal of the fine, arguing that the Bank Secrecy Act applies to institutions, not individuals. The court disagreed and denied his motion, reasoning that the Bank Secrecy Act’s civil penalties provision applies to partners, directors, officers, and employees of financial institutions. No final disposition has been reached in the case, but the district court’s decision makes clear that FinCEN is empowered to impose personal liability on compliance officers. In addition to a US$1 million fine, Haider faces a permanent ban from employment in the financial industry. The District Court’s decision followed closely on the heels of New York Governor Andrew Cuomo’s issuance of a proposed regulation that would require the chief compliance officers (or their functional equivalent) of financial institutions to annually certify that their anti-money laundering compliance programs are effective at identifying and preventing illicit transactions. If a compliance officer’s certification is later found to be false, the officer would be subject to criminal liability. Governor Cuomo’s proposal was motivated by concerns that terrorist organizations are using American banks as pass-throughs for illicit funds. A final rule has not yet been issued (though one is expected in the coming weeks), but, under the proposed regulation, compliance officers would be required to certify that their anti-money laundering compliance programs include, among other things, the following: ■ a satisfactory monitoring program that identifies transactions that potentially violate the Bank Secrecy Act or other anti-money laundering laws and regulations, or which give rise to Suspicious Activity Reporting obligations. What constitutes a satisfactory monitory program will be dependent upon the risk profile of the institution, as well as its businesses, products, services, and customers; ■ a Watch List filtering program that prevents the execution of any transactions prohibited by sanctions, including OFAC and other sanctions lists, politically exposed persons lists, and internal watch lists; ■ sufficient oversight to ensure that both the Watch List filtering program and transaction monitoring program are operated by qualified and well-trained personnel or vendors; and ■ periodic auditing and testing of the anti-money laundering programs efficacy. The imposition of personal liability on chief compliance officers is part of the regulators’ broader interest in compliance failures at the highest levels of financial institutions. On 21 February 2016, the Financial Industry Regulatory Authority (FINRA) sent letters to a dozen financial firms, inquiring about the methods by which the firms establish and maintain a culture of compliance. In addition to requesting general information on the firms’ practices, FINRA specifically requested information on how the firms established a ‘tone from the top’. FINRA characterised the request letters as an attempt to better understand how culture affects compliance, but the focus on the ‘tone from the top’ suggests FINRA perceives or is at least particularly concerned about deficiencies among the highest ranking executives of financial firms. Please contact firstname.lastname@example.org, brett. email@example.com, firstname.lastname@example.org, or email@example.com for further information. THE BLOCKCHAIN REVOLUTION, SMART CONTRACTS AND FINANCIAL TRANSACTIONS Originally developed as the technology underpinning bitcoin, blockchain has been heralded as an innovative technology with wide-ranging application beyond digital currency (or cryptocurrency), including as a platform for so-called smart contracts (self-executing, autonomous computer protocols that facilitate, execute and enforce commercial agreements between two or more parties). As discussed below, blockchain-based smart contracts have enormous potential to streamline financial transactions and reduce the counterparty risk associated with monitoring or enforcing contractual obligations. 34 | Financial Services Regulation Blockchain Blockchain technology refers to the use of a distributed, decentralised, immutable ledger for verifying and recording transactions. The technology enables parties to securely send, receive, and record value or information through a peer-to-peer network of computers. When parties wish to conduct a transaction on the blockchain, the proposed transaction is disseminated to the entire network. The transaction will only be recorded on a block once the network confirms the validity of the transaction based upon transactions recorded in all previous blocks. The resulting chain of blocks prevents third parties from manipulating the ledger and ensures that transactions are only recorded once. The smart contract Although the blockchain was developed to facilitate cryptocurrency transactions, entrepreneurs are now developing the technology for use in smart contracts. To develop a smart contract, the terms that make up a traditional contract are coded and uploaded to the blockchain, producing a decentralised smart contract that does not rely on a third party for recordkeeping or enforcement. Contractual clauses are automatically executed when pre-programed conditions are satisfied. This eliminates any ambiguity regarding the terms of the agreement and any disagreement concerning the existence of external dependencies. One of the most important characteristics of the blockchain as it relates to smart contracts is the ability to enter into “trustless” transactions. Trustless transactions are transactions that can be validated, monitored, and enforced bilaterally over a digital network without the need of a trusted third-party intermediary. Multi-signature (or multi-sig) functionality can be incorporated into smart contracts where the approval of two or more parties is required before some aspect of the contract can be executed (e.g., an escrow agreement between two parties and an escrow agent). Where a smart contract’s conditions depend upon real-world data (e.g., the price of a commodity future at a given time), agreed-upon outside systems, called oracles, can be developed to monitor and verify prices, performance, or other real-world events. Using smart contracts in financial deals Financial transactions are one potential way to use smart contracts. Smart derivatives contracts could be coded so that payment, clearing, and settlement occur automatically in a decentralised manner, without the need for a third-party intermediary, such as an exchange or clearinghouse. For example, a smart derivatives contract could be pre-programmed with all contractual terms (i.e., quality, quantity, delivery) except for the price, which could be determined algorithmically from market data fed through an oracle.1 Margin could be automatically transferred upon margin calls and the contract could terminate itself in the event of a counterparty default. The blockchain would perform the record-keeping, auditing, and custodial functions traditionally performed by intermediaries, resulting in transactional cost savings for the contracting parties. With financial technology start-ups continuing to develop smart contracts for financial transactions, securities and derivatives regulators will ultimately need to formulate an approach for regulating their use. Several regulators have already signalled their intention to examine the use of blockchain technology in the financial sector. While smart contracts are potentially attractive to regulators, since they increase transaction security and reduce the risk of manipulation, their implementation may raise difficult legal and regulatory challenges. Please contact firstname.lastname@example.org or email@example.com for further information. THE U.S. AND THE EU REACH AN HISTORIC AGREEMENT ON CCPS GLOBAL EQUIVALENCE: HOW WILL IT AFFECT YOU? On 10 February 2016, the U.S. Commodity Futures Trading Commission (“CFTC”) and the European Commission agreed on a common approach to harmonising transatlantic regulations regarding the central clearing of derivatives by clearing houses, or central clearing counterparties (“CCPs”).2 The agreement represents an historic step in allowing market participants to utilise clearing infrastructures in both the U.S. and Europe, and assuring a level playing field for U.S. and EU CCPs.3 1 . Houman B. Shadab, Written Statement to the Commodity Futures Trading Commission Global Markets Advisory Committee: Regulating Bitcoin and Block Chain Derivatives (Oct. 9, 2014), available at http://www.cftc.gov/idc/groups/public/@aboutcftc/documents/file/gmac_100914_bitcoin.pdf. www.dlapiper.com | 35 Prior to this agreement, U.S. and EU regulators had been unable to unite their efforts to regulate CCPs under a unified regulatory regime. CCPs interpose themselves between counterparties in derivatives transactions to ensure future performance of open contracts and mitigate the transaction risk posed by potential defaults. Given the extent to which the derivatives market is driven by cross-border transactions between the U.S. and Europe, the lack of unity in their approaches to derivatives clearing created a costly and complex regulatory framework. Under the agreement, the U.S. and the EU will harmonize their clearing requirements and work together to oversee CCP compliance with a more uniform set of rules. 1. Impact for the EU For its part, the EU will require customers of clearing houses to post more margin, allowing it to align with U.S. standards. To implement the agreement, the European Commission intends to adopt an equivalence decision regarding CFTC requirements. Once recognised by the European Securities and Markets Authority (EMSA), the equivalence decision will permit U.S. CCPs to continue providing services in the EU by complying with CFTC requirements. They will also be considered a “qualifying CCP” under the European Capital Requirements Regulation, therefore lowering costs for European banks.4 The EU’s equivalence decision is conditioned on a determination that CFTC-registered U.S. CCPs have internal policies and procedures to ensure that: (1) sufficient initial margin is collected to satisfy a two-day liquidation period for clearing members’ proprietary positions in exchange traded derivatives; (2) initial margin models incorporate measures to mitigate the risk of procyclicality; and (3) default resources are maintained to withstand default by two members with the largest credit exposure.5 The aforementioned conditions will not apply to U.S. agricultural commodity derivatives traded and cleared domestically, since such markets are relatively isolated from the larger financial system. 2. Impact for the U.S. Correspondingly, the U.S. will require more margin to be posted by members of clearing houses (such as banks) to align requirements with EU standards. In discussing the agreement, Chairman Massad suggested that “CCPs on both sides of the Atlantic will be held to high standards and that the CFTC and European authorities will work together on oversight of these CCPs.”6 The CFTC plans to adopt a substituted compliance determination allowing EU CCPs to adhere to CFTC’s rules by complying with corresponding European requirements. This determination will apply to EU CCPs already registered as derivatives clearing organizations (DCOs) with the CFTC, as well as those planning to register with the CFTC under the substituted compliance regime. The agreement comes in advance of the 21 July 2016 deadline for phasing in mandatory derivatives clearing in the EU. Without the accord between the U.S. and EU, European banks using U.S. clearing houses would have faced a significant increase in capital requirements for transactions occurring from 21 July onwards. While ESMA has up to 180 working days to consider a recognition of equivalence, the European regulator has indicated that it plans to recognise the decision as soon as practicable once U.S. CCPs meet their conditions under the decision.7 The CFTC has also indicated that it plans to streamline the registration process for EU CCPs seeking to register with it through the substituted compliance programme. Please contact firstname.lastname@example.org (US) or email@example.com (UK) for further information. 2 . Joint Statement between the U.S. Commodity Futures Trading Commission and the European Commission on Common Approach for Transatlantic CCPs, (Feb. 10, 2016), available at http://ec.europa.eu/finance/financial-markets/docs/derivatives/20160210-eu-cftc-joint-statement_en.pdf [hereinafter Joint Statement]. 3 . The common approach references only the CFTC’s requirements for derivatives clearing organizations and not the requirements for clearing agencies established by U.S. Securities and Exchange Commission (“SEC”), though the European Commission is working with SEC staff to incorporate clearing agency requirements into its equivalence analysis. 4 Commission Regulation 575/2013 of the European Parliament and of the Council of 26 June 2013 on Prudential Requirements for Credit Institutions and Investment Firms and Amending Regulation 648/2012, 2013 O.J. (L 176), 1. 5 Joint Statement, supra note 1. 6 Timothy Massad, Chairman, Commodity Futures Trading Comm’n, Statement of Chairman Regarding Common Approach for Transatlantic CCPs (Feb. 10, 2016).
On 2 March 2016, the Consumer Financial Protection Bureau (CFPB) issued an enforcement action in a consent order to resolve claims against a financial technology (FinTech) firm that provides an online platform for payment transactions. The consent order, which will be in effect for five years, requires that the FinTech firm: (1) pay a civil monetary penalty of US$100,000; (2) enact various measures designed to better protect the personal information of its customers; and (3) undergo semi-annual data security assessments and annual data security audits.
Consent order findings
The consent order relates to the firm’s consumer disclosures regarding data security practices, which the CFPB alleges violated the unfair, deceptive, and abusive practices (UDAAP) provisions of the Consumer Financial Protection Act (CFPA). According to the CFPB, the firm misrepresented that its data security controls, network, and transactions were “safe and secure” and compliant with Payment Card Industry (PCI) standards. The firm also misrepresented on its website or in direct communications with consumers that its data security practices “exceed... or surpass industry security standards” and set “a new precedent for the industry for safety and security.”
In fact, the CFPB determined that the firm was not PCI compliant, did not use encryption technologies to safeguard personal information, and solicited such information directly from customers via email. According to the CFPB, the firm failed to: (1) adopt and implement reasonable data security measures appropriate for the firm; (2) conduct risk assessments to identify foreseeable security risks; (3) provide adequate data security training to its employees; and (4) practice secure software development with respect to consumer-facing applications. The CFPB concluded that the firm’s data security statements constituted deceptive acts likely to mislead a reasonable consumer into believing that the firm had reasonable and appropriate data security practices in place.
Despite the relatively modest civil monetary penalty imposed by the CFPB, the enforcement action is noteworthy for a few key reasons:
It is the first data security-related enforcement action for the CFPB, an agency created by the Dodd-Frank Act to enforce consumer financial protection laws. The agency joins a host of other federal regulators policing this space, including the Federal Trade Commission, Securities and Exchange Commission, Commodity Futures Trading Commission, Financial Industry Regulatory Authority, National Futures Association, and Department of Justice.
As a preliminary matter, the CFPB confirmed its belief that the firm was a “covered person” under the CFPA. This shows a fairly extensive reach by the CFPB to FinTech firms that play a role, but are not the primarily participants, in consumer financial transactions.Until this point, the CFPB has primarily focused its attention on direct lenders, servicers and other participants in the consumer credit space. The CFPB’s decision to bring an enforcement action against a payment processing startup is an indication that the agency is expanding its focus to include additional market participants who pose data security risks to consumers.
In the consent order, the CFPB never alleges that the firm was ever the victim of any data breach. This indicates that the agency is adopting an aggressive stance in prosecuting firms for failing to adequately protect personal information, even in the absence of any unauthorised disclosure of such information to third parties.
Key takeaways for FinTech companies
FinTech firms that play a role in consumer financial transactions should be aware of the CFPB and its enforcement authority, particularly under the UDAAP provisions of the CFPA. Moreover, FinTech firms subject to CFPB oversight should examine public statements regarding their data security practices to ensure that they accurately reflect the state of their programmes. The consent order also provides useful guidance for FinTech firms wishing to assess how their data security practices measure up against CFPB expectations and seeking insights into expectations related to substantial board of directors’ oversight and involvement.