New Rules, Proposed Rules and Guidance
Division of Investment Management Issues Guidance Update Regarding Compliance with Exemptive Orders
In May 2013, the SEC’s Division of Investment Management issued a guidance update emphasizing the importance of complying with representations and conditions of exemptive orders. The guidance follows a June 2011 report from the SEC’s Office of Inspector General which noted examples of firms failing to comply with the representations and conditions of exemptive orders and made recommendations intended to enhance the SEC’s oversight of compliance with exemptive orders. Additionally, in February 2013, the SEC’s Office of Compliance Inspections and Examinations listed compliance with exemptive orders as a 2013 examination focus area. For entities that receive and rely on exemptive orders, the guidance update serves as a reminder that non-compliance with the representations and conditions of such orders may result in a violation of the federal securities laws and that the consequences of noncompliance may be severe. The Division of Investment Management suggests that investment companies and investment advisers adopt and implement policies and procedures reasonably designed to ensure compliance with each representation and condition of an order.
SEC and CFTC Adopt Rules to Help Detect and Prevent Identity Theft
On April 10, 2013, the SEC and the CFTC adopted joint rules and guidelines in order to address identity theft, as required by the Dodd-Frank Act. The rules and guidelines adopted by the SEC and CFTC are substantially similar to the identity theft rules jointly adopted in 2007 by the Federal Trade Commission and several other federal agencies (the Agencies). Entities regulated by the SEC and CFTC that are currently subject to the Agencies’ identity theft rules will now be subject to the SEC and CFTC rules. The adopting release notes that the final SEC and CFTC identity theft rules do not contain any requirements not already in the Agencies’ rules, nor do they expand the scope to cover any entities not already covered by the Agencies’ rules.
The final SEC and CFTC identity theft rules require “financial institutions” and “creditors” that offer or maintain “covered accounts” to develop and implement a written identity theft prevention program that includes reasonable policies and procedures to: (1) identify relevant red flags for the covered accounts; (2) detect the occurrence of red flags; (3) respond appropriately to any red flags when detected; and (4) periodically update the program to reflect changes in risks. With respect to the SEC rules, the scope of the definition of financial institutions generally covers broker-dealers, investment advisers and investment companies. With respect to the CFTC rules, the scope of the definition of financial institutions generally covers commodity pool operators, futures commission merchants and introducing brokers, among others. The SEC and CFTC rules also include guidelines that provide examples of red flags and the means to detect certain types of red flags, and other information intended to assist in the formulation and administration of an identity theft program.
The identity theft rules became effective on May 20, 2013, with a compliance date of November 20, 2013.
Division of Investment Management Issues Guidance on Requirements for Filing Social Media Communications
On March 15, 2013, the staff of the SEC’s Division of Investment Management issued guidance regarding the obligations of investment companies to file certain materials posted on their social media sites. The staff noted that many investment companies have been unnecessarily filing certain social media communications with FINRA out of an abundance of caution. The guidance provides examples of communications the staff believes do not need to be filed and those that should be filed, but cautions that whether or not a communication needs to be filed depends on the content, context and presentation of the particular communication and requires an examination of the underlying substantive information transmitted to the social media user along with consideration of any other facts and circumstances.
The following are examples of social media communications that the staff believes need not be filed:
- communications that include an incidental mention of a specific fund that is unrelated to a discussion of the investment merits of the fund;
- communications that include an incidental use of the word “performance” in connection with a fund without specifically mentioning some or all of the elements of the fund’s return;
- communications that include a factual introductory statement forwarding or including a hyperlink to information previously filed;
- communications that include an introductory statement unrelated to a discussion of the investment merits of a fund that forwards or includes a hyperlink to general investment and financial information; and
- communications that provide discrete factual information unrelated to a discussion of the investment merits of a fund in response to a social media user’s question. The response may direct the social media user to the prospectus or provide contact information of the issuer.
The following are examples of social media communications that the staff believes should be filed:
- communications that include a specific discussion of fund performance that either mentions some or all of the elements of a fund’s returns or promotes a fund’s returns; and
- communications, initiated by a fund, that discuss the investment merits of the fund.
OCIE Issues Risk Alert on Investment Adviser Custody Rule
On March 4, 2013, the staff of the National Examination Program (NEP) of the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert discussing compliance with the custody rule for investment advisers. The Risk Alert comes after the NEP identified significant custody-related deficiencies in about one-third of recent investment adviser examinations. The Risk Alert highlights the following common custody deficiencies and notes that investment advisers may want to consider their policies and procedures and compliance with the custody rule in light of such common deficiencies:
- Failure by investment advisers to recognize that they have custody. The NEP staff identified several situations where an investment adviser failed to recognize that it had custody over client assets, including where the investment adviser: served as trustee or had power of attorney for client accounts; provided bill-paying services for clients; had online access to clients’ personal accounts or had physical possession of client assets; received checks made out to clients without promptly returning to the sender; or acted as a general partner for a limited partnership or held a comparable position for a different type of pooled investment vehicle.
- Failure to meet the custody rule’s surprise exam requirements. The NEP staff noted the following deficiencies with respect to surprise exams: failure to file a Form ADV-E within 120 days after the date of the surprise exam and exams that were not true “surprises” because they were conducted at the same time every year.
- Failure to satisfy the qualified custodian requirements. The NEP staff noted that investment advisers failed to meet the “qualified custodian” requirements by: holding client assets in an account in the investment adviser’s name but not designating the investment adviser as trustee or agent; commingling client, proprietary and employee assets in one account; holding client certificates of securities in a safe deposit box controlled by the investment adviser; lacking a reasonable belief that a qualified custodian was sending account statements to a client on a quarterly basis; and failing to include a notification on account statements urging clients to compare the investment adviser’s account statements to the custodian’s account statements.
- Failure to meet the audit approach requirements. The NEP staff noted that some investment advisers relying on the “audit approach” with respect to pooled investment vehicles failed to comply with the custody rule because: the accountant that conducted the financial statement audit was not independent; the audited financial statements were not prepared in accordance with GAAP; the investment adviser made the audited financial statements available upon request rather than distributing them to all investors; the audited financial statements were not sent to investors within 120 days for private funds; the auditor was not registered with the PCAOB; or a final audit was not performed on liquidated pooled investment vehicles.
The Risk Alert is available at: http://www.sec.gov/about/offices/ocie/custody-risk-alert.pdf
Director of the Division of Investment Management Identifies Division Regulatory Initiatives and Discusses Intent to Dialogue with Fund Directors
In recent speeches to industry groups, Norm Champ, the new Director of the SEC’s Division of Investment Management, provided insight on the Division’s short-term and long-term regulatory initiatives. He also discussed the Division’s intent to seek to establish a dialogue with fund directors on various topics of interest to the Division. With respect to current Division regulatory initiatives, Mr. Champ identified three short-term priorities that are actively being worked on by Division staff: potential money market fund reform; finalized identity theft red flag rules and valuation guidance. He also highlighted five longer-term regulatory projects: a review of rules that apply to private fund advisers; a derivatives concept release; an ETF rule to eliminate the need to file certain exemptive applications; a variable annuity summary prospectus; and enhancements to fund disclosures about portfolio holdings and operations. With respect to the Division’s plans to dialogue with fund directors, Mr. Champ stated that the Division is interested in hearing about areas where directors believe directors add value and also those areas where oversight is more difficult to manage. Specifically, Mr. Champ stated that the Division would like to discuss whether directors are asked to oversee too many funds, whether directors’ responsibilities are appropriately allocated and whether they spend time on the issues where they can provide the most value. Since many issues faced by fund directors relate to individual fund expenses and performance, Mr. Champ noted that the Division staff wants to ensure that directors are able to focus their attention on a fund-by-fund basis. Other areas for discussion identified by Mr. Champ include whether fund directors are appropriately focused on fees paid to a fund’s sub-adviser as compared to the fees paid to the fund’s investment adviser in light of the services provided by each and whether fund directors are focused on fee arrangements with affiliated securities lending agents, including “fee-splits” on the investment returns of securities lending collateral.
The full texts of Mr. Champ’s remarks can be found at:
Funds Face Emerging Cyber Risks
With the increasing reliance on technology in the fund industry, cyber risk has emerged as an important new risk area for funds and boards to consider. Technology failures, including privacy breaches, computer viruses and system interruptions, can affect both funds and their shareholders. Such failures also may generate significant negative publicity for funds and their service providers. Similar to other risk exposures, boards may wish to understand the types and extent of cyber risks faced by the funds they oversee and the steps being taken by management and service providers to prevent or mitigate such risks. Boards also may want to consider the extent to which current insurance policies cover cyber-related losses and address any gaps in insurance coverage as circumstances warrant.
Litigation and Enforcement Actions
SEC Settles Charges Against Proxy Adviser for Failure to Safeguard Client Information
On May 23, 2013, the SEC settled charges against Institutional Shareholder Services Inc. (ISS) for failing to safeguard the confidential proxy voting information of clients. The SEC found that from 2007 to 2012, an ISS employee provided a proxy solicitor with material nonpublic information revealing how more than 100 of ISS’s clients were voting their proxy ballots. The SEC stated that, in exchange for this voting information, the proxy solicitor provided the ISS employee with approximately $11,500 in concert and sporting event tickets and charged approximately $20,000 in meals with the employee and other ISS employees. The SEC determined that ISS lacked sufficient controls over employee access to confidential client voting information. While ISS had a code of ethics prohibiting unauthorized disclosure of confidential client information, the SEC stated that ISS willfully violated Section 204A of the Advisers Act by failing to establish and enforce policies and procedures reasonably designed to prevent the misuse of confidential client information. ISS agreed to pay a civil penalty of $300,000 and to retain a compliance consultant to conduct a comprehensive review of its supervisory and compliance policies and procedures.
SEC Settles Charges Against Trustees and Service Providers of “Turnkey” Investment Company
On May 2, 2013, the SEC settled charges against the trustees, administrator and CCO service provider of the Northern Lights Fund Trust and the Northern Lights Variable Trust (the Trusts), finding that the trustees, administrator and CCO service provider violated the 1940 Act and various rules thereunder in connection with disclosures regarding the trustees’ approval of certain investment advisory contracts and approval of the compliance programs of the advisers to the Trusts’ series. The trustees, administrator and CCO service provider agreed to settle the SEC’s charges without admitting or denying the SEC’s findings. The Trusts offer multiple series managed by different unaffiliated advisers, administered by a single administrator and overseen by a single board of trustees, in an arrangement known as a “turnkey” investment company platform.
The SEC found that certain disclosures included in the Trusts’ shareholder reports relating to the factors the trustees considered in approving or renewing advisory contracts contained boilerplate language with false or misleading information. The SEC stated that, in one instance, the disclosure claimed that the trustees had considered peer group information about the advisory fee, yet the trustees never received this information. The SEC noted two other instances where the shareholder report disclosure implied that the advisory fee was not materially higher than the peer group range, when it was almost twice as high as the peer group’s mean. The SEC also determined that the administrator did not ensure that all applicable shareholder reports contained the mandatory disclosures about the trustees’ evaluation of advisory contracts and also failed to ensure that numerous series maintained and preserved their contract renewal files.
The SEC also found that the trustees did not follow the Trusts’ policies and procedures for approval of the compliance programs of advisers to the series of the Trusts. The SEC stated that the Trusts’ policies and procedures called for the trustees to approve the advisers’ compliance programs only after reviewing the advisers’ compliance manual or after receiving a summary of the essential parts of the compliance program from the CCO service provider. However, according to the SEC, the trustees’ approval of the advisers’ compliance programs was based primarily on their review of a brief written statement prepared by the CCO service provider stating that the advisers’ compliance manuals were “sufficient and in use” and a verbal representation by the CCO service provider that such manuals were adequate.
The SEC order found that the trustees caused violations of Section 34(b) of the 1940 Act; the trustees and the CCO service provider caused violations of Rule 38a-1 under the 1940 Act; and the administrator caused violations of Sections 30(e) and 31(a) of the 1940 Act and Rules 30e-1 and 31a-2 thereunder. The administrator and the CCO service provider agreed to pay $50,000 penalties each, and the administrator, the CCO service provider and the trustees agreed to engage an independent compliance consultant to address the violations found in the SEC order.