Subject to Inquiry

Subject to Inquiry

THE LATEST ON GOVERNMENT INQUIRIES AND ENFORCEMENT ACTIONS

Government Investigations and White Collar Litigation Group
Compliance, Energy Enforcement

FERC Directs NERC to Amend its Sanctions Guidelines by July 21, 2020

By Todd Mullins and Katlyn A. Davis Farrell

Entities registered with the North American Electric Reliability Corporation (NERC) to comply with mandatory electric reliability standards (Reliability Standards) or face civil penalties should take note of an order issued by the Federal Energy Regulatory Commission (FERC) on January 23, 2020 in Docket No. RR19-7-000 (January 23 Order).  In the January 23 Order, FERC, which oversees NERC in its role as the Electric Reliability Organization (ERO), ordered NERC to revise and refine its “NERC Sanctions Guidelines” that it uses to assess such penalties. NERC must submit a compliance filing no later than July 21, 2020, proposing amendments to its NERC Rules of Procedure to amend the Sanctions Guidelines consistent with FERC’s directives.

NERC and it Regional Entities have assessed hundreds of penalties every year since the late 2000s when NERC (subject to FERC review) gained enforcement authority over Reliability Standards violations. And, the stakes are potentially high with recent cases including several multi-million dollar fines. From a policy perspective, the importance of NERC penalties has grown with the recent focus of these regulators on cyber-security of the grid and as the NERC “Critical Infrastructure Protection” (CIP) program has matured greatly.  Preventing or mitigating the hacking of the grid is a major focus of both NERC and FERC.

In the July 23 Order, FERC accepted NERC’s “Five-Year Performance Assessment” and found that NERC continues to satisfy the statutory and regulatory requirements for certification as the ERO.  Yet, according to the January 23 Order, the NERC Sanction Guidelines (which are now 14 years old) may not have kept pace with the growth of the overall NERC program. FERC noted that, while it still agrees the guidelines are not to be used as a straightjacket to setting penalties, the thrust of the order is that NERC must add more specificity in how it gets from a fact pattern to a penalty number.  FERC directed NERC “to provide more transparency in th[e] guidelines as to how NERC and the Regional Entities apply the Base Penalty, Adjustment Factors and Non-Monetary Sanctions, and to submit for Commission review any ‘tools or formulae’ used to implement the Sanction Guidelines.” Specifically, NERC is directed to submit a compliance filing revising its Sanction Guidelines to explain how it addresses so-called “aggravating” factors such as:

  • Reliability risk
  • duration of violations
  • size of the entity
  • management involvement
  • repetitive violations
  • any other factors applied to increase a base penalty amount.

In its compliance filing, NERC also has to address how it applies factors that might reduce the penalty, such as:

  • settlement
  • self-reporting
  • admission of a violation
  • internal compliance programs
  • cooperation
  • any other credits used to decrease the base penalty amount.

Additionally, NERC must address whether and/or how non-monetary sanctions will be considered in reaching the final penalty amount; how to deal with multiple subsidiaries of a parent corporation that commit the same violations; how to calculate a single penalty for multiple violations by a single entity; and how NERC and the Regional Entities consider the violator’s financial ability to pay the penalty.

Although these sorts of factors have generally, and for years, been embraced by the existing Sanctions Guidelines, what has been missing up to now is any sort of explanation in NERC’s penalty cases as to how the various factors resulted in the actual penalty.  Moreover, NERC has never explained in general guidance, in any detailed way, how these factors weigh in the determinations.  This has left registered entities (and perhaps FERC itself – which must review and approve these penalties) somewhat mystified as to how various penalties in seemingly similar cases came out in seemingly different ways.  Notably, the factors outlined above bear a striking similarity to the factors outlined in FERC’s own Penalty Guidelines through which FERC assesses penalties in its own enforcement cases.  Indeed, this order may be the result of a judgment by FERC that NERC’s approach should more closely resemble the more formulaic approach used by FERC in assessing civil penalties.

As NERC proceeds with stakeholder processes to develop these new guidelines, registered entities should weigh in through their regular channels into NERC processes. And, when the process comes back to FERC for review in July of 2020, registered entities should monitor and consider participating in the docket and watch closely the developments thereafter. The outcome has the potential to affect NERC enforcement for years to come.

Other “areas for improvement” to be addressed in a separate compliance filing due no later than April 22, 2020 include:  1) information about whether and the extent to which NERC conducted audits of its Regional Entities during the five-year assessment period; 2) NERC’s process for developing and evaluating the success of guidance documents; 3) an explanation of NERC’s relationship with the Electric Information Sharing and Analysis Center (E-ISAC) and the use of E-ISAC metrics.

Compliance, Securities and Commodities

FINRA 2.0: FINRA Releases Its 2020 Risk Monitoring and Examination Priorities

By Cheryl Haas, Emily P. Gordy, Anitra T. Cassas, Molly White and Piper Waldron

FINRA’s examination program has undergone its most significant reorganization in decades. As stated in a press release, Oct. 1, 2018, FINRA’s goal for the reorganization was to “consolidate its Examination and Risk Monitoring Programs, integrating three separate programs into a single, unified program to drive more effective oversight and greater consistency, eliminate duplication and create a single point of accountability for the examination of firms.” The new look of the examination program was released, along with new management, on Dec. 12, 2019.

FINRA launches its revamped examination program with its release of its 2020 Risk Monitoring and Examination Priorities, issued on January 9th.

In 2020, FINRA is prioritizing risk monitoring, surveillance, and examination programs to further its mission of investor protection and market integrity.  The examination priorities are organized around four themes, which build on FINRA’s priorities from prior years:

  1. Sales practice and supervision;
  2. Market integrity;
  3. Financial management; and
  4. Firm operations.

One significant change in this year’s priorities letter is FINRA’s focus on providing guidance to firms – practical considerations and questions that firms should be focused on as they review their program for compliance with regulatory requirements. In the past, the letters have traditionally been a detailed description of issues and requirements. Providing practical guidance is far more valuable to firms and will aid their compliance efforts.

Sales Practice and Supervision

FINRA will continue to focus on areas it has discussed in previous annual priorities letters, including complex products, variable annuities, private placements, fixed income mark-up/mark-down disclosures, representatives acting in positions of trust or authority, and senior investors.  In addition to these areas, FINRA will evaluate firms’ compliance with obligations related to several new or emerging areas, discussed below.

Regulation Best Interest (Reg BI) and Form CRS

The SEC adopted Reg BI in June 2019, which establishes a “best interest” standard of conduct for broker-dealers.  The SEC also adopted a new form – Form CRS – which requires broker-dealers to provide a brief relationship summary to retail investors.  Firms must comply with Reg BI and Form CRS by June 30, 2020.

During the first half of 2020, FINRA plans to review firms’ preparedness for Reg BI.  After June 30, 2020, FINRA will focus on firms’ compliance with Reg BI, Form CRS, and related SEC guidance.  FINRA will work with the SEC to ensure consistency in evaluating broker-dealers and their associated persons for compliance with Reg BI and Form CRS.  FINRA’s 2020 Risk Monitoring and Examination Priorities Letter includes a list of factors FINRA may consider when reviewing firms for compliance with Reg BI.

Two of the questions posed by FINRA bear particular consideration: (1) Do your firm and your associated persons consider the express new elements of care, skill and costs when making recommendations to retail customers? (2) Do your firm and your associated persons consider reasonably available alternatives to the recommendation?  Both FINRA and the SEC have been explicit in their guidance that the Best Interest standard does not always mean the cheapest option available. That said, cost is a factor and the specific question regarding whether “reasonably available alternatives” will be an important consideration for firms. The regulators will be looking at what alternatives were available to firms to offer their customers and, if a firm chooses not to make those available, it will be important to ensure that there their review, assessment, and determinations are fully documented.

Communications with the Public

FINRA will continue to focus on firms’ compliance with obligations relating to FINRA Rule 2210 (Communications with the Public), as well as related supervisory and recordkeeping requirements.  In 2020, FINRA will expand its focus to private placement retail communications, by reviewing how firms handle retail communications regarding private placement securities via online distribution platforms, as well as traditional channels. As the SEC looks to expand retail access to private placements, firms will need to be vigilant in the manner in which these products are offered to customers.

FINRA will  also continue to focus on the challenges that the increasingly broad array of digital communications (i.e., texting, messaging, social media, or collaboration applications) pose to firms’ ability to comply with obligations related to the review and retention of such communications.

Cash Management and Bank Sweep Programs

FINRA recognizes that as commission practices change, cash management services that sweep investor cash into firms’ affiliated or partner banks or money market funds have taken on a greater significance. Bank Sweep Programs are offering more services to retail investors (such as check-writing, debit cards, and ATM withdrawals.  These added features raise concerns about firms’ compliance with a range of FINRA and SEC rules.  FINRA will therefore focus on firms’ compliance with such rules in the context of Bank Sweep Programs. Further, to the extent that firms benefit from these programs and, with commissions dropping and or going away in some instances, regulatory review of fees involved in providing services will increase, reviewing such areas as conflicts, disclosure, fairness, etc.

Sales of Initial Public Offering (IPO) Shares

In light of the growth of the IPO market over the past year, FINRA will focus on firms’ obligations under FINRA Rules 5130 (Restrictions on the Purchase and Sale of Initial Equity Public Offerings) and 5131 (New Issue Allocations and Distributions).

Trading Authorization

This year, FINRA will also focus on whether firms maintain reasonable supervisory systems relating to trading authorization, discretionary accounts, and key transaction descriptors.  It will review whether these supervisory systems are designed to detect and address registered representatives exercising discretion without written authorization from the client.

Market Integrity

FINRA will continue to review compliance with the ongoing obligations related to market manipulation, Trade Report and Compliance Engine (TRACE) reporting, short sales, and short tenders.  Certain firms will be required to begin reporting to the Consolidated Audit Trail (CAT) in April 2020, and that FINRA will work with those firms as they prepare for reporting.  The FINRA Letter reminds firms to continue devoting resources to ensure accuracy in their Order Audit Trail System (OATS) reporting, because OATS remains a critical part of the audit trail data that FINRA uses to meet its regulatory obligations.

In 2020, FINRA expects to focus on the following additional areas to promote market integrity:

  1. Direct market access controls;
  2. Best execution;
  3. Disclosure of order routing information; and
  4. Vendor display rule.

Financial Management

Firms can expect FINRA to continue its focus on compliance programs relating to Exchange Act Rule 15c3-3 (Customer Protection Rule) and Exchange Act Rule 15c3-1 (Net Capital Rule), as well as firms’ overall financial risk management programs.  FINRA has identified the following new areas of focus for 2020:

  1. Digital assets;
  2. Liquidity management;
  3. Contractual commitment arising from underwriting activities; and
  4. London Interbank Offered Rate (LIBOR) transition.

Firm Operations

As firms increasingly rely on technology for business systems and customer-facing activities, cybersecurity has become a large operational risk.  As such, FINRA will focus on cybersecurity and technology governance in 2020.  Specifically, firms should expect FINRA to assess whether their policies and procedures are designed to protect customer information and whether they are implementing controls appropriate to their business model and scale of operations.  FINRA will also ensure firms’ compliance with FINRA Rules 4370 (Business Continuity Plans and Emergency Contact Information), 3110 (Supervision), and 4511 (General Requirements), as well as Exchange Act Rules 17a-3 and 17a-4.

In terms of technology governance, it continues to be important for firms to ensure that all of the right stakeholders are at the table when new technology is being implemented or current technology modified. Often technological solutions are implemented to address an issue and there are unintended consequences creating regulatory gaps. Having compliance and risk at the table as these decisions are being made can often go a long way to mitigating that risk.

Conclusion

FINRA’s examination priorities for 2020 will largely follow prior focus areas, emphasizing firms’ compliance in important areas such as systems for supervision, sales practice risks, anti-money laundering and fraud, insider trading, and manipulation across markets and products.  New this year is an emphasis on Reg BI and Form CRS, as well as issues related to communications with the public, cash management and bank sweep programs, direct market access controls, best execution, disclosure of order routing information, and cybersecurity.

To support firms in their efforts to comply with federal securities laws and regulations, as well as FINRA rules, the 2020 Risk Monitoring and Examination Priorities Letter includes a list of practical considerations and questions for each topic, which may be helpful to firms in evaluating the state of their compliance, supervisory, and risk management programs.

 

Compliance, Securities and Commodities

SEC 2020 National Exam Program Examination Priorities

By Cheryl Haas, Emily P. Gordy, Anitra T. Cassas, Molly White and Piper Waldron

On January 7, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released its 2020 examination priorities.  OCIE is prioritizing practices, products, and services that it believes present heightened risks to investors or market integrity.  The examination priorities are organized around seven themes, many of which build on OCIE’s priorities from prior years:

  1. Retail investor protection, including seniors and those saving for retirement;
  2. Market infrastructure;
  3. Information security;
  4. Focus areas relating to investment advisers, investment companies, broker-dealers, and municipal advisors;
  5. Anti-money laundering programs (AML);
  6. Financial technology (Fintech) and innovation, including digital assets and electronic investment advice; and
  7. Financial Industry Regulatory Authority (FINRA) and the Municipal Securities Rulemaking Board (MSRB).

Retail Investor Protection, Including Seniors and Those Saving for Retirement

 Continuing with the trend in recent years, OCIE will focus on recommendations and advice given to retail investors, with a particular focus on seniors and those saving for retirement.  The examinations will focus on intermediaries that serve retail investors—namely, registered investment advisers (RIAs), broker-dealers, and dually-registered firms—and on investments marketed to, or designed for retail investors, such as mutual funds and exchange-traded funds (ETFs), municipal securities and other fixed income securities, and microcap securities.  OCIE will also focus on higher risk products, such as those that:

  • are complex or non-transparent;
  • have high fees and expenses; or
  • where an issuer is affiliated with or related to the registered firm making the recommendation.

OCIE acknowledged the impact that Regulation Best Interest and Form CRS will have on retail investors.  In order to help broker-dealers with the June 30, 2020 compliance date for Regulation Best Interest and Form CRS, OCIE will engage with broker-dealers during the exam process to answer questions they may have concerning implementation of the new rules.

With regard to RIAs as fiduciaries, OCIE will focus on whether they have fulfilled their duties of care and loyalty by providing advice in the best interests of their clients and eliminating—or at least exposing—conflicts of interest.  Fees and expenses, as well as undisclosed—or inadequately disclosed—compensation arrangements, will likely continue as focus areas.

Information Security

In 2020, OCIE examiners will focus on:

  • Governance and risk management;
  • Access controls;
  • Data loss prevention;
  • Vendor management;
  • Training; and
  • Incident response and resiliency.

As in past years, these focus areas will allow OCIE to prioritize cyber and other information securities risks in each of its five examination programs.  Examinations will focus on proper configuration of network storage devices, information security governance generally, retail trading information security, and RIAs’ protection of clients’ personal financial information.  With respect to third-party and vendor risk management, OCIE will focus on oversight related to certain service providers.

Fintech and Innovation, Including Digital Assets and Electronic Investment Advice

Recognizing that advancements in financial technologies, methods of capital formation and market structures, and registered firms’ use of new sources of data warrant ongoing attention and review, OCIE has placed particular emphasis on Fintech and Innovation in 2020.

In the digital asset space, OCIE will continue to assess: (1) suitability; (2) portfolio management and trading practices; (3) safety of client funds and assets; (4) pricing and valuation; (5) effectiveness of compliance programs and controls; and (6) supervision of employee outside business activities.

With regard to “robo-advisers” or automated investment tools and platforms, OCIE will continue its focus on:

  • Registration;
  • Cybersecurity policies and procedures;
  • Marketing;
  • Fiduciary duty, including adequacy of disclosures; and
  • Effectiveness of compliance programs.

Additional Focus Areas Relating to Investment Advisers, Investment Companies, Broker-Dealers, and Municipal Advisors

These registrants can expect OCIE to continue its risk-based examinations in 2020.

  • New RIAs and RIAs registered for several years that have yet to be examined should expect to become areas of focus for OCIE in 2020.
  • Investment companies can expect examinations focusing on mutual funds and ETFs, RIA activity, and oversight practices.
  • Broker-dealer examinations will focus on recent rulemaking and trading practices, and
  • Municipal advisor examinations will include registration and continuing education requirements, as well as fiduciary duty obligations.

Anti-Money Laundering

AML is a repeat priority for OCIE as it is for all regulators in the financial industry regulatory space.  In 2020, OCIE will examine whether broker-dealer and investment companies are complying with their AML obligations.  OCIE notes four areas of review:

  • customer identification programs and SAR filing obligations;
  • customer due diligence;
  • compliance with beneficial ownership requirements; and
  • timely and robust independent testing of AML programs.

Market Infrastructure

With respect to market infrastructure, OCIE will continue examinations of entities providing services critical to market infrastructure, including clearing agencies, national securities exchanges, alternative trading systems, and transfer agents.  Particular attention will be given to the security and resiliency of entities’ systems.

Conclusion

OCIE’s examination priorities for 2020 will largely follow prior focus areas, emphasizing the protection of retail investors with particular focus on fee disclosures, senior investors, and retirement accounts.  OCIE will also continue to examine firms’ abilities to manage risk associated with cybersecurity breaches, money laundering, and digital assets and electronic investment advice.  Finally, regulated firms are reminded that the examination priorities identified are not exhaustive and that OCIE will continue to conduct examinations determined through a risk-based approach that includes analysis of an entity’s history, operations, services, products offered, and other factors.

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation, Securities and Commodities

SEC Continues Compensation Disclosure Focus With FAQs and Enforcement

By Anitra T. Cassas, Emily P. Gordy, Cheryl Haas and Aline McCullough

On Oct. 18, 2019, the Securities and Exchange Commission (SEC) Division of Investment Management staff published Frequently Asked Questions Regarding Disclosure of Certain Financial Conflicts Related to Investment Adviser Compensation (FAQs). Many in the industry view the FAQs as overdue SEC guidance in an area that has been a focus of the SEC Division of Enforcement. Registered investment advisers (RIAs) should review the FAQs in light of continuing enforcement actions in this area, including the recent action announced against Bolton Securities Corporation d/b/a Bolton Global Asset Management.

Highlights of the FAQs

  • Sources of disclosure obligations. The Division of Investment Management staff emphasized an RIA’s duty to disclose conflicts of interest relating to its compensation from both its general fiduciary duty to make full and fair disclosure and the specific disclosure obligations imposed by Form ADV. The FAQs detailed the various sections of Form ADV that require disclosure of conflicts of interest relating to an RIA’s compensation, including incentives relating to compensation that could influence the RIA’s advice.
  • Mutual fund share class disclosure. The SEC has particularly focused on disclosure surrounding selection by RIAs of one share class of a mutual fund when a lower-cost share class is available. The Division of Investment Management staff continued this focus in the FAQs, providing examples of material facts related to share class conflicts that RIAs should disclose.
  • Incentives. The Division of Investment Management staff provided a few examples of material facts an RIA should disclose about its practices related to revenue-sharing arrangements, emphasizing that the list was not comprehensive. These examples included the existence of any incentives provided to the adviser or shared between the adviser and others (for example, an affiliate of the adviser).
  • Continued dislike of “may.” The Division of Investment Management reiterated its position that a disclosure that an RIA “may” have a conflict is insufficient disclosure when a conflict actually exists. See, e.g., Robare Group, LTD. v. SEC, No. 16-1453 (D.C. Cir., Apr. 30, 2019) and SEC Share Class Selection Disclosure Initiative.
  • Share class disclosure is material for Form ADV Update. The Division of Investment Management staff stated that an adviser must identify changes in disclosure concerning share class recommendations or revenue sharing arrangements as material changes for purposes of Item 2 of Form ADV Part 2A.

Bolton Allegations

In its Litigation Release issued Nov. 6, 2019, the SEC alleged violations of Sections 206(2), 206(3) and 206(4) of the Investment Advisers Act of 1940 and Rule 206(4)-7 thereunder in connection with, among other things, Bolton’s alleged failure to disclose to clients that it purchased or held share classes for its clients that generated Rule 12b-1 fees for an affiliate of Bolton when different share classes of the same mutual fund were available that did not include Rule 12b-1 fees.

Expect SEC and other regulatory scrutiny in this area to continue. RIAs should re-examine disclosure practices regarding all types of conflicts of interest, including receipt of compensation from various sources.

 

Financial Institution Regulation

Federal Court Clarifies Prejudgment Interest Rate Applicable to Texas Securities Act Claims

By Justin Opitz and Aaron F. Jaroff

The U.S. District Court for the Western District of Texas recently clarified the applicable rate for the calculation of prejudgment interest under the Texas Securities Act (TSA). In FDIC v. Deutsche Bank Securities Inc., the FDIC, acting as receiver for Guaranty Bank, brought claims against the defendant bank under the TSA stemming from the sale of residential mortgage-backed securities prior to the financial crisis. While discovery was ongoing, the defendant moved for partial summary judgment seeking a determination regarding the calculation of potential damages, including prejudgment interest.

In ruling on the summary judgment motion, the court noted that while the TSA states that a buyer can recover “consideration paid for the security plus interest thereon at the legal rate,” the term “legal rate” is not defined in the TSA. Relying on other sources, including the Texas Constitution and Section 302.002 of the Texas Finance Code, the court held that the applicable legal rate of prejudgment interest was 6%. In advance of trial, and after the case was reassigned to a different district judge, the defendant moved for reconsideration of the court’s opinion regarding the applicable prejudgment interest rate, arguing that the applicable rate was the coupon rate specified in the securities’ certificates. The FDIC opposed, arguing that Section 302.002 of the Texas Finance Code sets the rate at 6% per year, as was initially determined by the court.

In an amended order granting the motion for reconsideration, the court held first that the coupon rate did not apply because the certificates at issue were not contracts that obligated the defendant to pay a set interest rate. The court then rejected the FDIC’s assertion that Section 302.002 of the Texas Finance Code governed, because that Section of the Finance Code only applies to contracts that establish a debtor-creditor relationship. Instead, the court held that where there is no relevant contract specifying an interest rate, Section 304.003 of the Texas Finance Code (which also applies to breach of contract claims where no rate is specified in the contract) supplies the proper prejudgment interest rate under the TSA. Section 304.003 states that such interest rate is the prime rate published by the Federal Reserve on the date of computation, with a floor of 5% and a cap of 15%.

If widely adopted, and given the substantial impact that prejudgment interest can have on a final damages award, defendants facing claims under the TSA should heed trends in the Federal Reserve prime rate when analyzing their potential exposure.

 

Financial Institution Regulation

Ready or Not, Prepare to Start Answering Questions About Reg BI Compliance

By Emily P. Gordy, Cheryl Haas, Alexander Madrid and Aline McCullough

On June 5, 2019, the SEC adopted Regulation Best Interest (“Reg BI”), which requires broker-dealers and associated persons to make recommendations regarding securities transactions (or investments involving securities) that are in the “best interest” of their retail clients. The SEC also adopted Form CRS, requiring broker-dealers and investment advisers to provide a brief relationship summary to retail investors, and issued two pieces of guidance regarding investment advisory activities. This Alert focuses largely on Reg BI. While the compliance deadline for Reg BI and Form CRS is not until June 30, 2020, firms should be prepared to shortly begin answering questions from regulators regarding their Reg BI implementation efforts.

Reg BI

Overview

Reg BI has four broad requirements or “Obligations:” (a) a Disclosure Obligation, which generally requires disclosure of relevant facts, (b) a Care Obligation, which generally requires the exercise of reasonable diligence and care, (c) a Conflict of Interest Obligation, which generally requires the implementation of policies and procedures to disclose and/or eliminate conflicts of interest and (d) a Compliance Obligation, which generally requires the implementation of Reg BI policies and procedures.

In order to comply with Reg BI, firms should review and update their procedures, update account information where necessary, evaluate current conflicts of interest, and train registered representatives, supervisors, and compliance personnel on the SEC’s new standard.

Potential Pitfalls – Watch Out

While we will not attempt here to capture all of the issues that firms must address in implementing Reg BI and Form CRS, we identify below certain potential pitfalls in Reg BI compliance. In particular, there are areas in Reg BI that may look very familiar to concepts with which firms are already familiar. Do not be fooled. There are critical differences.

  1. Recommendations: “Strategies,” “hold recommendations,” and “account recommendations” are all concepts that have existed, at a minimum, since FINRA Rule 2111 and the ensuing guidance was issued. Note, however, that in the Reg BI context, there can be an “implicit hold” recommendation when, for instance, the firm or associated person agrees to perform account monitoring services (i.e., silence can be a recommendation). Furthermore, if there is no agreement to perform account monitoring, but the associated person voluntarily undertakes such a review, that is not considered account monitoring but any recommendation arising from that review will be subject to the best interest standard.
  2. Dual Registrants: There are a number of nuances to consider when appropriately implementing Reg BI when the firm and/or the associated person is a dual investment adviser/broker-dealer registrant. Because Reg BI will only apply to the broker-dealer activities of a dual registrant firm, it will be important and potentially challenging for firms to clearly identify the activities that are subject to Reg BI.
  3. Disclosure: There are several questions that a firm/individual must consider when approaching the Reg BI disclosure obligations. For example, (a) how is the disclosure accomplished and when (i.e., at or before the recommendation)?, (b) to what extent will Form CRS disclosures satisfy the disclosure obligations?, (c) what is a material conflict of interest?, (d) are oral disclosures ever okay and if so, what are the requirements?, and (e) can the firm or individual refer to myself as an “advisor” or “adviser?”.
  4. Care Obligation: At first glance, the components of the Care Obligation look a lot like the three components of the Suitability Obligation in FINRA Rule 2111. However, while, like FINRA Rule 2111, there is a reasonable basis requirement, a customer specific requirement, and a quantitative (number of transactions) requirement, Reg BI requires much more than FINRA Rule 2111. In particular: (a) Firm must exercise reasonable diligence and skill to understand the potential risks, rewards, and costs (this includes assessing incentives, expected returns, and other factors), (b) With regard to the specific retail customer for whom the recommendation is made, the firm and associated person must have a reasonable basis to believe that the recommendation is in the customer’s best interest AND that it does not place the firm’s interest ahead of the customer, and (c) If a series of transactions is recommended, that strategy must be in the best interest of the customer and, with regard to this obligation, the biggest difference is that the series of transactions is evaluated without regard to whether the associated person exercises actual or de factor control over the account.
  5. Conflict of Interest Obligation: Under Reg BI, firms are required to have written policies and procedures that not only ensure disclosure conflicts of interest but that (a) Identify and disclose or eliminate conflicts, (b) Identify and mitigate conflicts creating an incentive to place interests ahead of the customer, (c) Identify and disclose if there is a limited product menu, and (d) Identify and eliminate certain sales contests, quotas, bonuses and non-cash compensation that are based on specific products or types to be sold within a specific time period.
  6. Compliance Obligation: This Obligation mandates that firms establish, maintain, and enforce written policies and procedures designed to achieve compliance with Reg BI. Because firms are very familiar with requirements to adopt compliance policies and procedures, particularly broker-dealer firms complying with FINRA Rule 3110, they may be inclined to not take this obligation as seriously as some of the others. However, the Compliance Obligation is a reminder that: (a) It is critical that this compliance program be reviewed periodically to assess whether changes are needed and (b) The SEC takes its policy and procedure requirements very seriously. In the past, in the broker-dealer context, FINRA has handled enforcement of policy and procedure deficiencies, because the SEC’s supervision cases were based on actual failures to supervise as opposed to procedural deficiencies. This Obligation provides a clear avenue for the examination and enforcement staff to take action if there a compliance program and procedural failures. Firms can expect that the SEC Staff will not be silent where compliance programs do not adequately address Reg BI.
  7. Firm Obligations vs. Individual Obligations: In the release adopting Reg BI, the SEC Staff emphasizes that the Conflict of Interest and Compliance Obligations apply only to firms, while the Care and the Disclosure Obligations apply to both the firms and the associated persons. With respect to the Conflict and Disclosure Obligations, a firm has responsibility for developing, maintain, and enforcement written policies and procedures, the firm must be vigilant in reasonably exercising those responsibilities. We have seen many cases in recent years where the regulators have brought enforcement actions against those with the same responsibilities when the program had material failures or gaps.                 

Early Examination Inquiry and Potential Enforcement Implications

As the primary regulator of broker-dealers, FINRA will be tasked with the leg work of Reg BI enforcement. FINRA will likely not wait until the effective date of Reg BI these requirements to begin asking firms about their Reg BI compliance efforts. Rather, FINRA will want to ensure that its member firms are prepared for this sea change in regulatory compliance obligations and requirements.

At a recent industry conference, senior FINRA officials indicated that FINRA will begin asking member firms about their Reg BI preparation efforts as part of its examination program as soon as early next year. While officials framed these examination inquiries as designed in part to identify areas where industry participants may need additional guidance, firms must nevertheless prepare for imminent questions regarding their Reg BI implementation efforts.

Many expect that it is unlikely that FINRA and the SEC will bring formal enforcement cases against firms and individuals in the first year or so following the compliance deadline. However, if firms fail to make an effort to comply with Reg BI or disregard issues a regulator identifies in a firm during an examination or otherwise, we would expect the SEC and FINRA will not hesitate to bring enforcement actions.

Firms will not only face scrutiny from the SEC and FINRA in connection with the subject matter of Reg BI. It is expected that the states, many of which have already passed, or are in the process of passing, their own more stringent fiduciary statutes and regulations, will be more proactive on the enforcement front in this space. Regardless of where a state may be with their own legislative action in this space, they could pursue actions when firms or individual registered representatives are not complying with Reg BI obligations. Furthermore, while the Department of Labor’s Fiduciary Rule, which sought to impose a fiduciary standard of conduct for registered representatives working with retirement accounts, was vacated by the U.S. Court of Appeals for the Fifth Circuit, the DOL has indicated that they expect to issue a revised rule later this year, with changes reflecting a similar approach to Reg BI.

Legal Challenge to Reg BI

On September 9, 2019, seven states and the District of Columbia filed suit against the SEC in the U.S. District Court for the Southern District of New York. The plaintiffs essentially claim that Reg BI is too weak, alleging that it undermines what they deem to be “critical consumer protections for retail investors” and allows registered representatives to continue to give conflicted advice. The plaintiffs seek to invalidate the SEC’s rule, alleging that the SEC exceeded its authority and that Reg BI is arbitrary and capricious under the Administrative Procedures Act.

Investment Adviser Guidance

Simultaneous with its adoption of Reg BI, the SEC approved two pieces of guidance in the investment advisory regulatory sphere.

First, the SEC issued guidance to clarify when a broker-dealer’s activities may qualify under the broker-dealer exclusion from investment adviser registration, which generally exempts a firm from investment adviser registration when such broker-dealer’s activities are “solely incidental” to its broker-dealer activities. In this guidance, the SEC Staff indicates that broker-dealers who have long-term investment discretion will unlikely be able to rely on the broker-dealer exclusion.

Second, the SEC issued guidance that generally expands upon prior SEC Staff guidance regarding an investment adviser’s fiduciary duty. In particular, this guidance provides more detail regarding an investment adviser’s duties of care and loyalty.

Form CRS

Form CRS and its related rules require SEC-registered investment advisers and broker-dealers to both file with the SEC and deliver to retail investors a customer or client relationship summary that meets certain requirements, which summary is intended to assist the customer or client in making decisions regarding its relationship with the adviser or broker-dealer.

If you have not started your Reg BI compliance preparation, Start Now.

 

Financial Institution Regulation, Securities and Commodities

The More Things Change, the More They Stay the Same –Joint Statement by FINRA and the SEC on the Customer Protection Rule and Digital Asset Securities

By Molly White, Emily P. Gordy and Louis D. Greenstein

On Monday, July 8th, FINRA and the SEC took the unusual step of issuing a joint statement on broker-dealer custody of digital asset securities. In doing so, the Staffs of the SEC’s Division of Trading and Markets and of FINRA’s Office of General Counsel made clear that the SEC and FINRA will continue to apply the existing regulatory framework to the rapidly evolving world of digital assets.

The joint statement notified market participants that any entity that buys, sells, or otherwise transacts in, or effects transactions in, digital asset securities, may be subject to federal regulations, including regulations that may require them to register with the SEC as a broker-dealer and become a member of FINRA.

The joint statement focuses on the Customer Protection Rule, noting that any entity that acts as a broker-dealer must comply with that rule. The Customer Protection Rule requires broker-dealers to safeguard customers’ assets and keep them separate from the firm’s assets, which makes it more likely that a customer’s assets will be returned if the broker-dealer fails. Given the potential for cyberattacks on digital assets trading platforms, and given the way digital asset securities are issued and exchanged, the Customer Protection Rule can present challenges to broker-dealers operating in the digital asset space.

FINRA has received New Membership Applications and Continuing Membership Applications from new and existing broker-dealers that wish to engage in broker-dealer activities involving digital assets. The Applications show that broker-dealers are considering two types of business models. Some broker-dealers are considering providing non-custodial services when it comes to digital assets, which means that the broker-dealer would engage in transactions without ever taking custody of the digital assets (for example, by trade-matching or providing introductions).

Other broker-dealers are pursuing a business model that involves custodying assets. The joint statement noted that broker-dealers that wish to custody assets may find it difficult to comply with the Customer Protection Rule. Fundamentally, the unique way that digital asset securities are issued, held, and transferred makes it challenging to comply with the requirements of the Rule, which requires that a good control location is established and verified. There is an increased risk to the assets from cyberattacks and resulting fraud or theft. Further, transfers to unknown or unintended addresses may leave the broker-dealer without a means to reverse the transaction or otherwise recover the assets. The statement also acknowledges that the issues of establishing the existence of the asset, or establishing that it is in a good control location, also present challenges for the firm’s independent auditor in completing the audit and evidencing their review. The staffs of the SEC and FINRA expressed their desire to engage with market participants, as market participants continue to develop technology that might provide solutions to custody issues.

While it is unusual for the SEC and FINRA to issue joint statements, this statement is similar to other SEC pronouncements in the fintech field in that it expresses a desire to engage with, and learn from, market participants, and makes clear that the existing regulatory framework applies to this rapidly evolving field.

Financial Institution Regulation

SEC Adopts Regulation Best Interest

By Emily P. Gordy and Kiran V. Somashekara

On June 5, 2019, the Securities and Exchange Commission adopted, by a 3-1 vote, Regulation Best Interest (“Reg BI”) which, in the words of Chairman Clayton, would “substantially enhance the broker-dealer standard of conduct beyond existing suitability obligations.” The Chairman also noted: “the standard of conduct draws from key fiduciary principles and cannot be satisfied through disclosure alone.”

The Commission also passed the new Form CRS Relationship Summary and two interpretations under the Investment Advisers Act of 1940 (the “Advisers Act”). According to the Commission, the newly-adopted rules and interpretations are designed to (1) enhance and clarify the standards of conduct applicable to broker-dealers and investment advisers, (2) help retail investors better understand services offered and make informed choices regarding the relationship best suited to their needs and circumstances, and (3) foster greater consistency in the level of protections provided by each regime, particularly at the point in time that a recommendation is made.

According to the Commission, under Reg BI, broker-dealers will be required to act in the best interests of retail customers when making investment recommendations and may not put their financial interests “ahead of the interests of a retail customer when making recommendations.” Reg BI includes the following components:

  • Disclosure Obligation: Broker-dealers must disclose to retail customers the capacity in which the broker is acting, fees, the type and scope of services provided, conflicts, limitations on services and products, and whether the broker-dealer provides monitoring services.
  • Care Obligation: A broker-dealer must exercise reasonable diligence, care and skill when making a recommendation to a retail customer, with a clear understanding of potential risks, rewards, and costs associated with the recommendation.  The broker-dealer must then consider these factors in light of the retail customer’s investment profile and ensure that the recommendation is in the retail customer’s best interest, including the costs of the recommendation.
  • Conflict of Interest Obligation: The broker-dealer must establish, maintain, and enforce written policies and procedures reasonably designed to identify and, at a minimum, disclose or eliminate conflicts of interest.  Those policies and procedures must (1) mitigate conflicts that create an incentive for financial professionals to place their interests or those of the firm ahead of the customer’s interests, (2) prevent limitations on offerings from causing the firm or its financial professionals to place their interests or the interests of the firm ahead of the customer’s interest, and (3) eliminate sales contests, quotas, bonuses and non-cash compensation based on the sale of specific securities or specific types of securities within a limited period of time.
  • Compliance Obligation: Broker-dealers must establish, maintain and enforce policies and procedures reasonably designed to achieve compliance with Reg BI as a whole.

The Form CRS Relationship Summary will require SEC registered investment advisers and broker-dealers to provide retail customers straightforward and easy-to-understand information describing the nature of a customer’s relationship with their financial professional.

The Commission also issued two interpretations. First, the Commission issued an interpretation that reaffirmed and clarified its views of the fiduciary duty owed by registered investment advisers to their clients. Second, the Commission issued an interpretation that more clearly defined the “solely incidental” exclusion under the Advisers Act, which delineates when a broker-dealer’s performance of advisory activities causes it to become an investment adviser. The interpretation provides practical guidance by noting that exercising investment discretion over customer accounts and account monitoring are activities that would be beyond “solely incidental” to brokerage activity.

The new measures did not pass without controversy. Commissioner Robert Jackson cast the lone dissenting vote. At the Open Meeting and in a written statement, Commissioner Jackson stated that, while he hoped the new rules would leave “no doubt that investors come first,” the newly adopted rules create a “muddled standard” and “simply do not require that investors’ interests come first.” Earlier this year, a group of former SEC economists criticized the economic analysis underlying Reg BI as “weak and incomplete” for (1) failing to properly identify the specific problem(s) to be addressed by the rule, (2) inadequately discussing existing economic literature relating to financial advising, and (3) relying too heavily on advisers disclosing material conflicts of interest “without requiring advisers to provide a single, easy-to-digest periodic the retail customer’s actual cost of managing her funds.” Investor advocacy groups have also criticized Reg BI for (1) “making it easier for brokers to advertise themselves and weaken protections that currently apply under state fiduciary standards,” and (2) failing to require the elimination of conflicts of interest or to impose a fiduciary obligation on broker-dealers.

The documentation approved by the Commission on June 5th totals more than 1,400 pages. As the industry, counsel, consultants, other regulators, and other stakeholders wade through the materials, additional assessments will be provided.

Practical Considerations

The Commissioners, the Chairman, and the staff stressed the importance of continuing to review and assess the scope of the newly-adopted requirements and to assist firms with their implementation efforts. To facilitate effective and responsive engagement, the Commission is creating an inter-Divisional Standards of Conduct Implementation Committee. The Commission encouraged firms to engage with the Committee as questions arise during implementation. The Commission also has set up a “mailbox” to receive questions by email (IABDQuestions@sec.gov).

Reg BI and Form CRS will become effective 60 days after they are published in the Federal Register, and will include a transition period until June 30, 2020.  By that date, registered broker-dealers must begin complying with Reg BI and broker-dealers and investment advisers registered with the Commission will be required to prepare, deliver to retail investors, and file a relationship summary. The interpretations will become effective upon publication in the Federal Register.

Should you wish to discuss requirements and/or implications of Reg BI, Form CRS Relationship Summary or newly issued statutory interpretations, please contact any of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.

 

Compliance

North American Securities Administrators Association (NASAA) Releases Model Cybersecurity Rule

By Alexander Madrid, Emily P. Gordy and Cheryl Haas

On May 21, the North American Securities Administrators Association (NASAA)—an organization comprised of 67 securities regulators within the United States (all fifty states as well as districts and territories), Canada, and Mexico—released a model cybersecurity rule package governing state-registered investment advisors’ cybersecurity and privacy practices.  The model rule package, which would need to be adopted by an individual state so as to become law in that jurisdiction, provides a structure for how state-registered investment advisers must design their information security policies and procedures. Continue Reading

Energy Enforcement

FERC Rescinds Notice of Alleged Violation Policy

By Todd Mullins and Christopher McEachran

This week, the Federal Energy Regulatory Commission (“FERC”) issued an order rescinding its Notice of Alleged Violation (“NAV”) Policy. The NAV Policy was put in place by a 2009 order and authorized FERC’s Office of Enforcement Staff (“OE staff”) to ask the FERC Secretary to issue a public NAV at the stage of the investigation after the subject has had a chance to respond to OE staff’s preliminary findings. This usually happened at about the time staff sought settlement authority from the Commission in order to potentially resolve the matter. The NAV was a very short document stating that FERC staff had preliminarily determined that the named subject had violated a FERC rule, oftentimes FERC’s anti-Market Manipulation rule. FERC investigations typically begin non-publicly and frequently remain that way—especially if FERC decides not to charge subjects with violations. Often the NAV was the first public notice of the case.

The NAV Policy was initially and nominally put in place to add transparency to the process for cases that would possibly proceed past investigation and provide an opportunity for members of the public to come forward with information that might be relevant to the case and evaluate their own conduct in light of the allegations set out in the NAV. But, those theoretical benefits came at a very real price: damning public disclosure of the allegations against the subject before any adjudicative process that might allow a public defense or a settlement that would put the matter into a final context. In the ensuing years, the practice came under increasing criticism in the industry and the bar.

FERC is now abandoning this step because, per its own analysis, it has not worked out as intended. FERC last issued an NAV in April 2018, after which it announced settlements in other cases without NAVs, so it appears that in practice FERC had already abandoned its NAV Policy. After ten years of the NAV Policy in practice, FERC has concluded that “the potential adverse consequences that NAVs pose for investigative subjects are no longer justified” based on the limited information brought to FERC’s attention through the NAV process. FERC also claimed the need for publicly-supplied information has been reduced, as FERC’s own investigative methods have improved in the intervening decade through the addition of a slew of data driven analytical tools to FERC’s arsenal.

FERC’s re-visitation of this matter and change of course are, in our view, a sign that good government is at work. The publicly-issued NAV has been a major area of frustration for investigation subjects—especially those expecting to settle their cases. In practice, the NAV would issue once OE had obtained settlement authority but before any settlement had been finalized. Investigation subjects were thus forced, as a practical matter, to sit idly by while the news of their (alleged) bad acts was announced in the NAV, unable to make any public pronouncements for fear of disrupting the settlement negotiations. With the NAV step removed, subjects of an investigation will be able to announce their “positive” news of a settled (and final) investigation together with the negative news of the alleged bad acts.

Even subjects who expected they might not settle suffered—because they usually and correctly recognized that there was not a practical way to respond publicly to a very cryptic statement that had yet to be formally and fully advanced as an allegation by the Commission. Some subjects of NAVs never ended up being charged or settling so their names were needlessly publicized (as FERC’s order candidly recognized). All that will now stop. That is good.

Most subjects suffered real and lasting negative consequences from the reputational harm associated with these NAV disclosures. As against all of these downsides for subjects, FERC’s order recognizes what has long been known in inside and outside FERC: that the expected benefits of the NAV Policy never materialized. So, for companies and individuals that find themselves under investigation by FERC, this comes as welcome news. No longer will the NAV be the first public word of alleged violations unaccompanied by context-setting settlement or other expressions that can at least somewhat be influenced by the investigation subject.

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.

Agree