A new law will require all federal judges to enter an order at the beginning of every criminal case advising prosecutors of their duties under Brady v. Maryland, 373 U.S. 83 (1963) to disclose exculpatory evidence to the defense. Intentional violations of the orders could subject prosecutors to stern sanctions – up to and including vacating a conviction or disciplinary action against the prosecutor – or even contempt.
Financial advisors have long used the Certified Financial Planner designation as an indicator to potential clients that they meet high standards of professionalism and ethics within their field. The Certified Financial Planner Board of Standards, Inc. (the “CFP Board”), which grants the designation, markets it as demonstrating that its holder meets strict ethical standards. Yet last year the CFP Board came under heavy criticism when investigative reporting showed a not insignificant number of CFP holders failed to disclose potential ethical violations, which resulted in incomplete or inaccurate information on the CFP Board’s website. This criticism had a major impact: the CFP Board revised its ethics code, revamped its disciplinary procedures, and is now signaling an increased focus on enforcing its standards. As a result, financial advisors who previously did not face substantial scrutiny from the CFP Board may soon find themselves the focus of an enforcement regime eager to show its teeth.
On November 19, 2020, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a risk alert, OCIE Observations: Investment Adviser Compliance Programs, to provide the industry with insights regarding their findings in their examinations relating to Rule 206(4)-7 under the Investment Advisers Act of 1940 (“Advisers Act”) or the Compliance Rule.
On November 9, 2020, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced the results of its examination of nearly 40 SEC-registered investment advisers that operate multiple branch offices (the “Risk Alert”). Most of the firms examined conducted their advisory business out of at least 10 branch offices. OCIE observed a wide range of deficiencies across the advisers it examined, largely stemming from failures to implement policies and procedures designed to ensure compliance with the Advisers Act at branch offices. The Risk Alert serves as a warning, and reminder, to firms operating multiple branches of the need for careful attention to the unique risks posed by this model.
What is the Issue?
It may not be “death by a thousand cuts” but it may feel like it, as yet another mutual fund fee issue is being raised by the regulators. FINRA issued a “targeted examination letter” focused on Rights of Reinstatement (“RoR”) due to customers in certain mutual fund sales and purchases. RoRs involve fee waivers or rebates due to customers who redeem or sell shares in a fund and subsequently reinvest some or all of the proceeds from the sale/redemption in the same share class of that fund or another fund within the same fund family subject to stated terms and conditions. Interestingly, the time period between the sale/redemption and subsequent purchase of qualifying shares is determined by the fund issuers and described in the prospectuses or statement of additional information (“SAI”) and can vary from 90 days to 120 days, but can be as long as 365 days. The waivers or rebates may involve a front-end sales charge waiver (often, but not always, involving A shares) or a rebate of all or part of a contingent deferred sales charge fee (“CDSC”) (for example, with C share transactions).
FINRA and the SEC have been periodically, but not systematically, raising issues regarding mutual fund sales charges and waivers for almost two decades. Starting with FINRA’s and the SEC’s breakpoint sweeps in 2002 and follow-on enforcement cases in early 2004, through subsequent reviews involving mutual fund sales charge waivers and share class selection (fee-related) for charitable and retirement accounts, 529 accounts, and this most recent RoR sweep.
The RoR sweep is yet another “cut” at the problem of ensuring that customers get waivers and rebates that they are supposed to receive. As we note below, it might be time for the industry, if not the regulators, to take a holistic view of what’s out there in terms of breaks on fees to get ahead of the issue and avoid the next fee area on which regulators choose to focus.
What is FINRA Asking for in its Sweep?
FINRA’s sweep letter, which covers Jan. 1, 2017 through June 30, 2020, requests information on five topics: (1) whether the firm has systems and procedures designed to provide eligible customers with RoR waivers or fee rebates; (2) detail regarding such systems and procedures; (3) explanation of any relevant changes to the firm’s systems or procedures during the review period; (4) any processes for standardizing the timeframe governing RoRs on its platform; and (5) whether the firm identified and missed waivers or rebates, including number of customers and the number and value of missed waivers or fee rebates.
Three Key Takeaways
- Review your program to ensure that RoRs are addressed. Needless to say, even if a firm does not receive the FINRA sweep (or Targeted Examination) letter, every firm offering mutual fund products should review their systems, processes, and procedures to ensure that they reasonably address this area and have been providing waivers and/or rebates when customers’ sales of mutual fund shares and subsequent purchases entitled them to the waiver or rebate under the rights of reinstatement provisions. If a firm identifies gaps, the firm should put a systems and procedures remediation plan in place and document the plan’s implementation.
- Remediate customers that should have received waivers or rebates. If customers’ sales and subsequent purchases met RoR conditions and the customers did not receive the waivers or rebates, the firm should consider a remediation process and, of course, document that process.
- Conduct a holistic review of mutual fund fee/waivers/rebates offered by fund companies. A more widespread review is also recommended. As noted above, FINRA and the SEC have been bringing enforcement actions and issuing guidance for the past 18 years – mostly on an issue-by-issue basis – when they identify that a certain type of fee offered by fund issuers is not made available to customers. Sometimes, this can be remediated by disclosure. (An aside caution, however, is whether disclosure will cure not making certain waivers available in the post-Regulation Best Interest context, when more regulatory scrutiny is expected regarding the review for reasonably available alternatives.) Based on this approach by the regulators, it would be prudent for firms to do their own “sweep” of the prospectuses and SAIs of funds offered on their platforms to ensure that all available factors impacting fee waivers and rebates are accounted for in their offerings. It may also be helpful to periodically undertake a review of what changes mutual fund issuers may be offering regarding fees/waivers/rebates to assess whether clients are already entitled to them, or whether, given the prevalence of use by peer firms, your firm is an outlier. Staying ahead of the regulators in this area will avoid unnecessary concerns down the road.
If you would like assistance in reviewing or revising your firm’s policies and procedures in light of the questions raised by FINRA’s sweep letter, please contact anyone from the experienced McGuireWoods LLP Broker Dealer/Investment Adviser team.
2. See Report of the Joint NASD/Industry Task Force on Breakpoints (July 12, 2003). The Task Force was convened in Jan. 2003, at the request of the SEC, followed NASD’s examination findings and issuance of Special Notice to Members 02-85, dated Dec. 23, 2002, which reminded broker/dealers of their obligation to apply correctly breakpoint discounts to front-end sales load mutual fund transactions. https://www.finra.org/rules-guidance/guidance/reports/industry-task-force-breakpoints. Concurrent examinations by the SEC, NYSE, and NASD resulted in a Joint SEC/NASD/NYSE Report of Examinations of Broker/Dealers Regarding Discounts on Front-End Sales Charges on Mutual Funds, published on March 11, 2003. FINRA’s breakpoint self-assessment initiative began in March 2003. SEC announced: Fifteen Firms to Pay Over $21.5 Million in Penalties to Settle SEC and NASD Breakpoints Charges (Feb. 12, 2004) https://www.sec.gov/news/press/2004-17.htm. FINRA wrapped up its breakpoint self-assessment sweep in 2009, announcing: FINRA Fines 25 Firms More Than $2.1 Million for Failures in Mutual Fund Breakpoint Review, Other Violations; Case Concludes Series of Actions Arising From FINRA’s Mutual Fund Breakpoint Initiative (March 23, 2009) https://www.finra.org/media-center/news-releases/2009/finra-fines-25-firms-more-21-million-failures-mutual-fund-breakpoint.
In 2016, FINRA issued a Targeted Examination Letter, focusing its sweep on mutual fund waivers in retirement and charitable accounts. (Targeted Examination Letter on Mutual Fund Waivers, May 2016, https://www.finra.org/rules-guidance/guidance/targeted-exam-letter/mutual-fund-waiver). This sweep resulted in 56 enforcement cases. See, FINRA Announces Final Results of Mutual Fund Waiver Initiative; Total of 56 Settlements Reached with Member Firms Resulting in $89 Million in Restitution to Eligible Charitable and Retirement Accounts (July 17, 2019) https://www.finra.org/media-center/news-releases/2019/finra-announces-final-results-mutual-fund-waiver-initiative.
On 5 November, the Financial Conduct Authority, the UK’s financial services regulator, permanently banned three men convicted of non-financial criminal offences from ever working in the financial services industry, on the basis that they do not meet criteria defining a fit and proper person.
For details about this latest development and implications for the industry, please see our alert.
The Department of Defense is rolling out new regulations over the next five years to set progressive steps toward mandatory cybersecurity certification for government contractors. The first set of requirements goes into effect Nov. 30.
Click here to learn what contractors must do now to ensure they are eligible for award of new contracts, task orders, delivery orders or option terms.
On October 27, the North American Securities Administrators Association held its 2020 symposium on Fintech and Cybersecurity. A key theme of the symposium was the impact that the pandemic has had on fintech, cybersecurity, and regulating the financial markets – given that regulators and securities industry professionals are largely working from home. The panelists also discussed new technological innovations that are likely to impact both the fintech industry and cybersecurity.
Kavita Jain, previously a Director in FINRA’s Office of Innovation and now the Deputy Associate Director of Innovation Policy at the Federal Reserve Board, delivered the keynote address. She started the symposium discussing the role of regulators in fostering innovation in the financial services industry. Jain noted the traditional role of banking regulators is to ensure that banks control for risk. Because innovation necessarily involves new risk, regulators need to be prepared to monitor the new types of risk that innovation can introduce. Failing to keep up with innovation can be a type of risk. Jain commented that regulators can facilitate responsible innovation in the financial industry by engaging with key stakeholders, collaborating with other regulators, and providing regulatory clarity.
The keynote address was followed by four panel discussions.
The first panel, “Algorithms Make the World Go ‘Round,” reviewed some technological advancements in the financial industry. Shawnna Hoffman, the Global Blockchain Offering leader at IBM Watson Health, discussed the advent of quantum computing and the impact that it will likely have. Quantum computing, which will make computers exponentially more powerful than they are now, evokes a need for quantum encryption. While less than 1% of enterprises budgeted for quantum computing projects in 2017, it was predicted that more than 20% of global enterprises will budget for it in 2023. Usman Ahmed, Head of Global Policy and Research at PayPal, emphasized the important role that fintech companies have in providing access to the economy. During the pandemic, fintech lenders were able to efficiently and safely onboard new customers, which allowed many small businesses to access Paycheck Protection Program loans that they would not have been able access to through traditional lenders. In discussing the characteristics of fintech companies, Dan Gorfine, Founder and CEO of Gattaca Horizons LLC, emphasized speed, access, and “disintermediation” of traditional processes, noting that regulators historically have regulated through intermediaries, like banks and brokerages. The panel also discussed the digital dollar project, which is exploring the potential for a digital based currency backed by a central bank (Central Bank Digital Currency – CBDC). Panelists noted that a tokenized dollar could help solve some issues exposed by the pandemic, like tens of millions of people awaiting paper checks from the government, while needing to pay creditors whose bills are automated.
The second panel explored how artificial intelligence (AI) is transforming the financial services industry. While the ability of AI to recognize complex patterns unrecognizable to humans can be a powerful tool in the industry, it call also have pitfalls. The second panel discussed how AI that is premised on partial or outdated data can potentially lead to data bias. Jake van der Laan, with the New Brunswick Financial & Consumer Services Commission, discussed the importance of ensuring that any AI models are thoroughly vetted and continually tested once they are implemented. Firms using AI systems need to ensure that there are guardrails built into the system. FINRA’s White Paper on Artificial Intelligence in the Securities Industry, in June of 2019, provides some good guidelines in implementing AI. The International Organization of Securities Commissions (IOSCO) and the European Securities and Markets Authority (ESMA) have also published white papers on AI. Each of these guides provides best practices with AI that are helpful to consider and implement.
The third panel, “Technology as a Sword and Shield,” discussed how technology can be used to both perpetrate and defend against cyber attacks. For example, while AI is used to monitor transactions and detect fraud, in the hands of the wrong person, it can be used to enhance phishing scams. The panel emphasized the importance of continually auditing and testing technology used to combat cyber attacks. Ruth Hill Bro, the Co-Chair of the ABA’s Cybersecurity Legal Task Force, said that the volume and sophistication of cyber attacks continue to grow – and in some instances are exacerbated by the pandemic, given the need for millions of people to work from home. The greatest weapon against threats like ransomware, phishing, and malware is a “culture of awareness,” since people are often the weakest link in a firm’s cybersecurity program.
The last panel of the day focused on “Cyber Challenges During a Challenging Time,” emphasizing the impact that the pandemic has had on regulating the financial markets and on cyber security. Dave Kelley, FINRA’s Director of Member Supervision Specialist Programs – Cybersecurity, said that phishing remains the number one issue during the pandemic. They have also seen an increase in the number of imposter websites popping up on the Internet. Thus, while regulators are regulating from home, fraudsters are continuing to scheme from home unabated. Professor Tonya Evans, who is an expert in cryptocurrency and blockchain, noted that with the pandemic there has been an increased reliance on technology. Ransomeware continues to be a big issue – as is blackmail. In both schemes, the perpetrators often demand payment in cryptocurrency, since the payment cannot be retrieved once it has been transmitted. Dr. Lorrie Cranor, Professor of Computer Science, Engineering and Public Policy at Carnegie Mellon, closed the panel by discussing steps people can take to better secure data in their remote workspaces – such as never using a password twice and using two-factor authentication.
As the pandemic continues, and we continue to adjust to large numbers of regulators, industry professionals, and consumers working remotely, these themes will continue to have a significant impact on fintech and cybersecurity.
1. NASAA is a voluntary association whose membership consists of 67 state, provincial, and territorial securities administrators in the 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Canada, and Mexico.
Senior officials from the U.S. Securities and Exchange Commission Division of Enforcement convened at a virtual The SEC Speaks conference panel to discuss fiscal year 2020 enforcement results and report on enforcement priorities. To no one’s surprise, the impact of the pandemic on enforcement was a significant part of the discussion.
Read our alert for key takeaways from the panel presentation, which discussed investigative adjustments within the enforcement program, the use of data analytics to combat fraud, the SEC’s whistleblower program, the impact of SEC v. Liu on investigations and litigation, creditworthy cooperation and what to expect in future enforcement.
On September 15, 2020, the Financial Crimes Enforcement Network (“FinCEN”) published a Final Rule bringing banks that lack a federal functional regulator further under its purview. The rule subjects these institutions to minimum standards for anti-money laundering (“AML”) requirements, including a BSA officer, AML policies and procedures, and regular employee training, among other obligations. It also extends Customer Identification Program and beneficial owner requirements to these banks.
The banks subject to this new rule include state-chartered, non-depository trust companies; non-federally insured credit unions; private banks; and other non-federally regulated banks.
The Rule, in accordance with the May 11, 2016 Customer Due Diligence Final Rule, requires minimum standards for AML programs “to ensure that all banks, regardless of whether they are subject to Federal regulation and oversight, are required to establish and implement written AML programs, including conducting ongoing customer due diligence, and to identify and verify the identity of the beneficial owners of their legal entity customers.”
FinCEN issued this rule because the gap in AML coverage between banks with and without a Federal functional regulator “presented a vulnerability to the U.S. financial system that could be exploited by bad actors . . . .” Accordingly, by implementing this Rule, FinCEN stated in its press release that it has eliminated the existing AML program exemption for banks without a Federal functional regulator in an effort to “ensure [BSA] coverage across the banking industry.”
The Rule will take effect on November 16, and institutions will have 180 days from the day the Final Rule was published to comply with it. Banks subject to the new rule must act now to ensure they have a robust and compliant AML program in place to meet the Rule’s requirements by the compliance deadline of March 15, 2021.