Subject to Inquiry

Subject to Inquiry

THE LATEST ON GOVERNMENT INQUIRIES AND ENFORCEMENT ACTIONS

Government Investigations and White Collar Litigation Group
Enforcement and Prosecution Policy and Trends, Financial Institution Regulation, Securities and Commodities

SEC Continues Compensation Disclosure Focus With FAQs and Enforcement

By Anitra T. Cassas, Emily P. Gordy, Cheryl Haas and Aline McCullough

On Oct. 18, 2019, the Securities and Exchange Commission (SEC) Division of Investment Management staff published Frequently Asked Questions Regarding Disclosure of Certain Financial Conflicts Related to Investment Adviser Compensation (FAQs). Many in the industry view the FAQs as overdue SEC guidance in an area that has been a focus of the SEC Division of Enforcement. Registered investment advisers (RIAs) should review the FAQs in light of continuing enforcement actions in this area, including the recent action announced against Bolton Securities Corporation d/b/a Bolton Global Asset Management.

Highlights of the FAQs

  • Sources of disclosure obligations. The Division of Investment Management staff emphasized an RIA’s duty to disclose conflicts of interest relating to its compensation from both its general fiduciary duty to make full and fair disclosure and the specific disclosure obligations imposed by Form ADV. The FAQs detailed the various sections of Form ADV that require disclosure of conflicts of interest relating to an RIA’s compensation, including incentives relating to compensation that could influence the RIA’s advice.
  • Mutual fund share class disclosure. The SEC has particularly focused on disclosure surrounding selection by RIAs of one share class of a mutual fund when a lower-cost share class is available. The Division of Investment Management staff continued this focus in the FAQs, providing examples of material facts related to share class conflicts that RIAs should disclose.
  • Incentives. The Division of Investment Management staff provided a few examples of material facts an RIA should disclose about its practices related to revenue-sharing arrangements, emphasizing that the list was not comprehensive. These examples included the existence of any incentives provided to the adviser or shared between the adviser and others (for example, an affiliate of the adviser).
  • Continued dislike of “may.” The Division of Investment Management reiterated its position that a disclosure that an RIA “may” have a conflict is insufficient disclosure when a conflict actually exists. See, e.g., Robare Group, LTD. v. SEC, No. 16-1453 (D.C. Cir., Apr. 30, 2019) and SEC Share Class Selection Disclosure Initiative.
  • Share class disclosure is material for Form ADV Update. The Division of Investment Management staff stated that an adviser must identify changes in disclosure concerning share class recommendations or revenue sharing arrangements as material changes for purposes of Item 2 of Form ADV Part 2A.

Bolton Allegations

In its Litigation Release issued Nov. 6, 2019, the SEC alleged violations of Sections 206(2), 206(3) and 206(4) of the Investment Advisers Act of 1940 and Rule 206(4)-7 thereunder in connection with, among other things, Bolton’s alleged failure to disclose to clients that it purchased or held share classes for its clients that generated Rule 12b-1 fees for an affiliate of Bolton when different share classes of the same mutual fund were available that did not include Rule 12b-1 fees.

Expect SEC and other regulatory scrutiny in this area to continue. RIAs should re-examine disclosure practices regarding all types of conflicts of interest, including receipt of compensation from various sources.

 

Financial Institution Regulation

Federal Court Clarifies Prejudgment Interest Rate Applicable to Texas Securities Act Claims

By Justin Opitz and Aaron F. Jaroff

The U.S. District Court for the Western District of Texas recently clarified the applicable rate for the calculation of prejudgment interest under the Texas Securities Act (TSA). In FDIC v. Deutsche Bank Securities Inc., the FDIC, acting as receiver for Guaranty Bank, brought claims against the defendant bank under the TSA stemming from the sale of residential mortgage-backed securities prior to the financial crisis. While discovery was ongoing, the defendant moved for partial summary judgment seeking a determination regarding the calculation of potential damages, including prejudgment interest.

In ruling on the summary judgment motion, the court noted that while the TSA states that a buyer can recover “consideration paid for the security plus interest thereon at the legal rate,” the term “legal rate” is not defined in the TSA. Relying on other sources, including the Texas Constitution and Section 302.002 of the Texas Finance Code, the court held that the applicable legal rate of prejudgment interest was 6%. In advance of trial, and after the case was reassigned to a different district judge, the defendant moved for reconsideration of the court’s opinion regarding the applicable prejudgment interest rate, arguing that the applicable rate was the coupon rate specified in the securities’ certificates. The FDIC opposed, arguing that Section 302.002 of the Texas Finance Code sets the rate at 6% per year, as was initially determined by the court.

In an amended order granting the motion for reconsideration, the court held first that the coupon rate did not apply because the certificates at issue were not contracts that obligated the defendant to pay a set interest rate. The court then rejected the FDIC’s assertion that Section 302.002 of the Texas Finance Code governed, because that Section of the Finance Code only applies to contracts that establish a debtor-creditor relationship. Instead, the court held that where there is no relevant contract specifying an interest rate, Section 304.003 of the Texas Finance Code (which also applies to breach of contract claims where no rate is specified in the contract) supplies the proper prejudgment interest rate under the TSA. Section 304.003 states that such interest rate is the prime rate published by the Federal Reserve on the date of computation, with a floor of 5% and a cap of 15%.

If widely adopted, and given the substantial impact that prejudgment interest can have on a final damages award, defendants facing claims under the TSA should heed trends in the Federal Reserve prime rate when analyzing their potential exposure.

 

Financial Institution Regulation

Ready or Not, Prepare to Start Answering Questions About Reg BI Compliance

By Emily P. Gordy, Cheryl Haas, Alexander Madrid and Aline McCullough

On June 5, 2019, the SEC adopted Regulation Best Interest (“Reg BI”), which requires broker-dealers and associated persons to make recommendations regarding securities transactions (or investments involving securities) that are in the “best interest” of their retail clients. The SEC also adopted Form CRS, requiring broker-dealers and investment advisers to provide a brief relationship summary to retail investors, and issued two pieces of guidance regarding investment advisory activities. This Alert focuses largely on Reg BI. While the compliance deadline for Reg BI and Form CRS is not until June 30, 2020, firms should be prepared to shortly begin answering questions from regulators regarding their Reg BI implementation efforts.

Reg BI

Overview

Reg BI has four broad requirements or “Obligations:” (a) a Disclosure Obligation, which generally requires disclosure of relevant facts, (b) a Care Obligation, which generally requires the exercise of reasonable diligence and care, (c) a Conflict of Interest Obligation, which generally requires the implementation of policies and procedures to disclose and/or eliminate conflicts of interest and (d) a Compliance Obligation, which generally requires the implementation of Reg BI policies and procedures.

In order to comply with Reg BI, firms should review and update their procedures, update account information where necessary, evaluate current conflicts of interest, and train registered representatives, supervisors, and compliance personnel on the SEC’s new standard.

Potential Pitfalls – Watch Out

While we will not attempt here to capture all of the issues that firms must address in implementing Reg BI and Form CRS, we identify below certain potential pitfalls in Reg BI compliance. In particular, there are areas in Reg BI that may look very familiar to concepts with which firms are already familiar. Do not be fooled. There are critical differences.

  1. Recommendations: “Strategies,” “hold recommendations,” and “account recommendations” are all concepts that have existed, at a minimum, since FINRA Rule 2111 and the ensuing guidance was issued. Note, however, that in the Reg BI context, there can be an “implicit hold” recommendation when, for instance, the firm or associated person agrees to perform account monitoring services (i.e., silence can be a recommendation). Furthermore, if there is no agreement to perform account monitoring, but the associated person voluntarily undertakes such a review, that is not considered account monitoring but any recommendation arising from that review will be subject to the best interest standard.
  2. Dual Registrants: There are a number of nuances to consider when appropriately implementing Reg BI when the firm and/or the associated person is a dual investment adviser/broker-dealer registrant. Because Reg BI will only apply to the broker-dealer activities of a dual registrant firm, it will be important and potentially challenging for firms to clearly identify the activities that are subject to Reg BI.
  3. Disclosure: There are several questions that a firm/individual must consider when approaching the Reg BI disclosure obligations. For example, (a) how is the disclosure accomplished and when (i.e., at or before the recommendation)?, (b) to what extent will Form CRS disclosures satisfy the disclosure obligations?, (c) what is a material conflict of interest?, (d) are oral disclosures ever okay and if so, what are the requirements?, and (e) can the firm or individual refer to myself as an “advisor” or “adviser?”.
  4. Care Obligation: At first glance, the components of the Care Obligation look a lot like the three components of the Suitability Obligation in FINRA Rule 2111. However, while, like FINRA Rule 2111, there is a reasonable basis requirement, a customer specific requirement, and a quantitative (number of transactions) requirement, Reg BI requires much more than FINRA Rule 2111. In particular: (a) Firm must exercise reasonable diligence and skill to understand the potential risks, rewards, and costs (this includes assessing incentives, expected returns, and other factors), (b) With regard to the specific retail customer for whom the recommendation is made, the firm and associated person must have a reasonable basis to believe that the recommendation is in the customer’s best interest AND that it does not place the firm’s interest ahead of the customer, and (c) If a series of transactions is recommended, that strategy must be in the best interest of the customer and, with regard to this obligation, the biggest difference is that the series of transactions is evaluated without regard to whether the associated person exercises actual or de factor control over the account.
  5. Conflict of Interest Obligation: Under Reg BI, firms are required to have written policies and procedures that not only ensure disclosure conflicts of interest but that (a) Identify and disclose or eliminate conflicts, (b) Identify and mitigate conflicts creating an incentive to place interests ahead of the customer, (c) Identify and disclose if there is a limited product menu, and (d) Identify and eliminate certain sales contests, quotas, bonuses and non-cash compensation that are based on specific products or types to be sold within a specific time period.
  6. Compliance Obligation: This Obligation mandates that firms establish, maintain, and enforce written policies and procedures designed to achieve compliance with Reg BI. Because firms are very familiar with requirements to adopt compliance policies and procedures, particularly broker-dealer firms complying with FINRA Rule 3110, they may be inclined to not take this obligation as seriously as some of the others. However, the Compliance Obligation is a reminder that: (a) It is critical that this compliance program be reviewed periodically to assess whether changes are needed and (b) The SEC takes its policy and procedure requirements very seriously. In the past, in the broker-dealer context, FINRA has handled enforcement of policy and procedure deficiencies, because the SEC’s supervision cases were based on actual failures to supervise as opposed to procedural deficiencies. This Obligation provides a clear avenue for the examination and enforcement staff to take action if there a compliance program and procedural failures. Firms can expect that the SEC Staff will not be silent where compliance programs do not adequately address Reg BI.
  7. Firm Obligations vs. Individual Obligations: In the release adopting Reg BI, the SEC Staff emphasizes that the Conflict of Interest and Compliance Obligations apply only to firms, while the Care and the Disclosure Obligations apply to both the firms and the associated persons. With respect to the Conflict and Disclosure Obligations, a firm has responsibility for developing, maintain, and enforcement written policies and procedures, the firm must be vigilant in reasonably exercising those responsibilities. We have seen many cases in recent years where the regulators have brought enforcement actions against those with the same responsibilities when the program had material failures or gaps.                 

Early Examination Inquiry and Potential Enforcement Implications

As the primary regulator of broker-dealers, FINRA will be tasked with the leg work of Reg BI enforcement. FINRA will likely not wait until the effective date of Reg BI these requirements to begin asking firms about their Reg BI compliance efforts. Rather, FINRA will want to ensure that its member firms are prepared for this sea change in regulatory compliance obligations and requirements.

At a recent industry conference, senior FINRA officials indicated that FINRA will begin asking member firms about their Reg BI preparation efforts as part of its examination program as soon as early next year. While officials framed these examination inquiries as designed in part to identify areas where industry participants may need additional guidance, firms must nevertheless prepare for imminent questions regarding their Reg BI implementation efforts.

Many expect that it is unlikely that FINRA and the SEC will bring formal enforcement cases against firms and individuals in the first year or so following the compliance deadline. However, if firms fail to make an effort to comply with Reg BI or disregard issues a regulator identifies in a firm during an examination or otherwise, we would expect the SEC and FINRA will not hesitate to bring enforcement actions.

Firms will not only face scrutiny from the SEC and FINRA in connection with the subject matter of Reg BI. It is expected that the states, many of which have already passed, or are in the process of passing, their own more stringent fiduciary statutes and regulations, will be more proactive on the enforcement front in this space. Regardless of where a state may be with their own legislative action in this space, they could pursue actions when firms or individual registered representatives are not complying with Reg BI obligations. Furthermore, while the Department of Labor’s Fiduciary Rule, which sought to impose a fiduciary standard of conduct for registered representatives working with retirement accounts, was vacated by the U.S. Court of Appeals for the Fifth Circuit, the DOL has indicated that they expect to issue a revised rule later this year, with changes reflecting a similar approach to Reg BI.

Legal Challenge to Reg BI

On September 9, 2019, seven states and the District of Columbia filed suit against the SEC in the U.S. District Court for the Southern District of New York. The plaintiffs essentially claim that Reg BI is too weak, alleging that it undermines what they deem to be “critical consumer protections for retail investors” and allows registered representatives to continue to give conflicted advice. The plaintiffs seek to invalidate the SEC’s rule, alleging that the SEC exceeded its authority and that Reg BI is arbitrary and capricious under the Administrative Procedures Act.

Investment Adviser Guidance

Simultaneous with its adoption of Reg BI, the SEC approved two pieces of guidance in the investment advisory regulatory sphere.

First, the SEC issued guidance to clarify when a broker-dealer’s activities may qualify under the broker-dealer exclusion from investment adviser registration, which generally exempts a firm from investment adviser registration when such broker-dealer’s activities are “solely incidental” to its broker-dealer activities. In this guidance, the SEC Staff indicates that broker-dealers who have long-term investment discretion will unlikely be able to rely on the broker-dealer exclusion.

Second, the SEC issued guidance that generally expands upon prior SEC Staff guidance regarding an investment adviser’s fiduciary duty. In particular, this guidance provides more detail regarding an investment adviser’s duties of care and loyalty.

Form CRS

Form CRS and its related rules require SEC-registered investment advisers and broker-dealers to both file with the SEC and deliver to retail investors a customer or client relationship summary that meets certain requirements, which summary is intended to assist the customer or client in making decisions regarding its relationship with the adviser or broker-dealer.

If you have not started your Reg BI compliance preparation, Start Now.

 

Financial Institution Regulation, Securities and Commodities

The More Things Change, the More They Stay the Same –Joint Statement by FINRA and the SEC on the Customer Protection Rule and Digital Asset Securities

By Molly White, Emily P. Gordy and Louis D. Greenstein

On Monday, July 8th, FINRA and the SEC took the unusual step of issuing a joint statement on broker-dealer custody of digital asset securities. In doing so, the Staffs of the SEC’s Division of Trading and Markets and of FINRA’s Office of General Counsel made clear that the SEC and FINRA will continue to apply the existing regulatory framework to the rapidly evolving world of digital assets.

The joint statement notified market participants that any entity that buys, sells, or otherwise transacts in, or effects transactions in, digital asset securities, may be subject to federal regulations, including regulations that may require them to register with the SEC as a broker-dealer and become a member of FINRA.

The joint statement focuses on the Customer Protection Rule, noting that any entity that acts as a broker-dealer must comply with that rule. The Customer Protection Rule requires broker-dealers to safeguard customers’ assets and keep them separate from the firm’s assets, which makes it more likely that a customer’s assets will be returned if the broker-dealer fails. Given the potential for cyberattacks on digital assets trading platforms, and given the way digital asset securities are issued and exchanged, the Customer Protection Rule can present challenges to broker-dealers operating in the digital asset space.

FINRA has received New Membership Applications and Continuing Membership Applications from new and existing broker-dealers that wish to engage in broker-dealer activities involving digital assets. The Applications show that broker-dealers are considering two types of business models. Some broker-dealers are considering providing non-custodial services when it comes to digital assets, which means that the broker-dealer would engage in transactions without ever taking custody of the digital assets (for example, by trade-matching or providing introductions).

Other broker-dealers are pursuing a business model that involves custodying assets. The joint statement noted that broker-dealers that wish to custody assets may find it difficult to comply with the Customer Protection Rule. Fundamentally, the unique way that digital asset securities are issued, held, and transferred makes it challenging to comply with the requirements of the Rule, which requires that a good control location is established and verified. There is an increased risk to the assets from cyberattacks and resulting fraud or theft. Further, transfers to unknown or unintended addresses may leave the broker-dealer without a means to reverse the transaction or otherwise recover the assets. The statement also acknowledges that the issues of establishing the existence of the asset, or establishing that it is in a good control location, also present challenges for the firm’s independent auditor in completing the audit and evidencing their review. The staffs of the SEC and FINRA expressed their desire to engage with market participants, as market participants continue to develop technology that might provide solutions to custody issues.

While it is unusual for the SEC and FINRA to issue joint statements, this statement is similar to other SEC pronouncements in the fintech field in that it expresses a desire to engage with, and learn from, market participants, and makes clear that the existing regulatory framework applies to this rapidly evolving field.

Financial Institution Regulation

SEC Adopts Regulation Best Interest

By Emily P. Gordy and Kiran V. Somashekara

On June 5, 2019, the Securities and Exchange Commission adopted, by a 3-1 vote, Regulation Best Interest (“Reg BI”) which, in the words of Chairman Clayton, would “substantially enhance the broker-dealer standard of conduct beyond existing suitability obligations.” The Chairman also noted: “the standard of conduct draws from key fiduciary principles and cannot be satisfied through disclosure alone.”

The Commission also passed the new Form CRS Relationship Summary and two interpretations under the Investment Advisers Act of 1940 (the “Advisers Act”). According to the Commission, the newly-adopted rules and interpretations are designed to (1) enhance and clarify the standards of conduct applicable to broker-dealers and investment advisers, (2) help retail investors better understand services offered and make informed choices regarding the relationship best suited to their needs and circumstances, and (3) foster greater consistency in the level of protections provided by each regime, particularly at the point in time that a recommendation is made.

According to the Commission, under Reg BI, broker-dealers will be required to act in the best interests of retail customers when making investment recommendations and may not put their financial interests “ahead of the interests of a retail customer when making recommendations.” Reg BI includes the following components:

  • Disclosure Obligation: Broker-dealers must disclose to retail customers the capacity in which the broker is acting, fees, the type and scope of services provided, conflicts, limitations on services and products, and whether the broker-dealer provides monitoring services.
  • Care Obligation: A broker-dealer must exercise reasonable diligence, care and skill when making a recommendation to a retail customer, with a clear understanding of potential risks, rewards, and costs associated with the recommendation.  The broker-dealer must then consider these factors in light of the retail customer’s investment profile and ensure that the recommendation is in the retail customer’s best interest, including the costs of the recommendation.
  • Conflict of Interest Obligation: The broker-dealer must establish, maintain, and enforce written policies and procedures reasonably designed to identify and, at a minimum, disclose or eliminate conflicts of interest.  Those policies and procedures must (1) mitigate conflicts that create an incentive for financial professionals to place their interests or those of the firm ahead of the customer’s interests, (2) prevent limitations on offerings from causing the firm or its financial professionals to place their interests or the interests of the firm ahead of the customer’s interest, and (3) eliminate sales contests, quotas, bonuses and non-cash compensation based on the sale of specific securities or specific types of securities within a limited period of time.
  • Compliance Obligation: Broker-dealers must establish, maintain and enforce policies and procedures reasonably designed to achieve compliance with Reg BI as a whole.

The Form CRS Relationship Summary will require SEC registered investment advisers and broker-dealers to provide retail customers straightforward and easy-to-understand information describing the nature of a customer’s relationship with their financial professional.

The Commission also issued two interpretations. First, the Commission issued an interpretation that reaffirmed and clarified its views of the fiduciary duty owed by registered investment advisers to their clients. Second, the Commission issued an interpretation that more clearly defined the “solely incidental” exclusion under the Advisers Act, which delineates when a broker-dealer’s performance of advisory activities causes it to become an investment adviser. The interpretation provides practical guidance by noting that exercising investment discretion over customer accounts and account monitoring are activities that would be beyond “solely incidental” to brokerage activity.

The new measures did not pass without controversy. Commissioner Robert Jackson cast the lone dissenting vote. At the Open Meeting and in a written statement, Commissioner Jackson stated that, while he hoped the new rules would leave “no doubt that investors come first,” the newly adopted rules create a “muddled standard” and “simply do not require that investors’ interests come first.” Earlier this year, a group of former SEC economists criticized the economic analysis underlying Reg BI as “weak and incomplete” for (1) failing to properly identify the specific problem(s) to be addressed by the rule, (2) inadequately discussing existing economic literature relating to financial advising, and (3) relying too heavily on advisers disclosing material conflicts of interest “without requiring advisers to provide a single, easy-to-digest periodic the retail customer’s actual cost of managing her funds.” Investor advocacy groups have also criticized Reg BI for (1) “making it easier for brokers to advertise themselves and weaken protections that currently apply under state fiduciary standards,” and (2) failing to require the elimination of conflicts of interest or to impose a fiduciary obligation on broker-dealers.

The documentation approved by the Commission on June 5th totals more than 1,400 pages. As the industry, counsel, consultants, other regulators, and other stakeholders wade through the materials, additional assessments will be provided.

Practical Considerations

The Commissioners, the Chairman, and the staff stressed the importance of continuing to review and assess the scope of the newly-adopted requirements and to assist firms with their implementation efforts. To facilitate effective and responsive engagement, the Commission is creating an inter-Divisional Standards of Conduct Implementation Committee. The Commission encouraged firms to engage with the Committee as questions arise during implementation. The Commission also has set up a “mailbox” to receive questions by email (IABDQuestions@sec.gov).

Reg BI and Form CRS will become effective 60 days after they are published in the Federal Register, and will include a transition period until June 30, 2020.  By that date, registered broker-dealers must begin complying with Reg BI and broker-dealers and investment advisers registered with the Commission will be required to prepare, deliver to retail investors, and file a relationship summary. The interpretations will become effective upon publication in the Federal Register.

Should you wish to discuss requirements and/or implications of Reg BI, Form CRS Relationship Summary or newly issued statutory interpretations, please contact any of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.

 

Compliance

North American Securities Administrators Association (NASAA) Releases Model Cybersecurity Rule

By Alexander Madrid, Emily P. Gordy and Cheryl Haas

On May 21, the North American Securities Administrators Association (NASAA)—an organization comprised of 67 securities regulators within the United States (all fifty states as well as districts and territories), Canada, and Mexico—released a model cybersecurity rule package governing state-registered investment advisors’ cybersecurity and privacy practices.  The model rule package, which would need to be adopted by an individual state so as to become law in that jurisdiction, provides a structure for how state-registered investment advisers must design their information security policies and procedures. Continue Reading

Energy Enforcement

FERC Rescinds Notice of Alleged Violation Policy

By Todd Mullins and Christopher McEachran

This week, the Federal Energy Regulatory Commission (“FERC”) issued an order rescinding its Notice of Alleged Violation (“NAV”) Policy. The NAV Policy was put in place by a 2009 order and authorized FERC’s Office of Enforcement Staff (“OE staff”) to ask the FERC Secretary to issue a public NAV at the stage of the investigation after the subject has had a chance to respond to OE staff’s preliminary findings. This usually happened at about the time staff sought settlement authority from the Commission in order to potentially resolve the matter. The NAV was a very short document stating that FERC staff had preliminarily determined that the named subject had violated a FERC rule, oftentimes FERC’s anti-Market Manipulation rule. FERC investigations typically begin non-publicly and frequently remain that way—especially if FERC decides not to charge subjects with violations. Often the NAV was the first public notice of the case.

The NAV Policy was initially and nominally put in place to add transparency to the process for cases that would possibly proceed past investigation and provide an opportunity for members of the public to come forward with information that might be relevant to the case and evaluate their own conduct in light of the allegations set out in the NAV. But, those theoretical benefits came at a very real price: damning public disclosure of the allegations against the subject before any adjudicative process that might allow a public defense or a settlement that would put the matter into a final context. In the ensuing years, the practice came under increasing criticism in the industry and the bar.

FERC is now abandoning this step because, per its own analysis, it has not worked out as intended. FERC last issued an NAV in April 2018, after which it announced settlements in other cases without NAVs, so it appears that in practice FERC had already abandoned its NAV Policy. After ten years of the NAV Policy in practice, FERC has concluded that “the potential adverse consequences that NAVs pose for investigative subjects are no longer justified” based on the limited information brought to FERC’s attention through the NAV process. FERC also claimed the need for publicly-supplied information has been reduced, as FERC’s own investigative methods have improved in the intervening decade through the addition of a slew of data driven analytical tools to FERC’s arsenal.

FERC’s re-visitation of this matter and change of course are, in our view, a sign that good government is at work. The publicly-issued NAV has been a major area of frustration for investigation subjects—especially those expecting to settle their cases. In practice, the NAV would issue once OE had obtained settlement authority but before any settlement had been finalized. Investigation subjects were thus forced, as a practical matter, to sit idly by while the news of their (alleged) bad acts was announced in the NAV, unable to make any public pronouncements for fear of disrupting the settlement negotiations. With the NAV step removed, subjects of an investigation will be able to announce their “positive” news of a settled (and final) investigation together with the negative news of the alleged bad acts.

Even subjects who expected they might not settle suffered—because they usually and correctly recognized that there was not a practical way to respond publicly to a very cryptic statement that had yet to be formally and fully advanced as an allegation by the Commission. Some subjects of NAVs never ended up being charged or settling so their names were needlessly publicized (as FERC’s order candidly recognized). All that will now stop. That is good.

Most subjects suffered real and lasting negative consequences from the reputational harm associated with these NAV disclosures. As against all of these downsides for subjects, FERC’s order recognizes what has long been known in inside and outside FERC: that the expected benefits of the NAV Policy never materialized. So, for companies and individuals that find themselves under investigation by FERC, this comes as welcome news. No longer will the NAV be the first public word of alleged violations unaccompanied by context-setting settlement or other expressions that can at least somewhat be influenced by the investigation subject.

Securities and Commodities

D.C. Circuit Vacates SEC Sanctions, Says Negligent Omissions Are Not ‘Willful’ Under Advisers Act

By Anitra T. Cassas, Emily P. Gordy, Cheryl Haas and Amanda J. Goldstein

On April 30, the U.S. Circuit Court of Appeals for the District of Columbia Circuit vacated a Securities and Exchange Commission order imposing sanctions. The court held that an investment advisory firm and its owners did not violate Section 207 of the Investment Advisers Act of 1930, 15 U.S.C. § 80b-7, by negligently omitting material facts from the firm’s Form ADV. (See Robare Group, Ltd., et al. v. SEC, No. 16-1453.)

In September 2014, SEC Enforcement charged the petitioners, The Robare Group and its two principals, with violations of Sections 206(1), 206(2) and 207 of the Advisers Act, alleging that they willfully failed to disclose a revenue-sharing arrangement through which the firm received compensation when its clients invested in certain mutual funds. After an administrative law judge dismissed all charges, the SEC reviewed the case de novo and determined that, while the record did not support a finding of scienter, the petitioners violated: (i) Section 206(2) of the Advisers Act by negligently failing to disclose the revenue-sharing arrangement adequately to customers and (ii) Section 207 of the Advisers Act by failing to disclose the revenue-sharing arrangement to the SEC on the firm’s Form ADVs. As a result, the SEC imposed a $50,000 civil monetary penalty on each of the petitioners.

The petitioners appealed the decision to the D.C. Circuit, arguing, inter alia, that “the Commission erred in ruling that [the petitioners] violated Section 207 of the Advisers Act by willfully omitting material information about the [revenue-sharing arrangement]” despite the lack of substantial evidence to establish that they willfully omitted material facts.

Section 207 of the Advisers Act provides the following: “It shall be unlawful for any person willfully to make any untrue statement of a material fact in any registration application or report filed with the Commission under Section 203 or 204 of the Advisers Act, or willfully to omit to state in any such application or report any material fact which is required to be stated therein” (emphasis added).

While the parties agreed that the term “willfully” in Section 207 required the petitioners to have “intentionally commit[ed] the act which constitutes the violation,” they disagreed over what constituted “the act.” Specifically, the petitioners took the position that a violation of Section 207 requires an intentional misrepresentation or omission of a material fact, whereas the SEC asserted that an adviser violates Section 207 by intentionally completing or filing a Form ADV that turns out to contain a material misrepresentation or omission.

The D.C. Circuit held that, while substantial evidence supported the SEC’s negligence-based findings with respect to the Section 206(2) violation, “the Commission’s findings of willful violations under Section 207 based on the same negligent conduct are erroneous as a matter of law.”

In agreeing with the petitioners’ reading of Section 207’s willfulness requirement, the Court stated, “Intent and negligence are regarded as mutually exclusive grounds for liability. Any given act may be intentional or it may be negligent, but it cannot be both” (with internal quotations and citations omitted). Accordingly, the Court held that, in order to violate Section 207, at least one individual must have subjectively intended to omit the material information from the Form ADV.

Thus, the D.C. Circuit found that, because the SEC found there to be no scienter, the SEC could not support a Section 207 violation by the petitioners based on the finding that they negligently omitted the revenue-sharing arrangement from the Form ADV, which did not amount to willful conduct. As a result, the Court remanded the case to the SEC to determine a suitable fine for just The Robare Group’s negligent violation of Section 206(2).

Lessons Learned

The SEC staff is likely evaluating what this opinion means for its enforcement program. Specifically, there is now a significant question about whether this decision upends the long-standing SEC position that administrative proceedings can brought under Exchange Act Sections 15(b)(4) and (b)(6) and Advisers Act Sections 203(e) and (f), which also require a “willfulness” finding, based on just the barest minimum of understanding, as many have said, “not sleepwalking.” In the ubiquitous footnote included in every proceeding instituted under those sections, the SEC states:

A willful violation of the securities laws means merely “’that the person charged with the duty knows what he is doing.’” Wonsover v. SEC, 205 F.3d 408, 414 (D.C. Cir. 2000) (quoting Hughes v. SEC, 174 F.2d 969, 977 (D.C. Cir. 1949)). There is no requirement that the actor “‘also be aware that he is violating one of the Rules or Acts.’” Id. (quoting Gearhart & Otis, Inc. v. SEC, 348 F.2d 798, 803 (D.C. Cir. 1965)).

How the SEC comes out on the question of whether this is still a valid position for them to take in future settlements and litigated administrative proceedings may have a profound impact going forward.

As for the SEC’s immediate consideration for this case and other pending matters, while this finding will make it harder for the SEC to bring Section 207 in the absence of a scienter finding, negligently drafted disclosures may still subject advisers to liability under Section 206(2). Furthermore, while, as noted above, the necessary “willful” finding is a jurisdictional requirement to initiate a proceeding pursuant to Advisers Act Section 203(e), the SEC may still initiate cease-and-desist proceedings pursuant to Section 203(k) of the Advisers Act and obtain monetary penalties. Negligence is enough to bring a cease-and-desist proceeding and obtain a penalty.

In addition, the decision makes it clear that relying on industry standards does notnecessarily serve as a defense to negligence where, as the D.C. Circuit found here, The Robare Group’s principals recognized that the payment arrangement “created potential conflicts of interest and that they knew of their obligation to disclose this information to clients.” (See Robare at 12-13.) The Court determined that the numerous violations of the defendants’ fiduciary duty were unreasonable and thus negligent.

One benefit of the D.C. Circuit ruling is that it may be easier to settle a matter without a finding of willfulness, as statutory disqualification will be avoided. (A finding by the SEC that a person or firm acted willfully is a disqualifying event according to Section 3(a)(39) of the Exchange Act.)

Should you wish to discuss the D.C. Circuit’s decision, please contact one of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.

Anti-Money Laundering, Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

Suspicious Activity Monitoring and Reporting – FINRA Issues Notice Consolidating Governmental and Regulatory “Red Flag” Guidance

By Emily P. Gordy and Cheryl Haas

Enforcement actions sanctioning firms and, in a few cases, individuals for failing to investigate and report suspicious activity have been significantly on the rise. SEC, FinCEN, FINRA, and others have been active in this area, particularly with regard to trading at, by, or through the financial institution.  One critical component of a financial institution’s ability to maintain a robust anti-money laundering (“AML”) program and comply with its suspicious activity reporting (“SAR”) obligations is to ensure that the firm actively identifies and timely reviews “red flags” of potentially suspicious activity. What constitutes a “red flag” varies depending on many factors, including the firm’s business, location of the firm and customers, customer activity, and many other factors. Regulators over the years have issued guidance detailing “red flags” for potentially bad activity in an effort to assist firms in developing and enhancing their SAR reporting programs.

Consolidation of “Red Flag” Guidance or One Stop Shopping 

On May 6, FINRA published a Regulatory Notice 19-18 (the “Notice”), which aggregates federal government and other regulatory “red flag” guidance issued over the past 17 years.  Included in the Notice are the “red flags” that FINRA included in its own original notice issued in 2002, Notice to Member 02-21. FINRA issued the Notice to provide “one stop shopping” for firms searching for insights from the government and regulators on what they should monitor.  The Notice lists no fewer than 104 “red flags” compiled in five categories: customer due diligence and interactions with customers, deposits of securities, securities trading, money movements, insurance products, and a catch all (other potential red flags).

Take-Aways

  • Never static – not one-and-done. Firms need to review periodically their AML/SAR programs to assess “red flags” employed to ensure they evolve to reflect new concerns in the industry, new methods by the “bad guys” to use the financial system to engage in illegal activity, and changes at the particular firm that implicate new “red flags.”
  • Not one size fits all. Variations of firms in terms of size, business, model, products, etc. means different “red flags” will be at play.
  • Not an exhaustive list. The 104 “red flags” are examples and not a complete list.  As noted, additional “red flags” will arise based on unique facts and circumstances of the activity at issue. If something appears questionable, follow up.
  • As the slogan says: “if you see something, say something.” SAR reports are extremely valuable resources and information to law enforcement to put the investigative pieces together. The reports have led to many successful law enforcement cases, and firms remain obligated to investigate a red flag and where appropriate file a SAR report.
  • Ignore a red flag at your peril. Of course, the bottom line for financial institutions with SAR reporting obligations: failure to investigate and, if appropriate, file SAR reports exposes the firm to significant sanctions and reputational damage when a regulator identifies the “red flags” and no appropriate follow up.
Securities and Commodities

SEC OCIE Highlights Potential Deficiencies in Firm Privacy Policies

By Emily P. Gordy, Alexander Madrid and Cheryl Haas

On April 16, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert highlighting Regulation S-P compliance deficiencies and issues it found in recent examinations of broker-dealers and investment advisers. Regulation S-P is the primary SEC rule detailing the safeguards these firms must take to protect customer privacy. The Risk Alert provides an important reminder for firms to assess their supervisory and compliance programs related to Regulation S-P and make any necessary changes to strengthen those systems. Indeed, in light of the substantial fines that can accompany a finding that Regulation S-P has been violated, firms must pay careful attention to the OCIE’s guidance regarding potential pitfalls.

Regulation S-P requires broker-dealers and advisors to adopt written policies and procedures addressing the protection of customer information and records. These policies and procedures must be reasonably designed to ensure the security and confidentiality of customer records and information as well as protect against unauthorized access or threats. Additionally, Regulation S-P requires firms to send customers notices regarding the firm’s privacy policies and practices (at the establishment of the customer relationship and then annually thereafter) as well as an “opt out notice” that explains to customers their right to opt out of some disclosures of their non-public information to third parties. Firms that fail to comply with Regulation S-P can be hit with substantial fines; last year the SEC fined a broker-dealer $1 million for failing to maintain adequate safeguards against identity theft.

The Risk Alert highlights examples of common deficiencies or weaknesses that OCIE staff identified related to Regulation S-P in their examinations, which serve as considerations for firms evaluating their own policies and procedures:

  • Failure to Provide Adequate Notices. Some examined firms failed to provide the notices required by Regulation S-P, whereas others provided notices that did not contain required information, such as information regarding a customer’s opt-out right.
  • Lack of Adequate Policies and Procedures. Some firms did not have adequate written policies and procedures addressing customary privacy. The OCIE noted that policies and procedures that simply restate the rules contained within Regulation S-P are insufficient; rather, these documents must actually address the administrative, technical, and physical safeguards the firm has put in place. Similarly, “off the shelf” policies and procedures—which firms sometimes buy from third party vendors—are insufficient if firms do not include detail as to how they are actually being implemented.
  • Poorly Designed or Unimplemented Policies. The OCIE observed that even where firms had written policies and procedures, in some cases they were either not actually implemented or not reasonably designed to meet the requirements of Regulation S-P. The OCIE identified specific areas where firms’ policies and procedures were either poorly designed or not implemented:
    • Personal devices. The OCIE highlighted firms whose employees regularly stored and maintained customer personally identifying information (“PII”) on their personal laptops, but whose policies and procedures did not address how to safeguard that information.
    • Email. Some firms did not have policies and procedures reasonably designed to prevent employees from regularly sending unencrypted emails containing customer PII. Other firms did have such policies but did not provide adequate training to employees or failed to monitor if their policies were actually being followed.
    • Outside Vendors. Some firms failed to follow their own policies and procedures when dealing with outside vendors. The OCIE noted firms that failed to require outside vendors to contractually agree to keep customer PII confidential, even where their own policies and procedures required such agreements.
    • Failure to Identify Systems with Customer Information. Some firms did not inventory all systems on which they maintained customer PII, which the OCIE stated could limit their ability to safeguard that information.
    • Inadequate Incident Response Plans. Some firms’ incident response plans did not address important areas such as actions required to address a cybersecurity incident and assessments of system vulnerabilities.
    • Unsecure Physical Locations and Unauthorized Access. The OCIE noted firms that stored customer PII in unsecure physical locations (such as unlocked file cabinets) as well as cases where customer login credentials had been sent to employees who were not authorized to receive that information.
    • Departed Employees. Finally, the OCIE noted instances where former employees of firms retained access rights to customer PII after their departure.

The Risk Alert serves as a timely reminder to all broker-dealers and investment advisers to review their written policies and procedures, as well as the implementation of those policies and procedures, to ensure they are compliant with Regulation S-P. The Alert also serves as a complement to FINRA’s 2018 Report on Selected Cybersecurity Practices, which set forth FINRA’s observations regarding effective practices that firms have implemented to address cybersecurity risks, including risks related to identity theft.

McGuireWoods’ experienced broker-dealer/investment adviser team will continue to monitor and report on important issues affecting the broker-dealer industry. For more information, contact the authors of this article or any member of the team.

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.

Agree