In 2014, we saw a notable increase in the number of examinations of registered investment advisers by the Office of Compliance Inspections and Examinations (OCIE) of the US Securities and Exchange Commission (SEC). In particular, we noted numerous examinations of newly registered investment advisers and first time examinations of investment advisers that have not previously been examined, in both cases consistent with OCIE’s publicly announced priorities. We expect to see both initiatives continue well into 2015, whether or not formally announced as such by the SEC.
Investment advisers have reported a wide range of experiences in recent examinations. OCIE still generally seems to give about one week’s advance notice of an examination. The duration of examinations, however, has lasted anywhere from three days to several months in time. In some cases, exams have been conducted entirely off-site through exchanges of documents through the SEC’s secure email system. Recently, OCIE staff have not been identifying examinations as “presence” exams, but examinations have tended towards the shorter end of the spectrum. Similarly, we have noted a significant range in the scope and depth of reviews. For example, the SEC’s review of emails has ranged from no review to reviewing emails of multiple personnel, and has covered periods ranging from one month to more than one year in time. We have even seen “phone exams” as part of the SEC’s outreach programme for newly registered investment advisers, where the SEC spends an hour or so on the phone with the chief compliance officer asking questions about Form ADV and the registrant’s business.
Key issues that we noted as having been raised in recent examinations and/or mentioned in deficiency letters include:
Interestingly, we have not seen cybersecurity issues or questions regarding Form PF filings raised in recent routine examinations (we have, however, seen questions on these matters come from the SEC in other contexts – i.e., the Risk and Examination Office of the SEC’s Division of Investment Management has met with several investment advisers to discuss their Form PF filings), but we expect more questions to come on both issues in the future given recent SEC focus on both topics.
As always, we urge all registered investment advisers to give serious thought and planning as to how to prepare for and respond to an SEC examination by, among other things, carefully reviewing recent OCIE document request lists in order to ensure that all required records can be made available promptly; identifying key personnel who will interact with the SEC staff; preparing key personnel for interviews; reviewing the results of any prior SEC exams (especially any prior deficiency letters); maintaining adequate written documentation of annual compliance reviews; and adequately documenting key risks and responsibilities.
SEC enforcement action highlights
Both the number of SEC enforcement actions and the amount of disgorgements and penalties obtained increased significantly in 2014. In the fiscal year ending September 2014, the SEC filed a record 755 enforcement actions and obtained orders totalling $4.6 billion in disgorgement and penalties, up from 686 and $3.4 billion, respectively, in the 2013 fiscal year. In addition, the SEC brought a number of first-ever enforcement actions, including actions involving the Pay-to-Play Rule, whistleblower retaliation and high-frequency trading. The SEC credited its use of innovative data and quantitative analysis as contributing to its success in detecting violations. The increase in the number of enforcement actions is also emblematic of SEC chairperson Mary Jo White’s “Broken Windows” enforcement philosophy, which targets conduct that in the past would likely have been noted in a deficiency letter without publicity or penalty. As chairperson White remarked at the Securities Enforcement Forum in October 2013, “minor [securities] violations that are overlooked or ignored can feed bigger ones, and, perhaps more importantly, can foster a culture where laws are increasingly treated as toothless guidelines. And so, I believe it is important to pursue even the smallestinfractions.” We expect this trend of strong SEC enforcement and growing reliance on new investigative tools to continue in 2015.
Below is a summary of some of the notable enforcement actions from 2014:
First SEC enforcement action on Pay-to-Play Rule violations
On 20 June 2014, the SEC announced its first enforcement action brought under Rule 206(4)-5 (Pay-to-Play Rule) of the Investment Advisers Act of 1940 (Advisers Act). The Pay-to-Play Rule prohibits, among other things, an investment adviser from providing investment advisory services for compensation to a state or local government entity if the investment adviser or any of its “covered associates” had made a political contribution to an elected official, or a candidate for such elective office, within the preceding two years, and the holder of the elective office is in a position to direct or otherwise influence the award of the government entity’s investment advisory business. According to the SEC order, the investment adviser violated the Pay-to-Play Rule by continuing to provide advisory services to city and state pension funds after a covered associate had given a total of $4,500 in campaign contributions to a mayoral candidate and the state governor. Without admitting or denying any wrongdoing, the investment adviser agreed to be censured and pay disgorgement, pre-judgment interest and a civil penalty totaling $300,000.
This enforcement action highlights the importance of establishing stringent guidelines on political contributions by an investment adviser and persons who may qualify as the investment adviser’s “covered associates” under the Pay-to-Play Rule. We note that a Pay-to-Play Rule violation can occur even if the investment adviser had no knowledge of a contribution made by a covered associate. Moreover, as this case demonstrates, even a small political contribution can trigger an enforcement action, so long as the value of the contribution is above the rule’s de minimis thresholds. Investment advisers should conduct due diligence on any past contributions prior to onboarding a government entity client, hiring a new employee, promoting an existing employee or engaging a solicitor. Moreover, investment advisers should remain cognizant of any client government plan policies that may restrict or prohibit similar activities.
First SEC enforcement action on whistleblower retaliation
On 16 June 2014, the SEC announced its first enforcement action for violations of the anti-retaliation provisions under Section 21F of the Securities and Exchange Act of 1934 (Exchange Act). Section 21F provides that the SEC shall reward whistleblowers who voluntarily provide information on possible federal securities law violations that leads to successful enforcement actions. To encourage whistleblowers to come forward without fear of retaliation, Section 21F(h) prohibits an employer from terminating, demoting, suspending, threatening, harassing or otherwise discriminating against an employee for reporting potential violations to the SEC and/or assisting in any resulting enforcement actions.
The SEC order alleged that the investment adviser violated Section 21F(h) by removing the head trader from his trading desk and stripping him of his day-to-day trading and supervisory responsibilities after learning that the head trader had reported improper principal trades to the SEC. The SEC found that the investment adviser had no reason for doing so and concluded that the head trader was marginalized for reporting the principal trades. Without admitting or denying any wrongdoing, the investment adviser and its principal agreed to pay disgorgement, pre-judgment interest and civil penalty totaling $2.2 million to settle the principal trading and whistleblower retaliation charges.
We note that on 23 September 2014, the SEC also separately announced a $30 million reward (the largest reward under the SEC’s whistleblower programme to date) to a whistleblower for providing information that led to a successful SEC enforcement action. Both the June enforcement action and the September reward signal the SEC’s determination to exercise its anti-retaliation authority. Investment advisers should be careful when terminating, demoting or otherwise changing the scope or terms of employment of an employee who has acted as a whistleblower, even if the changes are for unrelated reasons, and should be ready to provide a well-documented response in the event that the changes are brought into question.
First SEC enforcement action on high-frequency trading
On 16 October 2014, the SEC announced its first high-frequency trading manipulation case brought under Section 10(b) and Rule 10b-5 of the Exchange Act. The SEC order alleged that a New York-based high-frequency trading firm engaged in fraudulent conduct in connection with the purchase and sale of securities through a practice known as “marking the close.” The SEC alleged that, using a sophisticated algorithm, the high-frequency trading firm manipulated the closing prices of thousands of publicly traded securities in the firm’s favour by placing a large volume of rapid-fire trades near the close of trading almost every trading day during a six-month period in 2009. In addition, the high-frequency trading firm allegedly implemented additional algorithms to ensure that its orders received priority over other orders when trading imbalances. Without admitting or denying any wrongdoing, the high-frequency trading firm agreed to pay a penalty of $1 million to the SEC and to cease and desist from committing or causing any future violations of securities laws.
We note that the SEC’s chairperson, Mary Jo White, and its enforcement chief, Andrew Ceresney, have indicated on separate occasions that the SEC has a number of other investigations targeting manipulative activities by computer-driven trading firms. This enforcement action highlights the SEC’s determination to increase its oversight of high-frequency trading and other complex computer-driven practices, and showcase that it has the expertise to investigate fraudulent algorithmic trading strategies.
SEC enforcement action against investment adviser for misallocation of expenses
On 22 September 2014, the SEC charged an investment adviser with breaching its fiduciary duty to two private equity funds advised by the investment adviser by improperly allocating expenses between two portfolio companies, each separately owned, although subsequently integrated. The SEC also charged the investment adviser with failing to maintain policies and procedures reasonably designed to prevent violations of the Advisers Act. Neither charge considered the performance of the underlying portfolio company investments or the extent to which the funds’ investors were harmed. Without admitting or denying the SEC’s findings, the investment adviser agreed to pay penalties and disgorgement totaling $2.3 million and further agreed to cease and desist from committing or causing future violations of the Advisers Act.
This enforcement is a reminder that, increasingly, the SEC is focusing on, and concerned with, the allocation of expenses with respect to private equity fund advisers and the advisers’ policies and documentation relating to allocation decision-making.
Mass SEC enforcement actions for failure to file Form 4 and Schedules 13D and 13G
On 10 September 2014, the SEC announced charges against 28 officers, directors and major shareholders for failures to timely file Form 4 and Schedules 13D and 13G with the SEC, as required under Sections 16(a), 13(d) and 13(g) of the Exchange Act, respectively. In addition, the SEC charged several public companies with contributing to the filing failures or neglecting to report the violations. Of the 34 individuals and companies named in the SEC orders, 10 were investment firms. Charges against investment firms primarily stemmed from late, or absence of, reporting with respect to portfolio investments by investment fund clients. Delays in submitting the required filings ranged from weeks to months and even years in certain cases. The SEC focused on repeat late filers and identified them through its use of quantitative data sources and ranking algorithms. Settlement amounts ranged from $25,000 to $100,000 for individuals and $60,000 to $150,000 for public companies and investment firms.
We note that the filing requirements under Sections 16(a), 13(d) and 13(g) apply regardless of the amount of profits or the filer’s rationale for the transactions. Furthermore, even an inadvertent lapse in reporting may constitute a violation.
SEC enforcement action against repeat offender for Custody Rule violations
On 29 October 2014, the SEC announced an administrative proceeding against a registered investment adviser, its principals and its chief compliance and operating officer for violating Rule 206(4)-2 of the Advisers Act (Custody Rule). The SEC order alleged that the investment adviser failed to deliver audited financial statements to private fund investors within 120 days of the 2010, 2011 and 2012 fiscal year-ends, as required under the audit provision (Audit Provision) of the Custody Rule. The investment adviser delivered financial statements at least 40 days late for all years, and was up to six to eight months late with respect to certain private fund investors. Notably, the SEC found that the investment adviser continued to violate the Custody Rule even though it (and its principals) had already been sanctioned by the SEC in 2010 for violating the Custody Rule. The SEC found that the investment adviser failed to take any remedial action and that the investment adviser’s principals and its chief compliance and operating officer aided and abetted the investment adviser’s Custody Rule violations by, among other things, failing to implement policies and procedures necessary to prevent further violations.
This enforcement action underscores the risk that persistent non-compliance can lead to SEC enforcement. We note that the SEC has consistently identified Custody Rule compliance as an examination priority for investment advisers.
INSIDER TRADING DEVELOPMENTS
The year 2014 included several noteworthy developments in the continuing campaign against insider trading, the most significant of which arose in four cases involving hedge funds. One of the cases was a long-running civil enforcement action by the SEC, and the others involved an unsuccessful criminal prosecution and two challenges to prior convictions.
As noted in a previous article, the SEC announced in early summer that it would begin filing more insider trading cases as administrative proceedings, rather than in federal court. This came within days of it losing two insider trading cases in the space of a week, including its long-running case against Nelson Obus, a founding partner of Wynnefield Capital, Inc. Shortly thereafter, the SEC hired two new administrative law judges. This was widely seen as a reaction to the serial defeats the SEC has suffered over the past two years, particularly in insider trading cases, and has been sharply criticized, and even challenged in two pending court cases by parties facing administrative charges, including one for insider trading.
These challenges focus on the fact that the administrative process affords fewer due process protections than a court proceeding under federal procedural, discovery and evidentiary rules. Even a prominent federal judge has encouraged theSEC to reconsider its position. Yet senior enforcement staff have remained steadfast in public comments that they intend to continue on this path. Decisions in the two pending court challenges may determine whether future subjects of enforcement actions will enjoy the full panoply of due process protections afforded by the federal rules, or have to face the SEC’s truncated administrative process, which requires trial within 120 days of filing and a final order within 180 days after trial.
The US Attorney’s Office for the Southern District of New York also suffered notable setbacks, including a high-profile loss against Rengan Rajaratnam, brother of former Galleon Group founder, Raj Rajaratnam, as well as aggressive questioning by a panel of Second Circuit judges in the appeal by Todd Newman, a former portfolio manager at Diamondback Capital Management, and Anthony Chiasson, co-founder of Level Global Investors, of their separate 2012 convictions for trading on information they received as illegal tips. Both men argued that they were “remote tippees,” i.e., several layers removed from the original tip and tipper, and did not know the information they received had been tipped, nor whether the tipper received a benefit for passing the tip.
The trial court’s jury instruction followed the Second Circuit’s opinion reversing summary judgment in the Obus case, referenced above, which did not require evidence that the tippee knew of a particular benefit to the tipper – i.e., a quid pro quo – but only that the information had been improperly passed, as the jury in each case believed Newman and Chiasson knew. A central issue on appeal is whether passing material non-public information in breach of a duty of confidentiality can, alone – in view of the risks attendant to such breach – imply a personal benefit sufficient to support a conviction, on the theory that no reasonable insider would risk criminal prosecution and reputational harm without receiving a benefit, which a sophisticated market participant – as Newman and Chiasson were – would know, or have reason to know. A loss for the government could present opportunities for other convicted tippees to challenge their convictions on grounds that the government did not prove they knew the tipping insider in their case received a personal benefit. On the other hand, victory for the government would heighten the risk of receiving information from sources that may have originated with an insider.
In a second case, affirmed by the Second Circuit and appealed to the US Supreme Court, Whitman Capital, LLC founder, Doug Whitman, raised several issues challenging his conviction, including whether material non-public information underlying an insider trading case must be “a substantial factor” in motivating trading, or only “a factor,” and whether federal or state law defines what fiduciary duty is owed, if any, and breached by an insider who passes such information. Whitman had argued that state law should apply. In his case, California law would have applied, which does not impose a duty of confidentiality on lower-level employees, as Whitman argued his tipper was. Hence, passing the information did not breach any duty under California law, and Whitman should not have been convicted.
On 11 November 2014, the Supreme Court denied Whitman’s petition for certiorari, meaning that for the foreseeable future, the government will need to prove only that misappropriated or tipped information was one factor in the trader’s decision to trade, not a substantial factor, and that the government may invoke federal common law to supply the fiduciary duty an insider owes and breaches when s/he misappropriates or tips material non-public information. One benefit of this outcome is that it avoids overlaying on the federal securities laws a patchwork of varying state law duties, which could yield different results in different states, in a manner contrary to the uniform national standard the federal securities laws were designed to achieve.
FCPA UPDATES: DOJ TARGETS PRIVATE FUNDS
The growth of the private funds industry has drawn the attention of domestic and foreign law enforcement officials intent on rooting out corrupt activity. Taking proactive steps to minimize anti-corruption exposure can avert headline risks, criminal and civil penalties and other potentially devastating collateral consequences.
Hostile regulatory environment
Anti-corruption risks for private funds lie primarily in the enforcement of the US Foreign Corrupt Practices Act (FCPA) by the US Department of Justice (DOJ) and the SEC. The FCPA prohibits corruptly giving anything of value to a foreign official to obtain or retain business. Under the FCPA, public issuers must maintain accurate books and records, and internal accounting controls to prevent and detect FCPA violations. For over a decade, and more recently as of late, the DOJ and the SEC have made FCPA enforcement a priority.
Patrick Stokes, chief of the Justice Department Fraud Section’s FCPA Unit, recently revealed that the department has prosecuted and resolved FCPA cases against 10 corporations and obtained penalties of nearly $800 million since 2013. Stokes, who spoke at the American Bar Association’s National Institute on International Regulation and Compliance in Washington on 2 October 2014, said 25 individuals had either been charged or entered guilty pleas during that period. And since 2009, he added, 50 individuals were convicted and more than 50 cases against companies were resolved with penalties amounting to almost $3 billion.
Recently, there has been an increased focus on prosecuting individuals in addition to corporations. Individual prosecutions threaten jail for offenders found guilty and provide a stronger basis for deterrence. Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit, said at the same American Bar Association conference that the SEC will be announcing a number of FCPA actions against individuals before the end of 2014.
Law enforcement officials interpret the statute to cover a range of corrupt payments above and beyond the proverbial “cash in a briefcase,” scrutinizing companies’ travel and entertainment expenses, gifts and even the hiring of individuals associated with foreign officials. For hedge funds and private equity funds that are expanding their global footprint, perhaps the most alarming is that extraterritorial jurisdiction is routinely exerted over activity with nominal connection to the US. Activities performed entirely outside the US by non-US persons have been prosecuted where the only connection to the US was one bank account. Emails routed through a US email server likewise served as the jurisdictional basis for a prosecution of a non-US person for conduct otherwise entirely outside the US. The DOJ does not hesitate to investigate foreign nationals working for foreign companies who pay bribes to foreign officials in association with wholly foreign transactions, on the existence of a single minor connection to the US.
Compounding the risk for hedge funds and other private funds operating in foreign markets is the challenge of determining whether their business partner or investor is a government official or instrumentality. Corrupt payments are prohibited by the FCPA when offered to foreign officials in the traditional sense, such as ministers, judges and agency employees. But the FCPA also proscribes offers to officials whose government connections are less evident, but prevalent in the private fund industry – employees of pension funds, sovereign wealth funds and other state-owned or state-operated instrumentalities. The definition of an “instrumentality” covered by the FCPA is broadly based upon a host of factors, some of which are counterintuitive. In many countries, such as Russia or China, the government controls a company through a complex chain of subsidiaries, adding layers of difficulty to determining whether the company is an instrumentality.
Seeking to capitalize on the successful extraction of settlement payments under the FCPA, many foreign jurisdictions have enacted and enhanced their own anti-corruption regimes. Global co-operation among law enforcement agencies has skyrocketed.
The UK’s Bribery Act 2010 (UK Bribery Act), a more robust anti-corruption statute than the FCPA, covers individuals and entities that carry on business in the UK, regardless of where the corrupt activity takes place. Unlike the FCPA, the UK Bribery Act prohibits commercial bribery, criminalizes the receipt (not just the offer or provision) of corrupt payments, and does not except nominal payments provided to secure ministerial government actions. The UK Bribery Act has even introduced a new criminal offense: the failure to prevent bribery, unless the entity has in place “adequate procedures” to prevent such conduct.
Rapidly expanding economies have crafted anti-corruption statutes commensurate with their growth. Earlier this year, the Brazilian Clean Companies Act came into effect, imposing strict civil liability on companies operating in Brazil for both domestic and foreign bribery. China, Russia and India have similar enforcement efforts underway. Compliance personnel and the anti-corruption bar took note when Canada recently enhanced its Corruption of Foreign Public Officials Act and secured its first conviction. All of this portends vigilance.
Key risks for hedge funds and others
Hedge funds and other private funds share many of the same anti-corruption risks; however, the fundamental differences between their respective business models make some risks, with respect to each type of fund, more acute than others.
The greatest anti-corruption risks for most private funds arise when securing capital from foreign officials and government entities, including sovereign wealth funds and pension funds. Fundraising often is facilitated by local third-party agents with intimate familiarity with the investing individual or entity. And once a relationship is formed, local agents may be tasked with maintaining it. These interactions can be a primary source of legal risk. Impressive gifts or lavish entertainment are often customary when developing business relationships. Goodwill is generated. Care must be taken to ensure that creating goodwill does not transform itself into paying for business. Breach of that line, itself sometimes hard to find, cannot be the price of admission to do business.
No private fund should engage a local agent to solicit and maintain relationships with foreign government investors with little insight into or protection from that agent’s activities. The FCPA imposes liability not only for the actions of one’s employees, officers and directors, but also for those of one’s intermediaries. Mere knowledge of an agent’s actions can trigger liability. Law enforcement officials are quick to take advantage of this risk point. In recent years, the majority of FCPA enforcement actions have arisen from the use of third-party agents.
Earlier this year, law enforcement officials warned private fund personnel that the DOJ is focused on the use of intermediaries and on gifts, entertainment and travel expenses provided when seeking investments. That prophecy proved self-fulfilling, as a large private fund manager recently disclosed in public filings a federal FCPA investigation of its dealings with a sovereign wealth fund. Several private equity funds have also been associated by the press with FCPA investigations.
While all private funds also must take care when using third-party agents to establish potential investments and maintain relationships, control-oriented private equity funds’ anti-corruption risks, to a far greater extent than other private funds, arise out of the investments themselves, even when limited to the private sphere. Many private companies in emerging markets have weak or non-existent anti-corruption programmes governing their own interactions with foreign government officials. Private equity funds can be held liable for those companies’ corrupt activities – past, present and future.
Control-oriented private equity funds, unlike hedge funds and other types of private funds, ordinarily do not hold passive investments, a business approach that may insulate hedge funds and non-control oriented private funds from liability should a corruption issue arise. Many of the methods customarily employed by private equity funds to generate change in a business and increase profitability also increase risk. Managerial control, board seats, voting rights and veto powers are just some of the indicia of control that can confer liability on a private fund for an investment’s activities, even when holding a minority interest in that investment. Likewise, actions of joint venture partners can create liability for a private equity fund. A private fund can also inherit successor liability for an acquisition’s past wrongs. Even absent liability for the corrupt activities of an investment, significant headline risks may exist. Any anti-corruption investigation or enforcement action can severely impact a private equity fund’s ability to sell an investment.
Maximizing profits by minimizing exposure
A targeted investment’s prior acts, whistleblowers and even the daily activities of agents located on the other side of the world are largely beyond a private fund’s control. However, out of sight should not be out of mind. For a variety of reasons relating to the types of investments in which they engage, many private funds neglect to assess legal risks surrounding corruption issues, thereby compounding possible exposure. But ignoring the legal risk/reward matrix can be catastrophic. Discovering an error in that analysis when law enforcement is at the door is never desirable. By then, whatever excuses one has will typically fall on deaf ears.
Conducting due diligence on agents, business partners and investments; implementing robust anti-corruption compliance programmes; training local representatives on anti-corruption compliance and averting whistleblowers by maintaining anonymous hotlines are some of the many ways in which a private fund can protect itself while expanding on a global scale.
SEC GUIDANCE AND OTHER UPDATES
New SEC Guidance on Social Media
Testimonial Rule and social media
In March 2014, the SEC issued a guidance update applying Rule 206(4)-1 of the Advisers Act (Testimonial Rule) to public commentary about an investment adviser posted on a third-party social media site. Use of social media by investment advisers is generally subject to the anti-fraud provisions under Section 206(4) of the Advisers Act. The Testimonial Rule prohibits any advertisement that refers, directly or indirectly, to testimonials of any kind concerning an investment adviser or its services. Such prohibited “testimonials” may include public commentary from a social media site that relates to the investment adviser.
The new guidance provided that an investment adviser may post, forward or link to public commentary about the investment adviser from a third-party social media site if certain conditions are met. First, the social media site must provide content that is independent of the investment adviser. Second, there must not be a material connection between the social media site andthe investment adviser that would call into question the independence of the site or the commentary. For instance, the investment adviser may not invite clients to post, or compensate clients for posting, commentary regarding the investment adviser. Third, the investment adviser must include all of the unedited comments appearing on the social media site regarding the investment adviser. The investment adviser may not “cherry pick,” rearrange or otherwise edit commentary to highlight favourable commentary or downplay unfavourable commentary.
In the guidance update, the SEC also strongly cautions against the use of community or fan pages, which may be difficult to monitor and increase the risk of deception or fraud.
Recommended practice for investment advisers
Prior to using social media, investment advisers should consider their obligations under the anti-fraud provisions of Section 206(4) and any other applicable state or non-US regulations, as well as any risks presented by their business and operations. Investment advisers should establish policies and procedures governing the use of social media and provide training for firm personnel. Specifically, investment advisers may consider implementing certain prohibitions against the use of social media by firm personnel, including, among other things:
Where the investment adviser allows its personnel to create a social media account (such as a LinkedIn account) identifying her or his employment with the firm, the investment adviser should implement policies and procedures to prohibit any disclosure of the firm’s business or any endorsement of the firm.
Investment advisers should also consider any record-keeping requirements associated with social media communications with prospective and existing clients. In general, Rule 204-2 of the Advisers Act requires an investment adviser to retain written communications with prospective or existing clients, which would include communications conducted through social media. Before communicating with prospective or existing clients through social media, investment advisers should determine whether they have policies and procedures necessary to retain all required records, and make them available for inspection.
New SEC Cybersecurity Examination Initiative
Cybersecurity Examination Initiative
In a risk alert published on 15 April 2014, OCIE announced an initiative to evaluate cybersecurity preparedness in the securities industry by conducting cybersecurity examinations of over 50 registered investment advisers and broker-dealers. This initiative affirms the SEC’s increased interest in the cybersecurity preparedness of regulated firms, an issue which has been identified as an examination priority for 2014 and was the subject of an SEC roundtable in March.
The risk alert included a list of 28 questions that OCIE may use when conducting a cybersecurity examination. Some questions were borrowed from the “Framework for Improving Critical Infrastructure Cybersecurity” released by the National Institute of Standards and Technology (NIST). Based on the risk alert, it is anticipated that cybersecurity examinations will target the following areas:
It should be noted that the questions contained in the risk alert are not intended to be exhaustive, and that OCIE will tailor its examination based on the specific circumstances of the firm.
Recommended practice for investment advisers
Investment advisers, regardless of whether they are selected for examination, should use the risk alert and the NIST framework as guidelines to develop a plan for regularly testing the adequacy of their cybersecurity infrastructure and policies. For investment advisers to private funds, common problem areas may include, among other things:
Investment advisers may consider penetrating their internal systems on a test basis to identify points of vulnerability. They should also (i) implement periodic training for firm personnel and, if applicable, third-party vendors and business partners authorized to access firm networks and (ii) document any compliance measures taken, as well as cybersecurity threats encountered by them (including any remedial steps undertaken in response to such threats). They may also consider purchasing insurance for data breaches.
New SEC guidance on Rule 506(d) Bad Actor Rule
Effective as of 23 September 2013, the SEC amended Rule 506 of Regulation D under the Securities Act of 1933 (Securities Act) to preclude felons and other “bad actors” from participating in any offering under Rule 506. Rule 506 previously did not include any such disqualification standards.
The scope of persons whose “bad acts” may have a disqualifying effect is relatively broad. Generally, the rule covers:
Amended Rule 506 includes a lengthy list of disqualifying events, some of which are limited by look-back periods. Most of the events involve criminal, civil or regulatory rulings and orders related to securities laws or participation in the securities industry, but some also involve rulings of state securities, banking and insurance regulators. If the otherwise disqualifying event occurred prior to the effective date of the amended rule, the issuer is required to make disclosure of the bad act to investors.
Under amended Rule 506, the SEC, or in some cases the regulator that issued the order or ruling that otherwise would have triggered disqualification, may determine that disqualification from using Rule 506 will not apply as a result of the event. The SEC has in some cases granted waiver requests since the effective date of the amended rule.
Pursuant to staff guidance, the SEC staff clarified certainaspects of the bad actor provisions, including that:
In addition, the SEC staff clarified pursuant to staff guidance that the term “beneficial owner” should be interpreted in the same manner as under Rule 13d-3 of the Exchange Act. As a result, the term includes any person who directly or indirectly has sole or shared (i) voting power, which includes the power to vote, or direct the voting of, the relevant security and/or (ii) investment power, which includes the power to dispose, or direct the disposition of, the relevant security. Beneficial ownership by a “group” and members of a group (such as shareholders that have entered into a voting agreement to elect certain directors) also should be determined in a manner consistent with corresponding Exchange Act rules.
As a result, an issuer’s 20% beneficial owners may include persons who hold of record less than 20% of the issuer’s outstanding voting securities, and the issuer will need to “look through” beneficial owners based on the Rule 13d-3 principles. The staff also clarified that a person who becomes a 20% beneficial owner by purchasing securities in an offering is not a covered person at the time of such sale, but would be a covered person whose bad acts would disqualify the issuer from relying on Rule 506 for any subsequent sales in connection with that offering.
New SEC Guidance on accredited investor determination and verification
On 3 July 2014, the SEC issued six new Compliance and Disclosure Interpretations (CDIs) regarding the determination and verification of accredited investor status for purposes of Rule 506(b) and Rule 506(c) of Regulation D under the Securities Act.
The first two CDIs clarified the application of the income test to income reported in a non-US currency and the net worth test to joint assets held by a purchaser with a person other than his or her spouse:
The remaining four CDIs offered guidance on the “safe harbour” accredited investor verification methods under Rules 506(c)(2)(ii)(A) and (B). Adopted by the SEC in 2013 pursuant to the Jumpstart Our Business Startups Act (JOBS Act), Rule 506(c)permits an issuer to use general solicitation or general advertising in a Rule 506 private offering if certain conditions are met.
Among other things, an issuer must take reasonable steps to verify that all purchasers in the offering are accredited investors. An issuer may do so by adopting a principles-based approach that is tailored to the facts and circumstances of the transaction or, if the purchaser is an individual, by using one of the four non-exclusive “safe harbour” methods under Rule 506(c)(2)(ii) that are deemed to satisfy the verification requirement.
The CDIs made clear that each of the safe harbours under Rule 506(c)(2)(ii)(A) and (B) would not be available unless all aspects of the safe harbour are met and that the required supporting documents may not be substituted with other types of documents. An issuer that does not qualify for the safe harbours may instead follow the principles-based approach and take other reasonable steps to verify the purchaser’s status.
New SEC guidance on the Custody Rule
In June 2014, the SEC issued a guidance update on the application of the Custody Rule to (i) special purpose investment vehicles (SPVs) used by a pooled investment vehicle client when making investments and (ii) escrow accounts used by a pooled investment vehicle client when selling its interest in a portfolio company. Both are issues that the SEC has identified in examinations of registered investment advisers and inquiries received from the industry.
Special purpose vehicles
The new guidance clarified when an investment adviser relying on the Audit Provision may treat an SPV’s assets as assets of the pooled investment vehicle clients invested in the SPV (in which case the investment adviser would include the SPV’s assets within such participating clients’ audited financial statements and would not have to deliver separate audited financial statements with respect to the SPV).
Under the new guidance, if the SPV has no owners other than the investment adviser, the investment adviser’s related persons or pooled investment vehicle clients that are controlled by the adviser or its related persons, then the investment adviser may treat the SPV’s assets as assets of the pooled investment vehicle clients. If, however, the SPV has third-party owners, then the investment adviser must treat the SPV as a separate client and deliver separate audited financial statements with respect to the SPV.
The new guidance also clarified when an investment adviser may (i) use an escrow account to hold proceeds from the sale or merger of a portfolio company owned by the investment adviser’s pooled investment vehicle clients and other third parties and (ii) appoint a “sellers’ representative” to act on their behalf and maintain their joint escrow account under the representative’s name. These practices may potentially violate the Custody Rule, which requires client funds to be maintained either in a separate account for each client under that client’s name or in accounts containing only the funds and securities of the investment adviser’s clients under the investment adviser’s name as agent or trustee. The new guidance set forth the conditions that an investment adviser must satisfy in order to comply with the Custody Rule:
New SEC guidance on proxy voting
On 30 June 2014, the SEC issued a staff legal bulletin clarifying the responsibilities of registered investment advisers when voting client proxies and retaining proxy advisory firms. Rule 206(4)-6 of the Advisers Act (Proxy Voting Rule) requires a registered investment adviser, among other things, to adopt and implement written policies and procedures reasonably designed to ensure that the investment adviser votes proxies in the best interests of its clients. To ensure compliance with the Proxy Voting Rule, the bulletin recommended that an investment adviser should, among other things:
Investment advisers should note that the SEC expects any changes that investment advisers may need to make in light of the staff legal bulletin to be completed prior to next year’s proxy season.