Skip to Content
Main Content

Investment Management Legal and Regulatory Update - October 2018

October 22, 2018
View as PDF

Latest Developments

SEC Staff No-Action Letter on Affiliated Transactions

Mutual fund directors will no longer need to make required determinations under certain exemptive rules involving affiliates under no-action relief recently granted by the SEC staff, provided that the board receives a written representation from the fund’s Chief Compliance Officer (CCO) regarding the transactions on at least a quarterly basis. The Independent Directors Council (IDC) had submitted a request seeking assurance that the SEC staff would not recommend enforcement action for violations of Sections 10(f), 17(a) and 17(e) of the Investment Company Act if, in lieu of making the required determinations under Rules 10f-3, 17a-7 and 17e-1 (involving affiliated underwritings, affiliated purchase and sale transactions and affiliated brokerage, respectively), the board received a written representation from the CCO, at least quarterly, that the transactions entered into in reliance on the applicable rule were effected in compliance with relevant procedures adopted by the board.

The IDC stated that it “believes that the current regulatory regime governing the role and responsibilities of fund directors can be modernized and improved to better allow directors to dedicate their time and attention to ‘areas where director oversight is most valuable.’ ” The IDC noted that more than two decades after these exemptive rules were adopted, the SEC adopted Rule 38a-1, which created the CCO role and assigned compliance oversight responsibilities to the board. The IDC letter stated that the requested approach would be consistent with the SEC’s policy in adopting Rule 38a-1 and prevent the board from becoming involved in day-to-day compliance functions and duplicating certain functions performed or supervised by the CCO. 

The SEC staff agreed, granting no-action relief and noting that while the letter represents the views of the Division of Investment Management, it is not a rule, regulation or statement of the SEC. In a footnote to the no-action letter, the staff stated that the no-enforcement position in the new letter may be relied upon notwithstanding any inconsistent statements in a 2010 letter from the Division of Investment Management to the IDC, which reiterated the board determination requirements of the exemptive rules.

We believe it is reasonable for funds that rely on Rules 10f-3, 17a-7 and/or 17e-1 to implement this guidance as soon as practicable, after discussing the SEC staff’s position with the board. In practice, this means that boards will no longer need to adopt resolutions regarding compliance with these exemptive rules after reviewing detailed transaction information, but can instead rely on information provided in the CCO report to the board.

Sources: Response of the Chief Counsel’s Office, Division of Investment Management (Oct. 12, 2018), available here; Request for No-Action Position Regarding Board Determinations Under Rules 10f-3, 17a-7, and 17e-1 (Oct. 12, 2018), available here

SEC Withdraws Two No-Action Letters Regarding Use of Proxy Advisory Firms 

The SEC’s Division of Investment Management recently withdrew two no-action letters relating to use of third party proxy advisory firms—Egan-Jones and Institutional Shareholder Services, Inc. – that were issued in 2004. The notice of withdrawal also stated that the SEC staff will be holding a roundtable on the proxy process in November 2018 at which Staff Legal Bulletin No. 20 will be a topic of discussion. Because the guidance contained in the withdrawn letters is largely embodied in this separate guidance from 2014, the withdrawal of the no-action letters does not currently require any changes to proxy voting policies regarding use of third party proxy advisory firms. However, it is worth noting that the guidance is no longer given in the form of a no-action letter, meaning there is no longer assurance regarding the SEC’s enforcement position on the facts presented. 

Recent SEC statements and the upcoming roundtable indicate that the proxy voting process in general, and use of proxy advisory firms in particular, is an area of regulatory interest. Although there is no indication that the SEC will no longer permit advisers to vote in keeping with proxy advisory firm recommendations, advisers should consider their use of third party proxy voting services to ensure that measures are taken to (1) identify and address material conflicts of the advisory firm on an ongoing basis; and (2) ensure that the firm continues to vote in the best interests of the adviser’s clients.

Background

Under Rule 206(4)-6 of the Investment Advisers Act, registered investment advisers must adopt and implement written policies and procedures that are reasonably designed to ensure that they vote client securities in the best interest of clients, which procedures must include how the adviser addresses material conflicts that may arise between its interests and those of its clients. The rule’s adopting release elaborated that an adviser could demonstrate that the vote was not a product of a conflict of interest if it voted client securities, in accordance with a pre-determined policy, based upon the recommendations of an “independent” third party. 

In 2014, SEC staff issued Staff Legal Bulletin No. 20, providing guidance to investment advisers regarding the use of third party proxy advisory firms in the proxy voting process. The guidance provided that adviser policies and procedures must provide sufficient ongoing oversight of proxy advisory firms to ensure that the investment adviser, acting through the third party, continues to vote proxies in the best interests of its clients. The staff also explained that, as part of this duty of oversight, it is incumbent upon the adviser to establish and implement measures reasonably designed to identify and address the proxy advisory firm’s conflicts on an ongoing basis.

The Withdrawn Letters

In Egan-Jones, the SEC staff discussed the circumstances under which a third-party proxy advisory firm may be considered “independent” under Rule 206(4)-6, including situations in which the advisory firm receives compensation from a company for providing advice on corporate governance issues, and the steps an investment adviser should take to verify the third party’s independence and cleanse the vote of any conflict—steps which are largely reiterated in Staff Legal Bulletin No. 20. One exception is the following statement in Egan-Jones: “We believe that the mere fact that the proxy voting firm provides advice on corporate governance issues and receives compensation from the issuer for these services generally would not affect the firm’s independence from an investment adviser.”

In the Institutional Shareholder Services, Inc. letter, the SEC staff agreed with ISS that a case-by-case analysis of a proxy voting firm’s potential conflicts of interest is not the exclusive means by which an investment adviser may fulfill its fiduciary duty of care in connection with voting client proxies according to the firm’s recommendations. The letter confirmed that alternative methods, such as a thorough review of the proxy voting firm’s conflict procedures and the effectiveness of their implementation, or any other means “reasonably designed to ensure the integrity of the proxy voting process,” would also fulfill the investment adviser’s duty. 

Related Events and Reactions 

SEC Chairman Jay Clayton issued a public statement on the same day as the withdrawal of the no-action letters reminding the industry that statements and legal interpretations from the SEC staff, which includes both the above no-action letters and legal bulletin, are “nonbinding and create no enforceable legal rights or obligations of the Commission or other parties.” 

In reaction to the withdrawal of the no-action letters, Glass Lewis posted a statement to its website noting that “the law in this area has not changed” and therefore has no impact on its business. Similarly, a representative of ISS said in a statement that the 2014 guidance “affirms and restates the guidance in the now-withdrawn letters.” SEC Commissioner Robert J. Jackson Jr. issued a statement the following day, noting that “the law governing investor use of proxy advisors is no different today than it was yesterday.”

Sources: Division of Investment Management, Statement Regarding Staff Proxy Advisory Letters, Public Statement (Sept. 13, 2018), available here; Division of Investment Management, Proxy Voting: Proxy Voting Responsibilities of Investment Advisers and Availability of Exemptions from the Proxy Rules for Proxy Advisory Firms, Staff Legal Bulletin No. 20 (June 30, 2014), available here; Egan-Jones Proxy Services, SEC No-Action Letter (May 27, 2004); Institutional Shareholder Services, Inc., SEC No-Action Letter (Sept. 15, 2004); Chairman Jay Clayton, Statement Regarding SEC Staff Views, Public Statement (Sept. 13, 2018), available here; Commissioner Robert J. Jackson Jr., Statement on Shareholder Voting, Public Statement (Sept. 14, 2018), available here; Beagan Wilcox Volz, Time to Look More Closely at Proxy Advisor Conflicts: Lawyer, IGNITES (Sept. 24, 2018).

The California Consumer Privacy Act: Major Provisions and Potential Implications

The California Consumer Privacy Act of 2018 (the CCPA or the Act) was recently signed into law and becomes effective in 2020. The CCPA was introduced just days prior to its enactment and therefore contains drafting errors and vague provisions; observers anticipate legislative clarifications and other fixes before its effective date. The CCPA was already amended on September 23, 2018; one of the most notable changes is a new enforcement date of July 1, 2020. 
Although the CCPA is a state law, it is expected to mark a change in the way businesses, including asset management firms, are required to treat U.S. consumer data. It is likely that the California legislature will continue to refine and amend the Act’s requirements before the final version of the law goes into effect. 

Major Provisions 

The purpose behind the CCPA is to give “consumers” an “effective way to control their personal information.” To that end, the CCPA gives consumers the right to, among other things: 

  • Know, through a general privacy policy and with more specifics available upon request, the types of personal information companies collect from them, how it is being used, and whether and to whom it is being disclosed or sold;
  • Prevent businesses from selling their personal information; 
  • Request that a business delete personal information that the business has collected from the consumer (with some exceptions); and
  • Receive equal service and pricing from a business, even if they exercise their privacy rights under this Act.

The CCPA requires that companies make certain disclosures to consumers via their privacy policies, or otherwise at the time the personal data is collected. Other provisions will require companies to determine what personal data they are collecting from individuals and for what purposes, and to update their privacy policies every twelve months to make the disclosures required under the Act.

Who is protected by the Act?

The CCPA requires that the requisite protections be made available to “consumers,” who are defined as natural persons who are California residents for tax purposes. Many companies, even those without a physical presence in California, serve California consumers by virtue of their online presence. Unless companies provide specified “opt-out” procedures specifically for California-based customers, this means that many companies will need to update their privacy policies in order to comply with the CCPA. 

What qualifies as “personal information” under the Act?

The CCPA gives consumers a way to control their “personal information,” defined to include information that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” 
The California Attorney General will have the authority to update enumerated categories of personal information before the Act’s effective date to “address changes in technology, data collection practices, obstacles to implementation, and privacy concerns.” Therefore, companies should monitor developments in the law that may alter the types of data subject to the CCPA. Companies developing their compliance strategy should give careful consideration to the types of personal information they collect and think broadly about data that may fall within the scope of the CCPA’s definition. 

Who must comply with the CCPA?

The CCPA will apply to for-profit businesses that do business in California and fall into one of three categories: 

  • have annual gross revenues in excess of $25 million; 
  • receive or disclose the personal information of 50,000 or more California residents, households or devices (e.g., mobile phones, computers, tablets) on an annual basis; or 
  • derive 50% or more of their annual revenues from selling California residents’ personal information. 

The CCPA also covers entities that control or are controlled by and share branding with such a business. It is not clear whether the $25 million threshold is calculated using only California revenue or global sales. We expect that the California Attorney General will provide guidance regarding how the thresholds will be applied to covered businesses in connection with the adoption of implementing regulations. 

One item of note regarding the CCPA’s application to the asset management industry is that the Act does not apply to any “personal information that is collected, processed, sold or disclosed” pursuant to the Gramm Leach Bliley Act (GLBA). However, this should not be interpreted as a blanket exemption for entities subject to the GLBA, and it is not clear how this exemption will apply to entities subject to Regulation S-P (which was adopted by the SEC pursuant to the GLBA). Rather, asset management firms may be subject to the provisions of the CCPA to the extent data they possess falls outside of the GLBA. Although further clarification regarding the operation of this exemption is likely forthcoming, firms will need to evaluate each law to determine its applicability to the firm’s activities. It may be the case that some firms will need to develop a compliance program that addresses both laws based on the type of data. 

Takeaways

The full impact of CCPA is not yet known, so it will be important for asset managers and other businesses to continue to monitor for updates and developments to the law. Covered businesses should begin formulating strategies for compliance, by evaluating existing privacy disclosures and policies. 

Sources: CA Assembly Bill No. 375 (June 28, 2018), available here; CA Senate Bill No. 1121 (Sept. 23, 2018), available here

Senior Safe Act Signed into Law: Potential Impact on Investment Advisers and Broker-Dealers 

With the problem of elder financial abuse escalating rapidly, President Trump signed into law federal provisions earlier this year aimed at encouraging “covered financial institutions”— broadly defined to include investment advisers and broker-dealers, among others—to identify and report warning signs of financial exploitation of senior citizens. Previously known as the “Senior Safe Act,” these provisions were signed into law as Section 303 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (the Act). 

The Act serves two main functions: 

  • It provides immunity from suit for covered financial institutions and their personnel for disclosing the suspected “exploitation” of a “senior citizen” to a covered agency (which includes the SEC) as long as the disclosure was made in good faith and with reasonable care; and
  • It makes the immunity for both the institution and the employee contingent on the institution training its personnel on “how to identify and report the suspected exploitation of a citizen internally, and, as appropriate, to government officials or law enforcement authorities, including common signs that indicate the financial exploitation of senior citizens.” A financial institution has the option of either providing the training itself, or outsourcing it to a third-party training company. 

The Act defines “exploitation” as a fraudulent or otherwise improper act that: (1) uses the resources of a senior citizen for monetary or personal benefit or profit, or (2) results in depriving a senior citizen of rightful access to or use of benefits, resources, belongings, or assets. The Act defines “senior citizen” as an individual who is 65 years of age or older. 

Notably, the law adopts a motivational approach. It does not impose any mandatory reporting requirements on financial institutions or require financial institutions to delay or place holds on transactions or disbursements when exploitation is suspected or reported. Nor does it require the implementation of elder exploitation training programs at financial institutions. Rather, it strongly encourages financial institutions to identify warning signs and common scams by providing immunities and making the immunities contingent on the requisite training. 

Since the Act has only limited preemption of state law, financial institutions will now have to navigate potentially inconsistent regulatory requirements across states and at the federal level to ensure full compliance.

Source: Economic Growth, Regulatory Relief, and Consumer Protection Act, Pub. L. 115-174, §303 (2018), available here

DOL’s Fiduciary Rule Officially Vacated – But the Best Interest Concept May Be Here to Stay

As discussed in our July 2018 Update, the United States Court of Appeals for the Fifth Circuit issued its mandate officially vacating the DOL fiduciary rule and the best interest contract exemption (BICE) on June 21, 2018. The mandate resulted in the removal of the fiduciary rule from federal law and the return, at least for now, of pre-fiduciary rule law for determining fiduciary status under ERISA and the Internal Revenue Code (Code), as applicable to retirement plans, IRAs and other tax-qualified savings vehicles. The DOL’s and IRS’ definition of investment advice fiduciaries reverted to the original 1975 regulation’s five-part test, as discussed in our May 2016 Update. With the DOL fiduciary rule vacated, the SEC and states are leading the regulatory efforts to reform investment advice standards, as discussed in more detail below.

Now that the fiduciary rule has been vacated, investment advisers should revisit their policies and procedures adopted in connection with the fiduciary rule and BICE and consider which, if any, of those new policies and procedures they wish to retain. Advisers also will want to review their 408(b)(2) notices to ERISA plans if they made changes in response to the fiduciary rule. Policies specific to the DOL fiduciary rule definition of “fiduciary investment advice” generally should be repealed. With the exception of firms expecting to take advantage of the DOL’s temporary non-enforcement policy in connection with the receipt of transaction-based compensation, most advisers should repeal provisions specific to the BICE. Advisers should consider eliminating any discussion of pre-contract communications and the “hire me” exception. Other advisers may decide to continue to use rollover checklists as a “best practice.” Some brokers have decided to continue to use checklists to satisfy their obligations under FINRA guidance regarding rollovers to IRAs, which requires brokers to consider differences in investment options, fees and expenses and services. In all cases, advisers should continue to maintain their policies that predate the vacated fiduciary rule for clients that are subject to ERISA plans and the Code. If you have any questions about this, please contact your G&K attorney.

Best Interest Initiatives

Several authorities, including the SEC and a number of states, have imposed or are considering imposing best interest obligations or other enhanced standards on financial institutions and their personnel. 

As discussed in our April 2018 Update, the SEC has proposed Regulation Best Interest, which would subject brokers to a best interest standard when making recommendations to retail customers. The SEC was influenced by the DOL and cited to BICE 340 times within the preamble. The proposal was open for public comment until August 7, 2018; however, this date has been extended and Chairman Clayton has declined to set a deadline for the adoption of Regulation Best Interest. Following a September investor roundtable focused on the proposal, Chairman Clayton told reporters, “I have no specific date set yet…It’s not this month, probably not next month. We have work to do.” 

Amid this uncertainty at the federal level, at least one organization and several states have decided not to wait for the SEC. 

  • Earlier this year, the Certified Financial Planner Board of Standards, Inc. (CFP Board) unanimously approved an expanded fiduciary standard under which all certified financial planners (CFP®s)—including brokers—must act in the best interests of their clients when providing financial advice. The new rule is part of a revamp to the CFP Board’s Code of Ethics and Standards of Conduct, which sets forth the ethical standards for CFP professionals; the new standards will become effective October 1, 2019. 
  • The New York State Department of Financial Services has finalized regulations imposing its own “best interest” standard for life insurance and annuity transactions. The final regulation will become effective August 1, 2019, and requires those licensed to sell life insurance and annuity products in New York to act in the consumer’s best interest when making recommendations. 
  • Since July 1, 2017, brokers and investment advisers in Nevada have been required to meet a fiduciary standard when providing investment advice; the state’s fiduciary rule for “financial planners” had previously excluded brokers and investment advisers.
  • Effective July 5, 2017, “financial planners” offering financial planning or investment advisory services to Connecticut consumers are required to disclose to consumers, upon request, whether or not the financial planner has a fiduciary duty to the consumer with regard to each recommendation that is made. A “financial planner” is defined in the Connecticut Act as “a person offering individualized financial planning or investment advice to a consumer for compensation where such activity is not otherwise regulated by state or federal law.”
  • Pending legislation sits in House and Senate committees in the New Jersey Assembly. The New Jersey bills would require a “non-fiduciary investment adviser” to provide written disclosure to, and receive written acknowledgment from, individual investors at the inception of the relationship, stating that the investment adviser does not have a fiduciary relationship with the client. A “non-fiduciary investment adviser” would include brokers, dealers, and investment advisers. Investment advisers subject to a fiduciary duty under federal or state law or regulation, or by applicable standard of professional conduct, would be exempt. 

With the DOL fiduciary rule vacated, the SEC and the states are leading the regulatory efforts to heighten the standard of care that financial institutions and their personnel owe to their customers. Financial institutions should consider the impact of proposed Regulation Best Interest, as well as recent developments at the state level, on their business model and compliance programs. 

Sources: U.S. Chamber of Commerce, et al. v. U.S. Dep’t of Labor, et al., 885 F.3d 360 (5th Cir. 2018); Regulation Best Interest, Release 34-83062 (Apr. 18, 2018), available here; Mark Schoeff Jr., Clayton Declines to Set Timeline for Final SEC Advice Rule, Investment News (Sept. 21, 2018); CFP Board Code of Ethics and Standards of Conduct (Mar. 2018), available here; New York State Department of Financial Services First Amendment to 11 NYCRR 224 (Insurance Regulation 187) (Jul. 17, 2018), available here; Nevada SB383 (June 2, 2017), available here; Connecticut Pub. Act No. 17-120 (Jul. 5, 2017), available here; New Jersey Assemb. B. 335 (2018), available here

Elad Roisman Sworn in as SEC Commissioner

On September 11, 2018, Republican Elad Roisman was sworn in as an SEC commissioner by SEC Chairman Jay Clayton, bringing the Commission back to full strength with five members. During his confirmation hearings, Commissioner Roisman largely echoed Chairman Clayton’s major priorities, including fostering capital formation.

Commissioner Roisman comes to the SEC from the Senate Banking Committee, where he served as Chief Counsel. He previously served as Counsel to former SEC Commissioner Daniel Gallagher and prior to that, as a Chief Counsel at NYSE Euronext. He also worked as an attorney at the law firm of Milbank, Tweed, Hadley & McCloy LLP. Commissioner Roisman fills a term that expires on June 5, 2023.

Source: Elad Roisman Sworn In as SEC Commissioner, SEC Press Release 2018-187 (Sept. 11, 2018), available here

Updates on Pending SEC Rule Proposals

SEC Proposes Whistleblower Rule Amendments

On June 28, 2018, the SEC Commissioners voted 3 to 2 to propose amendments to the rules governing its whistleblower program. The proposed amendments are intended to “provide the Commission with additional tools in making whistleblower awards to ensure that meritorious whistleblowers are appropriately rewarded for their efforts, increase efficiencies in the whistleblower claims review process, and clarify the requirements for anti-retaliation protection under the whistleblower statute.” The proposed rules, among other things, would:

  • Allow whistleblower awards based on deferred prosecution agreements (DPAs) and non-prosecution agreements (NPAs) in a criminal case and SEC settlements outside the context of a judicial or administrative proceeding. 
  • Include additional considerations for small and exceedingly large awards:
    • With respect to potential awards that could yield a payout of less than $2 million, the proposed rules would authorize the SEC in its discretion to increase the award percentage under certain circumstances (subject to the 30% statutory maximum award) to an amount up to $2 million. 
    • With respect to potential awards that could yield total monetary sanctions of at least $100 million, the proposed rules would authorize the SEC to adjust the award percentage (subject to the 10% statutory minimum award) so that the payout does not exceed an amount that is reasonably necessary to reward the whistleblower and to incentivize other similarly situated whistleblowers.
  • Eliminate potential double recovery. The proposed amendments would prevent a whistleblower from receiving multiple recoveries for the same information from different whistleblower programs. 
  • Establish a uniform definition of “whistleblower”. The U.S. Supreme Court’s decision in Digital Realty Trust, Inc. v. Somers invalidated the SEC’s rule that interpreted the anti-retaliation protections of Section 21F of the Exchange Act to apply in cases of internal reports. The Court held in Digital Realty that a person must report a possible securities violation to the SEC in order to qualify for protection against employment retaliation under Section 21F. The SEC’s proposed rules would modify Rule 21F-2 so that it comports with the Court’s holding by, among other things, establishing a uniform definition of “whistleblower” that would apply in all aspects of Section 21F. The uniform definition, as proposed, would confer whistleblower status only on: (1) an individual (i.e., not a corporation); (2) who provides the SEC with information “in writing”; and (3) only if the information relates to a possible violation of the federal securities laws (including any law, rule or regulation subject to the jurisdiction of the SEC) that has occurred, is ongoing or is about to occur. To be eligible for an award or to obtain heightened confidentiality protection, the additional existing requirement that a whistleblower submit information on Form TCR or through the SEC’s online tips portal would continue to apply.
  • Modify the claims review process. The SEC also proposed changes designed to help increase the SEC’s efficiency in processing whistleblower award applications. Proposed new subparagraph (e) to Rule 21F-8 would clarify the SEC’s ability to bar individuals from submitting whistleblower award applications where they are found to have submitted false information to the SEC. It would also permit the SEC to bar individuals who repeatedly make frivolous award claims in SEC enforcement actions.

Request for Comment

In addition to these proposed amendments, the SEC also published proposed interpretive guidance to clarify the meaning of “unreasonable delay” and “independent analysis” as those terms are utilized in award applications. The proposed interpretation of “unreasonable delay” would create the presumption that a failure to report to the SEC beyond 180 days is unreasonable. Additionally, the proposed interpretive guidance would provide that in order to qualify as “independent analysis,” a whistleblower’s application must provide evaluation, assessment or insight beyond what would be reasonably apparent to the SEC from publicly available information.

Sources: SEC proposes Whistleblower Rule Amendments, SEC Press Release 2018-120 (June 28, 2018), available here; Amendments to the Commission’s Whistleblower Program Rules, Release No. 34-83557; File No. S7-16-18 (June 28, 2018), available here.

Litigation and SEC Enforcement Actions

Putnam Fined $1 Million for Failing to Detect Unlawful Cross Trades

Putnam Investment Management, LLC (Putnam) will pay a $1 million penalty to the SEC to settle charges that, as a result of inadequate policies and procedures, the firm failed to prevent and detect a former portfolio manager’s unlawful cross trading.

Zachary Harrison was a portfolio manager in Putnam’s structured credit group specializing in non-agency residential mortgage-backed securities (RMBS) transactions for Putnam’s advisory clients, including registered investment companies (RICs). According to the SEC order, when Harrison was required to sell RMBS from client accounts that he thought were desirable investments for other client accounts, he would prearrange temporary sales of these securities with broker-dealers and subsequently repurchase the securities in other client accounts at a small mark-up, rather than selling the securities into the market. Most of the cross trades were between RIC accounts, or between RICs and other RIC-affiliated accounts. The SEC order indicated that Harrison typically executed the sell side of these cross trades at the highest or only bid he received, rather than at the “independent current market price” as required for compliance with Rule 17a-7 under the 1940 Act (the term “current market price,” as applicable to RMBS, is defined to be the average of the highest current independent bid and lowest current independent offer determined on the basis of reasonable inquiry).

The SEC order indicated that Harrison’s cross trades were not bona fide, arm’s length transactions, and did not involve actual transfer of risk to Putnam’s broker-dealer counterparties. Further, by allowing other Putnam clients to repurchase the securities with only a slight mark-up rather than at prices that incorporated market-based bid-offer spreads, Harrison caused Putnam to favor the buyers over the sellers in these transactions, even though both were advisory clients to whom both Putnam and Harrison owed the same fiduciary duty. The SEC order emphasized that interpositioning a dealer in cross trades does not remove the cross trades from applicable regulatory requirements, including the prohibitions in Section 17(a) of the 1940 Act.

The SEC order also noted that the cross trades were not effected in compliance with Putnam’s applicable compliance policies and procedures or as described in its Form ADV disclosure. The SEC order suggests that Putnam’s monitoring efforts were insufficient to supervise Harrison and detect impermissible cross trades, and Putnam personnel did not receive adequate training.

Without admitting or denying the SEC’s findings, Putnam and Harrison agreed to pay penalties of $1 million and $50,000, respectively. Harrison also agreed to a nine-month suspension from the financial services industry. Putnam also set aside over $1 million, separate from the penalty, to compensate harmed clients. In accepting the settlement, the SEC noted Putnam’s remedial efforts upon discovering the misconduct, including immediately terminating Harrison, launching an internal investigation, and self-reporting Harrison’s conduct to the SEC.

Sources: In the Matter of Putnam Investment Management, LLC and Zachary Harrison, Release No. 5050 (Sept. 27, 2018), available here.

SEC Charges Firm with Deficient Cybersecurity Procedures

Voya Financial Advisors Inc. (VFA), a dually registered broker-dealer and investment adviser, agreed to pay $1 million to the SEC to settle charges related to an April 2016 cyber intrusion that compromised the personally identifiable information (PII) of more than 5,600 customers. The SEC order indicated VFA violated the Safeguards Rule (Rule 30(a) of Regulation S-P) and the Identity Theft Red Flags Rule (Rule 201 of Regulation S-ID), which require financial institutions to adopt policies and procedures to protect confidential customer information and protect customers from the risk of identity theft, respectively. Notably, this is the first SEC enforcement action involving violations of the Identity Theft Red Flags Rule.

According to the SEC order, VFA provided independent contractor representatives with access to client information through a proprietary web portal. Over a six-day period in April 2016, one or more persons impersonating VFA contractor representatives called the company’s technical support line – in two of the cases, using phone numbers that had already been placed on VFA’s “monitoring list” for their association with previous fraudulent activity with the company – and requested that their passwords for the portal be reset. VFA’s technical support staff reset the passwords and provided temporary passwords over the phone. The intruders then used the information to create fake customer profiles and obtain unauthorized access to PII for VFA customers as well as account documents for a limited number of customers. Despite the intrusion, the SEC order stated that there had been no known resulting unauthorized transfers of funds or securities from customer accounts.

VFA had implemented cybersecurity policies and procedures and adopted an Identity Theft Prevention program. However, the SEC order indicated that VFA violated the Safeguards Rule because its policies and procedures were not reasonably designed to protect customer information and to prevent and respond to cybersecurity incidents. Similarly, the SEC order indicated VFA’s Identity Theft Prevention Program did not include reasonable policies and procedures to respond to identity theft red flags, VFA did not adequately update the program to respond to changes in risks to its customers, and VFA did not provide adequate training to its employees.

Without admitting or denying the SEC’s findings, VFA agreed to be censured and pay a penalty of $1 million. VFA will also retain an independence compliance consultant at its expense to conduct a comprehensive review of its policies and procedures for compliance with the Safeguards Rule and Identity Theft Red Flags Rule.

The Chief of the SEC Enforcement Division’s Cyber Unit noted that this enforcement action serves as a reminder that compliance procedures need to be reasonably designed to fit a firm’s specific business model, and not just at the time of adoption. Broker-dealers and investment advisers must review and update their procedures regularly to ensure such procedures sufficiently address the risks they face. Such procedures must be dynamic to accommodate changing business models and the evolving sophistication of cyber intruders.

Sources: In the Matter of Voya Financial Advisors, Inc., Release No. 84288 (Sept. 26, 2018), available here; SEC Charges Firm with Deficient Cybersecurity Procedures, SEC Press Release 2018-213 (Sept. 26, 2018), available here.

Compliance Dates for Final Rules

Final Rule Compliance Date(s)
Investment Company Reporting Modernization: New Form N-CEN June 1, 2018 for all funds (first filing date is 75 days from the end of a fund’s fiscal year after June 1, 2018)
Liquidity Risk Management Programs (Rule 22e-4)

Requirements of Liquidity Risk Management Program Not Subject to Extension:

  • Adoption and implementation of Liquidity Risk Management Program (including risk assessment)
  • Board designation of program administrator
  • 15% illiquid investment limit
  • Establishment of policies and procedures for funds that engage in redemptions in-kind
  • Related recordkeeping requirements

Fund complexes with $1 billion or more in net assets: December 1, 2018

Fund complexes with less than $1 billion in net assets: June 1, 2019

Requirements of Liquidity Risk Management Program Subject to Extension:

  • Portfolio classification (bucketing)
  • Highly Liquid Investment Minimum (HLIM)
  • Board oversight
  • Related recordkeeping requirements

Fund complexes with $1 billion or more in net assets: 
June 1, 2019

Fund complexes with less than $1 billion in net assets: December 1, 2019

Form N-LIQUID (notice to SEC when a fund’s level of illiquid investments exceeds 15% of its net assets or when its highly liquid investments fall below minimum)

Parts A, B and C
Fund complexes with $1 billion or more in net assets: December 1, 2018

Fund complexes with less than $1 billion in net assets: 
June 1, 2019

Part D
Fund complexes with $1 billion or more in net assets: 
June 1, 2019

Fund complexes with less than $1 billion in net assets: December 1, 2019

Amendments to Form N-CEN associated with liquidity rule

Fund complexes with $1 billion or more in net assets: first filing date is no later than 75 days following the first fiscal year ending after December 1, 2018, based on fiscal year end data

Fund complexes with less than $1 billion in net assets: first filing date is no later than 75 days following the first fiscal year ending after June 1, 2019, based on fiscal year end data

Amendments to the certification requirements of Form N-CSR (each certifying officer must state that such officer has disclosed in the report any change in internal control over financial reporting that occurred during the most recent fiscal half-year, rather than most recent fiscal quarter)

Fund complexes with $1 billion or more in net assets: March 1, 2019

Fund complexes with less than $1 billion in net assets: March 1, 2020

Investment Company Reporting Modernization: New Form N-PORT

Fund complexes with $1 billion or more in net assets: first filing date is April 30, 2019, based on March 31, 2019 data

Note that larger fund complexes are required to maintain in their records the information that is required to be included in Form N-PORT beginning no later than July 30, 2018, based on June 30, 2018 data, in lieu of submitting the information via EDGAR.

Fund complexes with less than $1 billion in net assets: first filing date is April 30, 2020, based on March 31, 2020 data

Rescission of Form N-Q (funds are required to continue filing Form N-Qs until they begin filing Form N-PORTs)

Fund complexes with $1 billion or more in net assets: 
May 1, 2019 (a fund’s last Form N-Q reporting period will be the fiscal quarter ending December 31, 2018, January 31, 2019 or February 28, 2019, as applicable)

Fund complexes with less than $1 billion in net assets: 
May 1, 2020 (a fund’s last Form N-Q reporting period will be the fiscal quarter ending December 31, 2019, January 31, 2020 or February 28, 2020, as applicable)

Form N-1A (narrative disclosure regarding operation of a fund’s liquidity risk management program in new subsection of the applicable shareholder report)

Fund complexes with $1 billion or more in net assets:
December 1, 2019

Fund complexes with less than $1 billion in net assets:
June 1, 2020

Amendments to Form N-PORT associated with liquidity rule

Fund complexes with $1 billion or more in net assets: first filing date is July 30, 2019, based on June 30, 2019 data

Note that larger fund complexes are required to maintain in their records the information that is required to be included in Form N-PORT associated with the liquidity rule beginning no later than January 31, 2019, based on December 31, 2018 data, in lieu of submitting the information via EDGAR.

Fund complexes with less than $1 billion in net assets: first filing date is April 30, 2020, based on March 31, 2020 data (this is the same date as the Form N-PORT compliance date for fund complexes with $1 billion or less in net assets)

Swing Pricing November 19, 2018 (for those funds that wish to implement swing pricing)
Optional Internet Availability of Fund Shareholder Reports (Rule 30e-3) Funds electing to distribute shareholder reports via electronic delivery at the earliest date possible (January 1, 2021) must begin including prominent disclosures on each applicable document (summary prospectus, statutory prospectus and annual and semi-annual shareholder reports) starting January 1, 2019.

 

Join Our Mailing List

Need to stay current on the latest news, trends and regulatory issues impacting your business? Subscribe today! We know your time is valuable, so we limit our communications to only the most pertinent info you need to stay informed.

Subscribe