SEC Adopts Final Rules and Interpretations Relating to Broker-Dealer and Investment Adviser Standards of Conduct
On June 5, 2019, the SEC Commissioners voted 3 to 1 to adopt the following two rules and two interpretations:
- Regulation Best Interest for broker-dealers (June 30, 2020 compliance date);
- New Form CRS, Customer/Client Relationship Summary, for broker-dealers and investment advisers (June 30, 2020 compliance date);
- An interpretation of an investment adviser’s fiduciary duty; and
- An interpretation of the “solely incidental” prong of the broker-dealer exclusion from the definition of investment adviser.
This package of rulemakings and interpretations is designed to help retail customers better understand and compare the services offered by broker-dealers and investment advisers and make an informed choice of the relationship best suited to their needs and circumstances, provide clarity with respect to the standards of conduct applicable to broker-dealers and advisers, and foster greater consistency in the level of protections provided by each, particularly at the point in time that a recommendation is made.
Regulation Best Interest
General Obligation to Act in the Best Interest of Retail Customer (General Obligation). Under Regulation Best Interest (or Reg BI), a broker-dealer and its associated persons have a duty to act in the best interest of a retail customer at the time a recommendation is made, without placing the financial or other interest of the broker-dealer or associated person ahead of the interests of the retail customer. Reg BI requires broker-dealers to address conflicts of interest by establishing, maintaining and enforcing policies and procedures reasonably designed to identify and fully and fairly disclose material facts about conflicts of interest and, in instances where the SEC has determined that disclosure is insufficient to reasonably address the conflict, to mitigate, or, in certain instances, eliminate the conflict.
Recommendations. Reg BI establishes a standard of conduct for broker-dealers and their associated persons when they provide recommendations to retail customers regarding a securities transaction (purchase, sale or exchange) or an investment strategy involving securities (including an explicit hold recommendation). This includes recommendations of account types and recommendations to roll over or transfer assets from one type of account to another (e.g., workplace retirement plan account to an IRA). This also covers implicit hold recommendations by a broker-dealer if the broker-dealer has agreed to periodically monitor the customer’s account.
Who is a Retail Customer? The SEC modified the definition of “retail customer” to make it substantially similar to the definition of “retail investor” under final Form CRS. While substantially similar, they differ to reflect differences between the Form CRS delivery requirement and the obligations of broker-dealers under Reg BI, including that Form CRS is required whether or not there is a recommendation and covers any prospective and existing customers.
A retail customer is a natural person, or the legal representative of a natural person, who receives a recommendation of any securities transaction or investment strategy involving securities from a broker-dealer and uses the recommendation primarily for personal, family, or household purposes. The SEC declined to exclude high net worth persons, as was suggested by some commenters to match the current FINRA exclusion from customer-specific suitability requirements.
Best Interest Standard of Conduct: Beyond Suitability. Chairman Jay Clayton addressed potential criticism of the rulemaking package in his remarks at the open meeting to approve the rulemaking, noting that some may argue that Reg BI does not truly enhance the broker-dealer standard of conduct beyond existing suitability obligations, that it can be satisfied by disclosure alone or that it is a disservice to investors to call it a “best interest” standard. The Chairman responded that “this is simply not true…the rule goes significantly beyond existing broker-dealer obligations. To be clear, Regulation Best Interest cannot be satisfied through disclosure alone.”
Not a Uniform Standard for Broker-Dealers and Advisers. Although the SEC declined to adopt a uniform standard that would apply to both broker-dealers and advisers, the SEC noted key similarities at the time a recommendation is made: “Importantly, regardless of whether a retail investor chooses a broker-dealer or an investment adviser (or both), the retail investor will be entitled to a recommendation (from a broker-dealer) or advice (from an investment adviser) that is in the best interest of the retail investor and that does not place the interests of the firm or the finance professional ahead of the interests of the retail investor.”
There also are key differences. For example, an adviser’s fiduciary duty generally includes a duty to provide ongoing advice and monitoring. Reg BI, on the other hand, does not impose a duty to monitor a customer’s account following a recommendation. An adviser’s fiduciary duty applies to all clients, while Reg BI only applies to retail customers. Finally, an adviser’s duty applies to the entire relationship with its clients versus Reg BI’s focus on recommendations.
Four Components of General Obligation. The following four specific components expressly set forth what it means to act in the best interest of a retail customer in accordance with the General Obligation:
- Disclosure Obligation;
- Care Obligation;
- Conflict of Interest Obligation; and
- Compliance Obligation.
The specific component obligations are mandatory, and failure to comply with any of the components would violate Reg BI.
Disclosure Obligation. Reg BI’s Disclosure Obligation requires that a broker-dealer provide a retail customer, prior to or at the time of a recommendation, in writing, full and fair disclosure of:
- All material facts relating to the scope and terms of the relationship with the retail customer, including:
- that the broker-dealer is acting as a broker-dealer with respect to the recommendation;
- the material fees and costs that apply to the retail customer’s transactions, holdings and accounts; and
- the type and scope of services provided to the retail customer, including any material limitations on the securities or investment strategies that may be recommended to the retail customer (e.g., recommending only proprietary products or products with revenue sharing arrangements); and
- All material facts relating to conflicts of interest that are associated with the recommendation that might incline a broker-dealer to make a recommendation that is not disinterested, including, for example, conflicts associated with proprietary products, payments from third parties and compensation arrangements for associated persons.
The SEC contemplates a layered disclosure approach, beginning with the brief, high-level disclosures in the Form CRS relationship summary. The SEC expects that a broker-dealer’s Form CRS typically will not satisfy the Disclosure Obligation, and the broker-dealer will likely need to provide more detailed disclosure to satisfy this obligation. The disclosure may include existing documents, such as account opening documents and fee schedules, or a new standalone document, or some combination of existing and new documents. The adequacy of the disclosure will depend on the facts and circumstances. The SEC encourages broker-dealers to update their disclosures to reflect material changes or inaccuracies no later than 30 days after the material change. Please contact your G&K attorney if you would like additional detail about the Disclosure Obligation or assistance in drafting or reviewing disclosures.
Care Obligation. Reg BI’s Care Obligation requires a broker-dealer, in making a recommendation, to exercise reasonable diligence, care, and skill to:
- Understand the potential risks, rewards and costs associated with the recommendation, and have a reasonable basis to believe that the recommendation could be in the best interest of at least some retail customers;
- Have a reasonable basis to believe that the recommendation is in the particular retail customer’s best interest based on that customer’s investment profile (age, other investments, financial situation and needs, tax status, investment objectives, investment experience, investment time horizon, liquidity needs and risk tolerance) and the potential risks, rewards, and costs associated with the recommendation and does not place the financial or other interest of the broker-dealer ahead of the retail customer’s interest; and
- Have a reasonable basis to believe that a series of recommended transactions, even if in the retail customer’s best interest when viewed in isolation, is not excessive and is in the retail customer’s best interest when taken together in light of the customer’s investment profile and does not place the financial or other interest of the broker-dealer making the series of recommendations ahead of the retail customer’s interest.
In a change from the SEC’s proposed rule release, the Care Obligation explicitly requires the broker-dealer to consider the costs of the recommendation. The SEC reiterated that the standard does not necessarily require the lowest cost option, and that while cost is an important factor, it is not the only one.
The SEC takes the view that, in determining whether a broker-dealer has a reasonable basis to believe a recommendation is in a retail customer’s best interest, the broker-dealer should consider “reasonably available alternatives” it offers.
Conflict of Interest Obligation. Reg BI’s Conflict of Interest Obligation creates an overarching obligation for a broker-dealer to establish written policies and procedures to identify and, at a minimum, disclose (pursuant to the Disclosure Obligation) or eliminate all conflicts of interest associated with recommendations. In addition to the overarching obligation, it specifically requires a broker-dealer to establish, maintain and enforce written policies and procedures reasonably designed to:
- Mitigate conflicts that create an incentive for the firm’s associated persons to place their interest or the interests of the firm ahead of the retail customer’s interest;
- Prevent material limitations on securities or investment strategies, such as a limited product menu or offering only proprietary products, and associated conflicts of interest from causing the broker-dealer or its associated persons to place their interests or the firm’s interest ahead of the retail customer’s interest; and
- Eliminate any sales contests, sales quotas, bonuses and noncash compensation that are based on the sale of specific securities or specific types of securities within a limited period of time.
Compliance Obligation. Reg BI’s Compliance Obligation requires a broker-dealer to establish, maintain and enforce written policies and procedures reasonably designed to achieve compliance with Reg BI.
Sources: Regulation Best Interest: The Broker-Dealer Standard of Conduct, Release No. 34-86031 (June 5, 2019), available here; Statement at the Open Meeting on Commission Actions to Enhance and Clarify the Obligations Financial Professionals Owe to our Main Street Investors, Public Statement of Chairman Jay Clayton (June 5, 2019), available here.
Customer/Client Relationship Summary (Form CRS)
Beginning June 30, 2020, broker-dealers and SEC-registered advisers will be required to file with the SEC and deliver to “retail investors” a two-page customer/client relationship summary (Form CRS) that provides disclosure about the relationships and services the firm offers; its fees, costs, conflicts of interest and applicable standard of conduct; any disciplinary history; how to obtain additional information about the firm; and a link to www.investor.gov/CRS. Broker-dealers must file their Form CRS customer relationship summary electronically through Web CRD. Advisers must file their Form CRS client relationship summary as Form ADV Part 3 electronically through IARD.
Retail investors will receive Form CRS at the beginning of a relationship with the firm, communications of updated information following a material change and an updated Form CRS upon certain events. Form CRS will supplement advisers’ Form ADV, Part 2A firm brochure (brochure) disclosure as well as the separate disclosure that Reg BI requires broker-dealers to provide in connection with making a recommendation (Reg BI disclosure).
For purposes of Form CRS, “retail investor” is defined as a natural person, or the legal representative of such natural person, who seeks to receive or receives services primarily for personal, family or household purposes. The definition captures natural persons without any distinction based on net worth. Firms that do not have any retail investors are not required to prepare or file a Form CRS.
Firms currently registered with the SEC will be required to deliver their Form CRS relationship summaries to all existing customers/clients who are retail investors on an initial one-time basis within 30 days after June 30, 2020 (i.e., no later than July 30, 2020). In anticipation of this compliance date, firms should also update their compliance policies and procedures, make any operational changes to their systems and establish internal processes to satisfy their relationship summary obligations.
Source: Form CRS Relationship Summary; Amendments to Form ADV, Release No. IA-5247 (June 5, 2019), available here.
SEC Interpretation Regarding the Fiduciary Duty of Investment Advisers
The SEC published an interpretation to reaffirm, and in some cases clarify, its views of the fiduciary duty that advisers owe to their clients under the antifraud provisions set forth in Section 206 of the Advisers Act.
The SEC notes that the antifraud provisions are applicable to both SEC- and state-registered advisers, as well as other advisers that are exempt from registration. Thus, the SEC takes the position that the interpretation is applicable to SEC-registered advisers, state-registered advisers and exempt advisers. The interpretation is not intended to be an exclusive resource and advisers must also consider ERISA and state law principles, if applicable.
The SEC explains that the Advisers Act establishes a federal fiduciary duty that is based on equitable common law principles and is fundamental to advisers’ relationships with their clients. The adviser’s fiduciary duty is broad and applies to the entire adviser-client relationship. The fiduciary duty is not specifically defined in the Advisers Act or SEC rules, but reflects a Congressional intent to “eliminate, or at least expose, all conflicts of interest which might incline an investment adviser – consciously or unconsciously – to render advice which was not disinterested.”
Fiduciary Duty Determined by Scope of Relationship
The SEC recognizes that the fiduciary duty must be viewed in the context of the agreed-upon scope of the relationship between the adviser and the client. For example, the obligations of an adviser providing comprehensive, discretionary advice in an ongoing relationship with a retail client are very different from the obligations of an adviser to a mutual fund or private fund where the contract defines the scope of the adviser’s services and the limitations on its authority.
Fiduciary Duty May Not be Waived. An adviser’s federal fiduciary duty may not be waived. The SEC gives the following examples of waivers that are inconsistent with the Advisers Act:
- A statement that the adviser will not act as a fiduciary;
- A blanket waiver of all conflicts of interest; and
- A waiver of any specific obligation under the Advisers Act.
Hedge Clauses. The question of whether a clause in an advisory agreement that purports to limit an adviser’s liability under that agreement (often referred to as a “hedge clause”) violates the Advisers Act’s antifraud provisions depends on all of the surrounding facts and circumstances, including the sophistication of the client. In the SEC’s view, there are few (if any) circumstances in which a hedge clause in an agreement with a retail client would be consistent with those antifraud provisions, where the hedge clause purports to relieve the adviser from liability for conduct as to which the client has a non-waivable cause of action against the adviser provided by state or federal law. The SEC believes such a hedge clause is likely to mislead those retail clients into not exercising their legal rights, in violation of the antifraud provisions, even where the agreement otherwise specifies that the client may continue to retain its non-waivable rights. Because the SEC expressed its views on hedge clauses in the interpretation, it withdrew its 2007 Heitman Capital Management no-action letter on the same topic.
Fiduciary Duty – Duty of Care and Duty of Loyalty
An adviser’s fiduciary duty consists of a duty of care and a duty of loyalty. This combination of care and loyalty obligations has been characterized as requiring an adviser to act in the best interest of its client at all times. In the SEC’s view, an adviser’s obligation to act in the best interest of its clients is an overarching principle that encompasses both the duty of care and the duty of loyalty.
Duty of Care
The duty of care includes:
- Duty to Provide Advice that is in the Best Interest of the Client. In order to provide such advice, an adviser must have a reasonable understanding of the client’s objectives.
- Retail Clients. In order to develop an understanding of a retail client’s objectives, an adviser must make a reasonable inquiry into the client’s financial situation, level of financial sophistication, investment experience and financial goals (collectively, investment profile). An adviser generally will need to update a client’s investment profile in order to maintain a reasonable understanding of the client’s objectives and adjust the advice to reflect any changed circumstances. The frequency of the updates would depend on the facts and circumstances, including whether the adviser is aware of events that have occurred that could make the investment profile inaccurate or incomplete.
- Institutional Clients. In contrast, the nature and extent of a reasonable inquiry into an institutional client’s objectives generally is shaped by the specific investment mandate from the client. The obligation to update the client’s objectives would not be applicable to institutional clients, except as may be set forth in the advisory agreement.
- Reasonable Belief that Advice is in a Client’s Best Interest. The formation of a reasonable belief would involve considering, for example, whether investments are recommended only to those clients who can and are willing to tolerate the risks of those investments and for whom the potential benefits may justify the risks. The SEC gives several examples, including investing in derivatives or other securities on margin. The SEC also cautions that advisers should apply heightened scrutiny to high risk products, such as penny stocks and inverse or leveraged exchange-traded products. A reasonable belief requires an adviser to conduct a sufficient investigation into the investment and not base its advice on materially inaccurate or incomplete information. The cost (including fees and compensation) associated with investment advice would generally be one of many important factors – such as an investment product’s or strategy’s investment objectives, characteristics, liquidity, risks and potential benefits, volatility, likely performance in a variety of market and economic conditions, time horizon and cost of exit – to consider when determining whether a security or investment strategy is in the best interest of the client. An adviser would not satisfy its fiduciary duty by simply advising clients to invest in the lowest cost (to the client) or least remunerative (to the adviser) investment product or strategy.
- Fiduciary Duty Applies to All Investment Advice, Including Rollover Advice. The fiduciary duty applies to all investment advice the adviser provides to clients, including advice about investment strategy, engaging a sub-adviser, and account type. Advice about account type includes advice about whether to open a brokerage or advisory account and advice about whether to roll over assets from a retirement account into a new or existing account that the adviser manages.
- Prospective Clients. With respect to prospective clients, advisers potentially have antifraud liability under Section 206, which applies to transactions, practices or courses of business that operate as a fraud or deceit on prospective clients, including those regarding investment strategy, engaging a sub-adviser and account type. In order to avoid liability under the antifraud provisions, the SEC believes that an adviser should have sufficient information about the prospective client and its objectives to form a reasonable basis for advice before providing any advice about these matters. At the point in time at which the prospective client becomes a client, the fiduciary duty applies.
- Duty to Seek Best Execution. The SEC confirms an adviser’s existing duty to seek best execution of a client’s transactions where the adviser has the responsibility to select broker-dealers to execute client trades.
- Duty to Provide Advice and Monitoring over the Course of the Relationship. An adviser must provide advice and monitoring at a frequency that is in the best interest of the client and consistent with the scope of services agreed to by the adviser and client. For example, when the adviser has an ongoing relationship with a client and is compensated with a periodic asset-based fee, the adviser’s duty to provide advice and monitoring will be “relatively extensive” as is consistent with the nature of the relationship. The SEC notes that an adviser and client may scope the frequency of the monitoring (e.g., agreement to monitor quarterly or monthly and as appropriate in between based on market events), provided that there is full and fair disclosure and informed consent. The SEC further notes that advisers may want to consider whether written policies and procedures relating to monitoring would be appropriate under Rule 206(4)-7 of the Advisers Act.
Duty of Loyalty
The duty of loyalty requires that an adviser not subordinate its clients’ interests to its own. In other words, an adviser must not place its own interests ahead of its client’s interests.
The duty of loyalty includes:
- Full and Fair Disclosure. An adviser must make full and fair disclosure to its clients of all material facts relating to the advisory relationship. For dual registrants, this includes disclosure about the circumstances in which they intend to act in their brokerage capacity or advisory capacity.
- "May" Have a Conflict. To illustrate what constitutes full and fair disclosure, the SEC provided guidance on the appropriateness of stating that an adviser “may” have a conflict. Disclosure that an adviser “may” have a particular conflict, without more, is not adequate when the conflict actually exists. For example, the use of “may” is inappropriate when the conflict exists with respect to some, but not all, types or classes of clients, advice or transactions without additional disclosure specifying the types or classes of clients, advice or transactions with respect to which the conflict exists. In addition, the use of “may” is inappropriate if it simply precedes a list of all possible or potential conflicts regardless of likelihood and obfuscates actual conflicts to the point that a client cannot provide informed consent. On the other hand, the word “may” could be appropriately used to disclose to a client a potential conflict that does not currently exist but might reasonably present itself in the future.
- Allocation of Investment Opportunities. The SEC also provided guidance on disclosure regarding conflicts related to the allocation of investment opportunities among eligible clients.
- Retail versus Institutional Clients. Whether the disclosure is full and fair will depend upon the nature of the client, the scope of the services and the material fact or conflict. Full and fair disclosure for an institutional client can differ significantly from disclosure for a retail client.
- Eliminate or Disclose Conflicts of Interest. An adviser must eliminate or at least expose through full and fair disclosure all conflicts of interest which might incline an adviser – consciously or unconsciously – to render advice which was not disinterested.
- Criticism from within the SEC. The Investor Advocate at the SEC argues that “the Commission has taken a step in the wrong direction in its interpretation of the fiduciary duty.” In his view, the interpretation weakens the existing fiduciary standard by suggesting that liability for nearly all conflicts can be avoided through disclosure.
- Chairman Clayton’s Response. In the open meeting to approve the rulemaking, Chairman Jay Clayton remarked that “you may hear that our fiduciary interpretation weakens the existing fiduciary duty that applies to investment advisers – also not true. The interpretation reflects how the Commission and its staff have applied and enforced the law in this area, and inspected for compliance, for decades.”
- Eliminate or Mitigate a Conflict. In the interpretation, the SEC notes that in some cases, conflicts may be of a nature and extent that it would be difficult to provide disclosure to clients, particularly retail clients, that adequately conveys the material facts or the nature, magnitude and potential effect of the conflict sufficient for a client to consent to or reject it. In other cases, disclosure may not be specific enough for a client to understand whether and how the conflict could affect the advice it receives. For retail clients in particular, it may be difficult to provide disclosure regarding complex or extensive conflicts that is sufficiently specific but also understandable. In all of these cases where an adviser cannot fully and fairly disclose a conflict of interest to a client such that a client can provide informed consent, the adviser should either eliminate the conflict or adequately mitigate (i.e., modify practices to reduce) the conflict such that full and fair disclosure are possible.
Sources: Commission Interpretation Regarding Standard of Conduct for Investment Advisers, Release No. IA-5248 (June 5, 2019), available here; Statement at the Open Meeting on Commission Actions to Enhance and Clarify the Obligations Financial Professionals Owe to our Main Street Investors, Public Statement of Chairman Jay Clayton (June 5, 2019), available here.
SEC Interpretation Regarding the “Solely Incidental” Prong of the Broker-Dealer Exclusion
The Advisers Act provides an exclusion from the definition of investment adviser for a broker-dealer that performs advisory services when such services are “solely incidental” to the conduct of the broker-dealer’s business and when such incidental advisory services are provided for no special compensation.
The Reg BI proposal discussed this broker-dealer exclusion and requested comment on its scope. The comments the SEC received in response demonstrated that there is disagreement about when the provision of broker-dealer investment advice is consistent with the solely incidental prong. The SEC adopted an interpretation to clarify its position and provide guidance on a broker-dealer’s exercise of investment discretion over and monitoring of customer accounts.
Investment Discretion. The SEC takes the position that a broker-dealer’s exercise of unlimited discretion would not be solely incidental to the business of a broker-dealer. A broker-dealer with unlimited discretion to effect securities transactions possesses ongoing authority over the customer’s account, indicating a relationship that is primarily advisory in nature.
On the other hand, a broker-dealer may exercise temporary or limited discretion in a way that is not indicative of a relationship that is primarily advisory in nature. Although the totality of the facts and circumstances would be relevant to determining whether temporary or limited discretion is consistent with the solely incidental prong, the SEC identified the following examples of temporary or limited investment discretion that, standing alone, would not support the conclusion that a relationship is primarily advisory:
- Discretion as to the price at which or the time to execute an order given by a customer for the purchase or sale of a definite amount or quantity of a specified security;
- Discretion on an isolated or infrequent basis to purchase or sell a security or type of security when a customer is unavailable for a limited period of time;
- Discretion as to cash management, such as to exchange a position in a money market fund for another money market fund or cash equivalent;
- Discretion to purchase or sell securities to satisfy margin requirements;
- Discretion to sell specific bonds or other securities and purchase similar bonds or other securities in order to permit a customer to realize a tax loss on the original position;
- Discretion to purchase a bond with a specified credit rating and maturity; and
- Discretion to purchase or sell a security or type of security limited by specific parameters established by the customer.
Account Monitoring. The SEC disagreed with commenters who suggested that any monitoring of customer accounts is inconsistent with the solely incidental prong. However, the SEC declined to delineate circumstances where agreed-upon monitoring is and is not solely incidental to a broker-dealer’s brokerage business. Instead, the SEC encourages broker-dealers to adopt policies and procedures that would help demonstrate that any agreed-upon monitoring is in connection with and reasonably related to the broker-dealer’s primary business of effecting securities transactions. For example, broker-dealers may include in their policies and procedures that a registered representative may agree to monitor a customer’s account at specific time frames (e.g., quarterly) for the purpose of determining whether to provide a buy, sell or hold recommendation. However, such policies and procedures should not permit a registered representative to agree to monitor an account continuously. Dually registered firms may similarly consider adopting policies and procedures that distinguish the level and type of monitoring in advisory and brokerage accounts.
Source: Commission Interpretation Regarding the Solely Incidental Prong of the Broker-Dealer Exclusion from the Definition of Investment Adviser, Release No. IA-5249 (June 5, 2019), available here.
SEC, NASAA and FINRA Issue Senior Safe Act Fact Sheet
On May 23, 2019, the SEC, NASAA and FINRA issued a fact sheet to help raise awareness of the Senior Safe Act (the Act), which was signed into law on May 24, 2018. We previously covered the enactment of the Act in our October 2018 Update and discussed its potential impact on advisers and broker-dealers. The fact sheet provides additional information intended to help advisers and broker-dealers take advantage of the reporting procedures and immunity available under the Act.
Background. The Act protects advisers, broker-dealers, transfer agents and their eligible employees from liability in any civil or administrative proceeding for reporting potential exploitation of a senior citizen to a covered agency. The immunity established by the Act is provided on the condition that certain employees receive training on how to identify and report exploitative activity against seniors before making a report, and reports of suspected exploitation are made “in good faith” and “with reasonable care” to a covered agency. This immunity does not apply to disclosures to a third party other than a covered agency.
What is a Covered Agency? The Act defines the term “covered agency” to include the following: a state financial regulatory authority (including a state securities regulator or law enforcement authority and a state insurance regulator); a state or local adult protective services agency; the SEC; an SEC-registered national securities association (e.g., FINRA); a federal law enforcement agency; or any federal agency represented in the membership of the Financial Institutions Examination Council.
What Types of Employees are Eligible for Immunity? An employee who serves as a supervisor or in a compliance or legal function (including as a Bank Secrecy Act officer) for a covered financial institution or a registered representative, investment adviser representative or insurance producer affiliated or associated with a covered financial institution.
What is a Covered Financial Institution? The Act defines the term “covered financial institution” as credit unions, depository institutions, investment advisers, broker-dealers, insurance companies, insurance agencies and transfer agents.
What are the Training Requirements? The Act does not mandate that any employees be trained. To qualify for the immunity provided under the Act, however, training must be provided to and completed by the employees who are eligible for immunity and those employees who may come into contact with a senior citizen as a regular part of their professional duties or may review or approve the financial documents, records or transactions of a senior citizen in connection with providing financial services to a senior citizen. The training must (i) instruct any individual who attends the training on how to identify and report suspected exploitation of a senior citizen internally and, as appropriate, to government officials or law enforcement authorities; (ii) discuss the need to protect the privacy and respect the integrity of each individual customer of the covered financial institution; and (iii) be appropriate to the job responsibilities of the individual who attends the training.
For current employees, affiliated persons and associated persons, the training must occur as soon as reasonably practicable. New employees, affiliated persons and associated persons have no later than one year from the date of hire, affiliation or association to complete the training.
How do the Requirements for “Individual Immunity” and “Institutional Immunity” Differ? An eligible employee who has received the required training and makes a disclosure to a covered agency in good faith and with reasonable care receives individual immunity pursuant to the Act. A covered financial institution also receives institutional immunity when an eligible employee makes a disclosure to a covered agency and all employees have received training to the extent necessary to qualify for immunity under the Act.
What Records must be Maintained? Records of employees who completed the training and the content of the training must be maintained by the covered financial institution and made available to a covered agency with examination authority over the covered financial institution, upon request, except that a covered financial institution is not required to maintain or make available such content with respect to any individual who is no longer employed by or affiliated or associated with the covered financial institution.
Sources: Senior Safe Act Fact Sheet (May 23, 2019), available here; SEC, NASAA, and FINRA Issue Senior Safe Act Fact Sheet to Help Promote Greater Reporting of Suspected Senior Financial Exploitation, SEC Press Release No. 2019-75 (May 23, 2019); available here.
OCIE Issues Risk Alerts Relating to Privacy Notices and Customer Information Safeguarding Policies
On April 16, 2019, OCIE issued a risk alert regarding compliance issues related to Regulation S-P that were identified during recent examinations. Regulation S-P requires advisers and broker-dealers to provide privacy notices to customers and implement written policies and procedures (P&P) to safeguard customer records and information.
Subsequently, on May 23, 2019, OCIE issued a risk alert regarding security risks associated with the storage of electronic customer records and information in various network storage solutions, including those leveraging cloud-based storage (electronic storage of information on infrastructure owned and operated by a hosting company or service provider).
April Risk Alert: Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies
OCIE gave examples of the most common deficiencies and weaknesses observed by staff, which may assist firms in complying with their obligations under Regulation S-P.
- Privacy and Opt-Out Notices. Some firms did not provide initial privacy notices, annual privacy notices, and opt-out notices to their customers. Others provided notices that did not accurately reflect their P&P.
- Safeguarding Policies and Procedures. Some firms did not have written P&P to safeguard customer records and information or failed to implement or reasonably design those P&P. Shortcomings included:
- Personal Devices. P&P that did not address how to safeguard customer information on personal devices such as personal laptops.
- Email. P&P that did not prevent employees from sending unencrypted email to customers containing personally identifiable information (PII).
- Training and Monitoring. P&P that required customer information to be encrypted, password-protected, and transmitted using only firm-approved methods were not reasonably designed because employees were not provided adequate training on these methods and the firm failed to monitor if the policies were being followed by employees.
- Unsecure Networks. P&P that did not prohibit employees from sending customer PII to unsecure networks.
- Outside Vendors. Firms that did not require outside vendors to agree to keep customers’ PII confidential, as required by the firm’s P&P.
- PII Inventory. P&P that did not identify all systems on which the firm maintained customer PII.
- Incident Response Plans. Incident response plans that did not address important areas, such as role assignments for implementing the plan, actions required to address a cybersecurity incident and assessments of system vulnerabilities.
- Unsecure Physical Locations. Firms that stored customer information in unsecure physical locations, such as in unlocked file cabinets in open offices.
- Login Credentials. Customer login credentials that had been disseminated to more employees than permitted under the firm’s P&P.
- Departed Employees. Firms’ former employees that had maintained access to customer information after their departure.
May Risk Alert: Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features
During recent examinations, OCIE identified the following concerns that may raise compliance issues under Regulation S-P as well as Regulation S-ID (identity theft red flag rules):
- Misconfigured Network Storage Solutions. Firms did not adequately configure the security settings on their network storage solution to protect against unauthorized access. Some firms also did not have P&P addressing the security configuration of their network storage solution.
- Inadequate Oversight of Vendor-Provided Network Storage Solutions. Firms did not ensure, through policies, procedures, contractual provisions or otherwise, that the security settings on vendor-provided network storage solutions were configured in accordance with the firms’ standards.
- Insufficient Data Classification Policies and Procedures. P&P did not identify the different types of data stored electronically by the firm and the appropriate controls for each type of data.
OCIE also identified several features of effective security configuration management programs, data classification procedures and vendor management programs, including:
- P&P designed to support initial installation, ongoing maintenance and regular review of the network storage solution;
- Guidelines for security controls and baseline security configuration standards to ensure that each network solution is configured properly; and
- Vendor management P&P that include, among other things, regular implementation of software patches and hardware updates followed by reviews to ensure those patches and updates did not unintentionally change, weaken or otherwise modify security configuration.
Sources: Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies (April 16, 2019), available here; Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features (May 23, 2019), available here.
SEC Guidance on Review of Rule 485(a) Filings
On April 2, 2019, the SEC issued Accounting and Disclosure Information 2019-07 (ADI), which summarizes the SEC staff’s views regarding its review and comment process related to post-effective registration statements filed pursuant to Rule 485(a) under the Securities Act. The ADI contains guidance to registrants regarding such Rule 485(a) filings that raise complex issues not easily resolved because of a lack of precedent.
Summary of the ADI. Rule 485(a) provides for automatic effectiveness within prescribed time periods of certain amendments to investment company registration statements. On occasion, seeking automatic effectiveness can complicate efforts by the SEC staff to effectively address investor protection interests, particularly in cases where filings raise “unique or particularly novel issues.” For example, issues requiring additional review and interaction between reviewers and registrants typically involve novel investment strategies, fee structures and/or operational policies, such as significant changes to policies related to purchases and redemptions by investors.
The SEC staff urges registrants planning filings under Rule 485(a) that may raise material questions of first impression, or that address issues in a manner inconsistent with previous precedent, to contact the staff to discuss these issues before filing. In addition, the staff requests that registrants respond to comments on such filings as a general matter no later than five business days before a filing is scheduled to become automatically effective. In cases where registrants are unable to submit responses to staff comments by that time, such registrants should file an amendment under Rule 485(b)(1)(iii) delaying the effectiveness date of the filing as needed until SEC staff comments have been resolved.
Impact. While the guidance in the ADI is expressed as requests instead of requirements, registrants should carefully consider whether and how to comply with the guidance. Because the SEC staff is charged with the day-to-day oversight and review of registration statement filings, it would be prudent for registrants to take this guidance into account when planning post-effective registration statement filings and addressing SEC staff comments in order to foster a collaborative working relationship with the regulator.
Source: ADI 2019-07 – Review of Certain Filings under Automatic Effectiveness Rules, available here.
Compliance Dates for Final Rules
Final Rule |
Compliance Date(s) |
Liquidity Risk Management Programs (Rule 22e-4) |
Requirements of Liquidity Risk Management Program Not Subject to Extension:
- Adoption and implementation of Liquidity Risk Management Program (including risk assessment)
- Board designation of program administrator
- 15% illiquid investment limit
- Adoption of policies and procedures for funds that engage in redemptions in-kind
- Related recordkeeping requirements
Fund complexes with $1 billion or more in net assets:
December 1, 2018
Fund complexes with less than $1 billion in net assets:
June 1, 2019
Requirements of Liquidity Risk Management Program Subject to Extension:
- Portfolio classification (bucketing)
- Highly Liquid Investment Minimum (HLIM)
- Board oversight
- Related recordkeeping requirements
Fund complexes with $1 billion or more in net assets:
June 1, 2019
Fund complexes with less than $1 billion in net assets:
December 1, 2019
|
Form N-LIQUID
(notice to SEC when a fund’s level of illiquid investments exceeds 15% of its net assets or when its highly liquid investments fall below minimum)
|
Parts A, B and C
Fund complexes with $1 billion or more in net assets:
December 1, 2018
Fund complexes with less than $1 billion in net assets:
June 1, 2019
Part D
Fund complexes with $1 billion or more in net assets:
June 1, 2019
Fund complexes with less than $1 billion in net assets:
December 1, 2019
|
Amendments to Form N-CEN Associated with Liquidity Rule |
Fund complexes with $1 billion or more in net assets:
first filing date is no later than 75 days following the first fiscal year ending after December 1, 2018, based on fiscal year end data
Fund complexes with less than $1 billion in net assets:
first filing date is no later than 75 days following the first fiscal year ending after June 1, 2019, based on fiscal year end data
|
Amendments to the Certification Requirements of Form N-CSR
(each certifying officer must state that such officer has disclosed in the report any change in internal control over financial reporting that occurred during the most recent fiscal half-year, rather than most recent fiscal quarter)
|
Fund complexes with $1 billion or more in net assets:
March 1, 2019
Fund complexes with less than $1 billion in net assets:
March 1, 2020
|
Investment Company Reporting Modernization: New Form N-PORT (As Amended) |
Fund complexes with $1 billion or more in net assets:
first filing date is May 30, 2019, based on March 31, 2019 data. The actual filing date depends on a fund’s fiscal quarter end.
Fiscal Quarter End |
Deadline for First Form N-PORT |
Required Monthly Data |
March 31, 2019 |
May 30, 2019 |
March 2019 |
April 30, 2019 |
July 1, 2019 |
March, April 2019 |
May 31, 2019 |
July 30, 2019 |
March, April, May 2019 |
Note that larger fund complexes are required to maintain in their records the information that is required to be included in Form N-PORT beginning no later than July 30, 2018, based on June 30, 2018 data, in lieu of submitting the information via EDGAR.
Fund complexes with less than $1 billion in net assets:
first filing date is June 1, 2020, based on January, February, and March 2020 data. The actual filing date depends on a fund’s fiscal quarter end.
|
Rescission of Form N-Q
(funds are required to continue filing Form N-Qs until they begin filing Form N-PORTs)
|
Fund complexes with $1 billion or more in net assets:
May 1, 2019 (a fund’s last Form N-Q reporting period will be the fiscal quarter ending December 31, 2018, January 31, 2019 or February 28, 2019, as applicable)
Fund complexes with less than $1 billion in net assets:
May 1, 2020 (a fund’s last Form N-Q reporting period will be the fiscal quarter ending December 31, 2019, January 31, 2020 or February 28, 2020, as applicable)
|
Form N-1A
(narrative disclosure regarding operation of a fund’s liquidity risk management program in new subsection of the applicable shareholder report)
|
Fund complexes with $1 billion or more in net assets:
December 1, 2019
Fund complexes with less than $1 billion in net assets:
June 1, 2020
|
Amendments to Form N-PORT Associated with Liquidity Rule |
Fund complexes with $1 billion or more in net assets:
first filing date is August 29, 2019, based on June 30, 2019 data. The actual filing date depends on a fund’s fiscal quarter end.
Note that larger fund complexes are required to maintain in their records the information that is required to be included in Form N-PORT associated with the liquidity rule beginning no later than January 31, 2019, based on December 31, 2018 data, in lieu of submitting the information via EDGAR.
Fund complexes with less than $1 billion in net assets:
first filing date is June 1, 2020, based on January, February, and March 2020 data (this is the same date as the Form N-PORT compliance date for fund complexes with $1 billion or less in net assets). The actual filing date depends on a fund’s fiscal quarter end.
|
Optional Internet Availability of Fund Shareholder Reports (Rule 30e-3) |
Funds electing to distribute shareholder reports via electronic delivery at the earliest date possible (January 1, 2021) must begin including prominent disclosures on each applicable document (summary prospectus, statutory prospectus and annual and semi-annual shareholder reports) starting January 1, 2019. |
FAST Act Amendments Impacting Registration Statement and N-CSR Filings |
All investment company registration statement and Form N-CSR filings made on or after April 1, 2020 must be made in HTML format and include a hyperlink to each exhibit identified in the filing’s exhibit index, whether the exhibit is included in the filing or incorporated by reference. |
Form CRS |
Form CRS must be filed by June 30, 2020. Initial delivery of Form CRS to all existing customers/clients who are retail investors due by July 30, 2020. |