Investment Management Legal and Regulatory Update - April 2014April 15, 2014
OCIE Initiative for Never-Before Examined Advisers
The Office of Compliance and Examinations (OCIE) announced a new "Never-Before Examined Initiative" focusing on conducting examinations of investment advisers that have been SEC-registered for at least three years and that have never been subject to an SEC examination. As we reported in our January update, OCIE previously announced that examining these advisers is a priority in 2014. Firms subject to examination under this initiative are likely to have received a notification letter.
The initiative includes two approaches: risk-assessment and focused review. The risk-assessment approach intends to better understand the registrant by conducting a high-level review of the adviser’s business while also focusing on the adviser’s compliance program. The focused review approach uses a risk-based process to focus exams on the following areas:
- Compliance Program. National Exam Program (NEP) staff will review the adviser’s compliance program to evaluate whether the adviser has adequately identified conflicts and compliance-related risks, adopted policies and procedures to address such conflicts and risks, and appointed and empowered a Chief Compliance Officer to administer the program.
- Filings and Disclosure. NEP staff will review the adviser’s filings and disclosure documents to evaluate whether the documents contain all material facts regarding conflicts or potential conflicts necessary for clients to make informed decisions regarding the advisory relationship.
- Marketing. NEP staff will analyze marketing materials to determine whether the adviser has made any false or misleading statements about its business or performance record, has made any untrue statement of material fact, has omitted material facts, has made any misleading statements, or has engaged in any manipulative, fraudulent, or deceptive activities.
- Portfolio Management. NEP staff will review how the adviser manages its clients’ portfolios and determine whether those practices are consistent with its disclosures.
- Safety of Client Assets. NEP staff will assess whether the adviser complies with the custody rule that requires advisers with "custody" of client assets to take specific measures to prevent loss or theft of those client assets.
In preparation for an exam, SEC-registered advisers should review their compliance programs, books and records, disclosure documents, marketing materials, and regulatory filings to ensure that they are consistent and in good order.
Sources: SEC Announces Initiative Directed at Never-Before Examined Registered Investment Advisers, SEC Press Release 2014-35 (February 20, 2014); Securities and Exchange Commission Letter to Industry (February 20, 2014), available at http://www.sec.gov/about/offices/ocie/nbe-final-letter-022014.pdf.
SEC Focuses on Alternative Funds
SEC to Conduct Sweep Exams of Alternative Funds
OCIE announced that it is finalizing an initiative to conduct a national sweep exam of retail alternative funds, indicating that it will target 15 to 20 fund complexes in its first phase, which will likely begin in summer or fall of this year. The sweep will focus on liquidity, leverage and board oversight of retail alternative funds. OCIE noted that it is prioritizing these exams due to the significant asset growth of alternative products in recent years and the growing number of retail investors.
While one of OCIE’s goals is to ensure that alternative funds are complying with the Investment Company Act of 1940 (the Investment Company Act), the exams will allow the staff to identify areas where it believes managers may need additional guidance and to inform the Division of Investment Management and SEC commissioners of such need.
Source: SEC to Conduct Sweep Exams of Alt Funds, Ignites, Beagan Wilcox Volz (March 19, 2014).
OCIE Observations of Due Diligence Practices for Selecting Alternative Investments
Prior to announcing the sweep exams, OCIE observed the due diligence practices of more than ten SEC-registered investment advisers that manage or recommend alternative investments to their clients. OCIE summarized its findings in a Risk Alert dated January 28, 2014. In that Risk Alert, the staff analyzed how advisers (i) performed their due diligence, (ii) identified, disclosed, and mitigated conflicts of interest, and (iii) utilized experienced investment teams when evaluating complex investment strategies and fund structures.
The Risk Alert reminded investment advisers that they are fiduciaries who must act in the best interest of their clients. Such fiduciary duties require the advisers to determine whether a recommended investment (i) meets the client’s investment objectives and (ii) is consistent with the investment principles and strategies disclosed by the manager of the alternative investment to the adviser (as set forth in private offering memoranda or other offering material provided by the manager).
The Risk Alert provided an analysis of several industry trends and practices that comply with the requirements under the Investment Advisers Act of 1940 (the Advisers Act) and the federal securities laws. For example, the Risk Alert noted that advisers are: (i) negotiating with managers of alternative investments to obtain more information through requests for position-level transparency and, occasionally, the use of a separately managed account structure; (ii) using third party service providers to supplement their analyses or validate previously-received information regarding alternative investments; (iii) performing additional quantitative analysis and risk measures to supplement traditional investment-level decision-making processes; and (iv) enhancing and expanding due diligence processes to include onsite visits and reviews of policies and procedures, legal documents, liquidity of the portfolio, and financial statements. These trends allow advisers to understand and identify potential risk indicators, which subsequently allow advisers to conduct additional analysis and make appropriate changes in response to their findings.
The Risk Alert also discussed some areas where the staff identified material deficiencies or control weaknesses in the exams, including failing to: (i) include the due diligence policies and procedures for alternative investments in the adviser’s annual review of the policies and procedures required by Rule 206(4)-7 under the Advisers Act; (ii) make disclosures to clients that were consistent with actual practices; (iii) properly describe the due diligence process in marketing materials provided to clients; (iv) require detailed and accurate documentation of due diligence processes; and (v) conduct periodic reviews of service providers.
Finally, the Risk Alert discussed the obligation that all advisers adopt and enforce a written code of ethics setting forth a minimum standard of conduct for supervised persons and addressing personal securities trading by those persons. The staff noted that allowing an adviser’s access persons to invest in a limited offering with preferential investment terms creates a conflict of interest, which may influence the adviser’s due diligence processes and, ultimately, harm a client.
Source: Office of Compliance Inspections and Examinations National Exam Program Risk Alert, Investment Adviser Due Diligence Processes for Selecting Alternative Investments and their Respective Managers, Volume IV, Issue 1 (January 28, 2014).
SEC Rule Priorities for 2014
During a speech at the Investment Company Institute’s annual Mutual Funds and Investment Management Conference, Norm Champ, Director of the Division of Investment Management, reviewed the SEC’s rule priorities for 2014. While none of the priorities he discussed are new issues, his summary provides helpful insight on areas of focus for 2014.
Most notably, and to no one’s surprise, Mr. Champ indicated that money market fund reform would be a key 2014 initiative. Some other areas that Mr. Champ and Diane Blizzard, associate director of rulemaking in the Division of Investment Management, discussed included the following:
- updating and "substantially improving" Form N-SAR, including potentially changing how frequently the form must be filed;
- reforming variable annuity disclosure;
- reviewing target date funds marketing materials and the glidepath illustrations and requesting additional comments on the disclosure;
- reviewing portfolio holdings disclosure for open-end funds;
- revising the 2008 rule proposal that would allow certain exchange-traded funds to launch without obtaining exemptive relief from the SEC;
- continuing regulatory initiatives on exchange-traded funds; and
- reviewing the "say-on-pay" rulemaking addressing proxy voting reporting by institutional investment managers.
Sources: SEC Rule Priorities: Fund Disclosure, ETFs, VA Summaries, Ignites, Beagan Wilcox Volz (March 25, 2014); Remarks to the 2014 Mutual Funds and Investment Management Conference (March 17, 2014).
SEC Guidance on Risk Management in Changing Fixed Income Market
The Division of Investment Management issued an Investment Management Guidance Update suggesting certain steps that fund advisers should consider when evaluating their risk management and disclosure practices in light of the changing market conditions and the Federal Reserve Board’s decision to slow quantitative easing. The SEC guidance also indicates that mutual fund boards should use the guidance as a discussion topic when reviewing fund advisers as part of their oversight obligations.
In June 2013, the net assets of bond mutual funds reached near-historic heights of $3.6 trillion. While the bond markets are growing, primary dealer capacity in the market remains at levels similar to those in 2001, reducing the market-making capacity. The combination of decreased market-making capacity, increased interest rates due to slowing quantitative easing, and significant increases in bond mutual fund assets have the potential to decrease liquidity and increase volatility in the fixed income market. Understanding the potential increase in volatility, the Division of Investment Management suggested that fund advisers should consider taking the following steps:
- Assess and Stress Test Liquidity. Consistent with the redemption requirements under Section 22(e) of the Investment Company Act, fund advisers should assess their ability to meet redemption requests over varying periods of time. The guidance suggests that advisers should undertake such testing in normal market environments, in addition to stressed environments, and assess their sources of liquid assets that would be least impacted by increases in market stress.
- Conduct More General Stress-Tests/Scenario Analyses. The guidance prompts advisers to consider how they could use stress-testing beyond making liquidity assessments. For example, advisers could analyze interest rate hikes or widening spreads.
- Risk Management Evaluation. Advisers should consider the outcomes of risk management assessments and determine what actions are most appropriate for individual funds or fund complexes.
- Communication with Fund Boards. Advisers should keep fund boards apprised of a fund’s risk exposure and liquidity position and should consider whether the board would benefit from additional information regarding relevant topics.
- Shareholder Communications. Funds should review and assess the adequacy of their existing fixed income risk disclosure, including the potential for increased volatility and redemptions in response to tapering of quantitative easing and rising interest rates.
Source: Investment Management Guidance Update No. 2014-1, Risk Management in Changing Fixed Income Market Conditions (January 2014).
SEC Guidance on Aggregate Advisory Fee Rate for Multi-Manager Funds
The Division of Investment Management issued an Investment Management Guidance Update to clarify when a fund using a multi-manager structure must obtain shareholder approval for an increase in advisory or subadvisory fee rates.
Background. Under a multi-manager structure, a fund’s investment adviser selects subadvisers to provide the day-to-day investment advisory services to the fund. A fund using a multi-manager structure may request exemptive relief from the SEC with respect to the requirements of Section 15(a) of the Investment Company Act.
Section 15(a) requires an investment adviser or subadviser of a registered investment company to have a written contract providing for advisory services that has been approved by a majority of the outstanding voting securities of the fund and that "precisely describes all compensation to be paid thereunder." An SEC-granted Section 15(a) exemptive order would allow a subadviser to serve under a written contract that has not received shareholder approval. Notwithstanding such exemptive order, the advisory rate in the primary contract between the fund and the investment adviser would still remain subject to shareholder approval.
Multi-Manager Structures. The guidance explains that multi-manager orders generally contemplate two contractual scenarios. Under the traditional multi-manager structure, the fund pays advisory fees to the investment adviser, who in turn, compensates each subadviser out of the advisory fee. In this structure, shareholders approve the aggregate advisory fee when they approve the primary investment advisory agreement.
Under the direct-pay multi-manager structure, just as the fund enters into a direct agreement with the investment adviser, the fund also enters into a direct agreement with each subadviser. Therefore, shareholders approve each subadviser’s individual fee when they approve each individual subadvisory agreement.
Under both models, shareholders approve any increases in advisory fee rates.
Multi-Manager Order Applications. The staff requests that all new multi-manager order applications specify the type of multi-manager structure that they intend to use and include an aggregate fee condition, which states that any change in an advisory or subadvisory agreement that results in an increase in the aggregate advisory fee rate will be subject to shareholder approval.
For fund complexes with existing multi-manager orders and using the direct-pay structure, the guidance provides the following examples of scenarios where the fund would not need to obtain shareholder approval: (i) when hiring its first subadviser, the fund reduces the investment adviser’s rate by the rate that the fund will pay the subadviser so that there is no aggregate advisory fee increase; (ii) the fund hires an additional subadviser and pays it a rate no higher than (a) the subadviser it is replacing or (b) the rate of an existing subadviser that could have covered the assets allocated to the new subadviser; and (iii) an increase to an existing subadvisory rate that is offset by a decrease in the investment advisory rate.
Sources: Investment Management Guidance Update, No. 2014-3, Multi-Manager Funds – Aggregate Advisory Fee Rate (February 2014); SEC Issues Guidance for Multi-Manager Funds, Ignites, Beagan Wilcox (March 12, 2014).
SEC Guidance on the Testimonial Rule and Social Media
In March 2014, through question and answer format, the Division of Investment Management issued an Investment Management Guidance Update on an adviser’s or investment advisory representative’s (IAR) ability to use social media and to promote client reviews of their services that appear on independent, third-party social media sites.
Section 206(4) of the Advisers Act and Rule 206(4)-1(a)(1) (the testimonial rule) prohibit investment advisers or IARs from publishing, circulating, or distributing any advertisement that refers to any testimonial concerning the investment adviser or any advice, analysis, report, or other service rendered by such investment adviser. While the rule does not define "testimonial," the staff previously has interpreted it to mean a "statement of a client’s experience with, or endorsement of, an investment adviser."
Third Party Commentary. The guidance clarifies that in certain circumstances, an investment adviser or IAR may publish public commentary from an independent social media site if (i) the social media site’s content is independent of the investment adviser or IAR, (ii) there is no material connection between the social media site and the investment adviser or IAR that would call the site’s or the commentary’s independence into question, and (iii) the investment adviser or IAR publishes all of the unedited comments appearing on the independent social media site. The staff explained that publishing commentary that met these three criteria would not implicate the concerns of the testimonial rule and, therefore, an investment adviser or IAR could include such commentary in an advertisement.
Inclusion of Investment Adviser Advertisements on Independent Sites. The guidance also addresses the existence of an investment adviser’s or IAR’s advertisement on an independent site and notes that such presence would not result in a prohibited testimonial provided that (i) it is readily apparent to the reader that the advertisement is separate from the public commentary and (ii) advertising revenue does not influence, in any way, the determination of which public commentary is included or excluded from the independent site.
Reference by Investment Adviser to Independent Social Media Site Commentary in a Non-Social Media Advertisement (e.g., radio or newspaper). In the guidance, the staff explained that investment advisers or IARs could reference, in a non-social media advertisement, an independent social media site. For example, an adviser could state in its newspaper ad "see us on [independent social media site]" to signal to clients and prospective clients that they can research public commentary about the investment adviser on an independent social media site. In contrast, however, the investment adviser or IAR may not publish any testimonials from an independent social media site in a newspaper, for example, without implicating the testimonial rule.
Client Lists. The guidance also addressed posting of "contacts" or "friends" on the investment adviser’s or IAR’s social media site. Such use is not prohibited, provided that those contacts or friends are not grouped or listed in a way that identifies them as current or former clients. The staff carefully noted, however, any attempts by an investment adviser or IAR to imply that those contacts or friends have received favorable results from the advisory services would implicate the testimonial rule.
Fan/Community Pages. The guidance stated that a third-party site operating as a fan or community page where the public may comment ordinarily would not implicate the testimonial rule. However, the guidance cautioned investment advisers or IARs to consider the material connection and independence rules discussed above prior to driving user traffic to such a site, including through the publication of a hyperlink.
Sources: Investment Management Guidance Update, No. 2014-4, Guidance on the Testimonial Rule and Social Media (March 2014); Investment Company Institute Memorandum Regarding the Advisers Act Testimonial Rule and Social Media Guidance (April 1, 2014).
Supreme Court Broadens Whistleblower Status
On March 4, 2014, the United States Supreme Court ruled in Lawson v. FMR LLC that the whistleblower protections under the Sarbanes-Oxley Act extended to employees of private companies that provide services to public companies. The Supreme Court noted that mutual funds are public companies that do not have employees and, instead, contract with other third-party service providers to accomplish their goals. Therefore, if someone discovered fraud "detrimental to mutual fund investors, the whistle-blowing employee must be on another company’s payroll." The Court emphasized that its expansive view of the whistleblower protections complies with the purpose of the Sarbanes-Oxley reforms and that failure to extend the protection would render certain employees "remediless" if they blew the whistle.
The whistleblower provisions protect employees who reveal fraud from retaliation by the employer and may also allow the employee to receive a portion of any money recovered if fraud is exposed.
This decision has a clear impact on private companies, including investment advisers and accounting firms that work for public companies, as well as on mutual funds. In response, each of these entities should review or implement policies that respond to potential whistleblower claims. Additionally, fund professionals should carefully consider taking some of the following actions:
- review internal reporting processes and consider updating or improving compliance programs;
- review and promptly remedy any compliance concerns;
- educate employees on the internal reporting channels and provide proper training; and
- effectively discipline employees and properly document those disciplinary actions.
Sources: Supreme Court Broadens Whistle-Blower Status, Mutual Fund Firms on Alert, Investment News, Mark Schoeff Jr. (March 5, 2014); Lawson et al. v. FMR LLC et al., No. 12-3, slip op. (U.S. March 4, 2014).
Broker-Dealer Regulatory Developments
The SEC and FINRA have made recent changes to broker-dealer registration requirements for firms engaging in limited M&A and financing activities. FINRA has proposed a streamlined set of rules that would create a new registration category specifically for firms that advise companies and private equity funds on capital raising and corporate restructuring. Additionally, the SEC recently issued a no-action letter allowing certain intermediaries to act as "M&A Brokers" under certain circumstances without registration. Both developments are described in more detail below.
Proposed Rules for Limited Corporate Financing Brokers
According to FINRA’s rule proposal, a "limited corporate financing broker" (LCFB) would include any broker that solely engages in one or more of the following activities:
- advising an issuer, including a private fund, concerning its securities offerings or other capital raising activities;
- advising a company regarding its purchase or sale of a business or assets or regarding its corporate restructuring, including a going-private transaction, divestiture or merger;
- advising a company regarding its selection of an investment banker;
- assisting in the preparation of offering materials on behalf of an issuer;
- providing fairness opinions; and/or
- qualifying, identifying, or soliciting potential institutional investors.
An LCFB must not maintain customer accounts, hold or handle customer funds or securities, accept customers’ trading orders, exercise investment discretion on behalf of any customer, or engage in proprietary trading or market-making. Traditionally, many firms engaged in these activities have been required to register as broker-dealers because they receive transaction-based compensation, even though they do not engage in other traditional broker-dealer activities. The proposed rules are designed to decrease the regulatory burden on these firms.
The FINRA proposal would establish the Limited Corporate Financing Broker Rules, which would apply exclusively to LCFB firms and would be designed to address an LCFB’s limited range of activities. The FINRA By-Laws and certain core FINRA rules would continue to apply to LCFBs.
FINRA has requested comment on the proposed rules. Comments should be received on or before April 28, 2014.
Sources: Financial Industry Regulatory Authority, Inc., Regulatory Notice 14-09, FINRA Requests Comment on a Proposed Rule Set for Limited Corporate Financing Brokers (February 2014); FINRA Proposed Rules, available at http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/industry/p448158.pdf.
M&A Broker No-Action Letter
The SEC staff recently issued a no-action letter stating that certain merger and acquisition intermediaries may, under certain circumstances, effect M&A transactions for private companies without registering as broker-dealers under the Securities Exchange Act of 1934 (the Exchange Act). The no-action letter (M&A Broker Letter) represents a significant expansion of prior SEC interpretations in the business broker area.
The M&A Broker Letter defines "M&A Broker" as any person engaged in the business of facilitating securities transactions to transfer the ownership and control of privately-held companies, through the purchase, sale, exchange, issuance, repurchase, or redemption of, or a business combination involving, securities or assets of the company, to a buyer that will actively operate the business of the target company.
An M&A Broker will not have to register as a broker-dealer under the Exchange Act if all of the following conditions are met:
- The M&A Broker must not be able to bind a party to the M&A Transaction and must not provide financing for the M&A Transaction.
- The M&A Broker may not have custody of, or control, possess or otherwise handle, funds or securities in connection with the M&A Transaction.
- The M&A Transaction must not involve a public offering, and no party to the transaction can be a shell company (other than a business combination-related shell company).
- If an M&A Broker represents both the buyer and seller, it must obtain informed consent to the joint representation, after disclosure of the arrangement to both parties.
- The M&A Broker will not be permitted to form a group of buyers for an M&A Transaction.
- Upon completion of the M&A Transaction, the buyer must control and actively operate the business of the target. The M&A Transaction should not result in the transfer of interests to a passive buyer. "Control" will be presumed to exist if the buyer has the right to vote 25% or more of a class of voting securities; has the power to sell or direct the sale of 25% or more of a class of voting securities; or in the case of a partnership or limited liability company, has the right to receive upon dissolution or has contributed 25% or more of the capital.
- The M&A Broker, its officers, directors or employees must not have been barred or suspended from association with a broker-dealer by the SEC, any state or any self-regulatory organization.
- Because an M&A Transaction is, by definition, not a public offering, any securities received by a buyer or an M&A Broker in the M&A Transaction will be "restricted securities" pursuant to Rule 144(a)(3) under the Securities Act of 1933.
Although the M&A Broker Letter does not explicitly address the type of compensation that M&A Brokers may receive, it appears that the SEC staff intends to allow M&A Brokers to receive transaction-based compensation.
M&A intermediaries should keep in mind that an SEC no-action letter is not law. No-action relief is a staff interpretation limited to the specific facts detailed in the request, and can be modified or rescinded at any time.
Source: M&A Brokers, SEC No-Action Letter (January 31, 2014, as revised February 4, 2014).
Nuveen Investment Funds, Inc. No-Action Letter
Background. Nuveen Investment Funds, Inc., a registered management investment company (Nuveen), each portfolio series thereof, Nuveen Fund Advisors, LLC, a registered investment adviser (Nuveen Advisors), and U.S. Bank National Association (the Bank) requested relief from the Division of Investment Management under Section 17(e)(1) of the Investment Company Act.
Under a securities lending agreement, the Bank serves as the custodian and securities lending agent for the Nuveen funds. The Bank, in its capacity as trustee or discretionary investment manager of fiduciary accounts, may own, control, or hold with power to vote 5% or more, or even more than 25%, of the outstanding voting securities of a Nuveen fund and, therefore, may be deemed an affiliated person under Section 2(a)(3) of the Investment Company Act.
Section 17(e)(1) of the Investment Company Act prohibits any affiliated person of a registered investment company (or affiliated persons of such a person) from accepting compensation from any source for the purchase or sale of any property to or for the investment company, except in certain circumstances not relevant in this discussion. Under Section 17(e)(1), the Nuveen funds could not compensate the Bank for its services as securities lending agent.
Precedent. In Norwest Bank Minnesota, N.A., SEC No-Action Letter (May 25, 1995), the staff concluded that an affiliated securities lending agent could receive compensation for "administrative lending services," which in contrast with "other lending services" that involved the exercise of discretion and fall within the meaning of Section 17(e)(1), did not fall within the scope of Section 17(e)(1). Nonetheless, the staff in Norwest determined that not all "other lending services" would trigger the types of conflicts that Section 17(e)(1) was designed to prevent.
Effecting Loans. Nuveen explained that all securities loans made by the Nuveen funds are collateralized with cash at least equal to 100% of the market value of the securities loaned. A Nuveen fund lending the securities may invest (acting through the Bank) the cash collateral and retain the proceeds from the investment, less a predetermined amount of such proceeds (the Borrower Rebate Rate). In some instances, when securities may be difficult to borrow, the borrower may pay the lender an additional amount as consideration (the Negative Rebate Rate). The Bank and the borrower determine the Borrower Rebate Rate and the Negative Rebate Rate (together, the "Rebate Rate") at the time of each loan.
No-Action Relief. In deciding to provide no-action relief, the SEC staff noted the following specific securities lending procedures that Nuveen implemented and that limited the concerns that Section 17(e)(1) was designed to prevent:
- Nuveen Advisors adopted, and the board of directors of Nuveen (the Board) approved, spread guidelines that required a Nuveen fund’s rate of return on lending securities, or "spread," to be at least (i) four basis points for loans of U.S. government and agency securities or (ii) six basis points for all other securities (the Spread Guidelines).
- Nuveen Advisors established monitoring and reporting requirements that require the Bank to promptly notify Nuveen Advisors on any day that a loan earns a spread that is less than the required minimum spread under the Spread Guidelines. Additionally, the Bank monitors daily market information on Rebate Rates that is compiled by a third party and reports to Nuveen Advisors any amount paid to or received from a borrower that is materially more favorable to the borrower than the rates that are generally available in the market for loans of the same securities to similar borrowers.
- The Bank also provides daily, monthly, and quarterly reports to Nuveen Advisors and annually provides the Board with materials to review the securities lending arrangement. Nuveen Advisors uses such reports to make recommendations to the Board regarding whether the Nuveen funds should continue to participate in the Bank’s securities lending program.
In granting relief, the staff agreed that the procedures set forth above provide the appropriate monitoring, oversight, and after-the-fact review of the Rebate Rates by Nuveen Advisors and the Board to limit the Bank’s discretion and to address any conflicts of interest that Section 17(e)(1) was designed to prevent.
Source: Nuveen Investment Funds, Inc., SEC No-Action Letter (February 13, 2014).
Increased Focus on Cybersecurity Threats
FINRA to Examine Broker-Dealers for Cybersecurity Threats
In its 2014 Regulatory and Examination Priorities Letter, FINRA noted that cybersecurity remains a priority and that it will focus on "the integrity of firms’ policies, procedures and controls to protect sensitive customer data." In line with this priority, FINRA announced a Targeted Examination Letter detailing its intention to conduct an assessment of firms’ approaches to managing cybersecurity threats, which FINRA noted may cause potential harm to investors, firms, and the financial system as a whole. FINRA intends to survey and assess about 20 firms with a variety of business models. FINRA’s assessment will focus on areas relating to cybersecurity, including:
- business continuity plans in the event of a cyber-attack;
- understanding concerns and threats faced by the industry;
- assessing the impact of cyber-attacks on the firm over the past year;
- training programs;
- insurance coverage for cybersecurity-related events; and
- arrangements with third-party service providers.
FINRA hopes that its assessment will help it achieve four broad goals: (1) to better understand the threats that firms face; (2) to increase its understanding of firms’ risk appetites, exposure, and major areas of vulnerabilities in their IT systems; (3) to better understand how firms could and do manage these threats; and (4) to share observations and findings as appropriate.
While one of FINRA’s goals appears to be information sharing, broker-dealers should understand that FINRA could take action based on examination findings of weaknesses in cybersecurity controls. At a minimum, broker-dealers should have a process in place for checking cyberthreats and protecting data should an attack occur.
Sources: FINRA Regulatory Examination Priorities (January 2, 2014), available at http://www.finra.org/web/groups/industry/@ip/@reg/@guide/documents/industry/p419710.pdf; FINRA, Targeted Examination Letters Re: Cybersecurity (January 2014).
SEC Examiners to Review Asset Managers Cybersecurity Defenses
As part of OCIE’s routine examinations, the staff intends to scrutinize the policies and procedures that asset managers use to prevent and to detect cyber-attacks. Additionally, the staff will assess whether asset managers are reviewing and enhancing safeguards to protect against security risks. To prepare for such exams, asset managers should review their information technology training programs, analyze whether vendor access to their systems creates potential weaknesses, and review their vendors’ due diligence processes. SEC examiners may also evaluate whether asset managers are properly reporting "material" cyber events to regulators.
Source: SEC Examiners to Review How Asset Managers Fend Off Cyber Attacks, Reuters, Sarah N. Lynch (January 30, 2014).
SEC Holds Cybersecurity Roundtable
On March 26, 2014, the SEC held the Cybersecurity Roundtable in light of growing concerns regarding cybersecurity. The focus of the roundtable was to advise the SEC, the industry, other government agencies, and the private sector of the cybersecurity risks and the strategies to address such risks. The roundtable was divided into four panels: (i) Cybersecurity Landscape, (ii) Public Company Disclosure, (iii) Market Systems, and (iv) Broker-Dealers, Investment Advisers, and Transfer Agents. While each panel focused on specific questions regarding cyber threats and security concerns, many themes permeated throughout each panel’s discussion.
Panelists generally agreed that cybersecurity is one of the primary risks for businesses today and noted that businesses should evaluate external, including risks posed by third party service providers, as well as internal, cybersecurity risks. When discussing what actions the SEC should take in response to these threats, the panelists largely believed that the SEC should issue principles-based guidance rather than crafting rules that attempt to address all industries. They noted that such rules may not be effective given that one solution does not apply to all scenarios and that, due to swift technology advancements, any rules may likely be antiquated not long after adoption. Several panelists did note, however, that the SEC should encourage information sharing among registrants and among other regulatory agencies.
The role of the board of directors was another theme that arose in several panel discussions. Participants repeated that the board’s role is one of oversight, and subject-matter expertise regarding cybersecurity is not required. In fact, they noted that board members who are generalists are better suited to address a variety of business issues. To fulfill their oversight role, boards should be kept apprised of information and should ask meaningful questions regarding a company’s preventive actions.
Finally, panelists also acknowledged that developing procedures for identifying areas of enterprise-wide, potential risks and establishing response methods are the best ways to prepare a company for future cyber-attacks. Some panelists even recommended conducting cyber-attack simulations and involving senior management in those simulations.
While the staff did not indicate that additional rulemaking in response to the roundtable was imminent, as noted above under "SEC Examiners to Review Asset Managers Cybersecurity Defenses," the SEC is moving ahead on reviewing and scrutinizing asset managers’ preventative cybersecurity policies and procedures. The SEC is accepting comments regarding issues addressed at the roundtable until May 2, 2014.
Source: Investment Company Institute Memorandum Regarding Summary of the SEC’s March 26 Cybersecurity Roundtable (March 28, 2014).
SEC Guidance on Unbundling Proxy Proposals
The Division of Investment Management issued an Investment Management Guidance Update on amending investment company charters in light of Rule 14a-4 promulgated under the Exchange Act.
The guidance states that Rule 14a-4, the "unbundling" rule, requires that the form of proxy "identify clearly and impartially each separate matter to be acted upon, whether or not related to or conditioned on the approval of other matters . . ." and provide separate boxes for shareholders to choose between approval, disapproval, or abstention "with respect to each separate matter . . . ." The SEC believes that breaking out each proposal allows each shareholder to express his or her view to management on each matter up for vote. While some matters may be presented together, as discussed in the updated Exchange Act Rule 14a-4(a)(3) Compliance and Disclosure Interpretations, if the Investment Company Act, state law, or a fund’s organizational documents require a matter to be submitted to shareholders, that matter should be voted on separately.
The guidance further notes that the Division staff has commented that proposed amendments to investment company charters should be unbundled, providing shareholders with the opportunity to separately vote on each proposed material amendment. In considering the materiality of a proposal, the staff advised investment companies to consider whether a given matter "substantively affects shareholder rights" and provided the following examples of proposed amendments that would be material: (i) amending voting rights from one vote per share to one vote per dollar of net asset value; (ii) authorizing a fund to involuntarily redeem small account balances; (iii) authorizing a fund to invest in other investment companies; (iv) changing supermajority voting requirements; (v) authorizing the board to terminate a fund or merge with another fund without shareholder vote; and (vi) authorizing the board to make future amendments to the charter without a shareholder vote.
Sources: Investment Management Guidance Update No. 2014-2, Unbundling of Proxy Proposals – Investment Company Charter Amendments (February 2014); Securities Exchange Act Rules Compliance and Disclosure Interpretations (January 24, 2014), available at http://www.sec.gov/divisions/corpfin/guidance/14a-interps.htm.
The information contained herein is based on a summary of legal principles. It is not to be construed as legal advice. Individuals should consult with legal counsel before taking any action based on these principles to ensure their applicability in a given situation.