Category Archives: Compliance

New SEC Cybersecurity Incident rules for RIAs

The SEC has just finalized rules requiring RIAs to adopt new measures for responding to cybersecurity incidents and notifying clients of such incidents.

RIAs and broker-dealers , among others, will now be required to develop, implement, and maintain written policies and procedures for an incident response program reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.

The policies and procedures must address assessment of the situation, containment of the situation, and notification of affected clients.

Large advisers (i.e., those with at least $1.5 billion in assets under management) would need to comply with the new rules within 18 months of the publication of the final rules in the Federal Register while smaller advisers would need to comply within 24 months of such publication date.

Read more here.

What’s the marketing piece that creates the most compliance risk for RIAs?

In my opinion, it’s the website.

With the SEC’s scrutiny of Marketing Rule compliance, I believe the SEC is closely scrutinizing Forms ADV filed by RIAs, and to the extent that RIAs indicate they are referencing testimonials, endorsements, third-party ratings, predecessor performance, hypothetical performance, or specific investment recommendations in their marketing materials, this gives the SEC an impetus to review the adviser’s marketing materials.

The marketing piece most easily accessible to the SEC is the RIA’s website, the address to which is also listed on the Form ADV.

Read more here.

Unfinished Business: IAs Are Potentially Back on the Hook for AML and Counterterrorism Reporting Requirements

In its latest attempt, the U.S. Department of Treasury, Financial Crimes Enforcement Network (“FinCEN”), will require certain investment advisers to implement compliance measures to detect and report suspected money laundering and the financing of terrorism. The newly proposed rule brings investment advisers under the purview of the Bank Secrecy Act (“BSA”), which requires financial institutions to implement risk-based anti-money-laundering and counterterrorism programs to protect the national security of the United States and aid law enforcement in the fight against money laundering. If the proposed rule is finalized, FinCEN could require investment advisers to collect records, such as those related to fund transfers, and file suspicious activity reports with FinCEN. The proposed rule would also allow information sharing between FinCEN and the SEC, who will be delegated with examination authority over investment advisers for compliance with the new rule.

Read more here.

The Dealerization of America by the SEC

On Tuesday, February 6, 2024, the United States Securities and Exchange Commission promulgated final rules relating to changing the definition of dealer pursuant to the Securities Exchange Act of 1934. See SEC.gov | SEC Adopts Rules to Include Certain Significant Market Participants as “Dealers” or “Government Securities Dealers”. This definitional change is a watershed moment in securities regulation.

Although the SEC has for several years now sought to expand the definition of dealer in certain markets, most notably the convertible debt market, this is the first time the SEC has taken advantage of its rule- making ability to dramatically shift decades of precedent.

Read more here.

Are CCOs Really In The SEC’s Crosshairs?

Last month, SEC Enforcement Director Gurbir Grewal gave a speech at the New York City Bar Association’s Compliance Institute addressing chief compliance officer liability. While the speech likely provided some comfort to CCOs, unfortunately, it raised more questions than answers, such as:

  • Are compliance officers on the front line?
  • Are compliance officers responsible for implementing and executing policies and procedures, or is their function to provide advice?
  • Do compliance officers need to become experts of “everything everywhere all at once” at their firms?
  • What is a “wholesale failure” to carry out compliance responsibilities?

Eversheds Sutherland Partners Brian Rubin and Adam Pollet share their thoughts here on these questions, as well as information about what the SEC and FINRA could use in future cases brought against CCOs  .