Category Archives: Standard of Care

Compliance, Regulatory, Standard of Care

Common Mistakes in Client Referral Arrangements

August 23, 2024 Richard Chen Leave a comment

According to Richard Chen, RIAs are still making these 3 common mistakes when it comes to client referral arrangements.

1. SEC-registered advisers who pay parties more than $1,000 per year for referrals are sometimes not considering communications made by those referring parties as their own advertisements that are subject to the SEC Marketing Rule. 2. RIAs are not vetting referral sources to ensure they are not statutorily disqualified (i.e., subject to certain criminal or regulatory sanctions).

3. RIAs are still utilizing parties to refer clients for compensation even if those referring parties are not appropriately registered as investment adviser representatives in the states where they are soliciting clients.

RIA Client Referral Mistakes to Avoid

June 17, 2024 Richard Chen Leave a comment

Referrals are often a significant source of new business for many RIAs. However, before entering into such arrangements, advisers should ensure they take proper steps to ensure those arrangements don’t run afoul of applicable laws.

First, make sure that the referring party is properly registered as an investment adviser representative, if applicable. Most states consider a person referring business to an RIA for compensation to be a “solicitor” that is required to register as an investment adviser representative with the state.

Second, make sure the referring party is not statutorily disqualified (i.e., has been subject to criminal or regulatory sanctions) that would prevent them from making such referrals. In addition, the SEC’s Marketing Rule requires that any “promoter” providing any “endorsement” to an SEC-registered RIA must not be statutorily disqualified.

Third, make sure that referred clients are notified of the arrangement to ensure they understand the conflicts of interest associated with the referral.

New SEC Cybersecurity Incident rules for RIAs

May 16, 2024 Richard Chen Leave a comment

The SEC has just finalized rules requiring RIAs to adopt new measures for responding to cybersecurity incidents and notifying clients of such incidents.

RIAs and broker-dealers , among others, will now be required to develop, implement, and maintain written policies and procedures for an incident response program reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.

The policies and procedures must address assessment of the situation, containment of the situation, and notification of affected clients.

Large advisers (i.e., those with at least $1.5 billion in assets under management) would need to comply with the new rules within 18 months of the publication of the final rules in the Federal Register while smaller advisers would need to comply within 24 months of such publication date.

Are CCOs Really In The SEC’s Crosshairs?

November 28, 2023 Clifford E. Kirsch, Editor Leave a comment

Last month, SEC Enforcement Director Gurbir Grewal gave a speech at the New York City Bar Association’s Compliance Institute addressing chief compliance officer liability. While the speech likely provided some comfort to CCOs, unfortunately, it raised more questions than answers, such as:

Are compliance officers on the front line?
Are compliance officers responsible for implementing and executing policies and procedures, or is their function to provide advice?
Do compliance officers need to become experts of “everything everywhere all at once” at their firms?
What is a “wholesale failure” to carry out compliance responsibilities?

Eversheds Sutherland Partners Brian Rubin and Adam Pollet share their thoughts here on these questions, as well as information about what the SEC and FINRA could use in future cases brought against CCOs .

Compliance, Enforcement, Regulatory, Standard of Care

Cyber Siege and Artificial Intelligence: These Aren’t Your Parents’ Cyber Threats

October 11, 2023 Clifford E. Kirsch, Editor Leave a comment

From Brian Rubin, Michael Bahar and Soroosh Faegh in NSCP Currents:

Everyone has been talking about Artificial Intelligence or AI. Broker-Dealers (BDs) and Investment Advisers (IAs) need to be particularly vigilant in addressing AI cybersecurity threats. The SEC has recognized these threats through a slew of recent pronouncements and proposed rules.

AI presents enormous opportunities, but it is also rapidly evolving the cyber threat, so BDs/AIs would do well to strongly consider re-assessing their policies, procedures, and plans to reasonably ensure they are incorporating the latest AI threats into their incident response, information security, and business continuity plans, their cybersecurity disclosures and board agendas, as well as their approach to consistent and coordinated communications. Indeed, AI’s threats may not be your parents’ cyber threats.

Read more here.