Since the financial crisis, financial institutions have been required to address significant regulatory changes. The new reguloatyr framework in the United States and Europe has introduced a series of new terms. This brief glossary is intended to serve as a helpful summary of frequently used terms. To see the full glossary, click here.
FINRA’s newly revised Sanction Guidelines, effective immediately, signal that the upward trend in sanctions against broker-dealers is likely to continue.
The Sanction Guidelines, which establish the range of sanctions that FINRA may impose in formal disciplinary proceedings, affect several specific types of violations, as well as the principles behind levying sanctions and the overall levels of monetary sanctions. The Guidelines are also meant to catch up to the sanctions that FINRA actually is levying; as FINRA stated, in revising the guidelines, it is seeking to “harmonize the Sanction Guidelines with the current state of the cases in this area.”
FINRA explained that the Sanction Guidelines are not meant to prescribe fixed sanctions for particular violations. Rather, the Guidelines are used by FINRA’s adjudicators to determine appropriate sanctions and impose them consistently and fairly in disciplinary proceedings. FINRA’s Departments of Enforcement and Market Regulation also consult the Sanction Guidelines to determine the appropriate level of sanctions to seek in settled and litigated cases.
A more complete analysis of the Sanction Guidelines can be found in our client alert, available here.
For the past two years, the SEC has come under heavy fire, both inside and outside the Commission, for its increasing use of its own administrative proceedings, rather than federal courts, as the preferred forum for bringing its enforcement actions. On May 6, the Wall Street Journal published an article entitled “SEC Wins With In-House Judges,” reporting that, since 2010, the SEC has won 90% of its cases brought before its own administrative law judges but has won only 69% of its cases brought in federal court. http://www.wsj.com/articles/sec-wins-with-in-house-judges-1430965803?tesla=y. Two days later, the SEC’s Division of Enforcement made public its “approach” to selecting a forum, which was intended to outline the facts and circumstances it considers in determining whether to bring a litigated enforcement action in federal district court or in its own administrative proceedings. http://www.sec.gov/divisions/enforce/enforcement-approach-forum-selection-contested-actions.pdf. The guidance, however, ultimately provides the Division with virtually complete discretion in choosing the playing field that will be most advantageous to its case and to its view of the “proper development of the law.”
Historically, the SEC has been relatively consistent in the litigated cases it brought in its administrative proceedings and in federal court. While there have always been exceptions, litigated cases involving registered entities such as broker-dealers and investment advisers were generally brought in administrative proceedings, while cases involving non-industry individuals and entities were brought in federal district court. The latter cases often involved insider trading, the FCPA, offering fraud, and public company financial reporting. However, with the passage of the Dodd-Frank Act in 2010, Congress gave the SEC increased remedies in administrative proceedings, the most important being civil money penalties against unregistered individuals and entities. Armed with its new authority, the SEC has ramped up its use of administrative proceedings to pursue litigated cases against individuals and entities that had not previously been at risk of being brought into the SEC’s home court.
The SEC’s use of administrative proceedings has not gone unchallenged. Respondents in several administrative actions have brought suit against the agency, arguing that the administrative process is unconstitutional and deprives the SEC’s targets of substantial due process rights. Judge Rakoff of the Southern District of New York has expressed his doubts about the appropriateness of the expanded use of administrative proceedings, stating that he worried about the balanced growth of the securities laws if those laws are interpreted in a “non-judicial” forum. Andrew Ceresney, the Director of the Division of Enforcement, has mounted a spirited defense of the use of administrative proceedings, arguing that they are fair and unbiased, and that the federal securities laws should, indeed, be interpreted by the experts at the SEC.
Our complete analysis can be found in our client alert, available here.
Broker-dealers appear to have succeeded, at least for now, in beating back FINRA’s proposal to capture extensive amounts of data through electronic means.
For over a year, FINRA has been pushing its Comprehensive Automated Risk Data System (CARDS), which would require clearing firms (on behalf of introducing firms) and self-clearing firms to regularly submit to FINRA, in an automated, standardized format, specific information about their customers’ accounts and the customer accounts of each member firm for which they clear. FINRA claims that CARDS would enhance FINRA’s access to data and analytics, “help it evolve [its] risk-based surveillance and examination programs regarding sales activities” and enable it to “operate as an early warning system to more effectively identify potential fraudulent activity and customer sales practice abuse to guide examinations,” according to testimony last week by Richard Ketchum, FINRA Chairman and CEO, before the House Subcommittee on Capital Markets and Government Sponsored Enterprises Committee on Financial Services. “Accordingly,” Ketchum testified, “we believe that a data-driven analysis could increase our ability to identify investor protection issues sooner and to respond quickly to stem investor harm.”
In the face of extensive comments and criticism from the industry, including the Securities Industry and Financial Markets Association (SIFMA) and smaller broker-dealers, Ketchum announced before the Congressional Subcommittee that “we will not move ahead with the present form of the proposal and will not move forward with an amended version until we conclude that the concerns raised in the comments have been addressed.”
Industry comments have focused on the potential threat to individual privacy posed by transferring too much data electronically. Ketchum reported that FINRA has already watered down its proposal by agreeing not to collect personally identifiable data. However, he acknowledged that FINRA shared the concerns raised about the ability of bad actors to obtain information from its system that could be used to identify individuals. Ketchum testified that FINRA is evaluating the ability to accomplish some of its same investor protection goals by relying upon data generated by the SEC’s Consolidated Audit Trail when it is implemented; the overlap between the two proposed systems is one basis for the industry’s objections.
The SEC’s Division of Investment Management issued guidance highlighting the importance of cybersecurity and discussing measures that registered investment companies (“funds”) and registered investment advisers (“advisers”) should consider when addressing cybersecurity risk. The latest guidance reflects the Staff’s continued focus on cybersecurity as a key compliance issue (see our report on the SEC’s cybersecurity sweep exam here).
Even though the nature of cybersecurity threats is rapidly changing, funds and advisers cannot delay the implementation of effective compliance policies because every day that passes increases the possibility that the firm will be the subject of a regulatory examination into its cybersecurity procedures or, worse, be the subject of a cyber attack.
The guidance highlighted a number of measures that funds and advisers may wish to consider when developing effective cybersecurity and compliance policies. The Staff stressed, however, that its suggestions were not comprehensive and that registrants should consider the nature of their businesses and operations to ensure that policies adequately protect shareholders.
For a more detailed discussion of the guidance, please see our complete client alert.
According to a report released last week by the New York Department of Financial Services (NYDFS), the financial industry has a long way to go in overseeing the cybersecurity capabilities of outside vendors who carry out critical banking functions.
Last week’s report follows a year of activity on that front. In a May 2014 report, the NYDFS concluded—based on a survey of over 150 banks—that the financial industry’s increasing reliance on third-party vendors could create critical cybersecurity risks. Following that report, the NYDFS conducted a second survey of 40 banks concerning how they address cybersecurity with respect to third-party vendors. The second survey resulted in last week’s report. As a result of its findings, the NYDFS is considering new regulation that would impact financial institution oversight of third-party vendors.
THE NYDFS REPORT’S FINDINGS REGARDING VENDORS AND CYBERSECURITY
Last week’s report on vendors focused on four critical areas:
1. due diligence processes;
2. policies and procedures governing relationships with third-party vendors;
3. protections for safeguarding sensitive data; and
4. protections against loss incurred by third-party failures.
According to the report, almost every institution surveyed conducted risk-based due diligence on vendors, classifying vendors with access to sensitive data as high-risk, and conducting cybersecurity risk assessments on those vendors. In addition, 90 percent of surveyed institutions require vendors to comply with cybersecurity standards. However, fewer than half of the institutions surveyed required on-site due diligence of vendors: only 46 percent required initial on-site due diligence of potential vendors; and even fewer—35 percent—required periodic on-site due diligence of even those vendors classified as high-risk.
A more complete analysis of the report can be found in our client alert, available here.
The SEC’s Office of Compliance Inspections and Examinations in a Risk Alert dated April 20, 2015, announced a program targeting investment companies that have never been examined for focused, risk-based compliance examinations. OCIE’s “Never-Before Examined Investment Company” (NBE IC) Initiative, which is part of OCIE’s National Examination Program, will focus on higher-risk areas of concern to the SEC.
The Risk Alert states that the NBE IC Initiative will focus on open-end funds, closed-end funds, and underlying insurance funds, particularly those complexes that launched one or more years ago. Key areas of focus include:
- A fund’s Rule 38a-1 compliance program (and the related Rule 206(4)-7 compliance programs adopted by a fund’s adviser). OCIE likely will focus on:
- proxy voting policies for both portfolio holdings and fund shares;
- timeliness and accuracy of the registration statement and other required filings; and
- codes of ethics
- Annual contract reviews under Section 15(c). The review of advisory and sub-advisory contracts will assess:
- the adequacy of the board’s determination that fees are fair and reasonable (see our related blog post); and
- how the adviser manages conflicts of interest with respect to a fund and the fees received from that fund.
- Advertising and distribution. OCIE is perennially interested in this subject, and the NBE IC initiative will include a review of advertisements and distribution policies to ensure that:
- Advisers have established a process in place to review and approve advertisements;
- Funds have established adequate procedures to ensure that shareholders receive disclosed breakpoints.
- Valuation and NAV calculation. OCIE staff notes that funds are required to calculate their NAV daily, and that such calculation is driven by the valuation of portfolio assets. OCIE staff intends to review policies and procedures related to valuation and the calculation of NAV and, importantly, a fund board’s processes for overseeing the valuation of portfolio holdings.
- Leverage and derivatives. Although much about the SEC’s views on investment company use of derivatives and leverage is in a state of flux, OCIE continues to focus on these areas as a priority in examinations. Accordingly, funds should be prepared to provide information related to:
- compliance with the asset coverage requirements of Section 18;
- policies for segregating assets to cover exposure; and
- adequacy of registration disclosures concerning use of derivatives, leverage, and related risks.
OCIE effectively has delivered NBE ICs a syllabus for their upcoming exams. Registered funds that have not yet been examined by OCIE staff should carefully review the Alert and update their policies and procedures in anticipation of an imminent compliance exam.