In testimony before the House Committee on Financial Services on March 24, 2015, SEC Chair Mary Jo White said that she supports a uniform fiduciary standard of conduct for broker-dealers and investment advisers that provide personalized securities advice to retail customers. She detailed plans for rules concerning enhanced risk monitoring and regulatory safeguards for asset managers.
Uniform fiduciary standard
White testified that she asked the SEC staff to develop rulemaking recommendations for the SEC to consider, taking into account the SEC staff recommendations contained in a 2011 report to Congress on this issue, and the views of other interested persons. She cited three challenges that the SEC faces in adopting rules:
- How to define the standard. White said she favors a principles-based approach rooted in fiduciary duty applicable to investment advisers.
- How to provide clear guidance on what the standard would require. This guidance would address how current business practices can or cannot continue under the new standard.
- How to provide meaningful application, examination and consistent enforcement of a new uniform standard. Central to this challenge, she explained, is extending examination coverage for registered advisers.
The basis of the regulatory initiative is Section 913 of the Dodd-Frank Act Wall Street Reform and Consumer Protection of 2010, which granted the SEC authority to impose a uniform standard of conduct for broker-dealers and investments that provide personalized investment advice. Section 913 required the SEC to report to Congress on its recommendations, which the SEC submitted in 2011.
Risk monitoring and regulatory standards
Separately, White said that under the authority of Section 965 of the Dodd-Frank Act, the Division of Investment Management established a new risk and examinations office (REO). She said that REO is developing recommendations for the SEC to “modernize and enhance data reporting for both funds and advisers.” Among other things, the initiative would:
- Update the reporting of basic fund census information;
- Enhance reporting of fund investments in derivatives, liquidity valuation of holdings and securities lending practices; and
- Collect more information on separately managed accounts.
White said that the Division of Investment Management is also considering whether the SEC should require enhanced risk management programs for mutual funds and exchange traded funds (ETFs), to address risks related to liquidity and use of derivatives, and to enhance the SEC’s oversight of these activities. In particular, she said that the Division is reviewing options for:
- Updated liquidity standards;
- Disclosure of liquidity risks;
- Measures to limit leverage through use the of derivatives;
- “Transition plans” to prepare for the winding down investment advisers’ businesses; and
- Annual requirements for stress testing by investment advisers and funds.
White also addressed other issues on the SEC’s agenda, including issuer disclosure and capital formation; trading and markets; economic analysis, risk assessment and data analytics; and enforcement. See MoFo’s Thinking Capital Markets blog concerning “Chair White’s Testimony on SEC Initiatives,” available here.
Both the U.S. Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) have recently issued guidance to broker-dealers on cybersecurity, providing valuable resources for them and for registered investment advisors to combat the growing threat of cyber-attacks. The two reports should provide the tools and information needed by those broker-dealers who have put off focusing on cybersecurity to strengthen their data protection capabilities. Broker-dealers would do well to read these reports in full and then apply their useful industry intelligence toward improving their systems and procedures.
As demonstrated by recent high-profile data breaches, such disruptions can have financially devastating and long-term consequences for companies of all types. Fortunately, both of these reports contain vital information for firms interested in effectively protecting their customers’ private information. By examining particular firms’ cybersecurity practices, the reports provide others with the opportunity to bolster their information-security policies to match the industry leaders, most critically in the following areas: responding promptly to cyber-attacks; cultivating a culture of compliance from the senior level down; training internal staff and outside vendors on information security, and purchasing cybersecurity insurance. With the benefit of these resources and others, firms might find that the job is not as daunting as they feared.
To read the full report, click here.
Morrison & Foerster has published the March edition of the Investment Management Legal + Regulatory Update. To read the full newsletter, click here.
Earlier this month the UK’s financial services regulator, the Financial Conduct Authority (FCA), issued its final guidance on financial promotions made via social media channels.
As we reported last year in our alert, “UK’s Financial Services Regulator Issues Draft Guidance on Social Media – Should we Favourite* or #Fail?”, in August 2014 the FCA issued long-awaited draft guidance on the use of social media in financial promotions by regulated financial institutions. Following the publication of the draft guidance, the FCA held a consultation exercise which closed on 6 November 2014. In response to feedback from regulated firms and industry bodies, in the final guidance the FCA has clarified a few areas and amended portions of the text, as well as added more visual examples.
To read the full alert, click here.
Jay Baris will be participating in a panel entitled “Still Spry at 75: Reflections on the Investment Company Act and the Investment Advisers Act” at the ABA Business Law Section’s spring meeting in San Francisco on April 17th, 2:30-4 p.m.
Moderator Paul N. Roth, Chair of the Hedge Fund Subcommittee and Schulte Roth & Zabel partner, will lead a discussion on the past, present and future of the two “1940 Acts”, in celebration of their 75th anniversary. Additional panelists will include: Andrew (Buddy) J. Donohue, Goldman Sachs Managing Director and Investment Company General Counsel, current Chair of the Investment Companies and Investment Advisers Subcommittee and former Director of the SEC’s Division of Investment Management; Barry P. Barbash, a partner at Wilkie Farr & Gallagher and former Investment Management Division Director; Marianne K. Smythe, a legal consultant who previously served as a Director of the Investment Management Division and partner at WilmerHale; Jennifer B. McHugh, Senior Policy Advisor to the current Director of the Division of Investment Management; and Professor Tamar Frankel, Professor, Boston University School of Law and a leading authority on the statutes.
For more information, click here.
With Chair Mary Jo White in her second year at the helm, the Securities and Exchange Commission showcased its efforts, improvements, and enforcement successes at this year’s SEC Speaks Conference. The Commission highlighted that it brought a record number of cases—755 enforcement actions—in fiscal year 2014, and obtained $4.1 billion in monetary relief. The Commission continues to emphasize its increased use of data analytics in both its regulatory efforts and enforcement investigations. As usual, the Commission, and the Division of Enforcement in particular, used the Conference to present their case that the SEC is firing on all cylinders.
INSIDER TRADING UP FRONT
According to Division of Enforcement leadership, insider trading continues to be a priority; the SEC has named 580 defendants in insider trading cases over the last 5 years and strong cases are still in the pipeline. The Staff’s evolving ability to analyze trading, both within a single account and across the accounts of multiple entities and individuals, enables the staff to identify traders and their information sources who may be potentially violating the insider trading laws. This, in turn, has helped the Staff discover, investigate, and initiate many cases, and has helped fill the Enforcement Division’s inventory for the upcoming year.
It was no surprise that Enforcement staff commented on the Second Circuit’s decision in U.S. v. Newman. The decision—vacating two criminal convictions for insider trading—could have a significant impact on insider trading enforcement as it appears to potentially raise the standard for finding liability by tippers and tippees in insider trading cases. As a result, the Commission has joined the U.S. Attorney in seeking a modification of the ruling. However, the Staff indicated that despite its disagreement with the Newman ruling, the majority of its current cases will not be affected by the decision.
A more complete analysis of the Conference can be found in our client alert, available here.
FINRA recently issued a Report on Cybersecurity Practices (“Report”), growing out of its targeted examination of firms last year. To issue the Report, FINRA gave careful consideration to the needs of many broker-dealers for information and the tools to combat cyber intrusions. The Report is comprehensive, and it doesn’t shy away from delving into technical detail. Our review of it leads us to conclude that it is a useful resource for broker-dealers looking to assess and improve their procedures for preventing a cybersecurity attack, and dealing with one if and when it comes.
At the same time, FINRA also issued guidance to enable investors to understand the state of their firms’ data protection by issuing a new Investor Alert entitled “Cybersecurity and Your Brokerage Firm.” The Alert recommends that investors ask their firms about: the safeguards they have in place to protect personal information and assets; the procedures the firm uses to monitor investors’ personal information; the firms’ approaches to handling cyber events; whether the firms will reimburse investors if their assets are compromised due to a cyber attack; and what measures the firms recommend investors take to personally protect their information.
FINRA’s Report (together with the SEC’s recent cybersecurity report) should provide the motivation and some of the tools needed by those broker-dealers who have put off focusing on this area to roll up their sleeves, and additional motivation will come from the firms’ own customers.
This Client Alert cannot cannot hope to summarize the 45-page Report, and we encourage those firms embarking on a cybersecurity project to read the entire Report. Here we will point out some of the most relevant observations and recommendations in the Report, with a view to encouraging broker-dealers to review their procedures and adopt the recommendations as appropriate.
As FINRA’s Report indicates, cybersecurity has been a regular theme in its annual Regulatory and Examination Priorities Letter since 2007, and over the years FINRA has conducted surveys and on-site reviews of firms to increase its awareness of how firms control cyber risks. FINRA points to a variety of factors driving firms’ exposure to cybersecurity threats, including advances in technology, changes in firms’ business models, and changes in how firms use technology. A prime example of such risks is the increased use of web-based access or mobile devices for brokerage activities.
FINRA defines “cybersecurity” as “the protection of investor and firm information from compromise through the use . . . of electronic digital media.” “Compromise” is the loss of data confidentiality, integrity or availability. FINRA acknowledges that there is no “one size fits all” approach, because firms come in a variety of sizes and business models, and acceptable approaches to compliance and supervision may vary widely among firms. But at the end of the day, “firms must have appropriate risk management measures in place to address the cybersecurity-related threats they face.”
FINRA’s Report is perhaps at its most useful when it reviews practices that it observed at firms in each area discussed; these discussions will permit broker-dealers to benchmark their practices against the industry in general, and increase the urgency of improving their systems when they find that they fall short.
A more complete analysis of the Report can be found in our client alert, available here.