In a proceeding on September 28th, the SEC ordered a public hearing to be held before an Administrative Law Judge within the next two months. Further, the SEC ordered the Respondent and two companies under his control, to cease and desist from any engaging in any unlicensed and/or criminal acts of securities dealing.
The Respondent was previously sanctioned by regulators in two states for fraudulent conduct in the offering of unregistered securities and making misrepresentations as to his status as a registered broker-dealer. In its release, the SEC emphasizes the Respondent’s use of crowdfunding channels to find small business customers and offer purported expert brokerage services. His companies offered support in identifying prospective investors, raising capital, listing securities, structuring offerings, transferring stock and a number of related services. The SEC found that, in so doing, the Respondent fraudulently misrepresented his companies to small business owners as registered broker-dealers and established financial services companies with experience facilitating exempt offerings and the capacity to provide legal counsel.
The Respondent advised and assisted customers in filing Regulation A offering statements that were deemed to be deficient by the SEC. The SEC requests a public hearing to take evidence regarding possible violations of Section 10(b) of the Securities Exchange Act, including the fraud provisions of Rule 10b-5.
Although the transactions involved were small, the SEC’s vigorously worded release shows that, although the JOBS Act relaxes restrictions on communications with potential investors during certain securities offerings, the Act does not limit the SEC’s broker-dealer registration requirements.
The SEC has expressly distinguished brokers who collect transaction based compensation to promote, offer and sell shares of private stock offerings from the persons protected by Section 201(b) of the JOBS Act. As explained in detail here, a “matchmaking” site that takes no compensation and does not handle or analyze securities in providing ancillary services in connection with a Rule 506 Regulation D offering can be exempt from broker-dealer registration. However, this exception has been narrowly interpreted, and the SEC has been aggressive in enforcing requirements for broker-dealer registration under Section 4(b) of the Securities Act.
The SEC has yet to finalize its rules relating to crowdfunding. When such regulations are in place, funding portals would be subject to an alternative regulatory scheme.
All industry participants, and companies seeking capital, will want to verify that the purported broker-dealers with whom they work are appropriately registered broker-dealers. For smaller and newer firms that are seeking to understand their responsibilities, the SEC’s Division of Trading and Markets maintains a Compliance Guide, which sets forth the SEC’s views as to the circumstances in which the SEC believes that intermediaries must register as broker-dealers. Caution is appropriate, as the SEC is expected to maintain its scrutiny of the area.
On September 14, 2015, the Commodity Futures Trading Commission (CFTC) published a final rule requiring introducing brokers (IBs), commodity pool operators (CPOs), and most commodity trading advisors (CTAs) to become members of a registered futures association (RFA).
A limited exception to this requirement applies to CTAs that qualify for an exemption from registration under CFTC Regulation 4.14(a)(9) (i.e., those who do not direct client accounts or provide advice tailored to a particular client) but who nonetheless chose to register. All persons subject to the regulation will be required to become members of the National Futures Association (NFA), the only RFA, by December 31, 2015. To comply with the requirement, each registered IB, CPO, and CTA (subject to the limited exception for CTAs) must update its existing registration forms on NFA’s online registration system and pay initial and NFA annual membership dues.
For many years, IBs, CPOs, and CTAs that facilitated trading in futures contracts were required to become members of NFA, not because of a CFTC regulation, but due to NFA Bylaw 1101, which prohibits NFA members from dealing with non-members that are required to be registered with the CFTC and who provide services with respect to futures contracts. The Dodd-Frank Act required IBs, CPOs, and CTAs that provide services with respect to swap contracts to register as a result of amendments to the Commodity Exchange Act adding “swaps” to the definitions of these registration categories.
Post Dodd-Frank, registered IBs, CTAs, and CPOs that provided services with respect to swaps only were not subject to NFA Bylaw 1101, which only applies to futures contracts, and thus did not have to become NFA members. The final rule now requires all IBs, CPOs, and CTAs, including those who provide services with respect to swaps, to become and remain NFA members. This requirement subjects these registrants to NFA rules and ongoing NFA oversight, including NFA audits. While most registrants in these categories have become NFA members in any event or are exempt because they have claimed exemption from registration (e.g., under the CFTC Reg. 4.13(a)(3) de minimis exemption for CPOs), the CFTC estimates that approximately 296 persons registered with the CFTC as a CPO, CTA, or IB will be required to become and remain NFA members.
A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of Regulation S-P (the “Safeguards Rule”). Without admitting or denying the SEC’s findings, the investment adviser agreed to a censure, to cease and desist from future violations, and to appoint an information security manager to oversee its data security.
The SEC found that the adviser stored customers’ personally identifiable information (PII) on a third party-hosted webserver for almost four years without procedures to protect customer records and information. In July 2013, a hacker gained access and copy rights to the data. The SEC found that the adviser’s failure to adopt date security procedures left the PII of more than 100,000 individuals vulnerable to theft.
The investment adviser provides investment advice to individual retirement plan participants through an automated managed account option. To access the automated system, the adviser required prospective clients to log in using their names, birthdates and social security numbers. The adviser compared this information to PII provided to the adviser by retirement plan sponsors, which the adviser stored, unencrypted, on a third-party server.
In July 2013, the adviser discovered the potential data breach and retained more than one cybersecurity consulting firm to assess it. Although the consultants verified that an intruder gained full access and copy rights to the data, they were unable determine whether the PII stored on the server had been compromised. The consultants also determined that the intrusion originated from mainland China. The adviser provided notice of the breach to all individuals whose PII might have been compromised and offered them free identity monitoring through a third-party provider.
The Safeguards Rule requires investment advisers to adopt written policies and procedures that:
- insure the security and confidentiality of customer records and information;
- protect against any anticipated threats or hazards to the security or integrity of customer records and information; and
- protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to a customer.
The SEC found that the adviser’s procedures violated the Safeguards Rule because the adviser’s policies and procedures did not include:
- conducting periodic risk assessments;
- employing a firewall to protect the web server containing client PII;
- encrypting client PII stored on the third-party server; or
- establishing procedures to respond to a cybersecurity incident.
Although the adviser promptly took remedial steps, including appointing an information security manager to oversee its data security program and retaining a cybersecurity firm to provide ongoing reports and advice on the firm’s IT security, the SEC censured the adviser and ordered it to cease and desist from further violations of the Safeguards Rule. The adviser must also pay a civil money penalty of $75,000.
The settlement comes less than a week after OCIE announced its second round of cybersecurity examinations (see our related blog post here). OCIE’s examinations will focus on, among other things, management of third-party vendors and how advisers respond to suspected incidents. Advisers should carefully assess their written policies and procedures in light of the Safeguards Rule and OCIE’s new initiative.
The SEC recently adopted rule amendments removing credit rating references from Rule 2a-7 and Form N-MFP. Issuer diversification provisions in the rule were also amended to eliminate a current exclusion for securities subject to a guarantee issued by a non-controlled person.
Under the amended rule, the determination of whether a security is an “eligible security” will require a “single uniform minimal credit risk finding, based on the capacity of the issuer or guarantor of a security to meet its financial obligations.” The amended rule codifies certain general credit analysis factors that the SEC expects fund boards (and their designees) to take into consideration when making a minimal credit risk determination. Those factors include:
- the issuer’s or guarantor’s financial condition;
- the issuer’s or guarantor’s sources of liquidity;
- the issuer’s or guarantor’s ability to react to future market-wide and issuer- or guarantor-specific events, including the ability to repay debt in highly adverse situations; and
- the strength of the issuer’s or guarantor’s industry within the economy and relative to economic trends, and the issuer’s or guarantor’s competitive position within its industry.
The SEC said that eliminating references to NRSRO ratings from Rule 2a-7 is not intended to change the current risk profile of money market funds, nor to change fund boards’ evaluation of minimal credit risk. Nonetheless, the amendments remove the objective “floor” of an NRSRO rating from the evaluation. This arguably leaves fund boards in the position of determining minimal credit risk based on a more subjective set of factors. Fund boards should carefully consider necessary changes to their Rule 2a-7 policies and procedures to ensure that they are consistent not only with amended Rule 2a-7 but with the SEC’s stated intent that the current risk profile of money market funds should not change.
For more information, see our recent client alert here.
At an open meeting today, the SEC proposed new rules and amendments to existing rules to require open-end investment companies to adopt comprehensive liquidity risk management programs. The rules would also allow funds to use “swing pricing” to pass on the cost of large purchases and redemptions to the shareholders that cause those costs.
The SEC also proposed rules that would require funds to categorize the liquidity of each portfolio holding, and to report to the SEC the category assigned to each portfolio security.
Chair Mary Jo White said that the Commission’s purpose in adopting the proposals is to enhance management of liquidity risks of registered open-end investment companies, including mutual funds and exchange-traded funds.
For more information, read our client alert.
On September 17, 2015, FINRA announced that it would propose rules to help member firms protect seniors and other vulnerable adults from financial exploitation. The proposal would create a safe harbor enabling broker-dealer firms to place a temporary hold on a disbursement of funds or securities, and to notify a customer’s trusted contact, when the firm has a reasonable belief that financial exploitation is occurring.
The proposal would amend FINRA’s customer account information rule to require firms to make reasonable efforts to obtain the name and contact information for a trusted contact person upon opening a customer’s account. In addition, the proposal would create a new FINRA rule permitting firms to place temporary holds on disbursements of funds or securities from the accounts of investors aged 65 or older where there is a reasonable belief that financial exploitation is taking place. The proposal would also apply to investors 18 and older if they have mental or physical impairments that render them unable to protect their own interests and there is a reasonable belief that financial exploitation is taking place.
The new rules would not create a “duty” to place temporary holds on disbursements. Instead, it would protect firms that comply with the safe harbor when they exercise discretion in placing such a hold.
FINRA expects to issue the proposed rules during the next several weeks. The proposed rules will be subject to public comment and SEC review.
The proposed rulemaking follows OCIE’s and FINRA’s joint April 2015 report that focused on sales of investment products to seniors. Our discussion of that report may be found at the following link: http://www.mofo.com/~/media/Files/Newsletter/2015/05/150501StructuredThoughts.pdf. The report identified a variety of problematic issues arising from sales to senior investors. In addition, FINRA has historically recommended that a firm’s procedures and controls take into consideration the age and life stage (whether pre-retired, semi-retired or retired) of their customers. Of particular concern to FINRA is the suitability of recommendations to senior investors, communications targeting older investors, and potentially abusive or unscrupulous sales practices or fraudulent activities targeting senior investors.
The proposed rulemaking activity addresses a narrow set of circumstances involving senior investors where there is a reasonable belief that financial exploitation is taking place. However, FINRA’s guidance to brokers in handling the accounts of elderly investors is significantly broader.
The Securities and Exchange Commission announced that it will consider proposals for liquidity risk management programs and related disclosures for open-end management investment companies. The Commission will consider the new rule, amendments to existing rules, and new forms at an open meeting scheduled for Tuesday, September 22, 2015.
Based on prior public statements made by Chair Mary Jo White, we expect that the Commission will propose rules to require mutual funds and ETFs to establish broad risk management programs that address risks related to liquidity and derivatives use. The rules likely will set the stage for enhanced oversight by the SEC. The proposals likely also will include specific requirements for disclosures of liquidity risks, and may include specific proposals to tighten liquidity standards and to limit leverage resulting from funds’ use of derivatives.
We also expect the Commission to propose stress testing requirements, similar to the standards that now apply to banks, and more recently, money market funds. The requirements are part of the Commission’s efforts to address concerns expressed by the Financial Stability Oversight Council and other banking regulators that large asset managers present systemic risks to the financial system.
Finally, we expect the Commission to propose rules for transition planning. Among other things, the Commission is concerned that investors face risks when an investment adviser winds down its business.
In any event, these proposals, especially any that relate to limiting the use of derivatives and leverage, will generate many comments from investment managers and investors.
The Sunshine Act notice is available here.