On July 8, 2019, the staffs of the Division of Trading and Markets, U.S. Securities and Exchange Commission (“SEC”) and the Office of General Counsel, Financial Industry Regulatory Authority (“FINRA”) released a joint statement[1] (the “Joint Statement”) providing guidance with respect to applicable regulations relating to broker-dealer custody of digital asset securities. More specifically, the Joint Statement focuses on three major areas: (1) the SEC Customer Protection Rule; (2) the SEC Books and Records and Financial Reporting Rules; and (3) the Securities Investor Protection Act of 1970.

1. The SEC Customer Protection Rule

Rule 15c3-3 under the Securities Exchange Act of 1934 (the “Exchange Act”), known as the Customer Protection Rule, requires an entity registered broker-dealer to safeguard customer securities and funds it holds to prevent investor loss or harm in the event the broker-dealer is unable to safeguard those funds for any reason.[2] One of the key provisions requires a broker-dealer to physically hold customers’ fully paid and excess margin securities at a good control location, such as a bank. The Customer Protection Rule, along with other similar regulations aimed to address the broker-dealer relationship, is based on a more traditional securities infrastructure where transactions may be more easily reversed or cancelled.

The Joint Statement notes that digital asset securities pose new and singular custody challenges with respect to the broker-dealer relationship. For example, the Joint Statement provides that the “manner in which digital asset securities are issued, held, and transferred may create greater risk that a broker-dealer maintaining custody of them could be victimized by fraud or theft, could lose a ‘private key’ necessary to transfer a client’s digital asset securities, or could transfer a client’s digital asset securities to an unknown or unintended address without meaningful recourse to invalidate fraudulent transactions, recover or replace lost property, or correct errors.” For instance, unlike in a traditional broker-dealer relationship where there is systematic process to reverse or cancel mistaken or unauthorized transactions, the process to reverse or cancel digital asset securities may not be as practicable because the broker-dealer holds the private keys. The Joint Statement explains that “[t]hese risks could cause securities customers to suffer losses with corresponding liability for the broker-dealer, imperiling the firm, its customers, and other creditors.” Ultimately, the Joint Statement recognizes that the custody and control of digital asset securities present distinct regulatory challenges that broker-dealers must understand.

2. The SEC Books and Records and Financial Reporting Rules

Section 17(a)(1) of the Exchange Act requires registered broker-dealers to make, keep, furnish and disseminate records and reports prescribed by the SEC, including financial reporting. The Joint Statement explains that distributed ledger technologies offer novel challenges with respect to this requirement. More specifically, the Joint Statement provides that the “broker-dealer’s difficulties in evidencing the existence of these digital asset securities may in turn create challenges for the broker-dealer’s independent auditor seeking to obtain sufficient appropriate audit evidence when testing management’s assertions in the financial statements during the annual broker-dealer audit.” No specific guidance was offered on this issue, but rather the Joint Statement put broker-dealers on notice about this potential challenge.

3. Securities Investor Protection Act of 1970

A broker-dealer who is unable to return customer property is subject to liquidation under the Securities Investor Protection Act of 1970[3] (“SIPA”). Under SIPA, securities customers have a first priority claim to cash and securities held by the broker-dealer firm. The Joint Statement specifically notes that the SIPA protections only apply to securities and cash deposited to a broker-dealer account intended to purchase securities. The Joint Statement cautions that digital asset securities may not meet the definition of “security” under SIPA.[4]  In effect, this issue creates “uncertainty regarding when and whether a broker-dealer holds a digital asset security in its possession or control creates greater risk for customers that their securities will not be able to be returned in the event of a broker-dealer failure.”

Conclusion

The Joint Statement demonstrates that the SEC and FINRA are actively grappling with some of the most complex issues relating to digital asset securities. As the blockchain industry continues to evolve and expand, regulatory agencies will need to keep pace to ensure that customers involved with digital assets securities are protected from fraudulent conduct.

---

[1] Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities Public Statement can be found here.

[2] See 17 CFR § 240.15c3-3.

[3] See 15 U.S.C. § 78fff.

[4] See 15 U.S.C. § 78lll(14).

On July 18, 2019, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 19-24[1], which extended the deadline of FINRA’s previously issued notice that asked members to keep their Regulatory Coordinator informed if the firm, or its associates or affiliates, engaged, or intended to engage, in activities related to digital assets.[2] The original notice, Regulatory Notice 18-20,[3] was the result of an outreach initiative implemented to engage with member firms regarding current and planned activities relating to digital assets, regardless if the assets qualified as securities. The recently published notice is now encouraging firms to continue keeping their Regulatory Coordinators up-to-date on their activities until July 31, 2020.

FINRA’s request results from the continued growth of the market for digital assets in recent years and the increasing interest among investors. The data obtained will be used in an effort to strengthen investor protections by combatting incidences of fraud and other securities law violations involving digital assets and the platforms on which they trade.

The notice states, as was also the case under Regulatory Notice 18-20, the type of business activities of interest to FINRA include, but are not limited to, the following:

• purchases, sales or executions of transactions in digital assets, or pooled funds investing in the same;
• creation of, management of, or provision of advisory services for, a pooled fund related to digital assets;
• purchases, sales or executions of transactions in derivatives tied to digital assets;
• participation in an initial or secondary offering of digital assets;
• creation or management of a platform for the secondary trading of digital assets;
• custody or similar arrangement of digital assets;
• acceptance of cryptocurrencies from customers;
• mining of cryptocurrencies;
• recommend, solicit or accept orders in cryptocurrencies and other virtual coins and tokens;
• display indications of interest or quotations in cryptocurrencies and other virtual coins and tokens;
• provide or facilitate clearance and settlement services for cryptocurrencies and other virtual coins and tokens; or
• recording cryptocurrencies and other virtual coins and tokens using distributed ledger technology or any other blockchain technology.

FINRA requests prompt written notification (including email) about the above activities, but if a firm has submitted a continuing membership application regarding its involvement with digital assets, or previously provided the information, additional notice is not requested unless a change occurs.

---

[1] View the full notice at https://www.finra.org/sites/default/files/notice_doc_file_ref/Regulatory-Notice-19-24.pdf.

[2] For purposes of the notice, the term “digital asset” refers to cryptocurrencies and other virtual coins and tokens, and any other asset that involves a blockchain or distributed ledger.

[3] The previous notice is located at: https://www.finra.org/sites/default/files/notice_doc_file_ref/Regulatory-Notice-18-20.pdf.

In a recent settled enforcement action, the SEC provided an important lesson on required public disclosures.[1]  The SEC charged that Facebook disclosed misuse of its user data as a potential or hypothetical risk even though the company knew that user data had actually been misused.

According to the SEC’s complaint, Cambridge Analytica paid an academic researcher to illegally collect personal data from Facebook for use in targeted political advertising. The complaint said that Facebook discovered the misuse of the information, but instead of promptly issuing corrective disclosure, Facebook waited more than two years before taking action.

The complaint alleged that, during that two-year period, Facebook had no specific policies or procedures in place to assess the results of their internal investigations for the purposes of making accurate disclosures in the company’s public filings. The SEC’s press release said that “[p]ublic companies must have procedures in place to make accurate disclosures about material business risks.”  This suggests that, while Facebook did have a policy for vetting its disclosures, that policy did not result in developments in internal investigations being presented to its disclosure team or committee for consideration.

Key Takeaways

Although presenting certain risks as hypothetical may be appropriate, companies need to be alert to changing their disclosures when those risks become reality. More broadly, companies should regularly review their risk factors disclosures and forward looking statement disclaimers and update them as the risks evolve. Moreover, companies should consider enhancing their disclosure policies and procedures to ensure that those writing disclosures about material business risks have accurate information about the reality of those risks.

---

[1] Without admitting guilt, Facebook agreed to pay a $100.0 million penalty and is permanently ‎enjoined from violating Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933, Section ‎‎13(a) of the Securities Exchange Act of 1934 and Rules 12b-20, 13a-1, 13a-13, and 13a-15(a) ‎thereunder.‎

Introduction

Over the past several months, there has been an increase in credit agreements and high-yield bond indentures with provisions designed to limit the influence of lenders whose economic interest is not aligned with their investment in the loans or bonds being issued pursuant to such credit agreement or indenture. These lenders, known as net short lenders, are ones who, generally speaking, hold a long position in a borrower’s loans or bonds but, at the same time, hold  a more-than-offsetting credit default swap position that allows the lender to profit, as an economic matter, from an event of default by the borrower.

This has led to situations involving “manufactured” defaults. The Commodity Futures Trading Commission, which oversees a portion of the credit default swap market, has observed 14 manufactured credit events in the past two and a half years, compared with just six in the prior 10 years.¹ The rise in such debt activism has caused both corporate borrowers and long-only credit investors to seek protection from this activity.

Disenfranchisement of Net Short Lenders
Several versions of language disenfranchising net short lenders have appeared in credit agreements and indentures over the past several months, with the language typically providing that any net short lender will have its voting rights taken away. Specifically, any voting right that a net short lender holds under the credit agreement or indenture will be automatically deemed to have been voted in the same manner as those lenders that are not net short lenders.

As we discuss below, these disenfranchisement provisions describe in detail how the lenders are required to calculate whether they are net short, and impose an obligation on each lender to notify the administrative agent if such lender is in fact net short. Some lenders are typically exempt from this provision, including regulated banks and revolving lenders, on the basis that such lenders (or their affiliates) may hold credit default swaps and other derivatives as part of their bona fide market making or related activities, and not with the intention of profiting from the borrower’s financial distress.

Contractually Shortened Statute of Limitations
Another provision that has appeared in recent credit agreements and indentures limits the ability of lenders or bondholders to deliver a notice of default after a specific period of time, typically no later than two years following the occurrence (and disclosure) of the event that triggered the ability to deliver such a notice. This type of provision seeks to limit opportunistic credit investors from searching for older events that could have triggered an event of default that was not called and then, upon identifying such an occurrence, buying the loans or bonds and seeking to trigger an event of default in an effort to collect the proceeds of an outsized credit default swap position.

An example of such language, from the recent 5.75% Senior Notes issued by Avis Budget Car Rental, is as follows (emphasis in bold added and language shortened for clarity):²

However, a default under [certain clauses of the Event of Default section] will not constitute an Event of Default until the Trustee or the Holders of 30% in principal amount of the outstanding Notes notify the Company of the default and, with respect to [such clauses] the Company does not cure such default within the time specified in [such clauses] after receipt of such notice; provided, that a notice of Default may not be given with respect to any action taken, and reported publicly or to Holders, more than two years prior to such notice of Default.

Conclusion: Realistic Expectations and Careful Drafting
These provisions call to mind “disqualified institution” provisions, which have been commonplace in the credit markets for a number of years. Such “DQ lender” provisions give a borrower the ability to identify specific lenders by name that the borrower does not want participating in its credit facility. This provision, while perhaps comforting to corporate borrowers, is no panacea for eliminating so-called vulture investors from finding creative ways to benefit from the borrower’s financial distress. A similarly realistic perspective should be taken by both corporate borrowers and credit investors when assessing the efficacy of these newer provisions.

While the goal of these net short provisions is understandable, drafting provisions to implement that goal is a difficult proposition. One key issue is identifying the manner in which the net short amount is calculated. Comparing the notional amount of the credit default swap to the face amount of the loan or bond seems to rely on the assumption that the lender in question has acquired such loan or bond at par; however, that is often not the case. In addition, using the face amount of the loan or bond ignores the right to any make-whole payment or other type of prepayment premium that a lender might be entitled to following an acceleration of the credit obligations upon the occurrence of an event of default. Further, a short position established under a credit default swap could be replicated, somewhat imperfectly, without actually requiring the purchase of a swap or other derivative. Instead, an investor could take a short position in the borrower’s common stock or, if applicable, another junior security in the borrower’s capital structure. Moreover, while the use of the notional amount may make some sense in the context of a credit default swap, the equation becomes significantly more complex when assessing option contracts on credit default swaps (also known as credit default swaptions).The cost to acquire such an option is influenced by a number of factors, including the expiration date of the option and, accordingly, this subjects the net short calculation to potential gamesmanship as the notional amount of the underlying credit default swap may bear little relation to the cost the investor paid to obtain such position.

Finally, a creative net short investor can likely find a way to take a long position in a loan or bond using one investment vehicle while holding a more-than-offsetting short position using a different investment vehicle that would not necessarily constitute an “affiliate” for purposes of the net short provision, but for which such investor would still receive a material benefit. This is not to say that net short provisions do not serve a purpose – only that corporate borrowers and credit investors should understand the complexity in the underlying issue and have a realistic understanding of the limitations of contractual language seeking to limit this type of behavior.

—-

_{1 Childs, M. (2019 August 2).  Why Hedge Funds Could Find it Harder to Push Companies in Default.  Retrieved from http://www.barrons.com.}

_{2 https://www.sec.gov/Archives/edgar/data/723612/000072361219000112/exhibit41-indenturex57.htm}

On August 21, 2019, the SEC provided guidance (available here) to investment advisers, such as fund managers, regarding their proxy voting responsibilities.  The SEC also concurrently issued an interpretative release (available here) regarding the applicability of the SEC’s proxy rules to proxy voting advice provided by proxy advisory firms, such as ISS and Glass Lewis. The releases are based upon previous staff guidance highlighting for investment advisers and proxy advisory firms the existing regulatory frameworks to which they are subject and setting forth the SEC’s expectations on how they should perform their services for their clients in light of those existing obligations.

Proxy Voting Responsibilities of Investment Advisers

An investment adviser owes its clients a duty of care and loyalty with respect to services they provide, including proxy voting, and is required to adopt and implement policies and procedures to ensure that the investment adviser votes proxies in the best interest of its clients.   The SEC’s guidance focuses on these proxy voting responsibilities and related fiduciary duties, especially if the investment adviser is relying on a proxy advisory firm.

The guidance discusses, among other things (i) how an investment adviser and its client may clearly define the scope of the investment adviser’s voting authority; (ii) what steps an investment adviser could take to demonstrate it is making voting determinations in a client’s best interest, including considering the advisability of uniform voting policies; (iii) considerations that an investment adviser should take into account if it retains a proxy advisory firm to assist it in discharging its proxy voting duties, including proxy advisor disclosures about voting recommendation methodologies and conflicts of interest and how a proxy advisor takes into account factors unique to particular issuers or proposals; and (iv) steps for an investment adviser to consider if it becomes aware of potential factual errors, potential incompleteness, or potential methodological weaknesses in the proxy advisory firm’s analysis and voting recommendation.

Applicability of the Federal Proxy Rules to Proxy Voting Advice

The SEC’s interpretation confirms that proxy voting advice provided by proxy advisory firms will generally constitute a solicitation subject to the federal proxy rules.  The interpretation does not affect the ability of proxy advisory firms to continue to rely on the exemptions from the federal proxy rules’ filing requirements (although the SEC noted that the staff is considering recommending rule amendments that would address proxy advisor’s reliance on such exemptions).  However, the SEC also makes it clear that such solicitations, even if they are exempt from the filing requirements, remain subject to Rule 14a-9’s anti-fraud provisions, which prohibits any solicitation from containing false or misleading statements.

The interpretation provides proxy advisory firms with disclosures they should consider to avoid potential violations of Rule 14a-9, including disclosures regarding (i) the methodology used to formulate their voting advice on a matter (including any material deviations from their publicly announced voting guidelines or policies); (ii) information about any third-party sources underlying their voting advice, including the extent to which the information differs from the public disclosures provided by the registrant; and (iii) material conflicts of interest.

Takeaway

We think investment advisers should carefully consider the SEC’s discussion regarding their duties to clients and conflicts of interest of advisers and of proxy advisory firms.  The new guidance and the interpretive release provide some helpful suggestions regarding how such duties may be met and conflicts may be mitigated and, although much of the discussion is not new, these now represent statements by the Commission.

The guidance and interpretation will be effective upon publication in the Federal Register.

On August 26, 2019, New York Governor Andrew Cuomo signed into law a significant change affecting New York’s blue sky law (the Martin Act),¹ extending the period during which the Attorney General of New York can take action for violations of the Act to 6 years from the 3 year statute of limitations that the New York Court of Appeals determined was applicable in 2018 in People v. Credit Suisse Sec. (USA) LLC.² This change restores the longer period the Attorney General thought it had to investigate and bring actions.

Only the Attorney General is permitted to enforce the Martin Act by investigating and prosecuting suspected fraud in the offer, sale or purchase of securities.³ The Attorney General can obtain preliminary and permanent injunctive relief and civil and criminal penalties as provided by law. In this regard, it has the power to issue subpoenas statewide to compel attendance of witnesses or to require production of documents in connection with an investigation.⁴

The Attorney General’s Office has broadly interpreted this grant of authority to investigate and prosecute a variety of what it deems potential and actual financial frauds and has also used its authority under Section 63 of the New York State Executive Law to investigate and obtain relief against persons who engage in “repeated fraudulent or illegal acts or otherwise demonstrate persistent fraud or illegality in the carrying on, conducting or transaction of business.”⁵

The Martin Act is known as a powerful state securities law.  It gives the New York Attorney General extensive power to investigate and prosecute and has been used over the last several decades to pursue cases that the SEC and the US Attorney’s Office did not or could not pursue.  The Martin Act has broad jurisdictional reach and because many major banks, underwriters and brokerage firms have offices in New York and most US public companies trade on the NYSE or the Nasdaq, the New York Attorney General has authority over the vast majority of securities transactions executed in the United States.

New York courts liberally construe the Martin act to protect “the public from fraudulent exploitation in the offer and sale of securities”⁶ and have permitted the Attorney General to investigate and prosecute false promises, fraud, attempted fraud and misleading statements in the sale or promotion of securities (broadly defined) within or from New York.  The Attorney General has used both civil and criminal prosecutions to enforce the Martin Act.

The Martin Act does not require the Attorney General to prove fraudulent intent or scienter⁷ and the new 6 year statute potentially increases the exposure of a number of possible defendants (including their counsel) who might have thought their exposure to Martin Act investigations and prosecutions to have expired.

In 2011, in Assured Guaranty (UK) v. J.P. Morgan Investment Management Inc.,⁸ the New York Court of Appeals held that the Martin Act does not preclude private investors from bringing lawsuits based on common law securities tort claims.  However, the federal Securities Litigation Uniform Standard Act, enacted in 1998, prevents class action lawsuits alleging securities fraud under common law and state law claims and the Private Securities Litigation Reform Act of 1995 increased pleading requirements, limited discovery, and addressed liability, class representation, and awards of legal fees and expenses in an effort to reduce frivolous securities lawsuits.

Although there have been bills in various sessions of the New York legislature in the past few years to permit private rights of action, none have been passed.

—–

^{1 S.6536/A.8318, amending Section 213 of the New York Civil Practice Law and Rules to add a new clause 9 setting ‎a statute of limitations of 6 years for actions under N.Y. Gen. Bus. Law Art. 23A (the Martin Act) and, Section 63 of ‎the N.Y. Executive Law allowing the Attorney General to bring actions for fraud generally.‎
2 31 N.Y.3d 622 (2018), 82 N.Y.S.3d 295 (2018).‎
3 There is no private right of action for violations of the Martin Act.  CPC International Inc. v. McKesson Corp., 70 ‎N.Y. 2d 268, 276, 519 N.Y.S.2d 804, 807 (1987)‎
4 ‎N.Y. Gen. Bus. Law § 352(2).‎
5 N.Y. Executive Law Section 63(12) (McKinney’s 2012).‎
6 All Seasons Resorts, Inc. v.‎ Robert Abrams, as Attorney-General of the State of New York, 68 N.Y.2d 81, 87 (1986)
7 People v. Federated Radio Corp.  244 N.Y. 33, 38 -39 (NY 1926)‎
8 17 N.Y.3d 891(2011), 933 N.Y.S.2d 641 (2011).‎}

It is common for investors in venture capital and private equity transactions, and in other investment arrangements, as a condition to their investment, to have rights to appoint board observers when director representation is not available.  An unanswered question has been the extent to which a board observer has liability exposure under Section 11 of the Securities Act of 1933, for example, when a company goes public.  Section 11 includes as someone who can be liable in the absence of a due diligence defense a “person who, with his consent, is named in the registration statement as being or about to become a director [or] person performing similar functions….”

In a decision of first impression, on July 23, 2019, the U.S. Court of Appeals for the Third Circuit in Obasi Investment Ltd. v. Tibet Pharmaceuticals, Inc.,[1] answered that question, holding in a two to one decision that a non-voting board observer is neither a director nor a person whose functions are similar to those directors perform.  In so ruling, the Court looked to the corporate law definition of director as one who is appointed to direct and manage the affairs of the company and who is subject to fiduciary duties in doing so.  Specifically, the Court found that the basic functions of directorships are “defined by their formal power to direct and manage a corporation.”  The Court then found that a board observer is not “similar” to a director because he does not have the authority, responsibility or accountability to direct and manage the affairs of the company.[2]  This is so even though the registration statement in this case indicated that the observer defendants could (but did not necessarily have to) significantly influence the outcome of matters submitted to the board for approval.

In reaching its decision, the Court distinguished the situation where a board observer could be found to be subject to the Section 16 short-swing profit provisions of the Securities Exchange Act of 1934 as a person performing functions similar to a director because Section 16 revolves around an insider’s access to inside information as opposed to the purpose of Section 11 of having responsibility for the adequacy of the company’s disclosure.

The decision is binding only in the Third Circuit, which includes Delaware.  Nevertheless, the Third Circuit decision should provide a measure of comfort to persons serving as board observers and to organizations that appoint them.

---

[1] 931 F. 3d 179 (3rd Cir. 2019).

[2] On that point, the Court identified three features that differentiated the observers from the ‎directors: (1) the observers could not vote for board action; (2) their loyalties aligned with the ‎investor representative that designated them rather than the shareholders; and (3) their tenure was not subject to shareholder ‎vote and was set to end automatically.‎

On December 20, 2018, the Office of Compliance Inspections and Examinations (“OCIE”) of the Securities and Exchange Commission (“SEC”) issued its 2019 examination priorities letter. OCIE releases examination priorities annually in order to provide a summary of key areas where OCIE intends to focus resources in the coming year.

While the scope of any examination is determined through a risk-based approach, both in selecting registered entities to examine and in determining the scope of risk areas to examine, the annual examination priorities letter provides valuable guidance into the main areas that OCIE will be targeting during their examinations. This year, OCIE has organized its priorities around six broad themes: (i) matters of importance to retail investors, including seniors and those saving for retirement; (ii) compliance and risk in registrants responsible for critical market infrastructure; (iii) select areas and programs of Financial Industry Regulatory Authority (“FINRA”) and Municipal Securities Rulemaking Board (“MSRB”); (iv) digital assets, including cryptocurrencies, coins, and tokens; (v) cybersecurity; and (vi) anti-money laundering programs. Of these six topics, five are carried forward from the 2018 OCIE priorities letter. OCIE has added a focus on digital assets this year which reflects the growth in that space as well as the additional regulatory scrutiny that the SEC, among other agencies, is placing on investments in the digital arena.

As always, the items covered by these six themes are not exhaustive. The priorities letter should serve as a guide to advisers and others as to the main topics that OCIE will be focusing on this year. Each of these themes is summarized below:

Matters of importance to retail investors, including seniors and those saving for retirement

 OCIE has indicated that it will focus on whether proper disclosure has been made surrounding the costs of investing. This includes a review of fees and expenses charged to advisory accounts and ensuring that the fees are assessed in accordance with the client agreements and firm disclosures. OCIE published a risk alert on this topic in April 2018. OCIE also noted that it will focus on selecting firms with practices or business models that may create increased risks of inadequately disclosing fees, expenses, or other charges.

OCIE will review policies and procedures addressing (i) use of affiliated service providers and products, (ii) securities-backed non-purpose loans and lines of credit, and (iii) borrowing funds from clients. In their review of these practices, OCIE will assess, among other things, whether the related conflicts of interest have been adequately disclosed. A risk alert referenced in the examination priorities letter noted OCIE observations that some advisers incorrectly value assets based on original cost rather than fair market value, while other advisers wrongly include certain assets in the fee calculation that the advisory agreement excluded. That risk alert also cautioned advisers to disclose any markups for third-party services or fee-sharing arrangements with affiliates and avoid any misallocation of expenses to clients where they should be borne by the adviser.

In its risk alert released on October 31, 2018, OCIE stressed proper disclosure of relationships with third parties soliciting clients on the adviser’s behalf. Specifically, that alert observed that some advisers do not adequately disclose the nature of the relationship with their solicitors or the terms of the compensation arrangement and any costs to the client. It also highlighted that many firms failed to receive and maintain client acknowledgements of the required solicitation disclosures. In its July 11, 2018 risk alert, OCIE focused on the services performed by executing brokers and the requirement that investment advisers maintain and document their compliance with best execution practices on a periodic basis. Each of these three risk alerts identified enforcement actions the SEC has brought against advisers that failed to fulfill these fiduciary obligations. These actions serve as reminders to the industry that the SEC can and does take enforcement action when required to remedy faults in investment advisers compliance programs.

OCIE also expressed concern for whether investment advisers are allocating investment opportunities fairly, ensuring investments are consistent with the clients’ objectives, disclosing critical information to clients, and complying with other legal restrictions. In particular, OCIE has indicated that it will focus examinations on whether investment or trading strategies are (i) suitable for, and in the best interests of, the particular investors based upon their investment objectives and risk tolerance; (ii) contrary to, or have drifted from, disclosures to investors; (iii) venturing into new, risky investments or products without adequate risk disclosure; and (iv) appropriately monitored for attendant risks.

Finally, OCIE has indicated that it will continue its focus on (i) reviewing the services and products offered to seniors and those saving for retirement, focusing on, among other things, compliance programs of investment advisors, the appropriateness of certain investment recommendations, and the supervision by firms of their employees and representatives; (ii) conducting risk-based examinations of never-before or not recently examined investment advisers; (iii) prioritizing the examinations of exchange traded funds (“ETFs”), the activities of their advisors, and oversight practices of their boards of directors; (iv) conducting select examinations of Municipal Advisors that have never been examined, concentrating on whether these Municipal Advisors have satisfied their registration requirements and professional qualifications; (v) ensuring broker-dealers entrusted with customer assets abide by the Customer Protection Rule; and (vi) examining broker-dealers involved in selling stocks of companies with a market capitalization of under $250 million.

Compliance and risk in registered entities responsible for critical market infrastructure

 OCIE will continue its practice of conducting annual examinations of clearing agencies designated by the Financial Stability Oversight Council as systemically important. In addition, OCIE will continue to monitor entities subject to Regulation Systems Compliance and Integrity which was adopted to strengthen the technology infrastructure of the U.S. securities markets. OCIE will also examine transfer agents by assessing transfers, recordkeeping, and the safeguarding of funds and securities; and will also examine national securities exchanges by looking into internal audit and surveillance programs.

Focus on select areas and programs of FINRA and MSRB

 OCIE’s examinations of FINRA will focus on the quality of FINRA’s examination of broker-dealers and municipal advisors that are duly registered as broker-dealers while its examination of the MSRB will focus on the effectiveness of its internal policies, procedures, and controls.

Digital Assets

The SEC has recognized the significant growth of market participants in the digital asset space and has taken steps to address this new market. As such, OCIE will continue to monitor, through high level inquiries, the offering, selling, trading, and managing of digital assets, and may particularly target these firms for examination. Where the digital assets are securities, OCIE will examine advisers for regulatory compliance. For firms actively engaged in the digital asset market, OCIE will conduct examinations focused on, among other things, portfolio management of the digital assets, trading, safety and custody of client funds and assets, pricing of client portfolios, compliance, and internal controls. As the digital asset space is still developing, advisers in this space should be prepared to discuss how they account for the particular risks inherent in investments through digital assets.

Cybersecurity

 OCIE will continue to work with firms to identify and manage cybersecurity risks and to encourage market participants to manage these risks as well. OCIE will prioritize cybersecurity and focus examinations on proper configuration of network storage devices, information security governance generally, and policies and procedures related to retail trading information security. In addition, OCIE will emphasize cybersecurity practices at investment advisers with multiple branch offices, including those that have recently merged with other investment advisers, focusing on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.

The examinations priorities letter also referenced a risk alert regarding electronic messaging which counseled advisers to account for text, SMS, instant messaging, personal email, and social networking in their compliance programs and how their use may affect the advisers’ recordkeeping and compliance obligations. The alert included a sweeping recommendation that advisers monitor social networking posts to verify whether the firms’ policies on permitted use are being followed and to archive posts that qualify as business communications. The alert also recommended that firms perform regular internet searches or set up automated alerts to identify unauthorized business being conducted online.

Anti-Money Laundering Programs

 OCIE examinations will have a focus on determining whether advisers have implemented appropriate anti-money laundering (“AML”) programs. These reviews are expected to address whether the adviser conducts sufficient customer due diligence and whether the AML program includes reasonable steps to understand the nature of customer relationships, and to properly address any risks. Examinations will also assess whether advisers are timely filing complete and accurate Suspicious Activity Reports if required. The examination will also consider whether advisers are conducting robust and regular independent tests of their AML programs.

The full text of the OCIE 2019 Exam Priorities can be found here.

Although these areas are designated by the OCIE as particularly important areas of focus, examiners may select additional items to review during the course of the examination and as the year progresses.

As we have in the past, we will continue to monitor these issues and will provide future client updates. This QuickStudy is for guidance only and is not intended to be a substitute for specific legal advice. If you would like more information on the matters discussed here, please contact the authors.

On January 29, 2019, the SEC announced settled enforcement actions against four companies for failures to maintain internal control over financial reporting (“ICFR”) as required by Section 13(b)(2)(B) of the Securities Exchange Act and Rule 13a-15 over extended periods even though in most cases material weaknesses in their ICFR were disclosed.[1]  These companies took seven to ten years to remediate their material weaknesses, even after being contacted by the SEC staff, with one still in the process of remediating its material weaknesses.

The SEC’s announcement had two key messages:

• The SEC’s Chief Accountant, Wes Bricker, emphasized the importance the SEC places on ICFR, stating:

“Adequate internal controls are the first line of defense in detecting and preventing material errors or fraud in financial reporting.  When internal control deficiencies are left unaddressed, financial reporting quality can suffer.”

• Associate Director of the SEC’s Division of Enforcement, Melissa Hodgman, added that disclosure alone is not enough, stating:

“Companies cannot hide behind disclosures as a way to meet their ICFR obligations.  Disclosure of material weaknesses is not enough without meaningful remediation.  We are committed to holding corporations accountable for failing to timely remediate material weaknesses.”

Companies subject to the ICFR requirements should take seriously their internal control over financial reporting and the need to disclose any material weaknesses.  In addition, they should act promptly to remediate any material weakness.  We do not, however, see this SEC announcement as a harbinger of an aggressive enforcement campaign in the absence of a sustained failure to disclose or remediate material ICFR weaknesses.

---

[1] A copy of the SEC press release is available at https://www.sec.gov/news/press-release/2019-6.

On February 6, 2019, the SEC staff issued two new identical C&DIs that apply to Item 401 of Regulation S-K, Question 116.11, and Item 407 of Regulation S-K, Question 133.13.  The new interpretation provides guidance on disclosure when a director or a director nominee voluntarily provide self-identified diversity characteristics, such as their race, gender, ethnicity, religion, nationality, disability, sexual orientation, or cultural background, and the director or nominee has consented to disclosure of these diversity characteristics.  The staff noted that (1) Item 401(e) of Regulation S-K requires a brief discussion of the specific experience, qualifications, attributes, or skills that led to the conclusion that a person should serve as a director and (2) Item 407(c)(2)(vi) of Regulation S-K requires a description of how a board implements any policies it follows with regard to the consideration of diversity in identifying director nominees.

In light of these requirements, the staff stated that “[t]o the extent a board or nominating committee, in determining the specific experience, qualifications, attributes, or skills of an individual for board membership, has considered the self-identified diversity characteristics referred to above . . . , we would expect that the company’s discussion required by Item 401 would include, but not necessarily be limited to, identifying those characteristics and how they were considered. Similarly, in these circumstances, we would expect any description of diversity policies followed by the company under Item 407 would include a discussion of how the company considers the self-identified diversity attributes of nominees as well as any other qualifications its diversity policy takes into account, such as diverse work experiences, military service, or socio-economic or demographic characteristics.”

As companies prepare for the 2019 proxy season, including reviewing D&O Questionnaire responses and updating director bios and qualifications in the proxy statement, they should keep in mind the new C&DIs and be prepared to expand their disclosure related to any self-identified diversity characteristics.