Key Points from Norm Champ’s Remarks at the Practising Law Institute

On September 11, 2014, the SEC’s Director of the Division of Investment Management Norm Champ spoke at the Practising Law Institute’s Hedge Fund Management Seminar. Mr. Champ’s speech focused on the growth of registered fund advisers, SEC initiatives and the importance of having strong compliance programs. Additionally, Mr. Champ urged advisers to recognize the complicated nature of being an SEC-registered fund adviser and to consider the reasoning for entering the space carefully.

Changing Landscape:

Mr. Champ acknowledged how much the regulatory landscape for hedge fund managers has changed over the past four years. Among things he referenced were:

  • The significant growth of SEC-registered private fund advisers as a result of the Dodd-Frank Act (the “Act”). Title IV of the Act is the specific reason that the number of registered advisers has increased by 50% since 2010.
  • All registered advisers combined represent around $5.4 trillion in assets.
  • The SEC has been able to track significant changes in the hedge fund space through the expanded Forms ADV and PF. The SEC requires more reporting and information in these forms than in prior years and has expanded the usage of the two forms throughout the Commission.

Expansion of Forms and New Initiatives:

  • The Forms ADV and PF are now strongly used by the Risk and Examination Office (“REO”) in attempts to preemptively combat industry risks. The REO’s efforts in tracking industry threats rely largely on information from industry stakeholders.
  • The OCIE has a new initiative for 2014 to engage and examine around 20% of all advisers who have been SEC-registered advisers for more than three years. This new initiative complements the SEC’s 2012 “presence” examinations for newly registered advisers.

Importance of Compliance:

Due to the SEC’s initiatives and the expansion of the Forms ADV and PF, Mr. Champ advised the audience to be cautious when becoming advisers, especially to registered funds.   His discussion highlighted the importance of managing conflicts of interest.

  • Rule 206(4)-7 requires registered advisers to establish a CCO and a compliance program. The creation of Rule 206(4)-7 was based on the understanding that investment advisers are less likely to violate securities laws either purposefully or out of ignorance. Any instances of violations of the law are less likely to be seriously harmful to investors.
  • It is the duty of the adviser to recognize potential conflicts of interest that may compromise his or her fiduciary duty. Mr. Champ recognized that there can be inherent conflicts of interest in the investment adviser model.
  • Despite these issues, an adviser must never put their own interests above those of his or her investors. If there are any conflicts, Mr. Champ believes it is necessary to disclose this information.
  • Champ opinioned that failing to disclose a fee to investors is not justified by “market standard” or “industry practice” excuses.

Closing Remarks:

Mr. Champ urged those considering becoming investment advisers to think about their reasoning for doing so, including the significant amount of work involved in complying with the evolving regulatory landscape and the SEC’s increased access to information.  For existing registrants entering the fund space, significant overhauls of their compliance programs may be necessary and some issues cannot be addressed by simply adding new policies.

SEC Case Digest Q3 2014

Recent SEC cases include false advertising, disclosure issues, fraudulent investing schemes, alterations of documents, insider trading and trading/filing violations.

 Policies and Procedures/Disclosure Issues

In the Matter of Strategic Capital Group, LLC et al.

 According to the SEC, Strategic Capital Group of Gig Harbor, WA engaged in over 1,100 principal transactions without disclosing required information to clients or obtaining consent. Additionally, Strategic Capital Group allegedly provided false and misleading advertisements to investors. For example, one advertisement did not deduct fees from the presented results figure thus implying a significantly better return than the reality.

The SEC determined that the firm’s CEO George Price caused these violations and that the firm’s compliance program was inadequate.

In the Matter of Barclays Capital Inc.

The SEC charged Barclays Capital with failing to adequately maintain a compliance program after acquiring the advisory business of Lehman Brother in 2008.  For example, the SEC found that Barclays executed 1,500 principal transactions without getting proper consent and charged commission fees for 2,785 advisory client accounts that were inconsistent with prior disclosures made to those clients.

Barclays paid a $15 million penalty and hired an independent compliance consultant to conduct an internal review. Additionally, Barclays has spent $3.8 million to reimburse or credit the clients who were affected.

Fees and Expenses

In the Matter of Anthony Coronati et al.

Staten Island resident Anthony Coronati was charged with conducting several fraudulent securities offerings and siphoning money for personal use. Mr. Coronati would present himself as an investment adviser to a hedge fund to potential investors. However, Coronati’s hedge fund did not exist, and he spent investors’ money on a Caribbean vacation and plastic surgery.

When he ran out of money from the fraudulent scheme, Coronati began to offer membership interests in his company Bidtoask LLC. Coronati and Bidtoask promised to invest in promising pre-IPO tech start-ups. However, Bidtoask hid a significant number of fees from investors.

Coronati has been barred from the securities industry.

In the Matter of Sean C. Cooper/In the Matter of WestEnd Capital Management

A Bay Area hedge fund manager was accused of taking an excessive amount of management fees from the hedge fund he managed. Mr. Cooper remodeled his home and bought a Porsche with the stolen money, over $320,000.

WestEnd Management, Cooper’s former employer, is being charged separately. The SEC alleges that the firm did not adequately monitor Cooper’s activities and essentially allowed him to use the fund as his personal bank account.

In the Matter of Lincolnshire Management LLC

The SEC filed charges against New York investment advisory firm Lincolnshire Management with breaching its fiduciary duty by combining expenses from two separate portfolio companies. The companies were separately advised and had different sets of investors, but were managed as one company.  This created variances in practice from what was disclosed to the relevant set of investors, including payment of significant amounts of unnecessary fees.

Lincolnshire has agreed to pay $2.3 million to settle the SEC’s charges.

Fabrication of Documents

In the Matter of Judy K. Wolf

The SEC announced an enforcement action against a former Wells Fargo compliance officer, Judy K. Wolf, asserting that she altered documents to make it appear as if she had done a more thorough investigation into suspicious trading activities than was actually conducted. Wells Fargo was previously charged in an administrative proceeding and settled for a $5 million penalty. Initially, Wolf had denied the fabrication charges but has since admitted to altering documents.

Insider Trading

SEC vs. Tamayo

In our last round up, we reported on SEC vs. Eydelman et al., a case in which the SEC charged a stockbroker and a law firm clerk with insider trading. In this case, a middleman was recruited in an effort to avoid contact with each other.

On September 19th, the SEC identified Frank Tamayo as the middleman. Mr. Tamayo wrote notes regarding stocks on either Post-it notes or napkins at different eateries and bars in New York City near Grand Central Terminal. After divulging stock tips, Mr. Tamayo would chew or eat the post-its or napkins. After divulging information, Tamayo would exchange emails with the law firm clerk to give the appearance that the trades were based on legitimate research.

SEC vs. Szymik/SEC vs. Peixoto

Two people were charged with insider trading based on information regarding a hedge fund’s negative opinion of Herbalife Ltd. Filip Szymik learned from his roommate, an employee of Pershing Square Capital Management that the firm, was going to announce its negative view of Herbalife publicly. He relayed this information to Jordan Peixoto who then purchased put options one day before the announcement. The SEC found that Szymik and Peixoto violated the antifraud provisions of the federal securities laws.

In the Matter of George T. Bolan et al.

In a final insider trading case, that the SEC charged two Wells Fargo employees in a scheme involving ratings.  Gregory T. Bolan Jr., a research analyst at the bank, would tip off Joseph C. Ruggieri, a trader, before his department released market changing ratings. Bolan also gave tips to a friend outside of Wells Fargo who is since deceased. Ruggieri and Bolan’s friend would make their trades overnight before ratings were changed. The SEC identified Ruggieri’s suspect trades because they were inconsistent with his typical trading behavior. Ruggieri made more than $117,000 as a result of the scheme.

Trading

In the Matter of Advent Capital Management, LLC et al.

In a continuing enforcement initiative, the SEC has brought sanctions against 19 different private equity firms and hedge fund managers as well as one individual trader that participated in offering a secondary offering after short-selling it during a restricted period. The charges were based on Regulation 105 of Rule M that is intended to prevent manipulation of stock prices. The firms and the individual trader agreed to pay a combined total of $9 million in penalties, interest and disgorgement.

In the Matter of Paul D. Arling et al.

The SEC announced charges against 28 officers, directors and major shareholders in addition to six publicly traded companies for failing to make Section 16 filings regarding holdings and transactions in their own company’s stock.   33 of the 34 individuals and companies have agreed to settle and pay a combined total of $2.6 million in penalties.

Filing Deadline for Treasury Department Form SHL Approaches

Background:

Every five years, the US Department of the Treasury (“Treasury”) and the Federal Reserve Bank of New York (“FRBNY”) jointly conduct a survey of foreign holdings of US issuers of securities.  Data for the survey is gathered on Form SHL.  US issuers of securities include private funds and their managers.   The filing is due on August 29, 2014.

Filing is required for:

  1. Any firm or fund that has been contacted by Treasury/FRBNY and asked to complete Form SHL; or
  2. Foreign shareholders (or equivalent) holding $100 million or more in reportable US securities.  For US fund managers, this includes:
  • Foreign investors in the manager’s US funds;
  • Offshore feeder funds’ investments into US master funds;
  • The reportable US securities owned by an offshore fund that are not held at a US custodian (e.g., any securities held at a foreign custodian or privately placed US reportable securities that are not required to be held at a custodian pursuant to the SEC’s custody rule);
  • Reportable US securities include:

-Stock, whether common, preferred or restricted;

-US-resident fund shares, whether open-end or closed-end, REITs, money market, index funds and unit investment trusts;

-All other equity interests, including shares or units in unincorporated entities (e.g., limited partnerships);

-Asset-backed securities; and

-Debt securities.

For purposes of determining whether the $100 million threshold has been met, fund managers must include all US-resident parts of their organization, including any US investment funds.  This calculation, as well as all data on Form SHL, must be as of close of business on June 30, 2014.

Form SHL overview:

  1. The Form includes two schedules:
  • Schedule 1 contains basic identifying details about the filer and a summary of the data provided.  A firm that has been contacted by Treasury/FRBNY but does not meet the $100 million threshold need only complete Schedule 1;
  • Schedule 2 requires detailed information for each security being reported, including issuer name, type of instrument, currency denomination and market value.
  1. The form may be submitted electronically or on paper (electronic filing is required for those submitting more than 200 Schedule 2 records); and
  2. All filers, whether on paper or electronic, must obtain a 10 digit Reporter ID by contacting FRBNY by phone at 212-720-6300 or 646-720-6300 or by emailing SHLA.Help@ny.frb.org.

Next Steps:

  1. If you have been contacted by the Treasury/FRBNY or think you may meet the threshold, obtain your Reporter ID as soon as possible;
  2. Review your US funds to determine whether any investors are foreign persons, which may involve your fund administrator;
  3. Review holdings information in US securities to determine whether the $100 million threshold has been met (remember to aggregate the holdings of offshore funds with your onshore funds for purposes of calculating the threshold), which may involve gathering needed data from your custodians;
  4. Ask your legal counsel or compliance consulting firm regarding any interpretation issues with respect to Form SHL/its instructions.  The above is an overview only and firms should read the form and instructions in their entirety.

Employee Compliance Training: Basics and Beyond

Depending on the type of registrant, applicable rules may require annual, biannual or other periodic training either for all employees or a subset (e.g., the Associated Persons of CFTC registrant).   New employees must usually also acknowledge receipt and understanding of the firm’s policies and procedures and make other disclosures upon hire.  In this second of two articles on compliance education, we provide tips for both periodic formal training and ongoing outreach to employees.  See our previous article for CCOs to stay informed of regulatory developments and other tools.

  1. Annual or other periodic training can take a few different forms; below are some suggestions:
  • It can be particularly effective to schedule the training during a regular firm meeting, which will ensure that the majority of employees can attend (but be sure to follow up with anyone who was absent);
  • Carefully crafted, a PowerPoint presentation will keep the trainer on track and employees engaged.  Printed, it can double as a useful quick reference to take away (with the caution that it is not a substitute for reading the manual in its entirety);
  • If a PowerPoint is not an option, trainers should prepare an outline for their own use in presenting the information, enabling them to keep their place in the material and manage time.  The outline can also be used when onboarding new employees, providing both a quick reference and helping to keep initial training consistent;
  • Consider asking outside counsel or a compliance consultant to train employees on key issues such as insider trading.  These service providers are often extremely well-versed in the details of notable cases and these examples can help employees understand the nuances.
  1. In addition, CCOs can find ways to reach out to employees throughout the year, including:
  • Having time set aside for compliance matters at regular firm meetings;
  • Distributing email reminders of preapproval requirements and other issues (tip: change these seasonally as relevant issues come up, such as emphasizing prohibitions on/approvals of political contributions at election time, or gift disclosures/approvals around the holidays);
  • Distributing regulatory news of note to employees generally or a relevant subset;
  • Ensuring that they are visible and available within the firm.  For example:

-CCOs may spend some part of their workday sitting at the trading desk, or with other key groups such as client/investor relations or operations.

-Others make a point of circulating around the office and/or;

-Keeping their doors open except when needed for confidentiality reasons and keeping candy or snacks in their office to encourage employees to drop in, whether to ask compliance-related questions or generally catch up.

  1. Recordkeeping

Finally, particularly for formal trainings, CCOs should keep sufficient records to show the content of the training (the PowerPoints and outlines are handy here) and the attendees.  In the latter case, sign-in sheets and/or certificates of attendance will suffice.   If the meeting is being recorded, a roll call would work especially well for small groups (less so for very large groups as it may delay the substantive portion of the meeting).  Calendar entries may be helpful, but are not a complete record as they do not show that a particular person attended.

In terms of ongoing outreach, the email reminders described in Section 2, create documentation of ongoing continuing education for employees.

For initial trainings, CCOs will collect the acknowledgements and disclosures required by the firm’s policies and procedures.  In addition, many keep a spreadsheet or other documentation that an orientation took place (again, the outline, PowerPoint or other reference tool and calendar entries will be helpful here, though not a complete record on their own).

Feel free to share other tips regarding employee training and outreach in the comments!

Online and Continuing Education Resources for CCOs

It can be challenging to stay on top of regulatory developments, not only for compliance staff’s own purposes, but in training employees and maintaining a culture of compliance within a firm.  In this first of two articles we will provide practical tips for CCOs to stay informed; our second article will help them create continuing education opportunities for employees in their firms.

  1. Regulators’ websites are the most obvious source for certain kinds of information:  laws, rules, formal guidance and forms, just to name a few.   However, sometimes it takes some digging to locate the wealth of other, extremely informative tools on these sites.  These include:
  1. Beyond laws and rules, it can be useful to know what other CCOs, legal professionals or other service providers and industry participants have to say about a particular issue.    Opportunities may vary depending on location, but might include:
  • Occasionally conferences in major cities will cover compliance-related topics and a few are dedicated exclusively to compliance matters.   If a live conference is not an option,  webinars on compliance matters (often free) are increasingly available; the Regulatory Compliance Association is one such provider;
  • Local industry groups may have smaller panel events, which even if these are not on a compliance topic, will enable compliance professionals to learn more about issues of note for their colleagues and firms generally;
  • Local or online (searching Groups on LinkedIn is a good place to start tracking some of these down) groups dedicated to compliance and regulatory issues for financial firms;
  • Service providers such as law and accounting/audit firms, especially, produce useful articles and other materials on new regulations that can assist CCOs in drafting and implementing policies in response.   An easy way to access all of these in one place is to follow the firms on social media since they usually share their articles.  Nearly all of them also distribute newsletters, white papers and other updates to subscribers by email (subscribe to their mailing list on their websites).

Feel free to share other continuing education tips and resources in the comments!

Managing Your Search for a Compliance Consultant

Word of mouth is probably among the most preferred ways to hire, whether the hire is an employee or a service provider.  In addition to this useful method, we offer the following tips for hiring a compliance consultant to help ensure the best fit and value:

  1. Scope of Services.  The most important factor in selecting a consultant is determining what your needs are.  If you do not know or are considering more than one scenario, talking to your peers might be helpful to determine how others utilize their consultants.  This is also a good place to start for recommendations.    The scope generally falls into three buckets:  project-based (such as a mock exam), ongoing compliance support, typically for firms with substantial needs, or consulting upon request, typically for firms that handle the majority of compliance work in house.   On the latter two, be sure to check pricing, as these might vary significantly and include/exclude certain services.
  2. Cast a Wide Net.  Once you have determined your needs, begin researching consultants, perhaps starting with firms recommended by your peers or other service providers.   Online searches and industry publications may be other sources.    Particularly if you have a long list, consider how to organize all the detail in a way that allows meaningful comparison; asking prospective consultants to complete the same Request for Information is one way of doing that.  You may also simply collect the information and organize it yourself in a spreadsheet to compare the variables that matter most.
  3. Best of Breed and Expertise.  Consider not only your scope of services (e.g., if you are looking for a mock examination, which consultant seems to be the best at that?) but your type of business, registration status and even strategy or platform to determine if any consultant seems to have expertise in these areas.
  4. Scalability.  Particularly if you are a startup, consider whether or how a consultant can work best with your business as it grows.   This is also a key issue for multi-platform firms, dual-registrants or others with significant complexity to their business.
  5. The Team.  Will your consultant be working closely with other service providers, such as fund administrators, accountants or legal counsel?  If so, ask them for their recommendations.
  6. Fee Structures.    Similar to the first point, this generally falls into three buckets:  flat fee, some form of periodic billing, or hourly.  Project-based engagements are frequently charged as a flat fee, making cost comparison relatively simple among multiple consultants.   However, make sure you understand what is included in the flat fee and when you will be billed, e.g., upon completion, at commencement or some variation of these.

Not all consultants work on an hourly basis; others may do so exclusively.  Be mindful of what your needs are when evaluating hourly arrangements.  Generally, the more robust your needs, the more you should focus on an arrangement that involves periodic billing for a specific suite of services.  Periodic billing arrangements vary significantly in terms of frequency (monthly, quarterly, annually) and levels of services.   If you need to save money, consider the types of compliance-related activities that you can keep in house and choose your consultant and suite of services accordingly (for example, controls, review and testing around trading, fee calculations and other core operations can sometimes be easily incorporated into existing workflows, without the consultant’s day to day involvement).

Regulators expect firms to not only be aware of the applicable requirements and implement them, but to do so in a way that is tailored to their particular business and risks.  When selecting a compliance consultant, be mindful of this expectation and choose the consultant whose experience, knowledge and approach works best for your business.

Primer: Regulation M, Rule 105

Because this is a frequent enforcement area for the SEC, we are providing this primer on how firms can place functioning controls around their trading to prevent violations of Regulation M, Rule 105 (the “Rule”).

  1. The Rule:

The Rule prohibits buying securities in secondary offerings when the buyer has executed short sales in the same security within a “Restricted Period” of time prior to the pricing of an offering.   The Rule covers:

  • Equity securities;
  • Purchased from an underwriter or other distribution participant;
  • That are offered on a firm-commitment basis; and
  • Are a SEC-registered offering for cash or a Regulation A or E offering for cash.

The prohibition is on short sales within the Restricted Period prior to pricing the offering.  The Restricted Period is the shorter of:

  • The five business days prior to pricing; or
  • The time period commencing with the initial filing of the registration statement (registered offerings) or notification (Regulation A or E offerings).

In each case, the Restricted Period ends with the pricing of the offering.

  1. Key Exceptions:

There are three exceptions to the Rule, two of which are covered below (the third is for registered investment companies).

  • Bona Fide Purchase.   A short sale during the Restricted Period will not trigger the prohibition if a subsequent bona fide purchase is made.  Both the short sale and the bona fide purchase must meet the following criteria:

-Purchase(s) must occur after the last Restricted Period short sale and be at least equivalent to the aggregate amount of Restricted Period short sale(s);

-Purchase(s) must be reported transactions effected during regular trading hours and no later than the end of regular trading on the business day prior to the day of pricing;

-Any of the Restricted Period short sales  that were reported transactions must have been effected prior to the last 30 minutes of regular trading on the business day prior to the day of pricing;

-Purchase(s) must be bona fide and not part of a plan or scheme to evade the Rule.  For example, a transaction that does not include the economic elements of risk associated with a purchase is not bona fide.

  • Separate Accounts.  This exception allows a purchase in the secondary offering in one account where a short sale occurred in the Restricted Period in another account for the same person, in limited circumstances.  To meet this exception, the decisions regarding transactions for each account must be made separately and without any coordination of trading or cooperation among or between the accounts.  This is a facts and circumstances test; the SEC identified the following indicators that may assist in this determination, such as:

-The accounts have separate and distinct investment and trading strategies and objectives;

-Those working on the accounts do not coordinate trading between the accounts;

-Any information barriers that exist and the fact that information about positions or investment decisions is not shared;

-The accounts maintain separate statements, including profit and loss;

-There is no allocation of securities between the accounts;

-Managers of multiple accounts (a single entity or affiliated entities) do not: have authority to and do not in fact execute trading in individual securities in the accounts and do not have the authority to and do not in fact pre-approve trading decisions for the accounts.

  1. Compliance Tips:

The first step is to develop clear policies and procedures to prevent violations of the Rule, including:

  • Specific workflow requiring notification to the Chief Compliance Officer or other responsible person prior to purchasing shares in a secondary offering so s/he can review trading activity to determine whether any short sales took place in the Restricted Period;
  • Strict prohibition on participating in the secondary offering if short sales were effected in the Restricted Period, absent full compliance with an exception;
  • Plain English descriptions of the securities covered by the rule, the Restricted Period, relevant exceptions and other key terminology; and
  • Provisions regarding required documentation to establish exceptions.

Once established, the policy should be distributed to all employees, with in-depth training to those involved in portfolio management and trading.   As part of the training, conduct a “dry run” to ensure that the procedures work as intended and that all employees involved in the process understand it.

Documentation will be critical to establish compliance with the Rule.  This includes:

  • The applicable policies and procedures;
  • Evidence that they are being followed, such as logs of subject transactions, any forms completed by traders, e.g., to notify the Chief Compliance Officer, diligence materials regarding any prior short sales, checklists, notes and other real time documentation of compliance with exceptions;
  • Evidence of review and testing.   At minimum, this should be included in a firm’s annual review.  More frequent review and testing may be warranted if this is a high activity area, or for firms that have had prior violations of either the Rule or the procedures required by the policy (even where no violation of the Rule took place).

We have covered the key points of the Rule and its exceptions but we recommend that firms discuss it with their outside counsel and/or compliance consulting firm to answer any questions and ensure that processes are designed appropriately to prevent violations.  The penalties for violations are substantial, regardless of whether there was intent to violate the Rule.   These include not only disgorgement, interest and monetary penalties, but the publicity involved, disclosures required on Form ADV, among others.

While the staff does take into account remedial efforts by a firm, it believes that efforts should have been made to prevent the violations in the first instance.   The SEC’s Risk Alert from September 2013 discusses its examination findings in more detail and is recommended reading.

Startup Spotlight: Recordkeeping Tips

The SEC and states alike require their investment adviser registrants to maintain certain books and records, typically for five years.  We encourage all firms, especially startups, to review the applicable recordkeeping rules to ensure that they understand them and can build appropriate policies and procedures for maintenance.  Though we provide some practical tips below, firms should discuss any questions with their legal counsel and/or compliance consulting firm.

  • Limit compliance files to compliance items.  For example, it might be tempting to include personal trading and HR files in the same employee personnel file, but avoid this.  If a firm is examined, examiners likely will request records of employee trading.   Keeping the two sets of files separate will help firms provide responsive documents efficiently and avoid needlessly expanding the scope of the examination.  Hint:  if examiners do ask for personnel files, it can be a sign that a routine examination is shifting into enforcement territory.
  • Keep it clean.  All files should be well organized and easily accessible or both general business reasons and to make production easier in an exam.  Extraneous notes that are not needed for general business or required recordkeeping should be discarded, as these can be produced accidentally and create confusion in an exam.
  • Don’t get personal.  Make sure that employees keeping any personal items or files at work separate these from their work files, and the firm’s other files.  Similarly, firms may consider permitting employees to access their personal email from their workstations, to avoid having purely personal (and potentially embarrassing) emails archived and come up in document production searches.  Note, however, that a firm’s policies and procedures should prohibit using personal email for firm communications.
  • Archive electronic communications.  These days, the majority of a firm’s business is conducted electronically (including email, instant messages and, increasingly, social media).  Recordkeeping requirements for registrants will likely encompass these sorts of communications.  However, even exempt firms can benefit from archiving their emails, electronic communications, website and social media content.  Archiving makes production much easier in an examination or subpoena response, which the SEC can and does issue to non-registrants if it believes a violation of other securities laws has occurred.  Moreover, people frequently delete emails they subsequently wish they had kept; these can be rescued from the archive.  Finally, general business reasons (e.g., employee and client/investor questions or disputes, human resources issues) may make the cost of archiving worthwhile.

Key issue:  make sure your vendor uses “envelope journaling” to capture emails.  This is a function on Microsoft Exchange that your vendor and internal IT personnel will activate; this process ensures that all emails on the server will be captured automatically.   Archiving that is based on the spam filter or similar may be less expensive, but it is also significantly less reliable.  Spam filters do fail with some frequency, which means that emails cannot be archived while the filter is inoperable.  In these cases, data may or may not be recoverable.  In addition, these methods typically have limited searching, reporting and audit trail functionality.  Firms that use instant messaging and social media for business purposes will have to consider how to separately archive these.

  • Consider available space and filing method.  Determine how much space you have available for compliance files, who needs to access them and what methods are preferred for storing the various records. For example, some CCOs prefer to keep employee attestations, disclosures and similar items in annual binders.  Personal account and trading information can be kept in individual binders for each employee.  Binders also have the advantages of maintaining chronological, alphabetical or other order and ensure that filed items do not get lost.
  • Limit access to sensitive files.  Employees are already unhappy about disclosing sensitive personal information such as securities holdings, trades and political contributions to their employers.  Give them some reassurance by keeping these files in a dedicated area for compliance staff only and under lock and key.
  • Considerations for electronic storage.  Both the SEC and states permit records to be kept and produced in electronic form.  From both a business and regulatory perspective,  firms should ensure that, however records are kept, they are secure.  As more and more firms move toward electronic recordkeeping exclusively, the following should be considered:

-Cloud storage vs. traditional servers  (see our article on cloud storage here);

-The need for compliance-specific platforms (other than email archiving);

-CRMs for managing client and investor data;

-Passwords and security issues.

Cloud-based Document Storage and Sharing: Implications for Investment Advisers

The recordkeeping requirements imposed on investment advisers and other market participants are extensive and the ability to quickly locate particular records is crucial to passing a regulatory exam.  As these firms increasingly turn to more cost-effective and efficient cloud-based storage platforms, advisers should be aware of the SEC’s requirements for electronic storage generally and emerging best practices that are specific to cloud-based document storage and file sharing.

Recordkeeping Rules

In addition to the list of the specific records advisers must retain, the SEC imposes the following requirements for electronic storage:

  • Records must be stored in a way that individual documents can be easily located and retrieved;
  • Advisers should be able to provide the staff with a “legible, true, and complete” copy of any record in the format in which it is stored within 24 hours of a request by the SEC;
  • Similarly, advisers should be able to produce a printed copy of any document within 24 hours;
  • The storage method must be capable of providing the SEC with a means to access, view, and print the records;
  • The adviser must maintain duplicate copies of the records at a separate location; and
  • The adviser must establish procedures to:

-Reasonably safeguard the records from loss, alteration, or destruction;

-Limit access to the records to authorized personnel; and

-Reasonably ensure that records are complete, true, and legible.

Rule 204-2 is technologically neutral, leaving advisers free to adopt any electronic or manual approach (or combination of the two) that meets the rule’s requirements.  Similarly, there is also no formal guidance from the staff on cloud-based storage generally, nor regarding any particular service provider.  However, as more advisers are looking to cloud based solutions, some best practices have emerged.

 Additional Considerations

Best practices have generally centered around conducting diligence on potential service providers and how advisers should factor in their needs, infrastructure and other resources.

Diligence:

We recommend that firms speak with other advisers in their networks about their experience with a particular vendor, including its reliability and responsiveness.  Once a firm has a short list of vendors they are interested in pursuing, it should request additional information and documents from those vendors; examples include:

  • Its privacy policy;
  • Any internal control reports (SAS-70, SSAE-16 or other);
  • Business continuity/disaster recovery plan;
  • Network uptime and support (i.e., whether it is 24x7x365);
  • Ability to change or upgrade storage and services as the adviser’s needs change;
  • Frequency and nature of the vendor’s backup procedures (e.g., current copies only, or historical versions);
  • Any features that exist on the platform to prevent or recover inadvertent loss/deletions;
  • Locations of any mirrored or redundant servers;
  • Whether an adviser’s data has its own servers or if it is on media shared with other customers (and if the latter, what protocols are in place to separate customers’ data);
  • Policies regarding responses to court orders, litigation holds and discovery requests;
  • Any encryption applied to data transmission (such as syncing and downloads) and storage;
  • Whether the vendor is amenable to additional diligence activities such as site visits, meetings with the specific personnel who manage the adviser’s data, discussion and review of physical security controls and the like; and
  • Ability to and any limitations on terminating service and moving documents to a different vendor in the future.

Firms should also consider their particular needs, infrastructure and other resources, such as:

  • Any internal limitations they impose on access to documents and how these can be implemented and maintained on the vendor’s platform;
  • Methods used to sync local documents to the cloud, whether and when a manual sync would be required and the ease of triggering a manual sync;
  • In the event of a delayed or failure to sync, what will/can the firm do to otherwise back up its records;
  • Whether to implement any/additional requirements for complex passwords and the frequency of changing them;
  • To what extent do employees work from home, while traveling, and/or via mobile devices; particularly whether these devices issued by the firm or the firm otherwise has the ability to ensure security of these access points; and
  • To what extent do employees use public networks to access the firm’s cloud.

The last two points in particular raise the subject of encryption and the security of client or investor data on the cloud.  Because privacy laws and compliance manuals typically require specific policies and procedures to protect client/investor data, firms should take care to ensure that their chosen vendor has sufficient methods to encrypt data and protect it from unauthorized access.

Along with social media, cloud-based data storage and sharing is changing how firms of all types do business.  For investment advisers and others with enhanced regulatory obligations, it is important to carefully weigh business needs alongside applicable rules and best practices to ensure that they can take advantage of new technologies and still remain compliant.

Startup Spotlight: Regulatory Fees to Include in the Launch Budget

Launching a new management company and fund can be quite expensive both initially and on an ongoing basis.  Many of the costs are obvious:  law firm professional fees, legal costs such as entity formation, hiring auditors and administrators, leasing office space, stationery and branding, to name just a few.

The costs are less obvious on the regulatory side and it is important to factor in the following to avoid being surprised, especially as the launch date approaches (faster than one might think!):

  • Investment Adviser registration:  ranging from $40 for the smallest of SEC registrants to $500 for some state registrants.  SEC registrants may have to notice file in their home state, or states where they have clients.  State fees vary, ranging from $50 to $500. 
  • Investment Adviser Representative registration:  some SEC and most state registrants will be required to register certain of their employees as Investment Adviser Representatives in one or more states.  Filing fees range from $0 to $285 per representative, depending on the state.  These and the adviser registration fees will be in addition to a law firm or consulting firm’s professional fees to handle the registration. Moreover, representative registration often requires that the registrant pass one or more securities licensing exams, usually the Series 65, which currently costs $135.  Prep courses and materials will be an additional cost. 
  • Disbursement Procedures for state registrants:  Some states, such as California, may require certain of its registered advisers to retain an independent third party that processes and approves deductions of fees and expenses from client accounts.   Depending on the state’s requirements and service provider, there may be a charge per issuance of a letter or other document approving the fee(s) or cost(s).  
  • Auditors.  The SEC and some states require private funds to undergo an annual audit (or surprise exam, though given the choice, most fund managers opt for the audit), so saving money by not hiring an auditor may not be an option.  California’s Exempt Reporting Adviser status also requires an audit for 3(c)(1) funds.
  • Initial and Ongoing Compliance-related costs:  Depending on a manager’s jurisdiction (SEC or a particular state), it may be required to establish a code of ethics, policies and procedures manual, appoint a chief compliance officer, or be subject to other requirements short of a full compliance program.  Even if not required, a manager may establish any or all of these as a matter of best practices.  NB:  most states that register investment advisers have recordkeeping requirements, which are similar to the SEC’s. Costs should be discussed with the applicable service providers and may include: 
  1. Professional fees for drafting documents (code of ethics, policies and procedures, disaster recovery plan and the like);
  2. Archiving for emails and other electronic communications (this should be set up early on to make sure that required books and records are complete);
  3. Any other IT infrastructure to support books and records maintenance (similarly, should be set up early on);
  4. Class action monitoring and processing (most likely post-startup); and
  5. Proxy voting service (most likely post-startup).
  • SEC Form D and State Blue Sky filings:  Private funds typically file Form D with the SEC at launch to claim one or more exemptions from registering its interests as securities under the Federal securities laws.  The SEC filing is free of charge.  However, nearly all of the US states and territories have a corresponding law that permits these “Federal Covered Securities” to be offered in their state as long as a copy of the Form D is transmitted to the state within a certain timeframe.  Most states require a filing fee and some require additional documentation.  These filing fees add up quickly because they are made when the first investor from each state comes into the fund.  Fees range from $0 to $1,500, excluding professional fees (such as law firms and compliance consultants) to prepare them. 

Funds not relying on Regulation D may still be subject to other state laws governing private offerings, some of which require filings (usually with fees, varying significantly within and among the states) and others do not.  Legal counsel can advise on the applicability of these laws; expense-conscious managers may wish to ask about the approximate costs of researching and monitoring compliance with these laws as they are more variable than the Regulation D/Federal Covered Securities system.

Under either Regulation D or other state laws, some states require renewals on an annual or other periodic basis (such as two years in Alaska for Form D or four years in New York for state Form 99), so managers should plan for ongoing fees as well.