2014...Compliance Reporter), looking at some of the key challenges and trends affecting chief compliance officers at brokerage and asset management firms in 2014 and beyond. One of

Certify your compliance knowledge

Investment Advisor Certified Compliance Professional® (IACCP®) Program

Learn more at www.nrs-inc.com/IACCP

NRS-IACCP-8.5x2-strip-ad-v2.indd 1 9/12/14 8:38 AM

2014

How Brokers &

Asset Managers

Can Stay On Top

http://www.complianceintel.com

http://www.nrs-inc.com/IACCP

http://www.alpsinc.com

mailto:[email protected]

© Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997. 3

SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE

EDITORIAL

Veronica Belitski Mark Fortune

Editors

Ben Maiden Managing Editor

(212) 224-3281

Peter Rawlings Senior Reporter

(212) 224-3267

Katie Segreti Director of Data

(212) 224-3228

William Sprouse Aggregated News Editor

Kieron Black Sketch Artist

PRODUCTION

Dany Peña Director

ADVERTISING

Joseph Parsons V.P. Global Head of Sales

Patricia Bertucci Associate Publisher

(212) 224-3890

PUBLISHING

Robert Dunn Commercial Director (212) 224-3712

Tracey Redmond Head of Custom Media Events

Anna Lee Marketing Director (212) 224-3175

Mary D’Alessio Marketing Manager (212) 224-3117

Vincent Yesenosky Head Of U.S. Fulfillment (212) 224-3057

Nina Bonny Customer Service Manager (212) 224-3433

CORPORATE

Richard Ensor Chairman

David Antin Chief Executive Officer

Customer Service: PO Box 5016, Brentwood, TN 37024-5016Tel: 1-800-715-9195 • Fax: 1-615-377-0525 UK: 44 20 7779 8704 • Hong Kong: 852 2842 6910E-mail: [email protected]

Editorial Offices: 225 Park Avenue South, New York, NY 10003. Tel: 1-212-224-3281 • Email: [email protected]

Institutional Investor Hotline: (212) 224-3570 and (1-800) 437-9997 or [email protected]

A Publication of Institutional Investor, Inc.

© Copyright 2014. Institutional Investor, Inc. All rights reserved.

Copyright notice. No part of this publication may be copied, photocopied or duplicated in any form or by any means without Institutional Investor’s prior written consent. Copying of this publication is in violation of the Federal Copyright Law (17 USC 101 et seq.). Violators may be subject to criminal penalties as well as liability for substantial monetary damages, including statutory damages up to $100,000 per infringement, costs and attorney’s fees.The information contained herein is accurate to the best of the publisher’s knowledge; however, the publisher can accept no responsibility for the accuracy or completeness of such information or for loss or damage caused by any use thereof.

From the editors of: Compliance Intelligence

EDITOR’S NOTEWelcome to the latest special report from Compliance Intelligence (the exclusive service from Compliance Reporter), looking at some of the key challenges and trends affecting chief compliance officers at brokerage and asset management firms in 2014 and beyond.

One of the results of post-financial crisis reforms is that fewer and fewer financial entities can escape having a regulator keeping tabs on them. Over recent months, for example, hundreds of municipal advisers have enrolled with both the Municipal Securities Rulemaking Board and the Securities and Exchange Commission—for many, their first registration. Not only will many of them face an SEC exam to see how they’re faring with the new regulatory regime, they’ll also be trying to comply while many of the rules governing them are still to be completed (see story, page 4).

Cyber security, as anyone with a bank account knows, has become a somewhat nerve-wracking issue. Firms, as well as individuals, can suffer tremendous losses from hacking attacks and it is widely assumed that no one is entirely immune. For CCOs, these threats mean working closely with IT colleagues and management to figure out how best their institution can prepare for and respond to a breach—all under the watchful gaze of the regulators (see story, page 14).

Less terrifying but just as important—and as work-intensive—will be preparations for implementing the 869 pages of money market mutual fund reforms (see story, page 6). As ever, CCOs will have their hands full dealing with SEC exams, and we present attorneys’ thoughts on what may be the agency’s priorities when it comes knocking in 2015 (see story, page 16).

Elsewhere in this report, we present extracts of recent CI interviews with senior regulators: Kevin Goodman, national associate director of the broker/dealer exam program in the SEC’s Office of Compliance Inspections and Examinations (see story, page 8); and Patricia Struck, head of Wisconsin’s Division of Securities and leader of the North American Securities Administrators Association’s Investment Adviser Section (see story, page 10).

We also present practical guidance from industry attorneys on dealing with having a combined CCO and general counsel (see story, page 18); what guidance on the Volcker rule means for firms busy implementing it (see story, page 20); and the importance of checking Customer Identification Programs (see story, page 22).

We hope you find this report to be helpful. As always, please contact me any time with any comments, questions or suggestions you may have.

Kind regards

Ben Maiden, Managing Editor+212 224 [email protected]

4Muni Reforms To Occupy CCOsBy Ben Maiden, CI

The MSRB is taking on a bigger role as municipal advisers register amid new rules.

6Money Fund Reforms Create ChallengesBy Peter Rawlings, CI

The long-awaited SEC reforms will keep CCOs busy over the coming year.

8Regulatory Talk: Kevin Goodman, SECThe head of OCIE’s B/D exam program spoke to CI about the focus on fixed income.

10Regulatory Talk: Patricia Struck, NASAAThe leader of NASAA’s IA Section talked with CI about key issues in state inspections.

14Cyber Security Looms LargeBy Leslie Kramer, Contributor

CCOs are playing a key role for firms in preparing for attacks.

TABLE OF CONTENTS

1816 How To Manage A Combined CCO/GC RoleBy Edward T. Dartley of Pepper Hamilton

Combining the CCO and GC position can create tensions.

Lawyers Eye SEC’s 2015 ExamsBy William Sprouse, Contributor

Conflicts of interest, fee allocations and market structure may be on the menu.

20What The Volcker FAQs Mean For FirmsBy Julius L. Loeser and Sterling Sears of Winston & Strawn

CCOs should take note of guidance issued this summer as they implement the reforms.

22Checking CIPs For Institutional AccountsBy Paul M. Tyrrell, Sidley Austin

Regulators continue to scrutinize B/Ds’ anti-money laundering programs.

4 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.

SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE

It seems fitting that the Municipal Securities Rulemaking Board announced recently that it has signed an agreement to move its office operations back to Washington, D.C. in 2016. The self-regulatory organization had moved across the Potomac to Alexandria, Va., in 2001 and, after marking its 40th anniversary next year, will return to the capital. The symbolism is apt at a time when the MSRB is taking on a higher-profile role as regulator for a market that has attracted growing attention.

Most notably, hundreds of municipal advisers have registered with both the MSRB and the Securities and Exchange Commission during a phase-in period that will run until the end of October. That shift was mandated under Section 975 of the Dodd-Frank Act, which established a new regulatory regime for municipal advisers. The SEC in September 2013 adopted a long-awaited final rule establishing a permanent registration regime for municipal advisers (CI, 6/12).

Most of these newly enrolled municipal advisers were not previously registered with regulators as either brokers or advisers. As such, they and their chief compliance officers will have to get to grips with a new regulatory framework—and, to make matters more tricky, one that is still in the process of being formulated.

The MSRB in recent months has released for comment rule proposals that would:

• Extend its pay-to-play restrictions beyond dealers to municipal advisers;

• Impose supervisory and compliance obligations on municipal advisers when they engage in municipal advisory activities;

• Amend its professional qualification rules to create requirements for municipal advisers and their associated persons;

• Set standards of conduct and duties of municipal advisers when engaging in municipal advisory activities other than undertaking solicitations.

Among these plans, the MSRB would amend Rule G-37, which is designed to ensure that “high standards and integrity of the municipal securities industry are maintained, to prevent fraudulent and manipulative acts and practices, to promote just and equitable

principles of trade, to perfect a free and open market and to protect investors and the public interest.”

The proposed changes would bar municipal advisers from engaging in municipal advisory business with municipal entities for two years if certain political contributions have been made to officials who can influence the awarding of business—as the existing rule does for dealers (CI, 8/22). Municipal advisers would also have to disclose their political contributions to officials and bond ballot campaigns for posting on the MSRB’s

Electronic Municipal Market Access, or EMMA, website. Again, dealers already comply with this provision.

SEC ExAMSTo add to the fun, municipal advisers will also face visits from the SEC’s Office of Compliance Inspections and Examinations. The exams are intended to “establish a presence with the newly regulated municipal advisers,” officials said in an announcement in August. Over the next two years, OCIE staffers will look at a “significant percentage” of these municipal advisers. Areas on the agency’s radar for scrutiny may include a municipal adviser’s compliance with its fiduciary duty to its municipal entity clients, books and recordkeeping obligations, disclosure, fair dealing, supervision and employee qualifications and training.

Attorneys in late August told CI that firms will need to take great care of these exams, not least because some of the rules they may be quizzed on are yet to be completed, meaning that shops may not have finalized their compliance plans yet.

The SEC says OCIE will only examine firms for compliance with forthcoming rules “as and when those rules have been finalized.” But Bingham McCutchen Partner Amy Kroll said that although inspectors may focus on completed regulations, firms won’t necessarily avoid scrutiny in regards to forthcoming rules. “I do think they’ll expect you to have policies to address general topic areas even if the particular rules aren’t finished,” she told CI. “They’ll want to see that the municipal advisers are familiar with the proposals and, to the extent possible, are following the principles the proposals

Advisers FAce New exAms

Muni Regs Grab CCOs’ AttentionThe municipal securities industry may be valued at $3.7 trillion, but until recently it hasn’t had the kind of

regulatory and compliance prominence that it merited. Now, with a wave of new registrants and new rules, things

are changing. Compliance professionals will be spending a lot more time thinking about municipal issues in the

year to come. Ben Maiden rounds up the latest developments.

Amy Kroll

http://www.complianceintel.com/Article/3351447/Search/How-CCOs-Can-Prepare-For-Muni-Advisor-Registration.html

http://www.complianceintel.com/Article/3373609/Search/Muni-Board-Eyes-Adviser-Pay-To-Play-Curbs.html


articulate.”In terms of the pay-to-play proposal, for example, Kroll said that,

while there’s no existing prohibition on the activities at issue, firms should probably ensure they implement policies and procedures that require associated persons to check with compliance teams before making political contributions.

Skadden, Arps, Slate, Meagher & Flom Partner Kenneth Gross warned CCOs that complying with the pay-to-play proposal may be tricky for municipal advisers because they have a continuing fiduciary duty to their clients. In contrast, underwriters that already have to comply with the rules have more episodic interactions with clients.

“Since advisers have ongoing relationships, if a municipal adviser or covered employee makes a political contribution that triggers a ban on business, the adviser won’t be able to simply drop a client,” Gross said. “Instead, to comply with its fiduciary duty, the adviser will have to continue to advise while arranging for an orderly transition to another provider. After this transition, the two-year ban on business will commence.”

BEYOND ADVISERSThe MSRB hasn’t been focused solely on municipal advisers, however. The SRO’s Board of Directors at its quarterly meeting in July/August agreed to pursue measures designed to enhance price transparency for investors (CI, 8/12).

The Board plans to publish a proposal this fall on the disclosure of

information by municipal securities dealers to their retail customers, with the aim of helping them better understand some of the factors related to the costs of their transactions. The proposal will focus on the disclosure of customer confirmations of the price of a corresponding dealer transaction in the same security that occurs on the same day as the customer trade, officials said.

The MSRB believes the changes would give investors information broadly already available on EMMA—but would provide it more directly to investors in connection with their transactions so they can assess prices they receive from dealers. The SRO will also ask for feedback on alternative approaches such as markup disclosure on confirmations for trades that could be considered riskless principal transactions.

In another price transparency initiative, the Board approved a request for input on enhancing its Real-time Transaction Reporting System to collect additional post-trade information for public display on EMMA.

The MSRB Board also decided to proceed with a proposed rule

that would establish a best execution standard for transactions in the

municipal market by requesting approval from the SEC. This would

for the first time it imposes explicit requirements for municipal

securities dealers to seek the most favorable price possible when

executing transactions for retail investors. It would also create an

exception for transactions with sophisticated municipal market

professionals (CI, 3/20).

http://www.complianceintel.com/Article/3370446/Search/MSRB-To-Tackle-Price-Transparency.html

http://www.complianceintel.com/Article/3321733/Search/SIFMA-Seeks-Assurances-On-Muni-Best-Execution.html

http://www.smarsh.com



Overwhelmed by Regulatory Concerns?

Let ACA help.• Mock SEC, FINRA, NFA, and FCA inspections

• GIPS® verification

• Compliance program reviews

• Policy and procedure development

• Personal trading reviews

• Electronic communications reviews

• Marketing literature reviews

• Tailored turnkey registration services

• On-site CCO support

• Ongoing consulting

USA EUROPE ASIA BRASIL

For more information, visit acacompliancegroup.com or call (212) 868-5940.

The new money market mutual fund rules, which provide a two-year transition period for the industry to come into compliance, create several new categories of money market fund (see box, page 7). The SEC will continue to permit retail money market funds and government funds to maintain a stable net asset value. But institutional prime money market funds will have a floating NAV, with daily share prices fluctuating along with market values.

RETAIL v. INSTITUTIONAL“The first thing that has to happen is figuring out which funds are going to be floating funds, and which are going to be stable NAV funds, because there will be different policies and procedures that apply to different funds,” Drinker Biddle & Reath Partner Diana McCarthy told CI.

“That is not a distinction that has been important before,” said Goodwin Procter Partner Marco Adelfio. “So making sure that data is accessible and can be distinguished and relied upon is an important first step.”

“For stable NAV funds, there will need to be new policies and procedures for determining which investors are natural persons,” McCarthy said. “I think that can be very challenging.” Verifying whether or not investors are natural persons may prove particularly difficult in cases where investors enter a fund through an omnibus account or third-party intermediary, she said. Not only does that add an extra step to the verification process, but “in the past, omnibus account holders have been reluctant to provide information for funds in other contexts,” she added. Ultimately, the process may involve dealing with multiple layers of intermediaries in order to determine whether investors are natural persons.

Since so many people invest in money market funds through such intermediaries, satisfying the retail definition is going to comprise a significant portion of CCOs’ initial efforts in complying with the rules, Davis Polk & Wardwell Partner Gregory Rowland told CI. The challenge is made greater by the fact that the SEC in its final rules didn’t provide much guidance on how to handle situations where an investor enters the fund through a third party, he said.

In the final rules release, the Commission acknowledges that in these circumstances an omnibus account—rather than the beneficial owners—is a fund’s shareholder of record. The fund will need to find a way to determine whether the beneficial owner is a natural person. However, “we are not prescribing the ways in which a fund may seek to

satisfy the retail fund definition, including how the fund will reasonably conclude that underlying beneficial owners of an omnibus account are natural persons,” the SEC stated.

Regardless of the specific policies and procedures a fund settles on, “we expect that a fund will periodically review the adequacy of such policies and procedures and the effectiveness of their implementation,” the SEC said.

DIVERSIFICATION, REPORTINGIn addition to establishing the new definitions and categories of money market funds, the SEC amendments to Rule 2a-7 of the Investment Company Act created an array of additional policy changes that CCOs will need to implement. For instance, the agency altered its diversification requirements for funds, meaning that “compliance officers will need to program those new diversification limits into their portfolio management systems and do basic daily checks on portfolio trading,” McCarthy said.

Under the existing diversification rules, money market funds must limit their investments in any single issuer of a first-tier, non-government security to no more than 5% of fund assets. The SEC’s new rules will obligate fund CCOs to treat certain affiliated entities as a single issuer, increasing the likelihood of breaching the 5% issuer limit.

CCOs will also have their work cut out in preparing to comply with new reporting obligations, Adelfio said. CCOs will be responsible for monitoring and tracking weekly liquidity information that will have to be filed with regulators, which “will likely involve recalibrating their existing systems,” he said.

The SEC’s rule changes included a requirement to file new information on Form N-MFP such as a fund’s NAV per share, daily and weekly liquid assets and shareholder flows on a weekly basis. The SEC is also now requiring funds to make prominent daily disclosures on their websites. Those disclosures must also include daily and weekly liquid assets, as well as the fund’s NAV, and net inflows and outflows.

LIqUIDITY FEES, GATES“One big aspect of the rules that is not as clear relates to the implementation of liquidity fees and redemption gates,” McCarthy said. The rules give non-government funds the ability impose fees and gates on investor redemptions in cases where a fund’s weekly liquid assets

implemeNtAtioN projects

Money Fund Rules Pose Wide- Ranging ChallengesWith the Securities and Exchange Commission’s long-awaited money market fund reforms finalized earlier this

summer, chief compliance officers now face a litany of tasked large and small in preparing for life under the new

regime. Peter Rawlings explores some of the key implementation issues.


Overwhelmed by Regulatory Concerns?

Let ACA help.• Mock SEC, FINRA, NFA, and FCA inspections

• GIPS® verification

• Compliance program reviews

• Policy and procedure development

• Personal trading reviews

• Electronic communications reviews

• Marketing literature reviews

• Tailored turnkey registration services

• On-site CCO support

• Ongoing consulting

USA EUROPE ASIA BRASIL

For more information, visit acacompliancegroup.com or call (212) 868-5940.

fall below 30% of the funds overall assets.“It’s the flexibility that is causing people to scratch their heads,”

because figuring out exactly when and how to impose such restrictions is a new responsibility, and the discretion is left in the fund’s hands rather than being spelled out by regulators, McCarthy said. Adding to the uncertainty, she said, is the fact that such decisions would generally be made under distressed circumstances—times when funds were having difficulty maintaining high levels of liquidity.

The possibility of needing to impose liquidity fees and redemption gates will require CCOs to figure out what kinds of alarm systems they may need to devise to ensure they can detect in advance that a fund is nearing the 30% weekly liquid asset threshold, Stradley Ronon Stevens & Young Counsel Joan Swirsky told CI. CCOs will need to be ready to compare their funds’ liquidity to historical levels and prepare to make tough judgment calls as to what sort of action is appropriate, she said.

VALUATIONFunds should also take note of valuation guidance buried in the 869-page release, McCarthy cautioned. “There certainly is a role for compliance officers to take in implementing that guidance—and it applies not just to money market funds, but to all kinds of mutual funds.”

In its final rulemaking, the SEC reversed course from its initial proposal and agreed to allow retail and government money market funds to continue to use the amortized cost method to value securities

with remaining maturities of 60 days or less. The Commission also issued a reminder that using such costs is contingent on a fund’s directors determining in good faith each time they value a security that its fair value is roughly equal to its amortized cost. The SEC also said funds should take into consideration other factors such as “existing credit, liquidity or interest rate conditions in the relevant market” when making such determinations.

Funds are realizing that the new requirement to double check amortized cost valuations is going to take a lot more work than they initially expected, Ropes & Gray Partner Brian McCabe told CI. The valuation guidance means CCOs will need to review and improve their existing policies to ensure that amortized costs are appropriate and detect when they are not, he said.

RETAIL, GOvERNMENT FuNDS: NEw DEFINITIONSThe SEc amended the definitions of retail and government funds from its initial proposal. Unlike institutional prime funds, retail and government funds will still be allowed to transact at a stable naV and use amortized cost to value securities.

Proposed Definition Final Definition

Retail limits shareholder redemptions to $1 million per business day.

Has policies and procedures reasonably designed to limit beneficial owners to natural persons.

Government Has at least 80% of its assets in cash and government or government-backed securities.

Has at least 99.5% of its assets in cash and government or government-backed securities.

http://www.acacompliancegroup.com



CI: Fixed income was one of the issues raised in OCIE’s 2014 exam priorities notice (CI, 1/23) and it has been highlighted more recently by SEC Chair Mary Jo White. What are you seeing?

KG: We have our Fixed Income and Municipals Specialized Working Group looking closely at mark-ups in the fixed income area and the sources of information investors have to assess their execution quality. This specialized working group is also doing some interesting work gathering the various sources of information on fixed income executions into one data set so that we can use that data to better assess the execution quality at various firms. Although it’s early in our process, we do have some concerns that the current price transparency may not lead to consistently good execution quality. And we will be using that analysis to inform policy within the Commission.

CI: And is that specific to the municipal market?

KG: We’re looking at fixed income generally, but we do have somewhat of an emphasis on the municipal market.

We’re also particularly interested in price transparency for so-called riskless principal trades, and specifically how these transactions differ from agency trades in terms of the risks taken by the firm. We’ve seen some situations where a [B/D] will have an order in hand from a customer, will then go out and buy the bond from an [alternative trading system] or other source and then mark up the security in a manner that suggests the firm is taking some significant risk and being compensated for that—even though in a lot of cases the security may have hit its principal account for only a nanosecond.

We want to understand why the mark-up on one of these types of trades doesn’t look like more of an agency commission—minimal commission—and is there enough price transparency that the investor can not only see their trade but can tell that the broker went out, got this from the market, marked it up 3% or whatever, and then sold it to them.

CI: There was a recent Senate panel discussion of payment for order flow, and reports that the SEC has been looking into how retail orders are handled. Where are you in terms of examining this issue?

KG: We are in the process of looking at the extent of payments for

order flow, if and how they are disclosed, and the effect they have on execution quality. We’re not ready to share information yet, but we will be sharing that first within the SEC to inform policy and then possibly later with the industry if we deem that to be appropriate.

CI: What has driven interest in this area? It’s an issue that has been around for a while. Was there a specific concern you had about what may be happening?

KG: It’s really the old concept that drives many of our exam priorities, and that is if a person has a conflict of interest that may cause them not to act in the best interest of the investor, we want to understand whether that has affected the well-being of the investor. The conflict of interest here would be you’re making routing decisions and you’re receiving compensation if you route to certain places. So how does that affect the execution quality the investor is receiving and how is it disclosed? It’s not unusual in the sense that we always look for the presence of conflicts of interest because those are very fruitful areas to deploy our limited resources.

CI: Cyber security is a hot topic, and OCIE conducted a sweep on this earlier in the year (CI, 4/9). What findings have you had and what outcomes might there be?

KG: As part of our initiative, we’re looking at over 50 [B/Ds] and we’ve targeted firms of various sizes and business models. We’re in the process of analyzing the information we’ve collected and will, again, be using that to inform policy within the Commission and then to determine what we might share outside the agency.

Through looking at the information that we’ve received, we want to make sure that firms are dedicating resources and the attention of senior management to address the significant risks posed by cyber security. In particular, we expect that all firms will have knowledgeable professionals assessing the vulnerabilities inherent in their particular operations, including their interfaces with third parties, and that they will employ defenses and monitoring to address them. That’s what we’re assessing right now.

For more details of the interview with Goodman, go to Complianceintel.com.

regulAtory tAlk

Kevin GoodmanSecurities and Exchange Commission

Kevin Goodman was named national associate director of the broker/dealer examination

program in the Securities and Exchange Commission’s Office of Compliance Inspections and

Examinations in November. He spoke to CI in July about what his team are seeing as examiners

look into key issues for 2014 and how the program’s priorities for 2015 are shaping up.


Modular execution solves the challenge of scalability

In addition, connections to reference data models such as Reuters and Bloomberg ensures consistency of data and timing across funds and business models. Replacing multiple systems in data interchange permits simplified consolidated reporting via a single platform. Complemented by a common repository for extracts and reference data, it helps create a seamless and straight through post-trade lifecycle process. Furthermore, trade aggregation and enrichment of the trade record with feeds from various data providers ensures that the data is correct and can be handled at a much higher velocity. Processes can be customized to run alone or as a connected group.

Further, the ability for a platform to connect to multiple instances of other applications through a centralized data management platform provides flexibility, while sustaining the integrity of data. The execution speed and the ability to combine data from multiple sources enable a faster, more accurate NAV calculation on a more frequent basis.

More attention on breaks and risk

Another important aspect of STP is a common methodology for risk assessment and breaks. Using a simple, common user interface, an STP system distills breaks from the repository into one screen for each manager’s data so staff can focus only on unmatched records. Removing the need to access breaks in various locations increases processing velocity and more time is spent on resolution which is extremely more efficient. Additionally STP gives managers the power to evaluate the significance of breaks in relation to overall value quickly. Simple methodology to determine and assess the impacts of each break on the entire portfolio consequently helps to improve reliability when assigning risk levels.

Scalability and Efficiency Via Automation In Global Operations And Middle-office ProcessingBy David A.A. Ross, Global Head, Marketing, Viteos Fund Services

Repository TargetDatabase

SchedulerAutomated

Transformation Engine

Replication Task Process

TransformFilter

Persistent Store

Email

Full Load Tables

Change Tables

Bulk Reader

Normalizer

Stream LoaderFTP

Web

Attention focused onunmatched records

rather than all records

Failures &Exceptions

-Original file maintained

Single NormalizedCopy

Americas

Europe

Asia

Hong Kong

India

New York

Paris

ReconciliationFolders

AccountingFolders

ComplianceFolders

Middle O�ceFolders

Reconciliation Team

Accounting Team

Compliance Team

Middle O�ce Team

Credentials andRestricted Access Folders

Singapore

One secure repository for multiple users

sponsored Article

U.S.A +1 732-356-1200 | New York +1 646-861-3409 | London +44 (0)207016 9170

Compliance oversight benefits considerably from straight-through processing (STP) of trade data which usually originates from a number of sources and in varying formats. Although tools which aid monitoring exist in many forms today, in the longer-term, the introduction of complex asset classes to traditional offerings, global operations bottlenecks and disaggregated systems are expected to strain portfolio and trade compliance processes. In this environment, those manual processes that lag daily trade and cash reporting become a liability to oversight. Once automated, customizable web-based platforms reduce compliance burdens as dashboards linked to one normalized data depository places data within easy reach by reconciliation, accounting, compliance, or middle-office departments—no matter where the data or the personnel are stationed worldwide. The same or fewer staff can review more in less time. In addition, since all groups reference the same data source, differences should be reduced to a minimum. And with reports available through a secure web portal at regular intervals overnight, reconciliation and emailed attachments become a thing of the past.

This excerpt of the case study Scalability and Efficiency Via Automation In Global Operations And Middle-office Processing hints at the larger effort. Please take a moment to visit http://info.viteos.com/newco to download your copy if you are interested in learning more.

Viteos continues to expand and invest in architecture, performance, technology and functional upgrades, including adding capabilities to support multiple equalization methods and the ability to handle European mutual funds with their complex regulations. The enterprise solution incorporates AML compliance, and meets local and regional regulatory reporting and valuation requirements including FATCA. The regulatory reporting component is adequately flexible to meet the changing needs of Form PF, AIFMD, and incorporate CPO-PQR.

http://info.viteos.com/newco

http://www.viteos.com



CI: You were just at a NASAA training program in St. Louis, Mo., for the IA Section. What types of issues were you covering?

PS: We had examiners from not only U.S. jurisdictions, but also from other members including Canadian provinces and Puerto Rico. We had almost 150 people there, which seemed very large to me—the last time I attended it was a smaller group.

We focused on two areas: programming for the people that do examinations—those that go out on the road and do office audits—and for the people that do registration of the advisers we register—those looking at the [Investment Adviser Registration Depository] and [Form] ADV.

Included in the agenda were discussions of fiduciary duty, due diligence, the way to look at offices selling alternative investments, examinations of hedge funds, understanding the various business models of [IAs], use of social media and looking at connecting Internet investigations.

CI: Does that list of topics align with the issues you are emphasizing during exams?

PS: Yes. These are both hot topics and basic issues.

CI: What do you expect to be the key focus areas in inspections of state-registered IAs in the coming months? Are there any new or emerging issues that chief compliance officers should be focused on?

PS: Cyber security is the first one. Everybody’s worried about that, and the reason we’re worried about it is because we pick up on the headlines and know what’s out there. So that’s one of the topics we’re looking at.

Business continuity plans [are also] something that I think most professionals are looking at, both for disaster recovery, as well as succession planning. That’s another hot topic and key focus area.

[With respect to] private placements, we’re asking what kind of concerns are going to be appropriate for examiners to look at when they’re out doing an exam and they see that one of the assets in [an]

account is a private placement security.One of the things that has come to our attention—one of the topics

of discussion we’re going to be looking at—is fees and expenses. It is a perception [among] some of the people that were [at the training session] that there’s been an increase in the fees and expenses being charged against client accounts and investor accounts. So we’re going to be looking at that as well…This is a concern that people are picking up on.

CI: How often should state-registered IAs expect a visit from state examiners? What advice do you have for CCOs preparing for such an exam?

PS: Right now, what we’re finding is that there’s been an increase in the exam frequency since the switch [from SEC oversight], which only makes sense, as the states become the only regulators of the mid-sized advisers and small [IAs].

The numbers that I can report are an average of three to six years [between exams] at the time of the switch, and now we’re finding that the exams are more frequent. In our state, and in a number of other states, we’re finding that the frequency is now closer to three years. A majority of the states today…are examining on a frequency of about four years.

In terms of takeaways for compliance officers, we have risk analysis tools that let us review our registrants based on the information reported in the various items of the ADV and we rank them individually for each registrant. So in some cases, rather than just relying on a cyclical calendar of exams, we’re looking at risk-based exams as well.

CI: One might have expected after the switch that maybe firms would be visited less often because there would be more firms the states would be responsible for examining. How did you all manage to increase the frequency?

PS: It’s because we know that we’re the only regulator of the small- and mid-sized advisers. And one of the concerns Congress had [when] they delegated the responsibility to us for mid-sized advisers was [they] felt there was a problem with these firms, by and large, not being examined on a frequent basis. So we felt it was important, listened to what we were

regulAtory tAlk

Patricia StruckNASAA

Patricia Struck, head of Wisconsin’s Division of Securities, took charge of the North American

Securities Administrators Association’s Investment Adviser Section in summer 2013. Since

taking on that role, Struck, who is also a former NASAA president, has helped set the agenda

for inspections and regulation of the many small- and mid-sized IAs that are registered with the

states—many of which recently switched from Securities and Exchange Commission oversight.

She spoke with CI in August about the IA Section’s examination priorities and efforts to improve

inspection the process.

ALERTS MANAGER:Stay up-to-date on regulatory require-ments, updates, and compliance guidancefrom Ascendant Compliance Management.

RISK MANAGER:Create risk assessments, maintain riskinventories, and manage risk holisticallywithin the firm.

POLICY MANAGER:Create, edit, and maintain compliancepolicies and procedures as a workingdocument, map to risk matrices and attachrelevant documentation; assign workflow.

LIBRARY MANAGER:Access compliance resources,No-Action letters, law firm briefs,whitepapers, webinars, and podcasts.

ATTESTATIONS MANAGER:Efficiently manage the distribution ofnew policies and regulatory information.Electronic evidence of employeeattestations. Use Ascendant Templates:Customize your own for any purpose.

TRADE BLOTTER MANAGER:Simplify and verify Trade Blotter data andanalysis and meet regulatory requirements.

ANNUAL REVIEW MANAGER:Fulfill the Annual Review 206(4)-7requirement using aggregated,automated workflow and testing,generate detailed reporting.

Ascendant Compliance Managementwww.ascendantcompliancemanager.com | 860-435-2255by

Ascendant Compliance ManagerACHIEVE COMPLIANCE PEACE OF MINDHelping you distill, prioritize, implement and simplify…


ALERTS MANAGER:Stay up-to-date on regulatory require-ments, updates, and compliance guidancefrom Ascendant Compliance Management.

RISK MANAGER:Create risk assessments, maintain riskinventories, and manage risk holisticallywithin the firm.

POLICY MANAGER:Create, edit, and maintain compliancepolicies and procedures as a workingdocument, map to risk matrices and attachrelevant documentation; assign workflow.

LIBRARY MANAGER:Access compliance resources,No-Action letters, law firm briefs,whitepapers, webinars, and podcasts.

ATTESTATIONS MANAGER:Efficiently manage the distribution ofnew policies and regulatory information.Electronic evidence of employeeattestations. Use Ascendant Templates:Customize your own for any purpose.

TRADE BLOTTER MANAGER:Simplify and verify Trade Blotter data andanalysis and meet regulatory requirements.

ANNUAL REVIEW MANAGER:Fulfill the Annual Review 206(4)-7requirement using aggregated,automated workflow and testing,generate detailed reporting.

Ascendant Compliance Managementwww.ascendantcompliancemanager.com | 860-435-2255by

Ascendant Compliance ManagerACHIEVE COMPLIANCE PEACE OF MINDHelping you distill, prioritize, implement and simplify…

told, looked at the record and reallocated our resources so that we’ve been able to do that.

CI: Can you elaborate on the process for selecting a firm for a risk-based exam and what factors you look for?

PS: For example, firms with custody might be more reviewed more frequently than those that don’t have custody. There are risk factors like that. It all stems from the answers the firms gave on their ADV.

CI: What are the most frequent issues inspectors have been uncovering during IA visits in 2014? In the past, issues such as books and records or suitability documentation have been the leading areas of concern (CI, 8/22).

PS: Books and records continues to be number one, and one of the most frequent kinds of books and records findings is documentation of suitability. Another issue is registration. There [are also issues with] Form ADV, looking at Part 1 versus Part 2. There are also problems involving missing client contracts and improper execution.

Privacy [is also an issue]. Delivery of initial and annual privacy policies, and awareness of the red flags rules that all the financial services regulators at the federal level came up with and had to implement a year ago. Delivery of the brochure, [and] advertising [are also common issues].

CI: Has NASAA or its members adopted any new exam tools or modules since the mass switch of former SEC-registered

advisers to state oversight?

PS: The exam modules are key to that effort and using the exam modules we’ve performed thousands of onsite exams both on a routine and cause basis every year in virtually every state…There were about 2,100 [IAs] switching and the states have examined all of them [as of 2013]. A priority during the switch process was to try to identify specifically those switching firms and get out to do exams of them, and all of those have been done.

We have done a lot to increase the speed of the modules. That’s why we found it particularly important at our training to host a computer lab [where examiners could try the modules], so they could see personally how fast the [NASAA Electronic Examination Modules, or NEMO,] module has become. Because it’s so streamlined, it’s been able to make the exam process much more efficient. We’re also now able to share knowledge and identify trends with other states. That is probably the key new tool that we’ve got.

[We’re working to ensure we get] NEMO implemented in more states and being used by more regulators, so that advisers know what they’re going to be examined on from state to state. It will be [uniform], so an exam in Mississippi will be the same as an exam in Wisconsin, more or less…And as we discover new trends and new concerns, such as business continuity plans—[we are looking] to make sure those are included in the NEMO modules.

For more details of the interview with Struck, go to Complianceintel.com.

http://www.complianceintel.com/Article/3246709/Search/State-Exams-Target-Former-SEC-Registered-Advisers.html

http://www.ascendantcompliancemanager.com

SponSored Article

While no outsider can know for certain what

Mr. Cohen may or may not have known,

or when he knew it, with respect to trades

placed at his firm on the basis of inside

information, the SEC’s allegation that he failed

to supervise employees demonstrates that

where there is a duty to know, ignorance is

not bliss. An adviser’s fiduciary duty requires

the adoption and implementation of written

policies and procedures and other controls

reasonably designed to ensure compliance

with federal securities laws and to supervise

employees with a view to preventing

violations and averting compliance failures.

A well-designed compliance program often

results in a steady stream of spreadsheets,

checklists, reports and other output.

Increasingly, private fund advisers are

finding that the vast amounts of paper and

information generated from their compliance

efforts are both a blessing and a curse.

“To whom much is given, much is expected.” The old axiom is as true today as it ever

was. If the reams of information produced

by an adviser’s compliance program

are gathering dust on the CCO’s desk,

languishing in a database or an email inbox

without effective, well-documented review,

and the risks that the firm’s controls were

meant to address materialize, the adviser

is left with no excuse. As demonstrated

in recent news headlines, nowhere is this

gamble more clearly exemplified than in

the areas of insider trading and personal

trading practices. Increasingly, advisers are

turning to compliance software to fill the

gap, control their risks and competently

fulfill their compliance obligations. But, as

helpful as these solutions can be — and they

are — they can only inform the process of

compliance. That is, an effective compliance

regime results from regular reviews of data

outputs. Without an investment of “man

hours” to monitor and address compliance

issues or patterns revealed by technology,

these helpful solutions are nothing more than

digital filing cabinets. And yet, who has that

kind of time for constant review?

Insider Trading: Increased Scrutiny, Surveillance and Violations In congressional testimony provided in

March 2009, then-SEC commissioner

Elisse Walter announced the development

and deployment by the Commission of

technological tools to identify trading

patterns that may signify illegal trading

activity by advisers, hedge funds and other

financial industry participants and their

staff. Then in October 2009, one of the

largest hedge fund insider trading cases in

history was filed by the SEC in a Manhattan

federal court against California-based

Galleon Management, LP and its founder

and chief executive, among others, sending

shockwaves through the investment

community. Speaking at a news conference

shortly after the announcement of the

Galleon case, Robert Khuzami, then-SEC

Enforcement Director, stated his suspicion

that insider trading was a systemic problem

at many hedge fund managers and

expressed the Commission’s determination

to aggressively seek out and pursue those

engaged in unlawful trading activities.

The Commission has been as good as

its word. After peaking at 61 cases in 2008,

the number of insider trading-related cases

have steadily risen year-over-year from 37 in

2009 to 58 in 2012. In the “2014 Examination

Priorities” release of the National Examination

Program (NEP) of the Office of Compliance

Inspections and Examinations of the SEC, the

Commission listed ferreting out fraudulent

conduct as among the “most significant”

initiatives across the program. In that release

the Commission further specified that

“… the NEP will continue to utilize and to

enhance its quantitative and qualitative

tools and techniques to seek to identify

market participants engaged in fraudulent

or unethical behavior.” All indications are that

many more insider trading allegations will be

levied in the coming months and years as a

result of the Commission’s stepped-up efforts.

In response, advisers and hedge fund

managers are examining the effectiveness

of their own internal surveillance efforts to

apply the lessons of insider trading cases to

their operations and avert the firm-shuttering

media attention allegations of wrong-doing

can bring. Obviously, these advisers’ efforts

include revisiting policies and procedures and

scheduling mandatory staff training sessions.

However, they continue to struggle with

how best to use the information on-hand to

identify potential abuse occurring right under

their noses.

On February 6, 2014, Matthew Martoma, a former trader at SAC Capital Advisers, a hedge fund founded by

billionaire Steve Cohen, was found guilty in federal court for illegally trading on material nonpublic information.

His former firm had only months earlier agreed to pay nearly $2 billion in settlements relating to insider trading

by its employees. Meanwhile, the SEC is seeking to ban Mr. Cohen from the securities industry altogether for

failing to supervise employees in connection with illegal trading activity. These highly publicized headlines are

just the tip of the iceberg. Martoma, now facing the very real possibility of several decades in prison, is the 79th

person to be convicted or plead guilty to charges of insider trading since a legal and regulatory offensive on

the practice was initiated in 2009. The 80th is likely already waiting in the wings.

Finding the Balance on Personal Securities ComplianceWho’ll Be Number 80?

SponSored Article

Personal Securities Trading and Code of Ethics Personal trading practices of firm insiders

have been an area of scrutiny by SEC

examiners for years. This is because, when

investment advisory personnel invest for

their own accounts, conflicts of interest

arise between the employee’s interests

and those of the adviser’s clients. Advisory

personnel may, for example, usurp an

investment opportunity that would have

been appropriate for the firm’s clients. They

may also abuse their positions with the

firm by “frontrunning” client trades. When

frontrunning, advisory personnel seek to

personally benefit from the market effect of

trades placed for the adviser’s clients. Even

with the best efforts of the firm’s trade-desk,

large trades placed for clients have the

potential to affect the price of a security.

This is true for both long positions and short

positions, with long positions potentially

driving up the price of a security and short

positions potentially driving down the

price. The possibility of driving the price of a

security up or down before placing a trade

in the same security for a personal account

provides an opportunity for certain advisory personnel with knowledge of anticipated client trades to personally benefit from client trades. It almost goes without saying, but this is illegal.

To address these and other issues, in 2004 the SEC adopted Rule 204A-1, the Code of Ethics Rule, under the Investment Advisers Act of 1940 (Advisers Act). In addition to requiring the adoption of a code of ethics, the Rule requires that firms monitor the personal trading activities of their supervised persons with access to certain information regarding

client portfolio holdings, transactions or

recommendations and identify improper

trades or patterns of trading by those access

persons. In a 2008-issued “Compliance Alert,”

the Commission warned advisers of the

most common deficiencies found during

examinations. Among these, they cited:

F Adviser’s code of ethics was incomplete.

F Adviser’s code of ethics was not followed

F Reporting requirements were not

followed and/or monitoring was not

performed.

F Disclosure (regarding the firm’s code of

ethics provisions) was inaccurate.

For example, the Commission specifically

noted, among other common deficiencies

causing concern, that:

“Access persons did not submit, or did

not submit in a timely manner, reports

of their personal securities transactions

or holdings consistent with applicable

regulations or the adviser’s policies and

procedures. Also, some advisers did

not review reports of access persons’

personal trading for indications that

trades were inconsistent with applicable

regulations or the adviser’s policies and

procedures.”1

Unfortunately, far too many advisers

view the Code of Ethics Rule provisions

as mere recordkeeping requirements and

fail to adequately scrutinize employee

trades for the above-listed abuses,

among others. Even then, they often

don’t know if their records are complete.

Others squander countless hours and

resources manually comparing personal

securities transaction reports to the

firm’s trading activity, restricted lists and

other written procedures, such as pre-

clearance requirements, despite the fact

that personal trading information can be

effortlessly and effectively evaluated for

these and other compliance breaches

through appropriate software analysis.

A “Reasonable” Approach Creating effective procedures and

documentation that meet regulatory

requirements while also seeking to prevent

insider trading within an organization is

a challenge most advisers face. Manual

collection and review of personal trading

activity data as well as required reporting

is often an arduous process; ineffective,

cumbersome and error prone. While

software can manage the time and resource-

intensive comparisons and pinpoint the red

flags, it cannot undertake the analysis of

them once they’re identified. This is where

“man power” has the most impact. But

even at this stage, the volume of scrutiny

required could be overwhelming for some

compliance officers.

A sound balance can be achieved by

using a system such as the NRS Personal

Securities Trading Module and engaging

NRS consultants who are experts in

compliance. This NRS ComplianceGuardian™

module coupled with NRS consultants can:

F Align your firm’s code of ethics with

compliance mandates

F Ensure the code of ethics is properly

implemented within the software so that

trade activity is monitored against your

firm’s rules

F Manage multiple restricted lists based on

your firm’s different trading groups

F Monitor any exceptions noted by the

system while processing personal trading

activity

F Raise an alert when red flags are identified

that require review and redress

F Automate reporting and attestations for

annual holdings, quarterly transaction

and initial holdings

F Manage heightened supervision

individuals easily

While it is true that no compliance officer,

system or program will be able to identify

and avert all problems all of the time, it is

important to remember that reasonableness

is the standard. Rule 206(4)-7 under the

Advisers Act requires that advisers adopt

policies and procedures reasonably designed

to prevent, detect and correct violations

under the regulation. In this day and age, it is

simply not reasonable to allow compliance

problems to arise that could have been

averted through responsible utilization and

review of data already compiled by the firm.

Making your firm’s compliance program

more comprehensive by incorporating

software that manages this data and man-

power with compliance expertise to analyze

the findings, the reasonableness of your

program will be beyond reproach.

1 In hindsight, the 2008 Compliance Alert appears to have

been a prelude to the legal and regulatory offensive

against trading abuses, such as insider trading, which

manifested in earnest beginning in 2009.

www.nrs-inc.com/personaltrading

For more information visit www.nrs-inc.com/personaltrading or call 1-860-435-0200

© 2014 National Regulatory Services. All rights reserved. Printed in U.S.A.

http://www.nrs-inc.com/personaltrading



Cyber security has taken center stage for CCOs following a series of

well-publicized security breaches at financial institutions over the past

couple of years, with more expected to come. “It is not a matter of if,

but when it is going to happen,” Brian Rubin,

a partner with Sutherland Asbill & Brennan,

told CI.

With that in mind, compliance officers are

working to make sure their firms are ready to

take action if a security breach occurs. They

want to be able to determine quickly how and

why attacks happened, and be able to minimize

the impact it may have on their firms’ clients.

They also want to ensure they are allocating the money necessary to

provide the protections they seek. That doesn’t come cheap. JPMorgan

announced in its shareholder letter this year that the bank will spend

more than $250 million annually on cyber security, and has roughly

1,000 people focused on it.

TURNING TO CONSULTANTSMany firms are turning to legal advisers or consultants for help in

determining if they are following best practices when it comes to

securing their information and making sure they have a robust business

continuity plan, or BCP, in place. C/Os are also turning to outside

attorneys to figure out if they are

in compliance with new guidance

and legislation that is emerging

at the state, federal and industry

levels.

Charles Horn, partner with

Morgan Lewis & Bockius, said he

has seen an increasing awareness

on the part of many firms about how vulnerable they are to cyber

attacks. “Two or three years ago, cyber security was already high up

on their regulatory risk management agendas, and I think it has only

risen in importance over time,” he said. “We’ve seen enough breaches,

hacks, trojan horses and the like that cyber security is one of the key

regulatory and risk management agenda items today.”

Horn advises firms to develop or purchase the right types of security

applications and software for their businesses, and to make sure

they are performing the proper diligence and getting the appropriate

representation and warranties from vendors. “They also need to be

making sure that—in the case of cyber security and breaches—they

understand what their rights and responsibilities are, because many

states have…statutes that require institutions to report when a breach

has occurred,” Horn noted.

With many of the larger institutions now acutely aware of the

potential dangers of cyber theft and what their responsibilities are in

terms of responding to it, they are devoting an increasing amount of

resources to improve their security systems, including implementing

strong firewalls and back-up systems. To help smaller firms, the

Securities Industry and Financial Markets Association recently issued

targeted guidelines.

ExAMSFor their part, regulators expect firms to take cyber security seriously.

“With a lot of these issues, there are overlapping jurisdictions,” Rubin

said, noting that both the Securities & Exchange Commission and

Financial Industry Regulatory Authority have been conducting sweep

exams in the area. The SEC has been examining firms’ cyber security

policies and procedures, and how they’ve responded to any recent

threats (CI, 4/9).

To prepare for such exams, Rubin recommends that firms review

the sample document request letter the SEC posted online. “The

letter covers about 30 or 40 items that firms need to assess in terms

of whether or not their business model is up to date if an attack

happened,” Rubin says.

In response to the sweeps, Horn is telling his clients how to set up

risk management-based policies and procedures. “They need to be well

articulated and set down in writing, and they need to have the buy-in

of senior management and the board of directors,” he said. “There also

has to be a high level of confidence within the organization that this

issue is being properly addressed and documented, and the correct

procedures are being implemented and enforced.”

Venor Capital Management, for one, has been heeding such advice.

“We are taking a look at the SEC guidance, so that we can determine

what we need to do to tighten up or introduce things that we haven’t

done before,” said John Roth, the firm’s general counsel and chief

compliance officer.

State regulators are also tackling cyber security. “We’ve seen a

number of states become active in addressing privacy issues,” said

plAyiNg deFeNse

Cyber Security Takes Center Stage For CCOsRecent reports of a cyber attack on JPMorgan Chase have highlighted for chief compliance officers at financial

services firms the need to ensure their own institutions are as protected as possible and that they have implemented

a fast and effective response plan, should an attack occur. Leslie Kramer looks at the latest thinking among industry

professionals on compliance issues in this tricky field.

Brian Rubin

“It is not a matter of if, but when it is going to happen.”

—Brian Rubin, Sutherland Asbill & Brennan

http://www.complianceintel.com/Article/3329243/Search/SEC-Launches-Cyber-Security-Sweep-%5BUPDATED%5D.html



Paul Bond, partner at Reed Smith. “They are looking at issues of

disclosure and tracking, and at issues pertaining to how you are holding

information and why you have it in the first place.”

A level of transparency is now required in roughly

48 states, each of which have specific laws about

privacy and notification requirements, Rubin said.

“New reporting and notification obligations

are being implemented that companies need

to meet,” said Paul Tiao, partner with Hunton & Williams. “That also means

there is a lot of legal work that

companies that have already been breached need

to do in order to meet these obligations.”

THIRD-PARTY RISKSFirms also have to deal with third-party

cyber security risk. For example, the

Office of the Comptroller of the Currency in October 2013 issued risk

management guidance on third-party

relationships, which continues to set

the agenda for discussions between

financial institutions and their vendors.

Overall, the guidance advocates

evaluating not only the technology

used by third-party providers, but also

how vendors are staffed, how they develop code

and their ability to make corrections when needed, Bond said. “It also

provides a very detailed checklist that goes through all aspects of risk

management that should be reviewed before you sign the contract and

after you sign it.”

Many firms have been trying to apply the OCC standards to their own

contract negotiations, despite the additional regulatory burden it may

create. “It’s provided a lot of clarity and the ability for us to say, ‘Look,

we’re asking about this

because our regulators are

making us ask about it,’”

Bond said.

In May of this year, New

York State’s Department of Financial Services issued

its own report on cyber

security in the banking

industry. The report looked

at a number of practices

the Department perceived

to be taking place and

identified what it called the

industry’s reliance on third-

party software providers as

a continuing challenge for critical banking functions.

Again, Venor Capital is among those firms keeping an eye on third-

party providers. At the end of 2013, it moved some of its information to

a cloud service provider. “That means that we now are not only looking

at vulnerability in our own office, but in those of the cloud provider as

well,” Roth said. The move also created overlap within the firm’s BCP.

“The way we test BCP is different now than when our primary server

was located in-house,” Roth said. “So the ways we access the private

cloud now comes into play when talking about cyber security.”

“If we use our own server, people may not know to try to attack us,

because they wouldn’t know we exist. But now that our information is

on the cloud environment, which is a big server with lots of people’s

information on it, we may become a more natural

target,” Roth said. But he added that the cloud is

an improvement over relying on Venor’s own

systems to protect its information.

COMMUNICATIONMaking sure a firm is compliant with

cyber security requirements is not

always easy. Part of the reason is that

the laws themselves are evolving, Bond

said. “Cyber security law in the U.S. is a

continuing work-in-progress. One thing

that’s important to remember in

the conversation between outside

counsel and financial institutions

is that both sides must respect

the primary role of information

security professionals in making the

necessary information security decisions,” Bond said. That’s because

the law will always trail behind technology, he said.

Tiao also said cyber security needs to be a team issue. “The

companies we work with are complex organizations, and ideally

everyone—the board, the CEO, the senior executives and the security

team—all need to be working together to make sure they have the right

governance plans and structures in place, and that they have set up the

right internal policies and programs in order to be prepared,” he said.

CHANGING COMPLIANCE ROLEAt this point, the main challenge for C/Os is figuring out the best way

to implement cyber security protections enterprise-wide. C/Os will, out of necessity, have to learn more about cyber security issues and get their arms wrapped around them as they work closely with the IT and security officers at their companies, Rubin said.

Roth said the scope of his job has changed. “I have to understand the language and the way these systems work in order to be part of process. A few years ago, I never thought about it, but now I have to try to give guidance on it and figure out what is best practice,” he said. “I need to know about cyber risks, and I have to ask more questions of the IT

professionals about where the real vulnerability is and what it means.”

Years ago, C/Os were learning about the technical and compliance

issues related to email retention and surveillance, and now they are

trying to get up to speed on cyber security and related technology,

meaning that their roles and responsibilities continue to expand. “It’s a

learning curve and all part of the process,” Roth said.

Paul Bond

“Cyber security law in the U.S. is a continuing work-in-progress. One thing that’s important to remember in the conversation between outside counsel and financial institutions is that both sides must respect the primary role of information security professionals in making the necessary information security decisions.”

—Paul Bond, Reed Smith



Compliance professionals are always keen to know what regulators

will be looking for in their next exam. Knowing what topics are in

vogue helps them prepare their own teams, as well as their firm’s

management, for the scrutiny they will be facing—and helps

them target their own efforts on ensuring the firm is adhering to

requirements in the focus areas.

OCIE now releases eagerly-awaited notices outlining its exam

priorities for the year. In 2014, these included new items such as

quantitative trading and interest rate risks, as well as an expansion of

the presence exam model, in the investment management industry.

Among brokerages, the agency said “new and emerging” issues

included Exchange Act Rule 15c3-5, the Market Access Rule; suitability

of variable annuity buybacks; and the fixed income market (CI, 1/23).

With this in mind, and looking at clues offered by regulators in recent

months, attorneys are already looking forward to what compliance

teams can expect in the year ahead.

FEESThe issue of fees has been at the forefront of many compliance

professionals’ thinking since OCIE Director Andrew Bowden pointed

to widespread failures across the industry. In a speech earlier this

year, Bowden said officials found violations or material weaknesses

in controls related to fees and expenses at private equity fund

firms in more than half of all presence exams (CI, 5/14). Some of the

violations examiners uncovered had already been referred to the SEC’s

Enforcement Division, he said.

Mark Perlow, a partner at K&L Gates whose

primary practice is in investment management,

hedge funds and alternative investments, told

CI he thought fees would continue to be a focus

for examiners in the coming year, having “drawn

significant scrutiny in examinations, particularly

relating to [PE] funds.”

He cited a number of specific fee types

where he expected heightened scrutiny. “The SEC seems focused on

buyout fees, group-purchasing programs that allow the manager

to save money and portfolio company directors’ fees, as well as

any expense that could be considered an expense of the manager,”

Perlow said.

Kay Gordon, a partner in the investment management practice

group at Drinker Biddle & Reath, said she

thought the question of fee disclosures would

continue to be a priority across a broad swath

of the industry. “Particularly this year, I believe,

the focus will continue to be in the areas of

dually-registered advisers and [PE] fund advisers,

including in [regards to] any undisclosed

payments, charges and fees affecting investors

and clients.”

CONFLICTS Connected to the question of proper fee disclosures is the disclosure

of relationships that could be considered conflicts of interest. In his

speech earlier this year, Bowden singled out the use of operating

partnerships by many funds as a particular area of concern, saying

such partners were sometimes presented as employees of the fund

adviser when they were in fact being paid for by the fund itself, or

by its portfolio companies, leaving investors unaware that they were

bearing the costs of fund consultants.

The speech attracted criticism among some PE industry

professionals who said the practices identified by Bowden are common,

uncontroversial and don’t run afoul of agreements with investors or SEC

rules. But some market participants conceded that less sophisticated

investors might have been unaware of the practices he cited.

Other potential fee-related conflicts include:

• The shifting of consultant expenses in the middle of a fund’s life,

without properly disclosing the shift to investors;

• Charging for reports provided to investors that are compiled and

distributed automatically using software packages, the costs

of which are borne by investors, contrary to their reasonable

expectation;

• Advisers terminating an individual who was presented as an

employee to investors during fundraising, then rehiring the

individual as a consultant, to be paid by the fund or portfolio;

• Improper receipt of referral fees;

• Improper allocation of investment opportunities across different

funds;

• Lending from the fund to an executive of the manager;

• The sale of a manager’s interest in a PE investment to a fund;

• Allocation of manager expenses to a fund.

whAt to expect wheN you’re iNspected

Attorneys Predict SEC Exam Highlights For 2015Looking ahead to 2015, attorneys expect the Securities and Exchange Commission’s Office of Compliance Inspections

and Examinations to target compliance issues such as conflicts of interest; improper allocations of fees and expenses;

cyber security; the implementation of market structure rules; and the improper use of marketing and promotional

materials. William Sprouse reports on what may lie in store.

Mark Perlow

Kay Gordon



CYBER SECURITY Howard Kramer, a partner in the asset

management group at Willkie Farr & Gallagher,

noted that cyber security is a hot topic for

regulators, given recent well-publicized attacks

by hackers that have resulted in the thefts of

sensitive information.

The SEC cited cyber security as a key

inspection issue for 2014 and launched a sweep initiative to target

registrants’ security policies and procedures, as well as their responses

to recent threats (CI, 4/9). This attention is not expected to dissipate.

“The SEC likely will test the procedures firms have in place to prevent

theft of customer and firm data,” Kramer said. He suggested firms

might retain auditors to examine their cyber security preparedness

before they face agency exams.

MARKETING, PROMOTIONPerlow said the topic of promotional and marketing materials used by

firms was a “perennial area of focus” for the agency and would continue

to be so. “From our experience, the issues here appear to include the

improper use of performance from a prior firm; improper use of gross-

of-fees performance; cherry picking performance in composites; the

improper use of benchmark indices; and the submission of inaccurate

information to consultants and publications, among others. The [SEC]

staff also checks to make sure that any placements agents that are

acting as brokers are registered as such.”

Gordon said the Jumpstart Our Business Startups, or JOBS, Act and

the recently adopted “bad actor” provisions under Regulation D of the

Securities Act had associated marketing, performance and disclosure

issues that would continue to be a focus for the SEC. The agency earlier

this year released guidance clarifying the definition of beneficial

ownership under the bad actor rule (CI, 1/28).

MARKET STRUCTUREAlthough it is probably too early to say which aspect of the broad,

thorny issue of market structure will emerge as an exam focus,

regulators would likely identify some aspect for heightened scrutiny,

Kramer said, noting the SEC’s attention to high-frequency trading that

followed media coverage earlier this year. “Some trading or market

structure issue will emerge that garners new SEC exam attention,”

Kramer said.

Kevin Goodman, national associate director of the broker/dealer

program in OCIE, told CI in an interview in July that examiners were

uncovering a number of problematic compliance approaches as they

looked into implementation of the Market Access Rule, noting that

deficiencies had been found at almost every firm the agency looked at

(CI, 7/24). Examiners had found “the full variety of deficiencies, from

very technical and fairly minor deficiencies to issues that we deem as

much more significant,” Goodman said, though he declined to discuss

whether OCIE had made enforcement referrals.

SUITABILITY OF MUTUAL FUND INVESTMENTS Alternative mutual funds have attracted regulatory attention in recent

months amid their growing popularity. Such funds present “heightened

risk,” particularly with respect to compliance programs, Norm

Champ, head of the SEC’s Division of Investment

Management, said recently (CI, 9/15). With that

in mind, OCIE is conducting targeted exams of

25 alternative mutual fund firms, having said

it is concerned about issues such as leverage,

liquidity, valuation and the marketing of such

funds to investors (CI, 5/1).

Clifford Kirsch, a partner at Sutherland

Asbill & Brennan, told CI he thought the SEC’s 2015 exams would

include a focus on mutual fund and variable annuity share-class

suitability.

BROKERAGESBoth the SEC and the Financial Industry Regulatory Authority have

said they will be focusing on retirement vehicles and rollovers going

forward (CI, 1/8). The SEC in particular said it would be examining

broker/dealers for improper marketing, conflicts and suitability when

recommending the movement of assets from a retirement plan to an

Individual Retirement Account rollover account in connection with a

change in employment. The emergence of rollovers as a priority for

both the SEC and FINRA has suggested to some attorneys the potential

for coordination between the regulators (CI, 1/23).

Kirsch said he expected there to be a focus on B/D branch offices

that raise red flags, receive high volumes of complaints, engage in the

sale of complex or alternative securities or brokers who have a history

of disciplinary activity.

CUSTODYDrinker Biddle’s Gordon said custody would also be a “significant focus”

for the SEC. “This item is particularly important in light of certain

lack of understanding of custody issues by limited segments of the

industry highlighted in the SEC’s previous communications and thus a

continuous likelihood of further findings of deficiencies by the SEC staff

in future exams,” she said.

Howard Kramer

TIPS ON ExAM PREP

Perlow said firms should look over the 2014 list of ociE exam priorities

to make sure they have policies and procedures in place to address each

of them, but that there are limits to what compliance officials can do to

address the unforeseen.

Kramer said the exam styles of both the SEc and of FinRa have

changed over the past two years to become more tied to enforcement.

“Enforcement or ociE attorneys now often are included in examinations

at the early stages, rather than just examiners,” Kramer said. “when this

occurs, a firm should make sure that in-house legal is involved in the early

stages of the examination.”

Clifford Kirsch

http://www.complianceintel.com/Article/3329243/Search/SEC-Launches-Cyber-Security-Sweep-%5BUPDATED%5D.html

http://www.complianceintel.com/Article/3365083/Search/Regulatory-Talk-Kevin-Goodman-SEC.html

http://www.complianceintel.com/Article/3336675/Search/SEC-Plans-Targeted-Exams-Of-Alt-Mutual-Funds.html

http://www.complianceintel.com/Article/3295039/Search/Suitability-Conflicts-Loom-Large-For-BDs-In-2014.html



In addition to economic benefit, filling the CCO position with someone who has legal training is an advantage where there are compliance questions that require legal interpretation. This is particularly valuable given the recent proliferation of regulation, and in areas where guidance from the Securities and Exchange Commission is still developing.

In addition, combining the two roles can elevate the CCO position within the corporate structure of the firm, since the GC often falls within the circle of senior management. This not only facilitates the CCO’s access to senior management, but the increased insight into the investment/operational side of the firm allows compliance to work more seamlessly with the business side. It also gives the GC/CCO a better opportunity to take action to catch issues before they grow into problems.

DIFFERENT ROLES

While there are many benefits to combining the GC and CCO position, and both types of professional provide guidance and advice to asset managers, firms must be cognizant of the potential tension created by the fundamental objective of each role, which in certain instances can diverge.

The role of in-house counsel is to guide the asset management firm through an increasingly complex and demanding regulatory landscape. But as legal adviser, there is a corresponding responsibility to serve as an advocate of the firm. Accordingly, the role of in-house counsel is to chart a course that meets both the applicable regulatory requirements and the specific business needs of the firm.

Given that many of the regulations governing the asset management industry are principles-based rather than black-and-white rules, the GC often finds it necessary to recommend and defend any one of several potential courses of action. Where business needs require the firm to adopt a more so-called “aggressive” position on a particular compliance question, the GC needs to be ready to defend it within the bounds of the law.

The CCO stands in a different position. While the CCO, like the GC, provides guidance to the firm with respect to regulatory questions, he or she does not stand in an advocacy role. Rather, the CCO’s function is to administer the compliance program in such a way as to detect and prevent compliance violations. Where there may be multiple possible solutions to a regulatory question, the CCO is responsible for guiding

the firm to one that will fulfill these goals. From the CCO’s perspective, the best solution for the firm may be a more so-called “conservative” course of action within the range of options that are defendable under applicable law.

This tension is unavoidable where the GC and CCO roles are combined, and with thousands of asset management firms using such an arrangement the issue is a common one. How can a firm balance its legitimate business interests and needs against the potential tensions created by giving the roles of GC and CCO to one individual?

COMPLIANCE COMMITTEE

One mechanism for mitigating the potential conflict is through an internal compliance committee made up of senior management and the GC/CCO. This can be an effective tool for addressing compliance issues where there are perceived competing business and compliance interests such that the roles of GC and CCO may lead the firm down divergent paths.

For example, it can be used where the firm is faced with multiple solutions to a problem and there is little formal regulatory guidance or authority. In instances where the firm has an option to pursue a more compliance-conservative path that is sub-optimal from a business perspective, versus a more aggressive—in other words, risky—solution, the compliance committee can be an effective sounding board.

The GC/CCO has the ability to present all options to the committee and assess the relative risks and rewards of each. The committee then evaluates the different options and, ideally, a consensus is reached among the entire group. In this manner, the tension between the roles of GC /CCO, and the potential for conflict that can arise from the competing responsibilities of each, is mitigated.

The composition, character and powers of the compliance committee will depend on a variety of factors, including the business and strategy of the asset manager, the level of risks involved, and the personalities and skillsets of senior management.

In addition to the GC/CCO, likely candidates are the CEO, other senior investment professionals, the CFO and the head of investor relations. In terms of powers, there are a range options. The compliance committee can perform a purely advisory function. The committee can provide counsel and guidance to the CCO and the senior managers who are the responsible decision-makers. Other firms may want the compliance

compliANce cliNic

How To Handle Having A Combined CCO/GCBy Edward T. Dartley of Pepper Hamilton

The role of the chief compliance officer has expanded and risen in importance over the last

several years. Asset management firms often fill this position with someone who also serves

as in-house counsel. Economics in many cases drives this decision, although there are many

firms with several billion dollars under management that choose to do so.

While there are many benefits to combining the GC and CCO position … firms must be cognizant of the potential tension created by the fundamental objective of each role, which in certain instances can diverge.

Visit the New Community Section

www.ComplianceIntel.com/Community

Network with key industry professionals, get a read on the industry voice, view live podcast interviews, share your opinion and more!

Blogs

Polls Industry Resources

Event listings

Implementing Today’s Regulations for Asset Managers and Brokers

Institutional Investor Intelligence, A Division of Institutional Investor LLC.



committee to have a stronger function, where the committee is empowered to make recommendations to be followed in instances where there is a potential conflict of interest.

OUTSIDE ADVISERS

An alternative to the formation of a compliance committee is the use of outside advisers in circumstances where the roles of GC and CCO present the potential for conflict. When a regulatory issue involves both legal analysis and advocacy, as well as compliance analysis, the presence of an experienced third-party adviser or consultant can mitigate or eliminate the conflict.

Again, the nature and circumstances of the regulatory problem should guide the approach. The asset manager may need the GC/CCO’s legal expertise and deep knowledge of the firm to guide the legal analysis. In those instances, a compliance consultant, preferably one who knows the firm and its compliance program, can provide the asset manager with advice on potential compliance strategies and solutions. In other cases, it will be more appropriate for the GC/CCO to use his or her experience to focus on the CCO-related issues, and bring in outside legal counsel to provide the legal analysis.

PRIVILEGE

Serving as GC and CCO raises another challenge for both the individual and the firm—the use and protection of the attorney-client privilege. Regulatory questions often have both legal and compliance components to them. An asset management firm that has a combined GC/CCO can gain the protection of the attorney-client privilege for the firm’s consideration of such issues, if properly structured. But protection of the privilege

requires care. The GC/CCO needs to be mindful of the role that is being played at

any point in the process, and should regularly ask whether he or she is acting in a legal or a compliance capacity. This is particularly true when engaging in written or email communications, where a blend of legal, compliance and business topics may be discussed. Where the GC/CCO is comfortable that the subject matter is legal in nature and deserving of protection, that communication should include an express designation that it is privileged and confidential.

At the same time, blanket designations of communications as privileged will not protect the firm if ever challenged, for instance in an SEC examination. On the contrary, over-designation runs the risk that all communications identified as privileged become the subject of scrutiny, including those that are legitimately deserving of the protection.

Equally important is that the asset manager’s senior management understand that the GC/CCO may be playing differing roles when addressing a regulatory issue, and that care be exercised when reaching out to the GC/CCO for advice. The GC/CCO in this position should sensitize the firm to these issues, stressing the need to be thoughtful about whether or not to communicate an issue in writing or electronically. This topic can be easily added to the firm’s annual compliance training.

Fulfilling the CCO function has become increasingly challenging over the last several years. Combining the CCO and GC roles can help meet those challenges—particularly where there is an understanding and willingness to address the potential tensions that may arise.

Edward T. Dartley is a financial services attorney with Pepper Hamilton in New York, and previously served in a dual role at an asset management firm.

Visit the New Community Section

www.ComplianceIntel.com/Community

Network with key industry professionals, get a read on the industry voice, view live podcast interviews, share your opinion and more!

Blogs

Polls Industry Resources

Event listings

Implementing Today’s Regulations for Asset Managers and Brokers

Institutional Investor Intelligence, A Division of Institutional Investor LLC.

http://www.complianceintel.com/community



While the implementing regulations were effective April 1, 2014, the

rule contemplates a “conformance period” during which affected

banking entities will be allowed to adapt their activities and

investments to comply.

The Fed has extended the conformance period to July 21, 2015 and

has the authority to extend it twice more, with each extension being

for a period of up to one year.

Compliance officers, however, should not count on the additional

time being granted and should assume that their organization must be

in compliance by the summer of 2015. In the meantime, C/Os should

take note of how the FAQs will affect their firm’s preparations.

Question 1: For those subject to quantitative measurement and reporting requirements, when should reports be made if the deadline falls on a weekend or holiday? How should metrics be calculated during the initial reporting periods?

Beginning July 1, 2014, the largest banking entities—those with at least

$50 billion in trading assets and liabilities as calculated according to

the rule—must start measuring and recording required daily metrics.

These metrics must be reported within 30 days of month-end, unless

that date falls on a weekend or holiday, in which case the deadline is

the following business day. The initial reports covering daily metrics

for July, 2014 must be filed by Sept. 2, 2014. This 30-day reporting

window will be shortened to just 10 days beginning with information

for the month of January 2015 (report to be due by Feb. 10, 2015).

In addition, the agencies clarified how metrics for the first two

months should be reported based on a 30-day, 60-day or 90-day

calculation period. Daily metric recording did not begin until July 1,

so the initial report, due Sept. 2, may include only a 30-day calculation

period. Likewise the second report, due Sept. 30, may include only

30-day and 60-day calculations. The third report, due Oct. 30, and all

subsequent reports must include data for all calculation periods.

Compliance departments at these large organizations should ensure

that both systems and processes are in place to record the necessary

metrics on a daily basis and compile them at the end of the month.

Additionally, C/Os should be assessing the time and resources required

to produce the reports within the 30-day reporting window in order to

develop and implement a plan by the end of the year to ensure that the

entity will be able to meet the shortened 10-day window that becomes

effective early next year.

Question 2: Must trading desks that span multiple affiliated banking entities report metrics to multiple agencies?

“Trading desk” is defined as the smallest discrete organizational unit

of a banking entity that purchases or sells financial instruments for the

trading account of the banking entity or an affiliate. As explained by

the agencies, this approach has the advantage of providing a narrow

definition so banking entities can customize limits and procedures

to individual trading desks and adjust those limits and procedures in

recognition of the instruments and markets used by the desk.

This approach also inherently acknowledges that trading desks

may trade instruments for affiliates of the banking entity and may

hold positions in the name of different entities. The implementing

regulations subsequently require a trading desk to identify all positions

for which it has a financial exposure, as well as the legal entities where

such positions are held.

If quantitative measurements must be reported to an agency, and if

the trading desk spans multiple affiliates, the trading desk must report

compliANce cliNic

Volcker Rule FAQs: What CCOs Need To KnowBy Julius L. (“Jerry”) Loeser and Sterling Sears of Winston & Strawn

Sterling SearsJulius L. Loeser

On June 10, six months after issuing regulations to implement the Volcker

rule, the Federal Reserve Board, the other federal bank regulators, and the

Securities and Exchange Commission issued guidance on the implementing

regulations in the form of six frequently asked questions. The first two FAQs

address proprietary trading questions, while the other four are focused

on how the rule affects banking entities that acquire or retain ownership

interests, or sponsor, so-called “covered funds”—generally, private investment funds relying on section 3(c)(1) or

3(c)(7) of the Investment Company Act.



to each agency with jurisdiction over the affiliates under section 13 of

the Bank Holding Company Act. However, separate calculations for

each sub-set of positions held at an affiliated entity are not required

as the trading desk may report positions on a desk-wide basis to all

appropriate agencies.

Compliance departments should create programs and procedures

to track:

• The total exposure of the trading desk;

• The affiliated entities where such positions are held;

• Which agencies are entitled to reports.

Question 3: How does the rule against prohibited activities and investments apply during the conformance period?

During the conformance period, the banking entities should

engage in good faith efforts to bring their activities into compliance.

Unfortunately, the agencies have provided scant guidance on what

constitutes a “good faith effort” to make the institution compliant by

the deadline. However, such efforts include:

• Evaluating the extent to which the entity is engaged in covered

activities and investments;

• Developing and implementing a specific plan to conform by the

deadline.

We believe that undertaking new activities that cannot be

unwound by July 21, 2015 (e.g. investing in fund shares that cannot be

divested by July 21, 2015) would not be consistent with engaging in a

good faith effort.

Compliance departments should prepare for full compliance by

July 21, 2015 as the agencies have stated that banking entities should

not expand activities nor make prohibited investments during the

conformance period with the expectation that additional time will be

granted.

Question 4: What qualifies as loan securitization servicing assets?

The regulation implementing the rule exempts loan securitizations

from the definition of the term “covered fund.” However, this

exemption is premised on the fund’s assets being limited to:

• Loans and certain other assets designed to assure the servicing

or timely distribution of proceeds to holders of its asset-backed

securities;

• Other incidental assets provided that such servicing asset meets

the requirements of the rule.

The agencies explained that a servicing asset may be any type of

asset, but, if the servicing asset is a security, it must be a “permitted

security.” This, in turn, means either a cash equivalent or a security

received in lieu of a previously contracted debt. As provided in

the implementing regulations, the term “cash equivalents” means

high quality, highly liquid short-term investments whose maturity

corresponds to the securitization’s expected need for funds and whose

currency corresponds to either the underlying loans or the asset-

backed securities.

Compliance departments should review the types of assets that

are being used as servicing assets and should advise the business lines

about the rules going forward so that loan securitizations are properly

structured to avoid “covered fund” status.

Question 5: Is an exclusion available for foreign public fund seeding vehicles?

The implementing regulations exclude from the definition of the term

“covered fund” certain non-U.S. public funds, i.e. issuers:

• Organized outside the U.S.;

• Authorized to sell ownership interests to retail investors in their

home jurisdictions;

• Selling those interests predominantly through public offerings

outside the U.S.

The regulation also excludes seeding vehicles that will become

U.S. registered investment companies, or RICs, but does not address

seeding vehicles for non-U.S. public funds.

The agencies clarified that seeding vehicles for non-U.S. public

funds will not be treated differently than seeding vehicles for RICs if

the non-U.S. seeding vehicle is formed and operated pursuant to a

written plan to become a qualifying foreign public fund.

C/Os wishing to qualify for the exclusion must create a plan that

documents the banking entity’s determination that the seeding

vehicle will become a foreign public fund, the time period during

which the vehicle will be a seeding vehicle, the planned marketing of

the seeding vehicle to investors within one year of its establishment,

and the planned operation of the seeding vehicle consistent with the

investment strategy (including leverage) of the issuer upon becoming a

foreign public fund.

Question 6: What does it mean for a covered fund to share the same name or a variation of the same name with a banking entity?

While the rule generally prohibits a banking entity from acquiring or

retaining an ownership interest in a covered fund or sponsoring such

a fund, it also expressly permits a banking entity—subject to certain

conditions—to organize and offer a fund to its investment advisory

or trust customers. Those conditions include the fund not sharing the

same name or variation of the same name with the banking entity or

any affiliate of the banking entity.

The FAQ explains that banking entities should avoid featuring the

same root word, initials or logo, trademark or other corporate symbol

used by, or referencing, a connection with the banking entity or

affiliate thereof.

C/Os should review the name of each permitted covered fund to

ensure that it is sufficiently distinct from the name of the banking entity

such that the fund’s use of the name is unlikely to lead to customer confusion regarding the relationship between the two entities. In particular, the name should avoid the appearance that assets of the banking entity will insure the assets and performance of the fund.

Julius L. (“Jerry”) Loeser is of counsel and Sterling Sears is an associate

with Winston & Strawn LLP’s Chicago office.



Notably, in FINRA’s exam priorities letter, the self-regulatory organization stated that it believed there was a misconception among some “executing brokers” that Customer Identification Program, or CIP, requirements do not apply to delivery versus payment/receipt versus payment (DVP/RVP) customers or that the prime broker is exclusively responsible for CIP on those customers.

NASD Rule 2340 defines a DVP/RVP account as an arrangement whereby payments for securities purchases are made to the selling customer’s agent and/or delivery of securities sold are made to the buying customer’s agent in exchange for payment at time of settlement, usually in the form of cash.

From an AML perspective, DVP/RVP accounts meet the definition of “account” for CIP purposes. However, the DVP/RVP account is often held in the name of a U.S. institutional customer regulated by a federal functional regulator and therefore excluded from CIP, or the prime broker and executing broker have a formal reliance agreement allocating CIP responsibilities. Absent these scenarios, AML compliance officers (AMLCOs) should revisit their CIP efforts to ensure that, in the appropriate scenarios, their CIP adequately addresses DVP/RVP customer relationships.

OMNIBUS/MASTER-SUB ACCOUNTSOver the years, regulators also have discussed their expectations

with respect to CIPs for certain omnibus and/or master-sub account relationships. Given FINRA’s 2014 regulatory and exam priorities letter, now may be a good time for AMLCOs to consider whether certain omnibus or master-sub account relationships require a CIP—including any enhanced due diligence requirements pursuant to Section 312 of the USA Patriot Act for certain correspondent accounts—when assessing their AML risk-based programs.

Generally, an omnibus account is an account for an entity that is acting as an intermediary on behalf of others and the B/D’s customer is the intermediary. This is true even if the B/D has some information

about beneficial owners of the omnibus account. However, AMLCOs should not simply rely on this general understanding when determining if a CIP is required for an omnibus account.

Indeed, for an omnibus account, the B/D may treat the intermediary as its customer for CIP as long as it meets the 2003 guidance set forth by the Financial Crimes Enforcement Network and the Securities and Exchange Commission (see Question And Answer Regarding The Broker/Dealer Customer Identification Program Rule, 31 C.R.F. §103.122, Oct. 1, 2003). AMLCOs should review this guidance carefully and make sure that in those instances where the B/D may have some beneficial ownership information related to an omnibus account that the account continues to permit the B/D to treat the intermediary as its customer for CIP purposes.

FINRA also has discussed those instances where a B/D may need to treat sub accounts, instead of the intermediary, as the customer for CIP purposes. FINRA Regulatory Notice 10-18, issued in April 2010, highlighted the SRO’s concerns with master/sub account relationships.

AMLCOs should consider carefully whether certain master/sub accounts create concerns such that the beneficial owner should be considered the customer for CIP purposes. Put another way: In the master/sub account relationships, what controls do the beneficial owners of the sub accounts have, and is the master omnibus account in fact being intermediated by the master customer? If not, then regulators are likely to require the B/D to treat the sub-account holder as a customer under its CIP.

The variety of ways B/Ds establish relationships with institutional accounts means that AMLCOs should review carefully those account relationships when assessing the risks attendant with their AML programs. This assessment should include a review of the B/D’s institutional accounts to ensure the B/D is appropriately identifying who its customer is for its CIP. AMLCO assessments of their CIP have become increasingly important given FINRA’s 2014 regulatory and exam priorities letter.

Paul M. Tyrrell is counsel with Sidley Austin LLP in Boston.

compliANce cliNic

Why CCOs Should Check CIPs For Institutional Accounts By Paul M. Tyrrell, Sidley Austin

Paul M. Tyrrell

The Financial Industry Regulatory Authority continues to scrutinize broker/dealers’ anti-money

laundering programs—particularly where they deal with AML obligations related to institutional

accounts. Indeed, FINRA’s January 2014 regulatory and examination priorities letter highlighted

that it “will focus on AML issues associated with institutional business” (CI, 2/6). Although this

focus is not necessarily new, it certainly has placed B/Ds’ institutional account relationships front

and center in 2014.



mailto:[email protected]

REGISTER YOUR PLACE BEFORE OCTOBER, 10 2014 FOR BEST VALUE RATES!

Media Partners:

NRS Technology and Communication Compliance Forum

November 11-13, 2014 - Hyatt Boston Harbour, Boston

www.nrs-conferences.com/techcomms

CyberSecurity, IT risk and disaster recovery DAY2

Annual review and testing of technology and communication compliance DAY3

Social media, advertising and marketing DAY1

The digital technology revolution has forever changed the role of compliance

Attend one day or all three days to gain a complete overview of regulation, best practice and processes:

1950 NRS Tech Forum 2014 US A4 Ad.indd 1 01/09/2014 13:04

http://www.nrs-conterences.com/techcomms

Documents

2014...Compliance Reporter), looking at some of the key challenges and trends affecting chief compliance officers at brokerage and asset management firms in 2014 and beyond. One of