Certify your compliance knowledge
Investment Advisor Certified Compliance Professional® (IACCP®) Program
Learn more at www.nrs-inc.com/IACCP
NRS-IACCP-8.5x2-strip-ad-v2.indd 1 9/12/14 8:38 AM
2014
How Brokers &
Asset Managers
Can Stay On Top
© Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997. 3
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
EDITORIAL
Veronica Belitski Mark Fortune
Editors
Ben Maiden Managing Editor
(212) 224-3281
Peter Rawlings Senior Reporter
(212) 224-3267
Katie Segreti Director of Data
(212) 224-3228
William Sprouse Aggregated News Editor
Kieron Black Sketch Artist
PRODUCTION
Dany Peña Director
ADVERTISING
Joseph Parsons V.P. Global Head of Sales
Patricia Bertucci Associate Publisher
(212) 224-3890
PUBLISHING
Robert Dunn Commercial Director (212) 224-3712
Tracey Redmond Head of Custom Media Events
Anna Lee Marketing Director (212) 224-3175
Mary D’Alessio Marketing Manager (212) 224-3117
Vincent Yesenosky Head Of U.S. Fulfillment (212) 224-3057
Nina Bonny Customer Service Manager (212) 224-3433
CORPORATE
Richard Ensor Chairman
David Antin Chief Executive Officer
Customer Service: PO Box 5016, Brentwood, TN 37024-5016Tel: 1-800-715-9195 • Fax: 1-615-377-0525 UK: 44 20 7779 8704 • Hong Kong: 852 2842 6910E-mail: [email protected]
Editorial Offices: 225 Park Avenue South, New York, NY 10003. Tel: 1-212-224-3281 • Email: [email protected]
Institutional Investor Hotline: (212) 224-3570 and (1-800) 437-9997 or [email protected]
A Publication of Institutional Investor, Inc.
© Copyright 2014. Institutional Investor, Inc. All rights reserved.
Copyright notice. No part of this publication may be copied, photocopied or duplicated in any form or by any means without Institutional Investor’s prior written consent. Copying of this publication is in violation of the Federal Copyright Law (17 USC 101 et seq.). Violators may be subject to criminal penalties as well as liability for substantial monetary damages, including statutory damages up to $100,000 per infringement, costs and attorney’s fees.The information contained herein is accurate to the best of the publisher’s knowledge; however, the publisher can accept no responsibility for the accuracy or completeness of such information or for loss or damage caused by any use thereof.
From the editors of: Compliance Intelligence
EDITOR’S NOTEWelcome to the latest special report from Compliance Intelligence (the exclusive service from Compliance Reporter), looking at some of the key challenges and trends affecting chief compliance officers at brokerage and asset management firms in 2014 and beyond.
One of the results of post-financial crisis reforms is that fewer and fewer financial entities can escape having a regulator keeping tabs on them. Over recent months, for example, hundreds of municipal advisers have enrolled with both the Municipal Securities Rulemaking Board and the Securities and Exchange Commission—for many, their first registration. Not only will many of them face an SEC exam to see how they’re faring with the new regulatory regime, they’ll also be trying to comply while many of the rules governing them are still to be completed (see story, page 4).
Cyber security, as anyone with a bank account knows, has become a somewhat nerve-wracking issue. Firms, as well as individuals, can suffer tremendous losses from hacking attacks and it is widely assumed that no one is entirely immune. For CCOs, these threats mean working closely with IT colleagues and management to figure out how best their institution can prepare for and respond to a breach—all under the watchful gaze of the regulators (see story, page 14).
Less terrifying but just as important—and as work-intensive—will be preparations for implementing the 869 pages of money market mutual fund reforms (see story, page 6). As ever, CCOs will have their hands full dealing with SEC exams, and we present attorneys’ thoughts on what may be the agency’s priorities when it comes knocking in 2015 (see story, page 16).
Elsewhere in this report, we present extracts of recent CI interviews with senior regulators: Kevin Goodman, national associate director of the broker/dealer exam program in the SEC’s Office of Compliance Inspections and Examinations (see story, page 8); and Patricia Struck, head of Wisconsin’s Division of Securities and leader of the North American Securities Administrators Association’s Investment Adviser Section (see story, page 10).
We also present practical guidance from industry attorneys on dealing with having a combined CCO and general counsel (see story, page 18); what guidance on the Volcker rule means for firms busy implementing it (see story, page 20); and the importance of checking Customer Identification Programs (see story, page 22).
We hope you find this report to be helpful. As always, please contact me any time with any comments, questions or suggestions you may have.
Kind regards
Ben Maiden, Managing Editor+212 224 [email protected]
4Muni Reforms To Occupy CCOsBy Ben Maiden, CI
The MSRB is taking on a bigger role as municipal advisers register amid new rules.
6Money Fund Reforms Create ChallengesBy Peter Rawlings, CI
The long-awaited SEC reforms will keep CCOs busy over the coming year.
8Regulatory Talk: Kevin Goodman, SECThe head of OCIE’s B/D exam program spoke to CI about the focus on fixed income.
10Regulatory Talk: Patricia Struck, NASAAThe leader of NASAA’s IA Section talked with CI about key issues in state inspections.
14Cyber Security Looms LargeBy Leslie Kramer, Contributor
CCOs are playing a key role for firms in preparing for attacks.
TABLE OF CONTENTS
1816 How To Manage A Combined CCO/GC RoleBy Edward T. Dartley of Pepper Hamilton
Combining the CCO and GC position can create tensions.
Lawyers Eye SEC’s 2015 ExamsBy William Sprouse, Contributor
Conflicts of interest, fee allocations and market structure may be on the menu.
20What The Volcker FAQs Mean For FirmsBy Julius L. Loeser and Sterling Sears of Winston & Strawn
CCOs should take note of guidance issued this summer as they implement the reforms.
22Checking CIPs For Institutional AccountsBy Paul M. Tyrrell, Sidley Austin
Regulators continue to scrutinize B/Ds’ anti-money laundering programs.
4 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
It seems fitting that the Municipal Securities Rulemaking Board announced recently that it has signed an agreement to move its office operations back to Washington, D.C. in 2016. The self-regulatory organization had moved across the Potomac to Alexandria, Va., in 2001 and, after marking its 40th anniversary next year, will return to the capital. The symbolism is apt at a time when the MSRB is taking on a higher-profile role as regulator for a market that has attracted growing attention.
Most notably, hundreds of municipal advisers have registered with both the MSRB and the Securities and Exchange Commission during a phase-in period that will run until the end of October. That shift was mandated under Section 975 of the Dodd-Frank Act, which established a new regulatory regime for municipal advisers. The SEC in September 2013 adopted a long-awaited final rule establishing a permanent registration regime for municipal advisers (CI, 6/12).
Most of these newly enrolled municipal advisers were not previously registered with regulators as either brokers or advisers. As such, they and their chief compliance officers will have to get to grips with a new regulatory framework—and, to make matters more tricky, one that is still in the process of being formulated.
The MSRB in recent months has released for comment rule proposals that would:
• Extend its pay-to-play restrictions beyond dealers to municipal advisers;
• Impose supervisory and compliance obligations on municipal advisers when they engage in municipal advisory activities;
• Amend its professional qualification rules to create requirements for municipal advisers and their associated persons;
• Set standards of conduct and duties of municipal advisers when engaging in municipal advisory activities other than undertaking solicitations.
Among these plans, the MSRB would amend Rule G-37, which is designed to ensure that “high standards and integrity of the municipal securities industry are maintained, to prevent fraudulent and manipulative acts and practices, to promote just and equitable
principles of trade, to perfect a free and open market and to protect investors and the public interest.”
The proposed changes would bar municipal advisers from engaging in municipal advisory business with municipal entities for two years if certain political contributions have been made to officials who can influence the awarding of business—as the existing rule does for dealers (CI, 8/22). Municipal advisers would also have to disclose their political contributions to officials and bond ballot campaigns for posting on the MSRB’s
Electronic Municipal Market Access, or EMMA, website. Again, dealers already comply with this provision.
SEC ExAMSTo add to the fun, municipal advisers will also face visits from the SEC’s Office of Compliance Inspections and Examinations. The exams are intended to “establish a presence with the newly regulated municipal advisers,” officials said in an announcement in August. Over the next two years, OCIE staffers will look at a “significant percentage” of these municipal advisers. Areas on the agency’s radar for scrutiny may include a municipal adviser’s compliance with its fiduciary duty to its municipal entity clients, books and recordkeeping obligations, disclosure, fair dealing, supervision and employee qualifications and training.
Attorneys in late August told CI that firms will need to take great care of these exams, not least because some of the rules they may be quizzed on are yet to be completed, meaning that shops may not have finalized their compliance plans yet.
The SEC says OCIE will only examine firms for compliance with forthcoming rules “as and when those rules have been finalized.” But Bingham McCutchen Partner Amy Kroll said that although inspectors may focus on completed regulations, firms won’t necessarily avoid scrutiny in regards to forthcoming rules. “I do think they’ll expect you to have policies to address general topic areas even if the particular rules aren’t finished,” she told CI. “They’ll want to see that the municipal advisers are familiar with the proposals and, to the extent possible, are following the principles the proposals
Advisers FAce New exAms
Muni Regs Grab CCOs’ AttentionThe municipal securities industry may be valued at $3.7 trillion, but until recently it hasn’t had the kind of
regulatory and compliance prominence that it merited. Now, with a wave of new registrants and new rules, things
are changing. Compliance professionals will be spending a lot more time thinking about municipal issues in the
year to come. Ben Maiden rounds up the latest developments.
Amy Kroll
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
articulate.”In terms of the pay-to-play proposal, for example, Kroll said that,
while there’s no existing prohibition on the activities at issue, firms should probably ensure they implement policies and procedures that require associated persons to check with compliance teams before making political contributions.
Skadden, Arps, Slate, Meagher & Flom Partner Kenneth Gross warned CCOs that complying with the pay-to-play proposal may be tricky for municipal advisers because they have a continuing fiduciary duty to their clients. In contrast, underwriters that already have to comply with the rules have more episodic interactions with clients.
“Since advisers have ongoing relationships, if a municipal adviser or covered employee makes a political contribution that triggers a ban on business, the adviser won’t be able to simply drop a client,” Gross said. “Instead, to comply with its fiduciary duty, the adviser will have to continue to advise while arranging for an orderly transition to another provider. After this transition, the two-year ban on business will commence.”
BEYOND ADVISERSThe MSRB hasn’t been focused solely on municipal advisers, however. The SRO’s Board of Directors at its quarterly meeting in July/August agreed to pursue measures designed to enhance price transparency for investors (CI, 8/12).
The Board plans to publish a proposal this fall on the disclosure of
information by municipal securities dealers to their retail customers, with the aim of helping them better understand some of the factors related to the costs of their transactions. The proposal will focus on the disclosure of customer confirmations of the price of a corresponding dealer transaction in the same security that occurs on the same day as the customer trade, officials said.
The MSRB believes the changes would give investors information broadly already available on EMMA—but would provide it more directly to investors in connection with their transactions so they can assess prices they receive from dealers. The SRO will also ask for feedback on alternative approaches such as markup disclosure on confirmations for trades that could be considered riskless principal transactions.
In another price transparency initiative, the Board approved a request for input on enhancing its Real-time Transaction Reporting System to collect additional post-trade information for public display on EMMA.
The MSRB Board also decided to proceed with a proposed rule
that would establish a best execution standard for transactions in the
municipal market by requesting approval from the SEC. This would
for the first time it imposes explicit requirements for municipal
securities dealers to seek the most favorable price possible when
executing transactions for retail investors. It would also create an
exception for transactions with sophisticated municipal market
professionals (CI, 3/20).
6 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
Overwhelmed by Regulatory Concerns?
Let ACA help.• Mock SEC, FINRA, NFA, and FCA inspections
• GIPS® verification
• Compliance program reviews
• Policy and procedure development
• Personal trading reviews
• Electronic communications reviews
• Marketing literature reviews
• Tailored turnkey registration services
• On-site CCO support
• Ongoing consulting
USA EUROPE ASIA BRASIL
For more information, visit acacompliancegroup.com or call (212) 868-5940.
The new money market mutual fund rules, which provide a two-year transition period for the industry to come into compliance, create several new categories of money market fund (see box, page 7). The SEC will continue to permit retail money market funds and government funds to maintain a stable net asset value. But institutional prime money market funds will have a floating NAV, with daily share prices fluctuating along with market values.
RETAIL v. INSTITUTIONAL“The first thing that has to happen is figuring out which funds are going to be floating funds, and which are going to be stable NAV funds, because there will be different policies and procedures that apply to different funds,” Drinker Biddle & Reath Partner Diana McCarthy told CI.
“That is not a distinction that has been important before,” said Goodwin Procter Partner Marco Adelfio. “So making sure that data is accessible and can be distinguished and relied upon is an important first step.”
“For stable NAV funds, there will need to be new policies and procedures for determining which investors are natural persons,” McCarthy said. “I think that can be very challenging.” Verifying whether or not investors are natural persons may prove particularly difficult in cases where investors enter a fund through an omnibus account or third-party intermediary, she said. Not only does that add an extra step to the verification process, but “in the past, omnibus account holders have been reluctant to provide information for funds in other contexts,” she added. Ultimately, the process may involve dealing with multiple layers of intermediaries in order to determine whether investors are natural persons.
Since so many people invest in money market funds through such intermediaries, satisfying the retail definition is going to comprise a significant portion of CCOs’ initial efforts in complying with the rules, Davis Polk & Wardwell Partner Gregory Rowland told CI. The challenge is made greater by the fact that the SEC in its final rules didn’t provide much guidance on how to handle situations where an investor enters the fund through a third party, he said.
In the final rules release, the Commission acknowledges that in these circumstances an omnibus account—rather than the beneficial owners—is a fund’s shareholder of record. The fund will need to find a way to determine whether the beneficial owner is a natural person. However, “we are not prescribing the ways in which a fund may seek to
satisfy the retail fund definition, including how the fund will reasonably conclude that underlying beneficial owners of an omnibus account are natural persons,” the SEC stated.
Regardless of the specific policies and procedures a fund settles on, “we expect that a fund will periodically review the adequacy of such policies and procedures and the effectiveness of their implementation,” the SEC said.
DIVERSIFICATION, REPORTINGIn addition to establishing the new definitions and categories of money market funds, the SEC amendments to Rule 2a-7 of the Investment Company Act created an array of additional policy changes that CCOs will need to implement. For instance, the agency altered its diversification requirements for funds, meaning that “compliance officers will need to program those new diversification limits into their portfolio management systems and do basic daily checks on portfolio trading,” McCarthy said.
Under the existing diversification rules, money market funds must limit their investments in any single issuer of a first-tier, non-government security to no more than 5% of fund assets. The SEC’s new rules will obligate fund CCOs to treat certain affiliated entities as a single issuer, increasing the likelihood of breaching the 5% issuer limit.
CCOs will also have their work cut out in preparing to comply with new reporting obligations, Adelfio said. CCOs will be responsible for monitoring and tracking weekly liquidity information that will have to be filed with regulators, which “will likely involve recalibrating their existing systems,” he said.
The SEC’s rule changes included a requirement to file new information on Form N-MFP such as a fund’s NAV per share, daily and weekly liquid assets and shareholder flows on a weekly basis. The SEC is also now requiring funds to make prominent daily disclosures on their websites. Those disclosures must also include daily and weekly liquid assets, as well as the fund’s NAV, and net inflows and outflows.
LIqUIDITY FEES, GATES“One big aspect of the rules that is not as clear relates to the implementation of liquidity fees and redemption gates,” McCarthy said. The rules give non-government funds the ability impose fees and gates on investor redemptions in cases where a fund’s weekly liquid assets
implemeNtAtioN projects
Money Fund Rules Pose Wide- Ranging ChallengesWith the Securities and Exchange Commission’s long-awaited money market fund reforms finalized earlier this
summer, chief compliance officers now face a litany of tasked large and small in preparing for life under the new
regime. Peter Rawlings explores some of the key implementation issues.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
Overwhelmed by Regulatory Concerns?
Let ACA help.• Mock SEC, FINRA, NFA, and FCA inspections
• GIPS® verification
• Compliance program reviews
• Policy and procedure development
• Personal trading reviews
• Electronic communications reviews
• Marketing literature reviews
• Tailored turnkey registration services
• On-site CCO support
• Ongoing consulting
USA EUROPE ASIA BRASIL
For more information, visit acacompliancegroup.com or call (212) 868-5940.
fall below 30% of the funds overall assets.“It’s the flexibility that is causing people to scratch their heads,”
because figuring out exactly when and how to impose such restrictions is a new responsibility, and the discretion is left in the fund’s hands rather than being spelled out by regulators, McCarthy said. Adding to the uncertainty, she said, is the fact that such decisions would generally be made under distressed circumstances—times when funds were having difficulty maintaining high levels of liquidity.
The possibility of needing to impose liquidity fees and redemption gates will require CCOs to figure out what kinds of alarm systems they may need to devise to ensure they can detect in advance that a fund is nearing the 30% weekly liquid asset threshold, Stradley Ronon Stevens & Young Counsel Joan Swirsky told CI. CCOs will need to be ready to compare their funds’ liquidity to historical levels and prepare to make tough judgment calls as to what sort of action is appropriate, she said.
VALUATIONFunds should also take note of valuation guidance buried in the 869-page release, McCarthy cautioned. “There certainly is a role for compliance officers to take in implementing that guidance—and it applies not just to money market funds, but to all kinds of mutual funds.”
In its final rulemaking, the SEC reversed course from its initial proposal and agreed to allow retail and government money market funds to continue to use the amortized cost method to value securities
with remaining maturities of 60 days or less. The Commission also issued a reminder that using such costs is contingent on a fund’s directors determining in good faith each time they value a security that its fair value is roughly equal to its amortized cost. The SEC also said funds should take into consideration other factors such as “existing credit, liquidity or interest rate conditions in the relevant market” when making such determinations.
Funds are realizing that the new requirement to double check amortized cost valuations is going to take a lot more work than they initially expected, Ropes & Gray Partner Brian McCabe told CI. The valuation guidance means CCOs will need to review and improve their existing policies to ensure that amortized costs are appropriate and detect when they are not, he said.
RETAIL, GOvERNMENT FuNDS: NEw DEFINITIONSThe SEc amended the definitions of retail and government funds from its initial proposal. Unlike institutional prime funds, retail and government funds will still be allowed to transact at a stable naV and use amortized cost to value securities.
Proposed Definition Final Definition
Retail limits shareholder redemptions to $1 million per business day.
Has policies and procedures reasonably designed to limit beneficial owners to natural persons.
Government Has at least 80% of its assets in cash and government or government-backed securities.
Has at least 99.5% of its assets in cash and government or government-backed securities.
8 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
CI: Fixed income was one of the issues raised in OCIE’s 2014 exam priorities notice (CI, 1/23) and it has been highlighted more recently by SEC Chair Mary Jo White. What are you seeing?
KG: We have our Fixed Income and Municipals Specialized Working Group looking closely at mark-ups in the fixed income area and the sources of information investors have to assess their execution quality. This specialized working group is also doing some interesting work gathering the various sources of information on fixed income executions into one data set so that we can use that data to better assess the execution quality at various firms. Although it’s early in our process, we do have some concerns that the current price transparency may not lead to consistently good execution quality. And we will be using that analysis to inform policy within the Commission.
CI: And is that specific to the municipal market?
KG: We’re looking at fixed income generally, but we do have somewhat of an emphasis on the municipal market.
We’re also particularly interested in price transparency for so-called riskless principal trades, and specifically how these transactions differ from agency trades in terms of the risks taken by the firm. We’ve seen some situations where a [B/D] will have an order in hand from a customer, will then go out and buy the bond from an [alternative trading system] or other source and then mark up the security in a manner that suggests the firm is taking some significant risk and being compensated for that—even though in a lot of cases the security may have hit its principal account for only a nanosecond.
We want to understand why the mark-up on one of these types of trades doesn’t look like more of an agency commission—minimal commission—and is there enough price transparency that the investor can not only see their trade but can tell that the broker went out, got this from the market, marked it up 3% or whatever, and then sold it to them.
CI: There was a recent Senate panel discussion of payment for order flow, and reports that the SEC has been looking into how retail orders are handled. Where are you in terms of examining this issue?
KG: We are in the process of looking at the extent of payments for
order flow, if and how they are disclosed, and the effect they have on execution quality. We’re not ready to share information yet, but we will be sharing that first within the SEC to inform policy and then possibly later with the industry if we deem that to be appropriate.
CI: What has driven interest in this area? It’s an issue that has been around for a while. Was there a specific concern you had about what may be happening?
KG: It’s really the old concept that drives many of our exam priorities, and that is if a person has a conflict of interest that may cause them not to act in the best interest of the investor, we want to understand whether that has affected the well-being of the investor. The conflict of interest here would be you’re making routing decisions and you’re receiving compensation if you route to certain places. So how does that affect the execution quality the investor is receiving and how is it disclosed? It’s not unusual in the sense that we always look for the presence of conflicts of interest because those are very fruitful areas to deploy our limited resources.
CI: Cyber security is a hot topic, and OCIE conducted a sweep on this earlier in the year (CI, 4/9). What findings have you had and what outcomes might there be?
KG: As part of our initiative, we’re looking at over 50 [B/Ds] and we’ve targeted firms of various sizes and business models. We’re in the process of analyzing the information we’ve collected and will, again, be using that to inform policy within the Commission and then to determine what we might share outside the agency.
Through looking at the information that we’ve received, we want to make sure that firms are dedicating resources and the attention of senior management to address the significant risks posed by cyber security. In particular, we expect that all firms will have knowledgeable professionals assessing the vulnerabilities inherent in their particular operations, including their interfaces with third parties, and that they will employ defenses and monitoring to address them. That’s what we’re assessing right now.
For more details of the interview with Goodman, go to Complianceintel.com.
regulAtory tAlk
Kevin GoodmanSecurities and Exchange Commission
Kevin Goodman was named national associate director of the broker/dealer examination
program in the Securities and Exchange Commission’s Office of Compliance Inspections and
Examinations in November. He spoke to CI in July about what his team are seeing as examiners
look into key issues for 2014 and how the program’s priorities for 2015 are shaping up.
Modular execution solves the challenge of scalability
In addition, connections to reference data models such as Reuters and Bloomberg ensures consistency of data and timing across funds and business models. Replacing multiple systems in data interchange permits simplified consolidated reporting via a single platform. Complemented by a common repository for extracts and reference data, it helps create a seamless and straight through post-trade lifecycle process. Furthermore, trade aggregation and enrichment of the trade record with feeds from various data providers ensures that the data is correct and can be handled at a much higher velocity. Processes can be customized to run alone or as a connected group.
Further, the ability for a platform to connect to multiple instances of other applications through a centralized data management platform provides flexibility, while sustaining the integrity of data. The execution speed and the ability to combine data from multiple sources enable a faster, more accurate NAV calculation on a more frequent basis.
More attention on breaks and risk
Another important aspect of STP is a common methodology for risk assessment and breaks. Using a simple, common user interface, an STP system distills breaks from the repository into one screen for each manager’s data so staff can focus only on unmatched records. Removing the need to access breaks in various locations increases processing velocity and more time is spent on resolution which is extremely more efficient. Additionally STP gives managers the power to evaluate the significance of breaks in relation to overall value quickly. Simple methodology to determine and assess the impacts of each break on the entire portfolio consequently helps to improve reliability when assigning risk levels.
Scalability and Efficiency Via Automation In Global Operations And Middle-office ProcessingBy David A.A. Ross, Global Head, Marketing, Viteos Fund Services
Repository TargetDatabase
SchedulerAutomated
Transformation Engine
Replication Task Process
TransformFilter
Persistent Store
Full Load Tables
Change Tables
Bulk Reader
Normalizer
Stream LoaderFTP
Web
Attention focused onunmatched records
rather than all records
Failures &Exceptions
-Original file maintained
Single NormalizedCopy
Americas
Europe
Asia
Hong Kong
India
New York
Paris
ReconciliationFolders
AccountingFolders
ComplianceFolders
Middle O�ceFolders
Reconciliation Team
Accounting Team
Compliance Team
Middle O�ce Team
Credentials andRestricted Access Folders
Singapore
One secure repository for multiple users
sponsored Article
U.S.A +1 732-356-1200 | New York +1 646-861-3409 | London +44 (0)207016 9170
Compliance oversight benefits considerably from straight-through processing (STP) of trade data which usually originates from a number of sources and in varying formats. Although tools which aid monitoring exist in many forms today, in the longer-term, the introduction of complex asset classes to traditional offerings, global operations bottlenecks and disaggregated systems are expected to strain portfolio and trade compliance processes. In this environment, those manual processes that lag daily trade and cash reporting become a liability to oversight. Once automated, customizable web-based platforms reduce compliance burdens as dashboards linked to one normalized data depository places data within easy reach by reconciliation, accounting, compliance, or middle-office departments—no matter where the data or the personnel are stationed worldwide. The same or fewer staff can review more in less time. In addition, since all groups reference the same data source, differences should be reduced to a minimum. And with reports available through a secure web portal at regular intervals overnight, reconciliation and emailed attachments become a thing of the past.
This excerpt of the case study Scalability and Efficiency Via Automation In Global Operations And Middle-office Processing hints at the larger effort. Please take a moment to visit http://info.viteos.com/newco to download your copy if you are interested in learning more.
Viteos continues to expand and invest in architecture, performance, technology and functional upgrades, including adding capabilities to support multiple equalization methods and the ability to handle European mutual funds with their complex regulations. The enterprise solution incorporates AML compliance, and meets local and regional regulatory reporting and valuation requirements including FATCA. The regulatory reporting component is adequately flexible to meet the changing needs of Form PF, AIFMD, and incorporate CPO-PQR.
10 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
CI: You were just at a NASAA training program in St. Louis, Mo., for the IA Section. What types of issues were you covering?
PS: We had examiners from not only U.S. jurisdictions, but also from other members including Canadian provinces and Puerto Rico. We had almost 150 people there, which seemed very large to me—the last time I attended it was a smaller group.
We focused on two areas: programming for the people that do examinations—those that go out on the road and do office audits—and for the people that do registration of the advisers we register—those looking at the [Investment Adviser Registration Depository] and [Form] ADV.
Included in the agenda were discussions of fiduciary duty, due diligence, the way to look at offices selling alternative investments, examinations of hedge funds, understanding the various business models of [IAs], use of social media and looking at connecting Internet investigations.
CI: Does that list of topics align with the issues you are emphasizing during exams?
PS: Yes. These are both hot topics and basic issues.
CI: What do you expect to be the key focus areas in inspections of state-registered IAs in the coming months? Are there any new or emerging issues that chief compliance officers should be focused on?
PS: Cyber security is the first one. Everybody’s worried about that, and the reason we’re worried about it is because we pick up on the headlines and know what’s out there. So that’s one of the topics we’re looking at.
Business continuity plans [are also] something that I think most professionals are looking at, both for disaster recovery, as well as succession planning. That’s another hot topic and key focus area.
[With respect to] private placements, we’re asking what kind of concerns are going to be appropriate for examiners to look at when they’re out doing an exam and they see that one of the assets in [an]
account is a private placement security.One of the things that has come to our attention—one of the topics
of discussion we’re going to be looking at—is fees and expenses. It is a perception [among] some of the people that were [at the training session] that there’s been an increase in the fees and expenses being charged against client accounts and investor accounts. So we’re going to be looking at that as well…This is a concern that people are picking up on.
CI: How often should state-registered IAs expect a visit from state examiners? What advice do you have for CCOs preparing for such an exam?
PS: Right now, what we’re finding is that there’s been an increase in the exam frequency since the switch [from SEC oversight], which only makes sense, as the states become the only regulators of the mid-sized advisers and small [IAs].
The numbers that I can report are an average of three to six years [between exams] at the time of the switch, and now we’re finding that the exams are more frequent. In our state, and in a number of other states, we’re finding that the frequency is now closer to three years. A majority of the states today…are examining on a frequency of about four years.
In terms of takeaways for compliance officers, we have risk analysis tools that let us review our registrants based on the information reported in the various items of the ADV and we rank them individually for each registrant. So in some cases, rather than just relying on a cyclical calendar of exams, we’re looking at risk-based exams as well.
CI: One might have expected after the switch that maybe firms would be visited less often because there would be more firms the states would be responsible for examining. How did you all manage to increase the frequency?
PS: It’s because we know that we’re the only regulator of the small- and mid-sized advisers. And one of the concerns Congress had [when] they delegated the responsibility to us for mid-sized advisers was [they] felt there was a problem with these firms, by and large, not being examined on a frequent basis. So we felt it was important, listened to what we were
regulAtory tAlk
Patricia StruckNASAA
Patricia Struck, head of Wisconsin’s Division of Securities, took charge of the North American
Securities Administrators Association’s Investment Adviser Section in summer 2013. Since
taking on that role, Struck, who is also a former NASAA president, has helped set the agenda
for inspections and regulation of the many small- and mid-sized IAs that are registered with the
states—many of which recently switched from Securities and Exchange Commission oversight.
She spoke with CI in August about the IA Section’s examination priorities and efforts to improve
inspection the process.
ALERTS MANAGER:Stay up-to-date on regulatory require-ments, updates, and compliance guidancefrom Ascendant Compliance Management.
RISK MANAGER:Create risk assessments, maintain riskinventories, and manage risk holisticallywithin the firm.
POLICY MANAGER:Create, edit, and maintain compliancepolicies and procedures as a workingdocument, map to risk matrices and attachrelevant documentation; assign workflow.
LIBRARY MANAGER:Access compliance resources,No-Action letters, law firm briefs,whitepapers, webinars, and podcasts.
ATTESTATIONS MANAGER:Efficiently manage the distribution ofnew policies and regulatory information.Electronic evidence of employeeattestations. Use Ascendant Templates:Customize your own for any purpose.
TRADE BLOTTER MANAGER:Simplify and verify Trade Blotter data andanalysis and meet regulatory requirements.
ANNUAL REVIEW MANAGER:Fulfill the Annual Review 206(4)-7requirement using aggregated,automated workflow and testing,generate detailed reporting.
Ascendant Compliance Managementwww.ascendantcompliancemanager.com | 860-435-2255by
Ascendant Compliance ManagerACHIEVE COMPLIANCE PEACE OF MINDHelping you distill, prioritize, implement and simplify…
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
ALERTS MANAGER:Stay up-to-date on regulatory require-ments, updates, and compliance guidancefrom Ascendant Compliance Management.
RISK MANAGER:Create risk assessments, maintain riskinventories, and manage risk holisticallywithin the firm.
POLICY MANAGER:Create, edit, and maintain compliancepolicies and procedures as a workingdocument, map to risk matrices and attachrelevant documentation; assign workflow.
LIBRARY MANAGER:Access compliance resources,No-Action letters, law firm briefs,whitepapers, webinars, and podcasts.
ATTESTATIONS MANAGER:Efficiently manage the distribution ofnew policies and regulatory information.Electronic evidence of employeeattestations. Use Ascendant Templates:Customize your own for any purpose.
TRADE BLOTTER MANAGER:Simplify and verify Trade Blotter data andanalysis and meet regulatory requirements.
ANNUAL REVIEW MANAGER:Fulfill the Annual Review 206(4)-7requirement using aggregated,automated workflow and testing,generate detailed reporting.
Ascendant Compliance Managementwww.ascendantcompliancemanager.com | 860-435-2255by
Ascendant Compliance ManagerACHIEVE COMPLIANCE PEACE OF MINDHelping you distill, prioritize, implement and simplify…
told, looked at the record and reallocated our resources so that we’ve been able to do that.
CI: Can you elaborate on the process for selecting a firm for a risk-based exam and what factors you look for?
PS: For example, firms with custody might be more reviewed more frequently than those that don’t have custody. There are risk factors like that. It all stems from the answers the firms gave on their ADV.
CI: What are the most frequent issues inspectors have been uncovering during IA visits in 2014? In the past, issues such as books and records or suitability documentation have been the leading areas of concern (CI, 8/22).
PS: Books and records continues to be number one, and one of the most frequent kinds of books and records findings is documentation of suitability. Another issue is registration. There [are also issues with] Form ADV, looking at Part 1 versus Part 2. There are also problems involving missing client contracts and improper execution.
Privacy [is also an issue]. Delivery of initial and annual privacy policies, and awareness of the red flags rules that all the financial services regulators at the federal level came up with and had to implement a year ago. Delivery of the brochure, [and] advertising [are also common issues].
CI: Has NASAA or its members adopted any new exam tools or modules since the mass switch of former SEC-registered
advisers to state oversight?
PS: The exam modules are key to that effort and using the exam modules we’ve performed thousands of onsite exams both on a routine and cause basis every year in virtually every state…There were about 2,100 [IAs] switching and the states have examined all of them [as of 2013]. A priority during the switch process was to try to identify specifically those switching firms and get out to do exams of them, and all of those have been done.
We have done a lot to increase the speed of the modules. That’s why we found it particularly important at our training to host a computer lab [where examiners could try the modules], so they could see personally how fast the [NASAA Electronic Examination Modules, or NEMO,] module has become. Because it’s so streamlined, it’s been able to make the exam process much more efficient. We’re also now able to share knowledge and identify trends with other states. That is probably the key new tool that we’ve got.
[We’re working to ensure we get] NEMO implemented in more states and being used by more regulators, so that advisers know what they’re going to be examined on from state to state. It will be [uniform], so an exam in Mississippi will be the same as an exam in Wisconsin, more or less…And as we discover new trends and new concerns, such as business continuity plans—[we are looking] to make sure those are included in the NEMO modules.
For more details of the interview with Struck, go to Complianceintel.com.
SponSored Article
While no outsider can know for certain what
Mr. Cohen may or may not have known,
or when he knew it, with respect to trades
placed at his firm on the basis of inside
information, the SEC’s allegation that he failed
to supervise employees demonstrates that
where there is a duty to know, ignorance is
not bliss. An adviser’s fiduciary duty requires
the adoption and implementation of written
policies and procedures and other controls
reasonably designed to ensure compliance
with federal securities laws and to supervise
employees with a view to preventing
violations and averting compliance failures.
A well-designed compliance program often
results in a steady stream of spreadsheets,
checklists, reports and other output.
Increasingly, private fund advisers are
finding that the vast amounts of paper and
information generated from their compliance
efforts are both a blessing and a curse.
“To whom much is given, much is expected.” The old axiom is as true today as it ever
was. If the reams of information produced
by an adviser’s compliance program
are gathering dust on the CCO’s desk,
languishing in a database or an email inbox
without effective, well-documented review,
and the risks that the firm’s controls were
meant to address materialize, the adviser
is left with no excuse. As demonstrated
in recent news headlines, nowhere is this
gamble more clearly exemplified than in
the areas of insider trading and personal
trading practices. Increasingly, advisers are
turning to compliance software to fill the
gap, control their risks and competently
fulfill their compliance obligations. But, as
helpful as these solutions can be — and they
are — they can only inform the process of
compliance. That is, an effective compliance
regime results from regular reviews of data
outputs. Without an investment of “man
hours” to monitor and address compliance
issues or patterns revealed by technology,
these helpful solutions are nothing more than
digital filing cabinets. And yet, who has that
kind of time for constant review?
Insider Trading: Increased Scrutiny, Surveillance and Violations In congressional testimony provided in
March 2009, then-SEC commissioner
Elisse Walter announced the development
and deployment by the Commission of
technological tools to identify trading
patterns that may signify illegal trading
activity by advisers, hedge funds and other
financial industry participants and their
staff. Then in October 2009, one of the
largest hedge fund insider trading cases in
history was filed by the SEC in a Manhattan
federal court against California-based
Galleon Management, LP and its founder
and chief executive, among others, sending
shockwaves through the investment
community. Speaking at a news conference
shortly after the announcement of the
Galleon case, Robert Khuzami, then-SEC
Enforcement Director, stated his suspicion
that insider trading was a systemic problem
at many hedge fund managers and
expressed the Commission’s determination
to aggressively seek out and pursue those
engaged in unlawful trading activities.
The Commission has been as good as
its word. After peaking at 61 cases in 2008,
the number of insider trading-related cases
have steadily risen year-over-year from 37 in
2009 to 58 in 2012. In the “2014 Examination
Priorities” release of the National Examination
Program (NEP) of the Office of Compliance
Inspections and Examinations of the SEC, the
Commission listed ferreting out fraudulent
conduct as among the “most significant”
initiatives across the program. In that release
the Commission further specified that
“… the NEP will continue to utilize and to
enhance its quantitative and qualitative
tools and techniques to seek to identify
market participants engaged in fraudulent
or unethical behavior.” All indications are that
many more insider trading allegations will be
levied in the coming months and years as a
result of the Commission’s stepped-up efforts.
In response, advisers and hedge fund
managers are examining the effectiveness
of their own internal surveillance efforts to
apply the lessons of insider trading cases to
their operations and avert the firm-shuttering
media attention allegations of wrong-doing
can bring. Obviously, these advisers’ efforts
include revisiting policies and procedures and
scheduling mandatory staff training sessions.
However, they continue to struggle with
how best to use the information on-hand to
identify potential abuse occurring right under
their noses.
On February 6, 2014, Matthew Martoma, a former trader at SAC Capital Advisers, a hedge fund founded by
billionaire Steve Cohen, was found guilty in federal court for illegally trading on material nonpublic information.
His former firm had only months earlier agreed to pay nearly $2 billion in settlements relating to insider trading
by its employees. Meanwhile, the SEC is seeking to ban Mr. Cohen from the securities industry altogether for
failing to supervise employees in connection with illegal trading activity. These highly publicized headlines are
just the tip of the iceberg. Martoma, now facing the very real possibility of several decades in prison, is the 79th
person to be convicted or plead guilty to charges of insider trading since a legal and regulatory offensive on
the practice was initiated in 2009. The 80th is likely already waiting in the wings.
Finding the Balance on Personal Securities ComplianceWho’ll Be Number 80?
SponSored Article
Personal Securities Trading and Code of Ethics Personal trading practices of firm insiders
have been an area of scrutiny by SEC
examiners for years. This is because, when
investment advisory personnel invest for
their own accounts, conflicts of interest
arise between the employee’s interests
and those of the adviser’s clients. Advisory
personnel may, for example, usurp an
investment opportunity that would have
been appropriate for the firm’s clients. They
may also abuse their positions with the
firm by “frontrunning” client trades. When
frontrunning, advisory personnel seek to
personally benefit from the market effect of
trades placed for the adviser’s clients. Even
with the best efforts of the firm’s trade-desk,
large trades placed for clients have the
potential to affect the price of a security.
This is true for both long positions and short
positions, with long positions potentially
driving up the price of a security and short
positions potentially driving down the
price. The possibility of driving the price of a
security up or down before placing a trade
in the same security for a personal account
provides an opportunity for certain advisory personnel with knowledge of anticipated client trades to personally benefit from client trades. It almost goes without saying, but this is illegal.
To address these and other issues, in 2004 the SEC adopted Rule 204A-1, the Code of Ethics Rule, under the Investment Advisers Act of 1940 (Advisers Act). In addition to requiring the adoption of a code of ethics, the Rule requires that firms monitor the personal trading activities of their supervised persons with access to certain information regarding
client portfolio holdings, transactions or
recommendations and identify improper
trades or patterns of trading by those access
persons. In a 2008-issued “Compliance Alert,”
the Commission warned advisers of the
most common deficiencies found during
examinations. Among these, they cited:
F Adviser’s code of ethics was incomplete.
F Adviser’s code of ethics was not followed
F Reporting requirements were not
followed and/or monitoring was not
performed.
F Disclosure (regarding the firm’s code of
ethics provisions) was inaccurate.
For example, the Commission specifically
noted, among other common deficiencies
causing concern, that:
“Access persons did not submit, or did
not submit in a timely manner, reports
of their personal securities transactions
or holdings consistent with applicable
regulations or the adviser’s policies and
procedures. Also, some advisers did
not review reports of access persons’
personal trading for indications that
trades were inconsistent with applicable
regulations or the adviser’s policies and
procedures.”1
Unfortunately, far too many advisers
view the Code of Ethics Rule provisions
as mere recordkeeping requirements and
fail to adequately scrutinize employee
trades for the above-listed abuses,
among others. Even then, they often
don’t know if their records are complete.
Others squander countless hours and
resources manually comparing personal
securities transaction reports to the
firm’s trading activity, restricted lists and
other written procedures, such as pre-
clearance requirements, despite the fact
that personal trading information can be
effortlessly and effectively evaluated for
these and other compliance breaches
through appropriate software analysis.
A “Reasonable” Approach Creating effective procedures and
documentation that meet regulatory
requirements while also seeking to prevent
insider trading within an organization is
a challenge most advisers face. Manual
collection and review of personal trading
activity data as well as required reporting
is often an arduous process; ineffective,
cumbersome and error prone. While
software can manage the time and resource-
intensive comparisons and pinpoint the red
flags, it cannot undertake the analysis of
them once they’re identified. This is where
“man power” has the most impact. But
even at this stage, the volume of scrutiny
required could be overwhelming for some
compliance officers.
A sound balance can be achieved by
using a system such as the NRS Personal
Securities Trading Module and engaging
NRS consultants who are experts in
compliance. This NRS ComplianceGuardian™
module coupled with NRS consultants can:
F Align your firm’s code of ethics with
compliance mandates
F Ensure the code of ethics is properly
implemented within the software so that
trade activity is monitored against your
firm’s rules
F Manage multiple restricted lists based on
your firm’s different trading groups
F Monitor any exceptions noted by the
system while processing personal trading
activity
F Raise an alert when red flags are identified
that require review and redress
F Automate reporting and attestations for
annual holdings, quarterly transaction
and initial holdings
F Manage heightened supervision
individuals easily
While it is true that no compliance officer,
system or program will be able to identify
and avert all problems all of the time, it is
important to remember that reasonableness
is the standard. Rule 206(4)-7 under the
Advisers Act requires that advisers adopt
policies and procedures reasonably designed
to prevent, detect and correct violations
under the regulation. In this day and age, it is
simply not reasonable to allow compliance
problems to arise that could have been
averted through responsible utilization and
review of data already compiled by the firm.
Making your firm’s compliance program
more comprehensive by incorporating
software that manages this data and man-
power with compliance expertise to analyze
the findings, the reasonableness of your
program will be beyond reproach.
1 In hindsight, the 2008 Compliance Alert appears to have
been a prelude to the legal and regulatory offensive
against trading abuses, such as insider trading, which
manifested in earnest beginning in 2009.
www.nrs-inc.com/personaltrading
For more information visit www.nrs-inc.com/personaltrading or call 1-860-435-0200
© 2014 National Regulatory Services. All rights reserved. Printed in U.S.A.
14 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
Cyber security has taken center stage for CCOs following a series of
well-publicized security breaches at financial institutions over the past
couple of years, with more expected to come. “It is not a matter of if,
but when it is going to happen,” Brian Rubin,
a partner with Sutherland Asbill & Brennan,
told CI.
With that in mind, compliance officers are
working to make sure their firms are ready to
take action if a security breach occurs. They
want to be able to determine quickly how and
why attacks happened, and be able to minimize
the impact it may have on their firms’ clients.
They also want to ensure they are allocating the money necessary to
provide the protections they seek. That doesn’t come cheap. JPMorgan
announced in its shareholder letter this year that the bank will spend
more than $250 million annually on cyber security, and has roughly
1,000 people focused on it.
TURNING TO CONSULTANTSMany firms are turning to legal advisers or consultants for help in
determining if they are following best practices when it comes to
securing their information and making sure they have a robust business
continuity plan, or BCP, in place. C/Os are also turning to outside
attorneys to figure out if they are
in compliance with new guidance
and legislation that is emerging
at the state, federal and industry
levels.
Charles Horn, partner with
Morgan Lewis & Bockius, said he
has seen an increasing awareness
on the part of many firms about how vulnerable they are to cyber
attacks. “Two or three years ago, cyber security was already high up
on their regulatory risk management agendas, and I think it has only
risen in importance over time,” he said. “We’ve seen enough breaches,
hacks, trojan horses and the like that cyber security is one of the key
regulatory and risk management agenda items today.”
Horn advises firms to develop or purchase the right types of security
applications and software for their businesses, and to make sure
they are performing the proper diligence and getting the appropriate
representation and warranties from vendors. “They also need to be
making sure that—in the case of cyber security and breaches—they
understand what their rights and responsibilities are, because many
states have…statutes that require institutions to report when a breach
has occurred,” Horn noted.
With many of the larger institutions now acutely aware of the
potential dangers of cyber theft and what their responsibilities are in
terms of responding to it, they are devoting an increasing amount of
resources to improve their security systems, including implementing
strong firewalls and back-up systems. To help smaller firms, the
Securities Industry and Financial Markets Association recently issued
targeted guidelines.
ExAMSFor their part, regulators expect firms to take cyber security seriously.
“With a lot of these issues, there are overlapping jurisdictions,” Rubin
said, noting that both the Securities & Exchange Commission and
Financial Industry Regulatory Authority have been conducting sweep
exams in the area. The SEC has been examining firms’ cyber security
policies and procedures, and how they’ve responded to any recent
threats (CI, 4/9).
To prepare for such exams, Rubin recommends that firms review
the sample document request letter the SEC posted online. “The
letter covers about 30 or 40 items that firms need to assess in terms
of whether or not their business model is up to date if an attack
happened,” Rubin says.
In response to the sweeps, Horn is telling his clients how to set up
risk management-based policies and procedures. “They need to be well
articulated and set down in writing, and they need to have the buy-in
of senior management and the board of directors,” he said. “There also
has to be a high level of confidence within the organization that this
issue is being properly addressed and documented, and the correct
procedures are being implemented and enforced.”
Venor Capital Management, for one, has been heeding such advice.
“We are taking a look at the SEC guidance, so that we can determine
what we need to do to tighten up or introduce things that we haven’t
done before,” said John Roth, the firm’s general counsel and chief
compliance officer.
State regulators are also tackling cyber security. “We’ve seen a
number of states become active in addressing privacy issues,” said
plAyiNg deFeNse
Cyber Security Takes Center Stage For CCOsRecent reports of a cyber attack on JPMorgan Chase have highlighted for chief compliance officers at financial
services firms the need to ensure their own institutions are as protected as possible and that they have implemented
a fast and effective response plan, should an attack occur. Leslie Kramer looks at the latest thinking among industry
professionals on compliance issues in this tricky field.
Brian Rubin
“It is not a matter of if, but when it is going to happen.”
—Brian Rubin, Sutherland Asbill & Brennan
© Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997. 15
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
Paul Bond, partner at Reed Smith. “They are looking at issues of
disclosure and tracking, and at issues pertaining to how you are holding
information and why you have it in the first place.”
A level of transparency is now required in roughly
48 states, each of which have specific laws about
privacy and notification requirements, Rubin said.
“New reporting and notification obligations
are being implemented that companies need
to meet,” said Paul Tiao, partner with Hunton & Williams. “That also means
there is a lot of legal work that
companies that have already been breached need
to do in order to meet these obligations.”
THIRD-PARTY RISKSFirms also have to deal with third-party
cyber security risk. For example, the
Office of the Comptroller of the Currency in October 2013 issued risk
management guidance on third-party
relationships, which continues to set
the agenda for discussions between
financial institutions and their vendors.
Overall, the guidance advocates
evaluating not only the technology
used by third-party providers, but also
how vendors are staffed, how they develop code
and their ability to make corrections when needed, Bond said. “It also
provides a very detailed checklist that goes through all aspects of risk
management that should be reviewed before you sign the contract and
after you sign it.”
Many firms have been trying to apply the OCC standards to their own
contract negotiations, despite the additional regulatory burden it may
create. “It’s provided a lot of clarity and the ability for us to say, ‘Look,
we’re asking about this
because our regulators are
making us ask about it,’”
Bond said.
In May of this year, New
York State’s Department of Financial Services issued
its own report on cyber
security in the banking
industry. The report looked
at a number of practices
the Department perceived
to be taking place and
identified what it called the
industry’s reliance on third-
party software providers as
a continuing challenge for critical banking functions.
Again, Venor Capital is among those firms keeping an eye on third-
party providers. At the end of 2013, it moved some of its information to
a cloud service provider. “That means that we now are not only looking
at vulnerability in our own office, but in those of the cloud provider as
well,” Roth said. The move also created overlap within the firm’s BCP.
“The way we test BCP is different now than when our primary server
was located in-house,” Roth said. “So the ways we access the private
cloud now comes into play when talking about cyber security.”
“If we use our own server, people may not know to try to attack us,
because they wouldn’t know we exist. But now that our information is
on the cloud environment, which is a big server with lots of people’s
information on it, we may become a more natural
target,” Roth said. But he added that the cloud is
an improvement over relying on Venor’s own
systems to protect its information.
COMMUNICATIONMaking sure a firm is compliant with
cyber security requirements is not
always easy. Part of the reason is that
the laws themselves are evolving, Bond
said. “Cyber security law in the U.S. is a
continuing work-in-progress. One thing
that’s important to remember in
the conversation between outside
counsel and financial institutions
is that both sides must respect
the primary role of information
security professionals in making the
necessary information security decisions,” Bond said. That’s because
the law will always trail behind technology, he said.
Tiao also said cyber security needs to be a team issue. “The
companies we work with are complex organizations, and ideally
everyone—the board, the CEO, the senior executives and the security
team—all need to be working together to make sure they have the right
governance plans and structures in place, and that they have set up the
right internal policies and programs in order to be prepared,” he said.
CHANGING COMPLIANCE ROLEAt this point, the main challenge for C/Os is figuring out the best way
to implement cyber security protections enterprise-wide. C/Os will, out of necessity, have to learn more about cyber security issues and get their arms wrapped around them as they work closely with the IT and security officers at their companies, Rubin said.
Roth said the scope of his job has changed. “I have to understand the language and the way these systems work in order to be part of process. A few years ago, I never thought about it, but now I have to try to give guidance on it and figure out what is best practice,” he said. “I need to know about cyber risks, and I have to ask more questions of the IT
professionals about where the real vulnerability is and what it means.”
Years ago, C/Os were learning about the technical and compliance
issues related to email retention and surveillance, and now they are
trying to get up to speed on cyber security and related technology,
meaning that their roles and responsibilities continue to expand. “It’s a
learning curve and all part of the process,” Roth said.
Paul Bond
“Cyber security law in the U.S. is a continuing work-in-progress. One thing that’s important to remember in the conversation between outside counsel and financial institutions is that both sides must respect the primary role of information security professionals in making the necessary information security decisions.”
—Paul Bond, Reed Smith
16 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
Compliance professionals are always keen to know what regulators
will be looking for in their next exam. Knowing what topics are in
vogue helps them prepare their own teams, as well as their firm’s
management, for the scrutiny they will be facing—and helps
them target their own efforts on ensuring the firm is adhering to
requirements in the focus areas.
OCIE now releases eagerly-awaited notices outlining its exam
priorities for the year. In 2014, these included new items such as
quantitative trading and interest rate risks, as well as an expansion of
the presence exam model, in the investment management industry.
Among brokerages, the agency said “new and emerging” issues
included Exchange Act Rule 15c3-5, the Market Access Rule; suitability
of variable annuity buybacks; and the fixed income market (CI, 1/23).
With this in mind, and looking at clues offered by regulators in recent
months, attorneys are already looking forward to what compliance
teams can expect in the year ahead.
FEESThe issue of fees has been at the forefront of many compliance
professionals’ thinking since OCIE Director Andrew Bowden pointed
to widespread failures across the industry. In a speech earlier this
year, Bowden said officials found violations or material weaknesses
in controls related to fees and expenses at private equity fund
firms in more than half of all presence exams (CI, 5/14). Some of the
violations examiners uncovered had already been referred to the SEC’s
Enforcement Division, he said.
Mark Perlow, a partner at K&L Gates whose
primary practice is in investment management,
hedge funds and alternative investments, told
CI he thought fees would continue to be a focus
for examiners in the coming year, having “drawn
significant scrutiny in examinations, particularly
relating to [PE] funds.”
He cited a number of specific fee types
where he expected heightened scrutiny. “The SEC seems focused on
buyout fees, group-purchasing programs that allow the manager
to save money and portfolio company directors’ fees, as well as
any expense that could be considered an expense of the manager,”
Perlow said.
Kay Gordon, a partner in the investment management practice
group at Drinker Biddle & Reath, said she
thought the question of fee disclosures would
continue to be a priority across a broad swath
of the industry. “Particularly this year, I believe,
the focus will continue to be in the areas of
dually-registered advisers and [PE] fund advisers,
including in [regards to] any undisclosed
payments, charges and fees affecting investors
and clients.”
CONFLICTS Connected to the question of proper fee disclosures is the disclosure
of relationships that could be considered conflicts of interest. In his
speech earlier this year, Bowden singled out the use of operating
partnerships by many funds as a particular area of concern, saying
such partners were sometimes presented as employees of the fund
adviser when they were in fact being paid for by the fund itself, or
by its portfolio companies, leaving investors unaware that they were
bearing the costs of fund consultants.
The speech attracted criticism among some PE industry
professionals who said the practices identified by Bowden are common,
uncontroversial and don’t run afoul of agreements with investors or SEC
rules. But some market participants conceded that less sophisticated
investors might have been unaware of the practices he cited.
Other potential fee-related conflicts include:
• The shifting of consultant expenses in the middle of a fund’s life,
without properly disclosing the shift to investors;
• Charging for reports provided to investors that are compiled and
distributed automatically using software packages, the costs
of which are borne by investors, contrary to their reasonable
expectation;
• Advisers terminating an individual who was presented as an
employee to investors during fundraising, then rehiring the
individual as a consultant, to be paid by the fund or portfolio;
• Improper receipt of referral fees;
• Improper allocation of investment opportunities across different
funds;
• Lending from the fund to an executive of the manager;
• The sale of a manager’s interest in a PE investment to a fund;
• Allocation of manager expenses to a fund.
whAt to expect wheN you’re iNspected
Attorneys Predict SEC Exam Highlights For 2015Looking ahead to 2015, attorneys expect the Securities and Exchange Commission’s Office of Compliance Inspections
and Examinations to target compliance issues such as conflicts of interest; improper allocations of fees and expenses;
cyber security; the implementation of market structure rules; and the improper use of marketing and promotional
materials. William Sprouse reports on what may lie in store.
Mark Perlow
Kay Gordon
© Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997. 17
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
CYBER SECURITY Howard Kramer, a partner in the asset
management group at Willkie Farr & Gallagher,
noted that cyber security is a hot topic for
regulators, given recent well-publicized attacks
by hackers that have resulted in the thefts of
sensitive information.
The SEC cited cyber security as a key
inspection issue for 2014 and launched a sweep initiative to target
registrants’ security policies and procedures, as well as their responses
to recent threats (CI, 4/9). This attention is not expected to dissipate.
“The SEC likely will test the procedures firms have in place to prevent
theft of customer and firm data,” Kramer said. He suggested firms
might retain auditors to examine their cyber security preparedness
before they face agency exams.
MARKETING, PROMOTIONPerlow said the topic of promotional and marketing materials used by
firms was a “perennial area of focus” for the agency and would continue
to be so. “From our experience, the issues here appear to include the
improper use of performance from a prior firm; improper use of gross-
of-fees performance; cherry picking performance in composites; the
improper use of benchmark indices; and the submission of inaccurate
information to consultants and publications, among others. The [SEC]
staff also checks to make sure that any placements agents that are
acting as brokers are registered as such.”
Gordon said the Jumpstart Our Business Startups, or JOBS, Act and
the recently adopted “bad actor” provisions under Regulation D of the
Securities Act had associated marketing, performance and disclosure
issues that would continue to be a focus for the SEC. The agency earlier
this year released guidance clarifying the definition of beneficial
ownership under the bad actor rule (CI, 1/28).
MARKET STRUCTUREAlthough it is probably too early to say which aspect of the broad,
thorny issue of market structure will emerge as an exam focus,
regulators would likely identify some aspect for heightened scrutiny,
Kramer said, noting the SEC’s attention to high-frequency trading that
followed media coverage earlier this year. “Some trading or market
structure issue will emerge that garners new SEC exam attention,”
Kramer said.
Kevin Goodman, national associate director of the broker/dealer
program in OCIE, told CI in an interview in July that examiners were
uncovering a number of problematic compliance approaches as they
looked into implementation of the Market Access Rule, noting that
deficiencies had been found at almost every firm the agency looked at
(CI, 7/24). Examiners had found “the full variety of deficiencies, from
very technical and fairly minor deficiencies to issues that we deem as
much more significant,” Goodman said, though he declined to discuss
whether OCIE had made enforcement referrals.
SUITABILITY OF MUTUAL FUND INVESTMENTS Alternative mutual funds have attracted regulatory attention in recent
months amid their growing popularity. Such funds present “heightened
risk,” particularly with respect to compliance programs, Norm
Champ, head of the SEC’s Division of Investment
Management, said recently (CI, 9/15). With that
in mind, OCIE is conducting targeted exams of
25 alternative mutual fund firms, having said
it is concerned about issues such as leverage,
liquidity, valuation and the marketing of such
funds to investors (CI, 5/1).
Clifford Kirsch, a partner at Sutherland
Asbill & Brennan, told CI he thought the SEC’s 2015 exams would
include a focus on mutual fund and variable annuity share-class
suitability.
BROKERAGESBoth the SEC and the Financial Industry Regulatory Authority have
said they will be focusing on retirement vehicles and rollovers going
forward (CI, 1/8). The SEC in particular said it would be examining
broker/dealers for improper marketing, conflicts and suitability when
recommending the movement of assets from a retirement plan to an
Individual Retirement Account rollover account in connection with a
change in employment. The emergence of rollovers as a priority for
both the SEC and FINRA has suggested to some attorneys the potential
for coordination between the regulators (CI, 1/23).
Kirsch said he expected there to be a focus on B/D branch offices
that raise red flags, receive high volumes of complaints, engage in the
sale of complex or alternative securities or brokers who have a history
of disciplinary activity.
CUSTODYDrinker Biddle’s Gordon said custody would also be a “significant focus”
for the SEC. “This item is particularly important in light of certain
lack of understanding of custody issues by limited segments of the
industry highlighted in the SEC’s previous communications and thus a
continuous likelihood of further findings of deficiencies by the SEC staff
in future exams,” she said.
Howard Kramer
TIPS ON ExAM PREP
Perlow said firms should look over the 2014 list of ociE exam priorities
to make sure they have policies and procedures in place to address each
of them, but that there are limits to what compliance officials can do to
address the unforeseen.
Kramer said the exam styles of both the SEc and of FinRa have
changed over the past two years to become more tied to enforcement.
“Enforcement or ociE attorneys now often are included in examinations
at the early stages, rather than just examiners,” Kramer said. “when this
occurs, a firm should make sure that in-house legal is involved in the early
stages of the examination.”
Clifford Kirsch
18 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
In addition to economic benefit, filling the CCO position with someone who has legal training is an advantage where there are compliance questions that require legal interpretation. This is particularly valuable given the recent proliferation of regulation, and in areas where guidance from the Securities and Exchange Commission is still developing.
In addition, combining the two roles can elevate the CCO position within the corporate structure of the firm, since the GC often falls within the circle of senior management. This not only facilitates the CCO’s access to senior management, but the increased insight into the investment/operational side of the firm allows compliance to work more seamlessly with the business side. It also gives the GC/CCO a better opportunity to take action to catch issues before they grow into problems.
DIFFERENT ROLES
While there are many benefits to combining the GC and CCO position, and both types of professional provide guidance and advice to asset managers, firms must be cognizant of the potential tension created by the fundamental objective of each role, which in certain instances can diverge.
The role of in-house counsel is to guide the asset management firm through an increasingly complex and demanding regulatory landscape. But as legal adviser, there is a corresponding responsibility to serve as an advocate of the firm. Accordingly, the role of in-house counsel is to chart a course that meets both the applicable regulatory requirements and the specific business needs of the firm.
Given that many of the regulations governing the asset management industry are principles-based rather than black-and-white rules, the GC often finds it necessary to recommend and defend any one of several potential courses of action. Where business needs require the firm to adopt a more so-called “aggressive” position on a particular compliance question, the GC needs to be ready to defend it within the bounds of the law.
The CCO stands in a different position. While the CCO, like the GC, provides guidance to the firm with respect to regulatory questions, he or she does not stand in an advocacy role. Rather, the CCO’s function is to administer the compliance program in such a way as to detect and prevent compliance violations. Where there may be multiple possible solutions to a regulatory question, the CCO is responsible for guiding
the firm to one that will fulfill these goals. From the CCO’s perspective, the best solution for the firm may be a more so-called “conservative” course of action within the range of options that are defendable under applicable law.
This tension is unavoidable where the GC and CCO roles are combined, and with thousands of asset management firms using such an arrangement the issue is a common one. How can a firm balance its legitimate business interests and needs against the potential tensions created by giving the roles of GC and CCO to one individual?
COMPLIANCE COMMITTEE
One mechanism for mitigating the potential conflict is through an internal compliance committee made up of senior management and the GC/CCO. This can be an effective tool for addressing compliance issues where there are perceived competing business and compliance interests such that the roles of GC and CCO may lead the firm down divergent paths.
For example, it can be used where the firm is faced with multiple solutions to a problem and there is little formal regulatory guidance or authority. In instances where the firm has an option to pursue a more compliance-conservative path that is sub-optimal from a business perspective, versus a more aggressive—in other words, risky—solution, the compliance committee can be an effective sounding board.
The GC/CCO has the ability to present all options to the committee and assess the relative risks and rewards of each. The committee then evaluates the different options and, ideally, a consensus is reached among the entire group. In this manner, the tension between the roles of GC /CCO, and the potential for conflict that can arise from the competing responsibilities of each, is mitigated.
The composition, character and powers of the compliance committee will depend on a variety of factors, including the business and strategy of the asset manager, the level of risks involved, and the personalities and skillsets of senior management.
In addition to the GC/CCO, likely candidates are the CEO, other senior investment professionals, the CFO and the head of investor relations. In terms of powers, there are a range options. The compliance committee can perform a purely advisory function. The committee can provide counsel and guidance to the CCO and the senior managers who are the responsible decision-makers. Other firms may want the compliance
compliANce cliNic
How To Handle Having A Combined CCO/GCBy Edward T. Dartley of Pepper Hamilton
The role of the chief compliance officer has expanded and risen in importance over the last
several years. Asset management firms often fill this position with someone who also serves
as in-house counsel. Economics in many cases drives this decision, although there are many
firms with several billion dollars under management that choose to do so.
While there are many benefits to combining the GC and CCO position … firms must be cognizant of the potential tension created by the fundamental objective of each role, which in certain instances can diverge.
Visit the New Community Section
www.ComplianceIntel.com/Community
Network with key industry professionals, get a read on the industry voice, view live podcast interviews, share your opinion and more!
Blogs
Polls Industry Resources
Event listings
Implementing Today’s Regulations for Asset Managers and Brokers
Institutional Investor Intelligence, A Division of Institutional Investor LLC.
© Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997. 19
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
committee to have a stronger function, where the committee is empowered to make recommendations to be followed in instances where there is a potential conflict of interest.
OUTSIDE ADVISERS
An alternative to the formation of a compliance committee is the use of outside advisers in circumstances where the roles of GC and CCO present the potential for conflict. When a regulatory issue involves both legal analysis and advocacy, as well as compliance analysis, the presence of an experienced third-party adviser or consultant can mitigate or eliminate the conflict.
Again, the nature and circumstances of the regulatory problem should guide the approach. The asset manager may need the GC/CCO’s legal expertise and deep knowledge of the firm to guide the legal analysis. In those instances, a compliance consultant, preferably one who knows the firm and its compliance program, can provide the asset manager with advice on potential compliance strategies and solutions. In other cases, it will be more appropriate for the GC/CCO to use his or her experience to focus on the CCO-related issues, and bring in outside legal counsel to provide the legal analysis.
PRIVILEGE
Serving as GC and CCO raises another challenge for both the individual and the firm—the use and protection of the attorney-client privilege. Regulatory questions often have both legal and compliance components to them. An asset management firm that has a combined GC/CCO can gain the protection of the attorney-client privilege for the firm’s consideration of such issues, if properly structured. But protection of the privilege
requires care. The GC/CCO needs to be mindful of the role that is being played at
any point in the process, and should regularly ask whether he or she is acting in a legal or a compliance capacity. This is particularly true when engaging in written or email communications, where a blend of legal, compliance and business topics may be discussed. Where the GC/CCO is comfortable that the subject matter is legal in nature and deserving of protection, that communication should include an express designation that it is privileged and confidential.
At the same time, blanket designations of communications as privileged will not protect the firm if ever challenged, for instance in an SEC examination. On the contrary, over-designation runs the risk that all communications identified as privileged become the subject of scrutiny, including those that are legitimately deserving of the protection.
Equally important is that the asset manager’s senior management understand that the GC/CCO may be playing differing roles when addressing a regulatory issue, and that care be exercised when reaching out to the GC/CCO for advice. The GC/CCO in this position should sensitize the firm to these issues, stressing the need to be thoughtful about whether or not to communicate an issue in writing or electronically. This topic can be easily added to the firm’s annual compliance training.
Fulfilling the CCO function has become increasingly challenging over the last several years. Combining the CCO and GC roles can help meet those challenges—particularly where there is an understanding and willingness to address the potential tensions that may arise.
Edward T. Dartley is a financial services attorney with Pepper Hamilton in New York, and previously served in a dual role at an asset management firm.
Visit the New Community Section
www.ComplianceIntel.com/Community
Network with key industry professionals, get a read on the industry voice, view live podcast interviews, share your opinion and more!
Blogs
Polls Industry Resources
Event listings
Implementing Today’s Regulations for Asset Managers and Brokers
Institutional Investor Intelligence, A Division of Institutional Investor LLC.
20 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
While the implementing regulations were effective April 1, 2014, the
rule contemplates a “conformance period” during which affected
banking entities will be allowed to adapt their activities and
investments to comply.
The Fed has extended the conformance period to July 21, 2015 and
has the authority to extend it twice more, with each extension being
for a period of up to one year.
Compliance officers, however, should not count on the additional
time being granted and should assume that their organization must be
in compliance by the summer of 2015. In the meantime, C/Os should
take note of how the FAQs will affect their firm’s preparations.
Question 1: For those subject to quantitative measurement and reporting requirements, when should reports be made if the deadline falls on a weekend or holiday? How should metrics be calculated during the initial reporting periods?
Beginning July 1, 2014, the largest banking entities—those with at least
$50 billion in trading assets and liabilities as calculated according to
the rule—must start measuring and recording required daily metrics.
These metrics must be reported within 30 days of month-end, unless
that date falls on a weekend or holiday, in which case the deadline is
the following business day. The initial reports covering daily metrics
for July, 2014 must be filed by Sept. 2, 2014. This 30-day reporting
window will be shortened to just 10 days beginning with information
for the month of January 2015 (report to be due by Feb. 10, 2015).
In addition, the agencies clarified how metrics for the first two
months should be reported based on a 30-day, 60-day or 90-day
calculation period. Daily metric recording did not begin until July 1,
so the initial report, due Sept. 2, may include only a 30-day calculation
period. Likewise the second report, due Sept. 30, may include only
30-day and 60-day calculations. The third report, due Oct. 30, and all
subsequent reports must include data for all calculation periods.
Compliance departments at these large organizations should ensure
that both systems and processes are in place to record the necessary
metrics on a daily basis and compile them at the end of the month.
Additionally, C/Os should be assessing the time and resources required
to produce the reports within the 30-day reporting window in order to
develop and implement a plan by the end of the year to ensure that the
entity will be able to meet the shortened 10-day window that becomes
effective early next year.
Question 2: Must trading desks that span multiple affiliated banking entities report metrics to multiple agencies?
“Trading desk” is defined as the smallest discrete organizational unit
of a banking entity that purchases or sells financial instruments for the
trading account of the banking entity or an affiliate. As explained by
the agencies, this approach has the advantage of providing a narrow
definition so banking entities can customize limits and procedures
to individual trading desks and adjust those limits and procedures in
recognition of the instruments and markets used by the desk.
This approach also inherently acknowledges that trading desks
may trade instruments for affiliates of the banking entity and may
hold positions in the name of different entities. The implementing
regulations subsequently require a trading desk to identify all positions
for which it has a financial exposure, as well as the legal entities where
such positions are held.
If quantitative measurements must be reported to an agency, and if
the trading desk spans multiple affiliates, the trading desk must report
compliANce cliNic
Volcker Rule FAQs: What CCOs Need To KnowBy Julius L. (“Jerry”) Loeser and Sterling Sears of Winston & Strawn
Sterling SearsJulius L. Loeser
On June 10, six months after issuing regulations to implement the Volcker
rule, the Federal Reserve Board, the other federal bank regulators, and the
Securities and Exchange Commission issued guidance on the implementing
regulations in the form of six frequently asked questions. The first two FAQs
address proprietary trading questions, while the other four are focused
on how the rule affects banking entities that acquire or retain ownership
interests, or sponsor, so-called “covered funds”—generally, private investment funds relying on section 3(c)(1) or
3(c)(7) of the Investment Company Act.
© Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997. 21
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
to each agency with jurisdiction over the affiliates under section 13 of
the Bank Holding Company Act. However, separate calculations for
each sub-set of positions held at an affiliated entity are not required
as the trading desk may report positions on a desk-wide basis to all
appropriate agencies.
Compliance departments should create programs and procedures
to track:
• The total exposure of the trading desk;
• The affiliated entities where such positions are held;
• Which agencies are entitled to reports.
Question 3: How does the rule against prohibited activities and investments apply during the conformance period?
During the conformance period, the banking entities should
engage in good faith efforts to bring their activities into compliance.
Unfortunately, the agencies have provided scant guidance on what
constitutes a “good faith effort” to make the institution compliant by
the deadline. However, such efforts include:
• Evaluating the extent to which the entity is engaged in covered
activities and investments;
• Developing and implementing a specific plan to conform by the
deadline.
We believe that undertaking new activities that cannot be
unwound by July 21, 2015 (e.g. investing in fund shares that cannot be
divested by July 21, 2015) would not be consistent with engaging in a
good faith effort.
Compliance departments should prepare for full compliance by
July 21, 2015 as the agencies have stated that banking entities should
not expand activities nor make prohibited investments during the
conformance period with the expectation that additional time will be
granted.
Question 4: What qualifies as loan securitization servicing assets?
The regulation implementing the rule exempts loan securitizations
from the definition of the term “covered fund.” However, this
exemption is premised on the fund’s assets being limited to:
• Loans and certain other assets designed to assure the servicing
or timely distribution of proceeds to holders of its asset-backed
securities;
• Other incidental assets provided that such servicing asset meets
the requirements of the rule.
The agencies explained that a servicing asset may be any type of
asset, but, if the servicing asset is a security, it must be a “permitted
security.” This, in turn, means either a cash equivalent or a security
received in lieu of a previously contracted debt. As provided in
the implementing regulations, the term “cash equivalents” means
high quality, highly liquid short-term investments whose maturity
corresponds to the securitization’s expected need for funds and whose
currency corresponds to either the underlying loans or the asset-
backed securities.
Compliance departments should review the types of assets that
are being used as servicing assets and should advise the business lines
about the rules going forward so that loan securitizations are properly
structured to avoid “covered fund” status.
Question 5: Is an exclusion available for foreign public fund seeding vehicles?
The implementing regulations exclude from the definition of the term
“covered fund” certain non-U.S. public funds, i.e. issuers:
• Organized outside the U.S.;
• Authorized to sell ownership interests to retail investors in their
home jurisdictions;
• Selling those interests predominantly through public offerings
outside the U.S.
The regulation also excludes seeding vehicles that will become
U.S. registered investment companies, or RICs, but does not address
seeding vehicles for non-U.S. public funds.
The agencies clarified that seeding vehicles for non-U.S. public
funds will not be treated differently than seeding vehicles for RICs if
the non-U.S. seeding vehicle is formed and operated pursuant to a
written plan to become a qualifying foreign public fund.
C/Os wishing to qualify for the exclusion must create a plan that
documents the banking entity’s determination that the seeding
vehicle will become a foreign public fund, the time period during
which the vehicle will be a seeding vehicle, the planned marketing of
the seeding vehicle to investors within one year of its establishment,
and the planned operation of the seeding vehicle consistent with the
investment strategy (including leverage) of the issuer upon becoming a
foreign public fund.
Question 6: What does it mean for a covered fund to share the same name or a variation of the same name with a banking entity?
While the rule generally prohibits a banking entity from acquiring or
retaining an ownership interest in a covered fund or sponsoring such
a fund, it also expressly permits a banking entity—subject to certain
conditions—to organize and offer a fund to its investment advisory
or trust customers. Those conditions include the fund not sharing the
same name or variation of the same name with the banking entity or
any affiliate of the banking entity.
The FAQ explains that banking entities should avoid featuring the
same root word, initials or logo, trademark or other corporate symbol
used by, or referencing, a connection with the banking entity or
affiliate thereof.
C/Os should review the name of each permitted covered fund to
ensure that it is sufficiently distinct from the name of the banking entity
such that the fund’s use of the name is unlikely to lead to customer confusion regarding the relationship between the two entities. In particular, the name should avoid the appearance that assets of the banking entity will insure the assets and performance of the fund.
Julius L. (“Jerry”) Loeser is of counsel and Sterling Sears is an associate
with Winston & Strawn LLP’s Chicago office.
22 © Institutional Investor Intelligence 2014. Reproduction requires publisher’s prior permission. To receive email alerts or online access to Compliance Intelligence, call (800) 437-9997.
SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE SEPTEMBER 2014 | www.coMPliancEinTEl.coM SPEcial REPoRT on coMPliancE
Notably, in FINRA’s exam priorities letter, the self-regulatory organization stated that it believed there was a misconception among some “executing brokers” that Customer Identification Program, or CIP, requirements do not apply to delivery versus payment/receipt versus payment (DVP/RVP) customers or that the prime broker is exclusively responsible for CIP on those customers.
NASD Rule 2340 defines a DVP/RVP account as an arrangement whereby payments for securities purchases are made to the selling customer’s agent and/or delivery of securities sold are made to the buying customer’s agent in exchange for payment at time of settlement, usually in the form of cash.
From an AML perspective, DVP/RVP accounts meet the definition of “account” for CIP purposes. However, the DVP/RVP account is often held in the name of a U.S. institutional customer regulated by a federal functional regulator and therefore excluded from CIP, or the prime broker and executing broker have a formal reliance agreement allocating CIP responsibilities. Absent these scenarios, AML compliance officers (AMLCOs) should revisit their CIP efforts to ensure that, in the appropriate scenarios, their CIP adequately addresses DVP/RVP customer relationships.
OMNIBUS/MASTER-SUB ACCOUNTSOver the years, regulators also have discussed their expectations
with respect to CIPs for certain omnibus and/or master-sub account relationships. Given FINRA’s 2014 regulatory and exam priorities letter, now may be a good time for AMLCOs to consider whether certain omnibus or master-sub account relationships require a CIP—including any enhanced due diligence requirements pursuant to Section 312 of the USA Patriot Act for certain correspondent accounts—when assessing their AML risk-based programs.
Generally, an omnibus account is an account for an entity that is acting as an intermediary on behalf of others and the B/D’s customer is the intermediary. This is true even if the B/D has some information
about beneficial owners of the omnibus account. However, AMLCOs should not simply rely on this general understanding when determining if a CIP is required for an omnibus account.
Indeed, for an omnibus account, the B/D may treat the intermediary as its customer for CIP as long as it meets the 2003 guidance set forth by the Financial Crimes Enforcement Network and the Securities and Exchange Commission (see Question And Answer Regarding The Broker/Dealer Customer Identification Program Rule, 31 C.R.F. §103.122, Oct. 1, 2003). AMLCOs should review this guidance carefully and make sure that in those instances where the B/D may have some beneficial ownership information related to an omnibus account that the account continues to permit the B/D to treat the intermediary as its customer for CIP purposes.
FINRA also has discussed those instances where a B/D may need to treat sub accounts, instead of the intermediary, as the customer for CIP purposes. FINRA Regulatory Notice 10-18, issued in April 2010, highlighted the SRO’s concerns with master/sub account relationships.
AMLCOs should consider carefully whether certain master/sub accounts create concerns such that the beneficial owner should be considered the customer for CIP purposes. Put another way: In the master/sub account relationships, what controls do the beneficial owners of the sub accounts have, and is the master omnibus account in fact being intermediated by the master customer? If not, then regulators are likely to require the B/D to treat the sub-account holder as a customer under its CIP.
The variety of ways B/Ds establish relationships with institutional accounts means that AMLCOs should review carefully those account relationships when assessing the risks attendant with their AML programs. This assessment should include a review of the B/D’s institutional accounts to ensure the B/D is appropriately identifying who its customer is for its CIP. AMLCO assessments of their CIP have become increasingly important given FINRA’s 2014 regulatory and exam priorities letter.
Paul M. Tyrrell is counsel with Sidley Austin LLP in Boston.
compliANce cliNic
Why CCOs Should Check CIPs For Institutional Accounts By Paul M. Tyrrell, Sidley Austin
Paul M. Tyrrell
The Financial Industry Regulatory Authority continues to scrutinize broker/dealers’ anti-money
laundering programs—particularly where they deal with AML obligations related to institutional
accounts. Indeed, FINRA’s January 2014 regulatory and examination priorities letter highlighted
that it “will focus on AML issues associated with institutional business” (CI, 2/6). Although this
focus is not necessarily new, it certainly has placed B/Ds’ institutional account relationships front
and center in 2014.
REGISTER YOUR PLACE BEFORE OCTOBER, 10 2014 FOR BEST VALUE RATES!
Media Partners:
NRS Technology and Communication Compliance Forum
November 11-13, 2014 - Hyatt Boston Harbour, Boston
www.nrs-conferences.com/techcomms
CyberSecurity, IT risk and disaster recovery DAY2
Annual review and testing of technology and communication compliance DAY3
Social media, advertising and marketing DAY1
The digital technology revolution has forever changed the role of compliance
Attend one day or all three days to gain a complete overview of regulation, best practice and processes:
1950 NRS Tech Forum 2014 US A4 Ad.indd 1 01/09/2014 13:04