The Department of Labor (DOL) Fiduciary Rule became effective February 16, 2021, with a compliance date of December 20, 2021.
Under 3.0, advice to rollover or transfer an account is fiduciary advice…even though the prospect is not yet a client.
ERISA fiduciaries are subject to the prohibited transaction rules, primarily 408(b) which prohibits self-dealing. This is all very similar to the DOL Fiduciary Rule from 2016, that was vacated by the U.S. Court of Appeals Fifth Circuit in May 2018.
The new 3.0 requires four elements of disclosure:
Affirmation of ERISA fiduciary duty
Description of services to be provided
Disclosure of material conflicts of interest
Explanation of the reasons for the recommendation and how it is in the Retirement Investor’s best interest
A firm’s Policies and Procedures must be updated to include the information required for 3.0.
All this said, it appears that ERISA may be changing the requirements by starting all over again. So It is suggested to have a plan to be ready to implement by December 20th, but to understand that the requirements and compliance date could change.
There is another FINRA phishing scam that has been going out. The email appears to be from Jeffrey Kalinowski at FINRA. He really works at FINRA, but the email is a scam. Don’t click on any links in the email.
Cybersecurity Guidance for Investment Advisers Managing ERISA plans
Jun 03, 2021 03:51 pm | by Jaqueline Hummel, Partner and Managing Director, Hardin Compliance
For Investment Advisers and Broker-Dealers
DOL issues Cybersecurity Guidance. On April 14, 2021, the U.S. Department of Labor (“DOL”) Employee Benefits Security Administration (“EBSA”) issued cybersecurity guidance directed towards ERISA plan sponsors and ERISA fiduciary advisors. While the guidance appears similar to SEC’s advice, there is one noticeable difference: the DOL says firms “should” have a reliable annual third-party audit of security controls. As part of this audit, EBSA expects to see audit reports, audit files, penetration test reports, and any other analyses or reviews of cybersecurity practices. EBSA also wants documented corrections of any weaknesses identified in the independent third-party analyses. What are the implications to firms subject to this guidance? Will the DOL consider it a breach of fiduciary duty if a firm does not hire a third party to conduct an audit of its security controls? Can a firm do this assessment internally? Time will tell if this is a best practice or a requirement.
In addition to the third-party review, the DOL provided these best practices that ERISA plan service providers “should” follow:
Implement a well-documented cybersecurity program.
Conduct a prudent annual cybersecurity risk assessment.
Clearly define and assign informational security roles and responsibilities.
Establish robust access control procedures.
Ensure that any assets or data stored in a cloud or with a third party are subject to appropriate security assessments.
Many of you may have received the FINRA: New Request email below. It is a scam.
FINRA: New Request
Case 202106980000Request ID 3989971Date Requested 06/07/2021FINRA Requester Ta’She Spencer-Clifton Dear Eileen,A Firm Compliance Request has been issued by FINRA for your firm.Follow the information in the letter above to complete the request. Late submission may attract penalties.Please respond to this email for additional information. Sincerely,
Ta’she Spencer Clifton Principal Compliance Examiner Financial Industry Regulatory Authority (FINRA). 1735 K Street, NW Washington, DC 20006 347-201-4704
Today, we offer our “Friday List,” an occasional feature summarizing a topic significant to investment management professionals interested in regulatory issues. Our Friday Lists are an expanded “Our Take” on a particular subject, offering our unique (and sometimes controversial) perspective on an industry topic.
Several C-suite investment management executives have asked for our advice on how to ensure an effective compliance program with everybody, including the Chief Compliance Officer, working from remote locations. We’re glad they asked. Over the last 17 years, we have developed a very effective remote chief compliance services offering that has withstood SEC scrutiny through market highs, market lows, a variety of business models, multiple locations, and, now, a pandemic. Whether you are the CEO worried about what you don’t know or a CCO who is overly reliant on “water cooler compliance,” we offer 10 best practices that we follow to implement an effective remote compliance.
10 Remote Compliance Best Practices:
Scheduled and consistent communication. The CCO must ensure a consistent flow of information. We formalize this process by conducting weekly compliance meetings that include detailed pre-meeting agendas and followed with written minutes.
Multiple touch points. Accessibility is crucial to an effective compliance program. Many in-house CCOs may now be distracted with home responsibilities and distractions. Our firm deploys a 2+ person team for every client so that somebody is always available to respond to compliance questions or issues. Our clients also can access other members of the team for support.
Online tools. Compliance officers can use key on-line technologies for effecting the compliance program. For example, we utilize BasisCode to vet employee trading and ensure Code of Ethics compliance. Other tools that are available in the industry include portfolio monitoring, trading compliance, and email reviews.
File sharing. All employees should have immediate access to compliance documents. We utilize Box, an online file sharing tool, so that our clients can review policies, testing, approved marketing materials and disclosure documents.
Responsiveness. The CCO should respond immediately to all requests on a 24/7/365 basis. Our firm policy is to respond within 120 minutes and provide an answer within 24 hours. This policy includes reviewing and revising marketing materials within 24 hours.
Testing. Much compliance testing can be done remotely. We have developed several compliance tests that involve transaction sampling, document reviews and interviews. We plan to use future on-site visits to confirm our findings.
Workload. Many firms have failed to devote sufficient resources to the CCO, who juggle many balls and roles during their workdays. The remote working environment throws the under-resourcing into relief as the remote CCO struggles to answer all the calls. Our firm, by monitoring workloads, hours and fees, makes certain that nobody is so overwhelmed that we can’t meet our service and quality standards.
Management involvement. Too many CCOs fail to include senior management in ongoing compliance matters, thereby becoming the proverbial tree that falls in the empty forest. We recommend that every client creates a compliance committee of senior leaders that meets quarterly to address compliance issues.
Accountability. What happens if the remote CCO fails to adequately perform his/her function because of other distractions? Is somebody adequately managing the CCO? Can you terminate without another option? By contrast, our firm assumes the CCO liability and executes a service level agreement that holds us accountable for our promises.
On-Site visits. Meeting in person helps to verify testing and complete due diligence. We commit to no less than 6 on-site visits per year for every client for whom we serve as CCO. During the pandemic, we will conduct on-site visits via videoconference but plan to go on-site to confirm testing and complete due diligence.
UPDATE TO THIS ARTICLE – THE DEADLINE TO RETURN HAS BEEN EXTENDED TO 5/14/20
Also, if you need to disclose the PPP loan on your ADV Part 2, it must be done within 30 days. I believe that if the PPP is not disclosed, the SEC may be calling you to discuss why you haven’t disclosed.
Disclosure Of The PPP Loan On Form ADVs
On April 27, 2020, the Securities and Exchange Commission issued FAQs specific to advisors experiencing Covid-19 issues. In these FAQs, the SEC addressed whether an advisor who has received a PPP loan has to disclose the loan to its clients through an ADV filing. While the SEC does not directly answer this question in the affirmative, its guidance indicates that advisors are strongly urged to make the disclosure, and we agree. First, the SEC points out that advisors have a fiduciary duty requiring them to “make full and fair disclosure” to clients of “all material facts.” The SEC further states that “if the circumstances leading [the advisor] to seek a PPP loan or other type of financial assistance constitute material facts relating to [the advisor’s] advisory relationship with clients, it is the staff’s view that [the advisor] should provide disclosure of, for example, the nature, amount and effects of such assistance.” While the SEC lists two specific examples of situations requiring ADV disclosures (paying advisory personnel salaries and meeting contractual commitments to clients), we believe there are very few scenarios, if any, in which the acceptance of the PPP loan would be immaterial and not disclosable in an advisor’s ADV. Given that the PPP loan requires certification that the loan is necessary to support ongoing operations and can only be used for limited crucial expenses associated with the advisor, such as rent payments and utilities, the SEC would likely deem the acceptance of PPP funds as a material fact for purposes of the ADV. The reason why is because acceptance of the PPP funds is relevant to the financial condition of the advisor. If an advisor returns the PPP loan by the May 7 deadline, ADV reporting would likely be unnecessary.
The SEC has come out with an FAQ regarding the disclosure of PPP loans. Please read below. If you are a client and need to have your ADV Part 2A updated to include a PPP disclosure, please let me know.
Q. I am a small advisory firm that meets the requirements of the Paycheck Protection Program (PPP) established by the U.S. Small Business Administration in connection with COVID-19. If I receive or have received a PPP loan, what are my regulatory reporting obligations under the Investment Advisers Act of 1940 to my firm’s clients?
A. As a fiduciary under federal law, you must make full and fair disclosure to your clients of all material facts relating to the advisory relationship. If the circumstances leading you to seek a PPP loan or other type of financial assistance constitute material facts relating to your advisory relationship with clients, it is the staff’s view that your firm should provide disclosure of, for example, the nature, amounts and effects of such assistance. If, for instance, you require such assistance to pay the salaries of your employees who are primarily responsible for performing advisory functions for your clients, it is the staff’s view that you would need to disclose this fact. In addition, if your firm is experiencing conditions that are reasonably likely to impair its ability to meet contractual commitments to its clients, you may be required to disclose this financial condition in response to Item 18 (Financial Information) of Part 2A of Form ADV (brochure), or as part of Part 2A, Appendix 1 of Form ADV (wrap fee program brochure). (Posted April 27, 2020)
Be aware that opportunistic criminals are using the coronavirus pandemic to steal people’s money and identities. Here are some of the strategies you should be aware of:
Outbreak maps. Don’t click on any link that purports to show a map of the COVID-19 outbreak unless you absolutely trust the source. The Johns Hopkins interactive map at https:// coronavirus.jhu.edu is one legitimate source. Some scammers have used bogus online maps to spread malware and capture usernames, passwords, credit card numbers, and other information. Be careful about what you click!
Email campaigns. Criminals have put a coronavirus spin on email phishing, using infected attachments or downloads to steal information. Remember: The email may look like it is from a legitimate source like a bank, but it’s best to go to the bank website directly or give them a call.
Charitable giving. Be on the alert for scammers posing as representatives of legitimate charitable organizations. You may also receive an urgent request from someone you know seeking financial help. Make sure to contact the person directly to verify that the request really was from them.
Testing scams. Finally, officials aren’t likely to knock on your door as part of a coronavirus outreach and response. Instead, it’ll probably be a scammer trying to take advantage of people’s fears by selling them expensive products or otherwise getting their personal information. Don’t let them in the house, and don’t give them information.
It’s important that we all stay vigilant in these uncertain times. If you have any questions, call
a local agency or do your research from only legitimate sites on the internet. The Federal Trade Commission has more information on coronavirus- related scams and what you can do.
Your financial well-being is our priority. We will keep you informed of important developments in the fight against cybersecurity threats.
In the meantime, we wish you continued health, and we look forward to meeting you in person once more after the outbreak ends.
I know these are very tough times, with the markets down and towns going into quarantine mode. Here are a few tips from Jen Goldman of Jen Goldman Consulting, most which you all know.
1. make sure everyone knows how to log into 365 or G Suite online and access their email, calendar and Office software (Excel, Word, PowerPoint) (and email signatures are setup properly with a clickable phone number to call)
2. have everyone bring home video call devices (webcam, headset)
3. pre-schedule a daily huddle video call with your team to check on their mental state and help get them into work mode (side benefit: this huddle will build a great habit of getting dressed for work, which calms the nerves as it makes staff feel like they are in control of something and have a purpose beyond worrying about the world and their health)
4. make sure mobile apps are setup for the online CRM, Document, Video Call, IM, and Project Management tools
5. for investment management staff, make sure they can log into the custodian and investment management/trading software from home
6. learn how to setup your phones to forward to cell phones (and be ready to put that into place)
7. start a group text on mobile devices and ask everyone to keep it on their phones indefinitely and to NOT use it for regular chatter. It is only to be used for urgent messages that everyone needs to know. IM is for the regular intraday chatter.
Don’t miss this opportunity to reserve your seat at an interactive workshop that offers a practitioner’s view of the GIPS® standards. Sessions have been organized covering GIPS compliance fundamentals and how to create and maintain a GIPS compliance program, with an in-depth review of composite construction and calculations, GIPS compliance policies and procedures, GIPS compliant performance reporting and error correction. We hope you can join us and bring a colleague, but don’t delay – space is limited and early bird pricing ends 3/31/2019. Click here for registration details.
April 25, 2019 – Portland Oregon
This workshop is being co-organized by Amy Jones of Guardian Performance Solutions. If you are interested in GIPS compliance…this is the workshop to attend.