If your Policies and Procedures Manual says you do ‘X’ then you should be doing it. In the past year I have added a policy for the DOL Rule to client Policies and Procedures Manuals. Examiners have been asking about those policies and what the firms have done to meet the requirements of those policies.
Many people believe the that DOL Rule is dead. The 5th Circuit has not vacated the Rule, so it is still in effect. What has become clear during the SEC examinations is that the examiners are using the Policies and Procedures Manual to determine if firms are meeting their DOL Rule requirements.
Be sure that you are doing what your Manual says you are doing, especially regarding the DOL Rule.
Although it appears that the federal court decision vacating the DOL Fiduciary Rule was supposed to take effect on May 7, 2018, the DOL releases a statement continuing its policy of non-enforcement given “uncertainty about fiduciary obligations.”
Firms that have compliance P&Ps to comply with the DOL’s impartial conduct standards are wise to keep them. These standards seem to be similar to what may be required with the SEC’s proposed investment adviser fiduciary duty interpretation.
My recommendation is to maintain compliance with your firm’s P&P regarding the DOL Rule until there is official word.
Yesterday, March 15, 2018, the U.S. Court of Appeals for the 5th Circuit voted 2-1 to vacate the DOL Fiduciary Rule. HOWEVER, the effect of the decision only applies to the following three states within the 5th Circuit’s jurisdiction – Louisiana, Mississippi, and Texas.
The next question is whether any party will appeal this decision to the U.S. Supreme Court.
So don’t rush to stop your compliance with the Impartial Conduct Standards that have been in effect since June 9, 2017.
Cybersecurity is once again on the SEC’s OCIE exam priorities list. There are many things that a firm can do to counter the concerns of Cybersecurity. One of the most difficult items to counter is an employee and their inadvertent opening of an email that could open up your firm data to the outside.
Several of my clients have started to work with a firm called KnowBe4. They have a relatively inexpensive program that can handle several of your Cybersecurity concerns relative to employees:
- Cybersecurity Training
They maintain an online library of security awareness training that can assist with the Cybersecurity Training requirement. These trainings can be automated and scheduled reminders sent to employees via email. Which can be documented in the firm’s CRM.
They also have a fully automated system that will send out simulated phishing attacks. This will help you to know which of your employees may be susceptible to a phishing attack. You receive the results of the “attacks” and can then train employees accordingly.
This is an easy, low-cost solution to a problem that isn’t going away. Check out their demo at KnowBe4.com.
from Cipperman Compliance Services
The SEC fined and barred an adviser’s Chief Compliance Officer from acting in a compliance or supervisory capacity because of his failures to remedy compliance deficiencies. The adviser hired an outside compliance consultant which recommended 59 compliance action items. The SEC alleges that the CCO failed to address many of the issues raised including failures to (i) ensure a surprise audit pursuant to the custody rule, (ii) retain emails and other electronic records, and (iii) implement policies to protect customer information. The SEC also charges the CCO with compliance program deficiencies including failures to update the compliance manual or conduct any meaningful annual review of the compliance program. The firm’s president/principal was also censured and fined.
OUR TAKE: The SEC doesn’t often prosecute standalone (i.e. not dual hat) CCOs without an underlying client loss, but it will if the CCO ignores obvious compliance deficiencies of which he has notice. This is what we call “compliance voodoo” i.e. an appearance of compliance infrastructure without an effective program. This CCO had a compliance manual, did some quarterly testing, and hired a third party consultant. But, neither the CCO nor the firm took any action to actually implement relevant procedures to address cited compliance deficiencies.
from Cipperman Compliance Services, LLC
The SEC censured and fined three more investment advisers in connection with marketing F-Squared’s misleading hypothetical performance information. One of the firms agreed to pay $8.75 Million in disgorgement, fines, interest and another agreed to pay over $700,000, while the third firm, which has ceased its business, agreed to pay a $200,000 fine. The SEC alleges that the firms incorporated misleading F-Squared-provided performance information into their marketing materials without conducting adequate due diligence into the performance claims, despite significant red flags such as hypothetical backtested performance, outlier returns, lack of actual performance history, and lack of data transparency. The SEC charged the firms with failing to implement adequate compliance policies and procedures to verify third party performance claims and maintain required records. The defunct firm, which also sponsored a registered mutual fund, was also charged with several Investment Company Act violations including violations of Section 15, which requires a shareholder-approved written agreement with all sub-advisers. The SEC has previously brought several cases related to incorporating misleading F-Squared performance (see http://cipperman.com/2016/08/29/sec-fines-13-advisers-for-failing-to-verify-third-partys-performance/).
OUR TAKE: Investment advisers must adopt and implement procedures to test performance claims made by third parties, and firms can’t claim ignorance and innocence if the third party refuses to provide backup data. Also, we do not believe firms should ever use hypothetical backtested performance data, because the SEC usually alleges that such information is too misleading.
Preliminary Renewal Statements are available on the IARD. This statement includes the fees due to states for 2018. These fees are due whether you are a state or an SEC advisor. Payment is due on or before December 18, 2017.
It is imperative that fees are paid in a timely manner. Many states will terminate your registration if you have not paid your fees. This could require that you register all over again. During this time you may no longer be considered “registered.”
The SEC can require you to repay fees to clients for the time that you were not in compliance (meaning you haven’t paid your fees).
So, if you haven’t done so already, head to the IARD and pay those fees.