Consistency between Code of Ethics and Actual Gifts Received

from Cipperman Compliance Services

The SEC censured and fined an investment consultant and its principal $700,000 for lying about gifts received from recommended investment managers and performance information. The respondent’s marketing material claimed that neither the firm nor its principals took “so much as a nickel” from any investment manager. However, the firm’s Code of Ethics permitted gifts over $100 with pre-approval and under $100 without. The SEC asserts that personnel in the firm received tickets to the Masters Golf Tournament and other smaller gifts over a 4-year period, even where such gifts violated the Code of Ethics but the firm never imposed discipline. The SEC also accuses the firm of marketing hypothetical and back-tested performance without sufficient disclosure or backup.

OUR TAKE: Code of Ethics violations are an oft-cited SEC deficiency and should be remedied upon discovery (see Common OCIE Deficiencies). However, this firm compounded the problem by boasting about its Code of Ethics compliance in marketing materials. We do not recommend claiming 100% compliance with any rule as part of a marketing campaign.

https://www.sec.gov/litigation/admin/2017/ia-4647.pdf

Posted in Uncategorized | Tagged , , , | Leave a comment

Disaster Recovery testing opportunity

Today may be an opportunity to test your Disaster Recovery Plan – especially if you live in the North East.  With the NorEaster, you, or some of your employees, may not be able to get to the office.  Or you may have closed your office.

If so, take this opportunity to test what you have done to be able to work from an alternate site.  Also, were all of your cloud applications available?

Be sure to document in your CRM what you did and what you learned.

Posted in Uncategorized | Tagged , , , , | Leave a comment

DOL Fiduciary NOT Yet Delayed by President Trump

from Michael Kitces

Given the party-lines debate that has revolved around the Department of Labor’s fiduciary rule for the past year – ever since President Trump put the full force and backing of the White House behind the final rule – it was widely believed that once President Trump won the presidential election, it would just be a matter of time before he issued an Executive Order to delay the rollout of the regulation this April. And yesterday morning, the White House circulated a draft version of the coming Executive Order, to be signed that afternoon, that would impose a 180-day delay to the rule.

Except as it turns out, the final version of the Memorandum that President Trump signed did not actually include a provision to delay the fiduciary rule after all, despite wide media reporting to the contrary! Instead, the Secretary of Labor was merely directed to conduct a new “economic and legal analysis” to assess whether the fiduciary rule and its looming applicability date is causing harm to investors by limiting access, triggering dislocations in the retirement services industry, or likely to cause increased litigation and increased costs for consumers. And if that is the case, then the Department of Labor would undertake yet another proposed rulemaking process, with a Notice and Comment period, before proceeding. A direct Executive Order from the President to delay, though, is off the table (though notably, many had pointed out it wouldn’t have been legally permissible to delay that way in the first place).

Given barely 2 months until the applicability date, it’s still unclear whether the new economic analysis requirement and subsequent rulemaking process will be able to successfully delay the rule, especially since President Trump’s Labor Secretary nominee Andrew Puzder hasn’t yet been confirmed, and is now reportedly being delayed indefinitely due to ongoing questions about his ethics and financial disclosures paperwork. Nonetheless, a delay is still possible, whether by inviting a stay in one of the lawsuits, going through a “hasty” rulemaking process to at least get some delay in the applicability date on the table (and then expand into further rule changes thereafter), or getting Congress to intervene (and overcoming a Senate Democrats filibuster).

But for the time being, the fact remains that it’s still “game on” for the Department of Labor’s fiduciary rule. The President’s Executive-Order-that-wasn’t may still ultimately facilitate a delay in the rule, and/or start the process of making changes to the fiduciary rule’s long-term provisions after the rule takes effect (but before any real enforcement and legal exposure kicks in). But that remains to be seen in the steps that acting Labor Secretary Ed Hugler does or doesn’t take in the coming days and weeks to quickly push the required economic analysis and the start of a new rulemaking process! At a minimum, though, it’s looking increasingly likely that the DoL fiduciary rule will be here to stay in some form… the only question is exactly what provisions last in the truly-final version, and when it will truly take full effect!

Posted in Uncategorized | Tagged | Leave a comment

5 ways to detect a malicious “phishing” email

from Carbonite

For as long as there’s been email, there’s been email scams. At least since the time email first started gaining widespread popularity in the 1990s, phishing scams have been showing up in email accounts. They’re called ‘phishing’ emails because the cybercriminals who send them are fishing for victims.

These fraudulent emails, which may appear to come from a legitimate company or even a personal acquaintance, are designed to trick people into giving up personal information, such as credit card and social security numbers. They may also be designed to scam unwitting victims into opening a harmful attachment or clicking a link that unleashes ransomware or some other type of malicious computer virus.

Back in the early days of the internet, phishing emails were full of typos, and laden with obvious clues—appeals from faraway princes or rich relatives you never knew you had.  These were very easy to spot. But cybercriminals have upped their game since then. For example, some cybercriminals go to great lengths to match the branding, color schemes and logos associated with the companies they are trying to impersonate.

Phishing email scams generally fall into one of these categories:

  • Traditional phishing attack
    The traditional phishing attack casts a wide net and attempts to trick as many people as possible. A classic example of this is the Nigerian prince advance-fee scam.
  • Spear phishing
    Spear phishing attacks are designed to target a specific individual or small group of individuals. For example, a spear phishing attack my use information about a particular restaurant or small business to target one or more employees at that business. Or it could look like an email from a friend.
  • Whaling
    Whaling attacks, which have become increasingly popular in recent years, are targeted at high-profile victims like C-level executives and their teams. A typical whaling email may look like it was sent from the CEO of your company. But it’s really a fake designed to get you to share valuable information about the company.

Protect yourself from phishing scams
Phishing emails may be more difficult to identify these days, but there are some important steps you can take to avoid becoming a victim. If you answer ‘yes’ to any of the questions below, there’s a very good chance that you’re looking at a phishing email.

1.  Does the message ask for personal information?
Always remember that reputable businesses do not ask for personal information – such as social security and credit card numbers – via email.

2. Does the offer seem too good to be real?
If it seems too good to be true, it’s a fake. Beware of emails offering big rewards – vacations, cash prizes, etc. – for little effort.

3. Does the salutation look odd?
Reputable companies will use your name in the salutation – as opposed to “valued customer” or “to whom it may concern.”

4. Does the email have mismatched URLs?
If you receive an email from an organization that includes an HTML link in it, hover your mouse over the link without clicking and you should see the full URL appear. If the URL does not include the organization’s exact name, or if it looks suspicious in any other way, delete it because it’s probably a phishing email. Also, you should only visit websites that begin with ‘https’ because the ‘s’ at the end indicates advanced security measures. Websites that begin with “http” are not as secure.

5. Does it give you a suspicious feeling?
Trust your instincts when it comes to email. If you catch yourself wondering whether it’s legitimate, and your instinct is to ignore and delete it—then pay attention to that gut check.

Posted in Uncategorized | Tagged | Leave a comment

Five steps to take when you suspect you are a victim of a cyber attack

from IAWatch

Step 1: Contact your IT leader.

Step 2: Assess if your system has been penetrated.

Step 3: Detect the extent of the hack.

Step 4: Notify clients – be aware of your state’s laws regarding alerting a client when you’ve suffered a breach involving their data.

Step 5: Conduct a post-mortem.

 

Posted in Uncategorized | Tagged , , , | Leave a comment

Relevant Factors to Consider when Evaluating a Retirement Distribution under the DOL Fiduciary Rule

from Fred Reish’s “Interesting Angles on the DOL’s Fiduciary Rule #29”

What are the relevant factors for evaluating whether a participant should take a distribution? In other words, what information does an adviser need to gather and review?

In BICE, the DOL identifies three specific types of relevant information about the retirement plan. (Note that there may be relevant factors in addition to these three, but the DOL is saying that a recommendation to take a distribution would, at the least, need to consider these.) Those factors are: the investments in the plan; the services provided by the plan; and the expenses in the plan. Examples of other relevant matters are whether the plan permits periodic distributions without charge, and whether the participant is invested in company stock in the plan (particularly if the participant has a low basis in the company stock compared to its current value). Those factors, and other relevant matters about the plan, need to be evaluated. Of course, that means that information needs to be obtained.

Where the adviser already provides services to a plan, it should be relatively easy to gather the information. However, if the adviser does not work with the plan, the adviser will need to make a diligent effort to gather that information. (The Department of Labor says in Question 14 of the FAQs that the adviser “must make diligent and prudent efforts to obtain information on the existing plan.” Question 14 goes on to say: “In general, such information should be readily available as a result of DOL regulations mandating plan disclosure of salient information to the plan’s participants (see 29 CFR 2550.404a-5).)”

In other words, the adviser should ask the participant for a copy of the plan’s 404a-5 disclosures (which are also known as participant disclosures and/or the Investment Comparative Chart). That should be readily available to a participant, since those materials are provided to participants when initially eligible and, again, each year thereafter. In addition, an adviser could ask a participant for his most recent quarterly statement, which should reflect any expenses being charged against the participant’s account, as well as how the participant is invested and the account balance. Those statements should also be readily available since, for participant-directed plans, they are provided quarterly.

In addition a participant would have access to materials through the participant’s page on the plan’s website.

In other words, the information is readily available. (Note that the FAQs provide alternative methods of obtaining the information, but only after the adviser has engaged in “diligent and prudent efforts to obtain information,” but has not been able to do so.)

In addition to the information about investments and expenses, an adviser also needs to obtain information about plan services. In many cases, that could be done through interviewing the participant. For example, does the plan have a brokerage account option? Does the plan provide non-discretionary investment advice services or discretionary investment management services? Once that information has been gathered, an adviser should compare it to comparable information about the proposed IRA. While the gathering of information, in and of itself, can take some work, the analysis is the critical step. The information is just the foundation from which to make the analysis.

The key to the analysis and the development of a prudent recommendation is to focus on the best interest of the participant. Also, keep in mind that BICE requires that the adviser document why the recommendation is in the best interest of the investor.

The views expressed in this article are the views of Fred Reish, and do not necessarily reflect the views of Drinker Biddle & Reath.

Posted in Uncategorized | Tagged | Leave a comment

Firm Censured for Failing to Disclose Investment in Service Provider

from Cipperman Compliance 

The SEC fined and censured a private equity fund manager for failing to disclose that the principals had personally invested in an IT firm that it had engaged. The respondent utilized the IT firm to perform due diligence before investing in portfolio companies. The SEC asserts that the firm failed to disclose that firm principals invested in the IT firm and occupied Board seats and that the IT firm’s CEO is the brother-in-law of one of the principals. Although the SEC acknowledges that neither the PE firm nor the principals profited and that the amount paid to the IT firm was not a material portion of its revenue, the SEC faults the firm for failing to disclose this conflict of interest in the PPMs, ADV, or to the LP Advisory Committee.

OUR TAKE: The SEC will bring an enforcement action even without any underlying client harm or benefit to the accused. Here, the mere failure to disclose a personal investment results in a public enforcement action.

https://www.sec.gov/litigation/admin/2017/ia-4604.pdf

 

Posted in Uncategorized | Tagged , , | Leave a comment