february 2017 - Alaric Compliance [PDF]

FEBRUARY 2017 NSCP Currents

Inside This Issue

FOR

NSCP Interview with Rob Tull............................................3

A Message from NSCP’s Executive Director

Examination Priorities for 2017 from FINRA and OCIE................7 Tech Tools to Ease Compliance Testing................... 11 Lessons from the SEC’s Whistleblower Anti-Retaliation Cases............................................... 13 The SEC’S 2017 Priorities: What They Are and What Compliance Professionals Need to Know.......................................... 17 Not Throwing Away Your Shot: Relying on Compliance Consultants to Defend Regulatory Actions..................... 24 New Members............................ 27

COMPLIANCE

BY

COMPLIANCE

The New Year has brought a new political administration and with it, uncertainty of what lies ahead for the financial services industry.  What is certain is that fear and stagnation are not options. NSCP is following industry developments closely so that we can respond in the best interest of our members, whether that be by continued conversations with regulators, timely and relevant spring conference offerings, addressing current hot topics in our monthly publication NSCP Currents or webinars to enhance your understanding of proposed and adopted rules.  I would like to take this opportunity to thank those of you who contributed articles over the past year to NSCP Currents. We realize that penning an article takes time and effort and for that we are grateful.  Our Publications Committee had a very difficult time deciding which articles to include in our January edition, Best of Currents, as all of last year’s authors did a wonderful job of providing informative and practical information to our membership. As a reminder, archived editions of NSCP Currents, can be found under Member Resources on our website.  On February 22nd, NSCP staff, as well as representative members of the organization, will be meeting with staff of the SEC’s Office of Compliance, Inspections and Examinations (“OCIE”) and Christopher Hetner, Senior Advisor to the Chair for Cybersecurity Policy, to discuss the topic of cybersecurity. The SEC has outlined several topics that they wish to discuss including but not limited to, feedback on members’ experiences regarding examinations related to cybersecurity; whether there are cybersecurity-related issues that would be useful for the SEC to address in their examinations; issues which our members are having trouble getting buy-in from their organizations where the SEC could be of assistance; issues our members note with respect to cybersecurity governance that the SEC should be attentive to; challenges that compliance personnel face with the level of technical expertise required in understanding cybersecurity issues and how the SEC can be most helpful in improving the level of cybersecurity preparedness among its regulated entities.  Join us on our March regulatory committee calls for a summary of our discussion with the SEC.  Looking ahead, NSCP will be meeting with Robert Cook, President and CEO of FINRA along with FINRA executive management in April to discuss member concerns regarding FINRA’s 2017 examination priorities, enforcement trends, proposed and adopted regulations and member examination experiences.  I invite you to take a moment to share your examination experiences, suggestions, regulatory concerns, or compliments via NSCP’s “Share Your Examination Experiences” link under the Resource tab of NSCP’s website.  Your contributions, provided anonymously, or not, are an important part of making the voice of NSCP members heard.  NSCP Spring Conferences are right around the corner.  Early bird registration deadlines will be ending sooner than you think.  Please take a moment to review our spring conference agendas including speakers.  The spring conferences offer not only the opportunity to hear from industry experts on current “hot topics” but also a chance to network with your peers.  For those of you working in private funds/private equity, you will not want to miss NSCP’s SEC/NFA Regulatory Roundtable in Chicago on May 22nd.  The roundtable provides an informal setting for attendees to discuss with representatives of the SEC and NFA their thoughts, concerns and questions regarding examination priorities and experiences, proposed and adopted regulations and resources available to SEC and NFA registrants.  Please check NSCP’s website regularly for information on upcoming educational offerings and updated member resources. As always, if you have any questions NSCP staff is available to assist you.  Sincerely, Lisa

© 2017 N AT I O N A L SO C I ET Y O F CO M P LI A NC E P R O F ESSI O NA LS, I NC .

FEBRUARY 2017

1

NSCP MISSION: By providing our members an unequaled network of peers, professional education, regulatory interaction and professional standards, NSCP facilitates the interchange of compliance information NSCP Currents for and provides professional resources to U.S. and Canadian financial services compliance practitioners. NSCP VISION: To be the leading conduit of professional resources to U.S. and Canadian financial services compliance practitioners, led by compliance professionals for compliance professionals.

Certified Securities Compliance Program (CSCP): Better Your Knowledge of Broker-Dealer, Investment Adviser or Dual Registrant Compliance – Receive a CSCP Certificate and Obtain Graduate Credits The CSCP program through Utica College is an on-line, instructorled, graduate-level curriculum, completed in 12 months (six - 8 week courses) resulting in a graduate certificate in securities compliance. The following make up the six courses for the program: • • • • • •

Legal & Regulatory Issues for Fraud Management Seminar in Assurance and Forensic Auditing Corporate Ethics Fraud Management: Risk & Compliance Information & Communication Security Advanced Issues in Regulatory Surveillance and Policy Development

What can you expect from the CSCP Program? Each course consist of writing assignments, participating in on-line forums with the instructor and fellow students, quizzes and tests. On average, you should expect to minimally dedicate 12-15 hours per week, per course. Once you have successfully completed all six courses, you will be ready to take one of the CSCP exams which are now offered as a broker-dealer exam, investment adviser exam or dual registrant exam. The main textbook utilized for this program is the “Modern Compliance: Best Practices for Securities & Compliance”; compiled and edited by David H. Lui and John H. Walsh. This textbook is offered complimentary by NSCP upon registration for the program. What if you’re not interested in the entire certificate program but just one of the courses being offered? This option is available but you will still have to meet the academic requirements and follow the same application process as those applying for the full program, since you would receive academic credit for the one course.

How do you get the process started? You can begin by completing an application form to make sure you meet all the necessary requirements. Don’t worry. Applying to the program does not obligate you in any way. Completing an application merely starts the process to see if you qualify for the program. It’s up to you if you want to continue with the process. Qualifications to Meet for the CSCP Program: • • • • •

Membership with NSCP (Utica Students Only = $150/2 years) Bachelor’s degree An overall GPA of 2.7 or above A letter of recommendation from your current employer Official transcripts from schools you have attended, including a final transcript from your undergraduate school showing that you received a bachelor’s degree.

Are you thinking that you won’t be able to afford a graduate level program like this? The cost of the CSCP program is $5,940 or $330 per credit. Some additional fees may apply. If you check other similar online certificate programs you will notice that this is a significantly discounted rate. Utica offers a variety of payment options such as payment plans, financial aid, etc… You can reach out to Utica College to find the best payment option. You can also check with your firm to see if they offer any type of tuition reimbursement program. Are you considering advancing your compliance education even further? The credits earned (18 total) through this program will apply towards an: • • •

MS Cybersecurity and Cyber Policy MS Financial Crime and Compliance Management MBA in Fraud Management

Click here for further information or contact NSCP’s Certification Coordinator, Kim McNutt, at [email protected].

What’s New! UPCOMING WEBINARS!

Tuesday, February 28, 2017 :: 3:00 pm EST

Understanding Your NSCP Member Benefits Join us on this 30-40 minute demonstration for information on how to fully utilize your NSCP membership and become more involved with NSCP as a whole.

Wednesday, March 8, 2017 :: 2pm - 3:00 pm EST Leave it to the States: Compliance and Registration Priorities for BDs/IAs

Recent webinar recordings are available under Member Resources. To access, log into your NSCP account. Currents is a member benefit of NSCP membership. NSCP members should not copy, disseminate or distribute Currents or any articleFEBRUARY thereof, to2017 non-members. Reprint permission is available upon request by contacting [email protected].

2

NSCP Currents

NSCP Interview with Rob Tull By Lisa Crossley and Rob Tull NSCP Executive Director, Lisa Crossley, recently interviewed Robert Tull, current Chairman of the Board, to gain some insight on his experiences and thoughts about the compliance profession and how NSCP membership will benefit from his tenure as Chair. Rob, you’ve got an impressive list of professional designations: CFE, CPA, CSCP, FRM. Life-long learner or a hazardous bi-product of the profession? I think it’s a bit of both. I’m naturally a curious person and a goal-addict, so immersing myself in technical disciplines in the pursuit of something like a certification reflects my hardwiring. While this can cause all kinds of collateral issues in a personal life, it was beneficial for my profession. Early in my career as a compliance examiner, my skillset was a vague blend of finance, accounting, and legal concepts. As an examiner, I would interface with professionals at advisory firms that spanned an array of skills, and the majority of professionals had a core skill that was highly specialized. I believed that in order to be equally specialized at my profession, I needed to be adept in several core disciplines. My first pursuit was my CPA mainly for the auditing concepts and standards. An examiner is actually a form of an auditor, so pursuing it was a no-brainer. It was truly valuable for refining my audit planning approach, work-paper documentation, and risk assessment skills. I believe audit skills are essential for a compliance professional, and might be the single most important technical skill. As a compliance officer, I operate most like an auditor in terms of my mindset, my risk awareness, and thinking in terms of testing and documentation. The next natural step was the Certified Fraud Examiner designation. This was pre-Bernie Madoff and at that time the CFE was not that common and was a viewed as a fringe skill. But as an examiner, the reality was that I needed to be competent at identifying fraud. This might have been the most enjoyable discipline to study because it had fascinating components of human psychology and examples of dark, creative genius. Plus, the case studies read like they were culled from Ripley’s Believe It or Not. I took a lot of skills from this discipline, the most important of which are identifying the risks and earmarks of potential fraud and fraud-related behaviors, and advanced interviewing techniques. These skills had an immediate impact on my work as an examiner and they are part of my toolkit as a compliance professional. I pursued the Certified Securities Compliance Professional designation within the first few years of its existence. I was wowed by the scope of the content, and it was outlined by the thought-leaders that I counted as mentors in the compliance

About the Authors Lisa Crossley is the Executive Director at NSCP, nscp.org. She can be reached at [email protected]. Rob Tull is a Chief Compliance Officer & Operational Risk Manager at CBRE Clarion, www.cbreclarion.com. He can be reached at [email protected].

profession. I did not dive into the CSCP hoping to develop new skills like I did with the CPA and CFE. Instead, the CSCP was really my way of proving to myself that I belonged in the profession. Even though I already had ten years of specialized compliance experience, I felt that I needed to demonstrate in an objective way that I had the skills and acumen to be a compliance professional. I loved studying for it and it was truly gratifying to get the designation. Most recently, I pursued the Financial Risk Manager designation as I continued to embrace risk management roles and concepts as a compliance professional. At the time, the industry continued to charge down the path of blending compliance and risk management, and as the dust from the Global Financial Crisis settled, I heard the questions of “where was compliance” in respect to investment risk management blunders. I believe that risk management is the foundation of compliance, so conceptually the FRM felt as natural as the CPA or CFE. Admittedly, my assumption that I was prepared for the FRM discipline was a miscalculation. The discipline is highly quantitative and looks at risk through a different lens than the disciplines that are operationally-centric, like compliance. The curriculum was extremely intense but exposed me to several approaches for quantitative risk assessment and management that I currently employ. I have a toolkit and library of resources from each discipline. Some skills or improvements I have been able to implement in tangible ways and others guide my perceptions and analysis. Honestly, the hardest part from chasing all these designations is trying to stay on top of the continuing education requirements. It’s a cottage industry and my CE tracking spreadsheet looks like a logic puzzle. Compliance is a specialized and application-based discipline and I enjoy technical, numbers-based skills. Historically, I had no desire to pursue a legal degree for the purpose of compliance, plus I had no interest in practicing law. But the compliance professional evolved enormously since I began in it and the academic world is catching up; law schools are offering specialized programs targeted to the compliance industry. So, I finally found a program that matched my criteria and I’m currently in law school, specializing in compliance. Do I need it? Probably not. Do I enjoy it? Absolutely! You’re currently serving as the Chief Compliance Officer and Chief Risk Officer for CBRE Clarion Securities LLC (“Clarion”). Do you see these as two distinct roles or symbiotic? Compliance and risk management are symbiotic disciplines and complement each other well. The compliance program regime for the investment management industry is an outgrowth of the banking industry and it was influenced by many of those concepts; think COSO and BASEL. I routinely link current matters back to those origins to find clues on how to solve new problems. One aspect of those elements that I found extremely insightful was operational risk management. Operational risk management and compliance are like two similar but distinct philosophies that stem from one set of teachings and ethics. There is considerable overlap in how the disciplines identify risks, prioritize and design controls, monitor operating FEBRUARY 2017

3

NSCP Currents effectiveness, and refine controls in an iterative lifecycle. They are like paternal twins; they have the same genes but slightly different presentation. I’ve seen operational risk management described as a parallel discipline to compliance, and I’ve seen compliance as a subset within operational risk management. What I observed in my own experiences was that I applied an operational risk management framework to my compliance program and as the need for a formalized risk management program grew, it made sense to blend the two disciplines together. While it sounds like a forced amalgamation, it’s simply the same approach of when non-compliance related risks (like cybersecurity, business continuity, and transition management) get appended to compliance programs. In this respect, there isn’t much of a practical distinction between a Chief Compliance Officer and Chief Risk Officer, particularly at a small to medium organization. For a firm that is solely in investment management (non-banking), the scope of the disciplines is compatible. Clarion currently manages over $20B in assets and has offices in five countries. That sounds a bit daunting, given all the regulatory and geopolitical uncertainty. What does your typical day look like? First, I have a fantastic team of Compliance Analysts, and I get clutch support from my General Counsel. They execute on strategic and tactical objectives that keeps the compliance program humming on a daily basis and keeping pace with both the firm and the industry. Secondly, I have a management team that supports me, both in terms of empowerment, sponsorship, and resources. I’m free to pursue matters based on my prioritization and I’m encouraged to make my perspective known. These are two huge advantages for a compliance professional. So, my day-to-day activities fall into three categories: (1) transactional based tasks, (2) project and program focused tasks, and (3) ad hoc. Transactional based items are where I have a role to play in either contributing to a workflow or monitoring a workflow. Examples include reviewing marketing materials, reviewing compliance or risk guidelines or exceptions, or preparing client compliance reports. Project and program focused tasks run the gamut and fluctuate in altitude, from the highest strategic level to granular nit-picking. At any time I could go from reviewing and updating policies, to planning the annual review or working with the auditors on the SOC1 engagement, then to business continuity action items and then on to reviewing FX best execution. Somewhere in the mix is researching proposed regulations or recent enforcement matters, usually spurred on by an alarming article. I view these two categories as the core “job” of the compliance professional, but it is the ad hoc category that is the spirit of the compliance professional. This literally can be anything. Usually it begins by being ambushed by an e-mail, or phone call, or worse – the random risk or question that pops in my head either at that moment or in the middle of the night. Anyone of these can trigger a research expedition, a firefighting protocol, or a brief counseling session. These ad hoc events is where I find that my skills as a compliance professional are most diverse. Regardless of the situation, I need to listen closely yet compassionately, respond without reacting, and begin decision-making and prioritizing with developing and incomplete information. While the majority of my day is focused on achieving tasks in the first two categories, it is with the acceptance that those plans may be altered by ad hoc situations. I embrace the ad hoc with the same way that I relish the predictability of transactional items and the creativity of projects and program items. As a compliance professional, I find that having a good sense of humor is key to surviving; even if my humor is a bit on the cynical side. I have a siren light at my desk that is powered by a remote control and at

4

FEBRUARY 2017

times, I will turn it on to acknowledge a real issue or to amplify the effect of a new issue. And, at other times, I will turn it on without explanation simply to keep people on their toes. Wow - I guess Working 9-to-5 wouldn’t be your mantra. What song would best describe your work ethic? Oh I could have a lot of fun with this response. If I were to rattle off song titles that I think relate to the compliance profession in some way, I would amuse myself with titles like: “Suspicious Minds,” “All By Myself,” “Blurred Lines,” “Much Too Young (to Feel This Old),” and “Creep.” I listen to music throughout the day and I have an eclectic taste. Oldies, 70’s lite rock, EDM, country, metal, Motown, dance, classic rock, singer-songwriter folk, new wave, hard rock, rap, emo, and even Disney. You name it. As you can imagine, the soundtrack for my job is something to behold. One year I listened to nothing but trance music non-stop while writing my annual review report and the underlying testing reports. It was a completely surreal experience. Anytime I hear trance music, I’m taken back to allocation testing and portfolio attribution testing. Over my career, some of my major personal decisions were infused with music: I was immersed in Metallica’s St. Anger when I decided to leave the SEC and I was revisiting John Hiatt’s Crossing Muddy Waters when I decided to transition from consulting to an in-house position. My work ethic itself is probably best described as driving, yet thoughtful. Individually, I’m always pushing myself through the next grueling challenge but remaining mindful of the end goal; it’s best described as a blackbelt mindset. I try to listen to music when I run and train martial arts, and a gritty suitable song for that is Cake’s “The Distance.” It has a nasty hook in the main riff, so it stays with you. The melody builds with a restless drive that just continues to compound, and the lyrics and vocal tone complement it perfectly. Put your head down and go, and don’t stop. “Fuel burning fast on an empty tank” can sum up most days! Clearly, marching to that tune has professionally paid off for you. Let’s shift for a moment and talk about some of your experiences as an SEC examiner in the Philadelphia district office. We always hear about the horror stories; can you share some positive ones? I grew up in the SEC pre-compliance rule, pre-Madoff, and preunion. It was divine intervention to become an examiner and it happened at an amazing time, particularly in the Philadelphia office. We had a core group of wise, veteran examiners and Branch Chiefs complemented by extremely smart and talented junior examiners. The professionals I worked alongside there at that time are still some of the industry thought-leaders and mentors I look up to. The environment was exciting and almost collegiate. I had excellent managers and they encouraged me to be inquisitive, to develop my skills, and to be an intellectually honest examiner. Aside from having outstanding teammates, the most amazing part of the experience was meeting all of the entrepreneurs. As an examiner, I got firsthand exposure to entrepreneurs coming from all manner of backgrounds, from a privileged secondgeneration money manager to a money manager that was born to a teenage mother. Some of them were genuinely amazing people; people I wish I could go out for coffee with and learn from them. I saw truly creative approaches to investment decisions and unique business models. Plus, I was able to analyze all aspects of a firm’s operations and have engaging conversations with business line personnel. That point-blank perspective from technical professionals was awesome.

NSCP Currents A big reason why I ultimately left the SEC to do consulting was my desire to have productive dialogues about operations and compliance. To share thoughts and perspectives in a collaborative or advisory way, which wasn’t possible as an examiner. Also, at the time I began my career, the industry had just gone through the split between federal and state advisers and we visited every adviser on a five-year cycle, so the population of advisers was diverse. I did examinations on a farm, in a basement next to a whistling boiler threatening to burst, in a board room sitting in a chair with the name of a secretary of the state on the back of it, and at a dining room table where the adviser’s wife offered to make me lunch. At the end of the day, compliance is a study of people as much as it is regulation and operations, and my time at the SEC was truly a blessing.

benefits available in the most effective and helpful way for members. Part of this process will be to also review and revise NSCP’s offerings, which includes content, resources, and even our geographic coverage.

In terms of stories, two bizarre situations stick out the most. I had a sole proprietor adviser unexpectedly pass away after the field portion of an exam but before we sent the deficiency letter. No one informed us of his passing and no filings were made to alert us. The firm dissolved, and accounts transferred away. We didn’t know any of this so when we sent the letter, it just went out into space, never to return. Once we found out what happened after getting zero response or contact for months, we didn’t know how to close the exam. As an examiner, it was one of those moments where it felt like a syntax error: closing an exam without a response just did not compute, but it’s what had to happen. In another equally puzzling experience, I had an utterly frustrated attorney throw work papers at me across a table after we had already explained that the document was insufficient to evidence the control we were testing. I had never seen that tactic before and I wasn’t sure if it was meant to intimidate or distract me. At first I was confused, but was ultimately more amused at the behavior than offended. Like I said, compliance is a study of people.

Our effectiveness in pursuing these goals, however, is largely dependent on the extent to which members want to be engaged, supporting the services and taking advantage of the opportunities. Engagement is the theme of my story and the story of every Board member, Committee leader, and Committee member. We were just a member that simply initiated our engagement by raising a hand to offer help or attending a meeting. We all contributed to something – a Committee meeting, a conference, Currents. Something. And invariably, each of us kept increasing our engagement because of the personal, professional, or altruistic fulfillment. It’s awesome, and I realize that I’m biased, but it doesn’t change the fact that it’s awesome.

First a regulator, then a consultant, now a CCO. I suppose that makes you a pretty relatable guy in this industry. How will that background play into your vision for NSCP in 2017? I think it’s my passion for the compliance profession more than my experience shapes how I see NSCP and its mission. The Board serves in an advisory role for you and the staff. More importantly though, each Board member serves as a member or coordinator for our Committees, and the Committees are the real horsepower of the organization. As a chairperson, my role is really to be a cheerleader and coach for you and the Staff, and the Board. In that capacity, my primary focus is to always bring our efforts and thoughts back to center: how are we serving members and are we sticking to our strategic plan. NSCP has a strategic plan that it uses to guide its efforts to continually improve the offering for members and the quality of the industry for compliance professionals. Part of our plan is looking at ways to increase our advocacy efforts with regulators, influencing the industry by acting as a voice for compliance professionals as a unique and specialized profession, not simply as a sector or business model. We believe this provides a much larger point of contact and illuminates the surprising breadth of our profession for lawmakers and implementers. Another goal is to consider the role NSCP can play in establishing fundamental standards for the compliance profession. We are not a practicing profession that is licensed or operates under an agreed upon code, which is often the hallmark of recognized skill-based profession. Would the profession benefit from having fundamental standards and would those standards affect the quality of jobs and opportunities for compliance professionals? We don’t know for certain and therefore we need to explore these questions. A more concise goal is for NSCP to continually improve its outreach to members, making the resources and

Each of these goals and our ongoing efforts contribute to our vision for NSCP and its mission. We are a member-focused organization. Our ambitions need to continually meet their needs and be out in front of the interests of our profession. Are we offering the right resources for our members? Are we delivering on our mission? Are we advancing the interests of our members in ways they cannot individually? These are the questions that resonate for me in my role. The interests of the profession and our members is paramount; it eclipses everything.

Those are some bold objectives, but boldness is almost a required trait for a 21st century compliance officer. In your opinion, where are we headed? We hear all about big data, enterprise risk management, workplace generational differences and the list goes on and on. What does that mean for those of us already in the field?

Help Representatives Stay Within the DOLines FIDUCIARY EDUCATION FOR SALES & SERVICE PROFESSIONALS

REVIEW IT NOW

[email protected] FEBRUARY 2017

5

NSCP Currents We must continually evolve, as skilled professionals, and as assets to our respective businesses. As individuals, I believe compliance professionals need to always be willing to expand the scope of their skills. We need to reflect both the changes in the regulatory environment and the changes in how our industry operates. Compliance professionals need to digest, process, and adapt their skills for regulatory changes as they come, for example, like we did with the fiduciary duty rule and cybersecurity. Additionally, we need to grasp the skills required to operate in a shifting industry, like the developments we’ve seen in the new types of products and the use of big data. For myself, I am always revisiting my skills and looking for areas where I need to improve my aptitude and awareness in response to regulatory and industry developments. With respect to the individual businesses that we advise, compliance professionals need to ensure that our skills are keeping pace with the direction of our businesses. We need to ask ourselves honestly, are we equipped to help our business optimize its regulatory and operational risk profile going forward? And, what skills do I need to do that? In order to be best positioned for this self-assessment and self-improvement, the compliance professional needs to be an integrated part of the business. Understand the issues facing the business – where the business is going, how the business is getting there, what threats are facing the business, and how the business will address those threats. An awareness of those things and what that means for the compliance program, puts the compliance professional in the position to be proactive on risk identification and skill development. I think of the compliance program of a business as an asset that derives value by mitigating potential liabilities and lowering costs by improving operational efficiencies. Just as an asset that depreciates or expires, I need to continually replenish my value to my organization. If my skills lag the business’ needs and I become an asset with no value or just simply a liability, then I should expect similar treatment of being written-off or disposed. It’s grim, but it’s a reality. Keeping my skills aligned with the regulatory and industry developments, and the developments of my business, is the way I renew my value and put myself in the best position to best advise my business. That’s sound advice, Rob. One final question: the Rolling Stones or the Beatles? The Rolling Stones. While I adore singer songwriters, I prefer a bit of an edge or seediness to the melody and content of my music. If the Beatles represent a shock to the establishment at the time and the Stones were an outright offense to that establishment, then I would say I identify more with the Stones. Rob, I appreciate you taking the time and opening up to the NSCP membership. Thank you! I’m passionate about the compliance profession, and I am not alone. This organization is filled with people deeply passionate and committed to the profession. Some of the smartest, most diversely skilled, and all-around genuinely amazing people I have ever met are involved with NSCP across all levels of membership. I get goosebumps when I think about it. Their passion is energizing and infectious; the community of our profession and this organization inspires me like nothing else. H

6

FEBRUARY 2017

UPCOMING NSCP EVENTS

SPRING COMPLIANCE CONFERENCES April 24, 2017 | Newport Beach, CA Pacific Life May 9, 2017 | New York, NY AMA Conference Center May 23, 2017 | Chicago, IL Federal Reserve Bank of Chicago NSCP REGULATORY ROUNDTABLE WITH THE SEC AND NFA May 22, 2017 | Chicago, IL Federal Reserve Bank of Chicago 2017 NSCP CANADIAN CONFERENCE June 12, 2017 | Toronto, ON St. Andrews Club & Conference Centre Other industry events to be announced soon: SEC IA/PF Outreach Roundtables IA Boot Camp MSRB Boot Camp

NSCP Currents

Examination Priorities for 2017 from FINRA and OCIE By Jay Baris, Lloyd Harmetz, and Anna Pinedo Introduction

I

n these uncertain times, the predictability and regularity of the annual priorities letters from FINRA and the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) is well-received. As we discuss below, there were few surprises in the annual priorities letters, with the FINRA and the OCIE letters both discussing mainly topics that have been on the regulators’ agenda for quite some time. In characterizing the topics covered in the FINRA letter, FINRA President Robert Cook noted that the “focus on core ‘blocking and tackling’ issues of compliance, supervision and risk management.” In the cover note accompanying the FINRA letter and in a subsequent speech, Mr. Cook struck a new tone, emphasizing FINRA’s renewed emphasis on transparency and engagement. To that end, he committed to sharing with member firms a summary report regarding common exam findings, so that firms can learn from what FINRA is seeing at other firms. OCIE has, from time to time, released summaries of findings from examinations focused on specific areas of review, which have provided helpful guidance to broker-dealers. For brokerdealers and advisers, both the annual priorities letters add additional details from examinations that provide useful insights that can shape their internal compliance initiatives, as well as inform their reviews of policies and procedures. FINRA Annual Regulatory and Examination Priorities Letter Consistent with its prior practice, FINRA addresses a broad array of topics in its priorities letter. However, it is important to note that the tone of this year’s letter is somewhat different from the tone in prior years. In this letter, FINRA shares insights from its examinations. FINRA also notes that it has enhanced its riskbased surveillance and examination programs in order to apply a consistent approach nationally and focus on material conduct issues based on its assessments, which has, in FINRA’s view, resulted in better-tailored examinations. These examinations will be supplemented by new electronic, off-site reviews that will focus on specific areas of concern. Initially, the off-site reviews will be introduced with a small number of firms that were not scheduled for a cycle exam in 2017. Below, we discuss a number of areas that may be of particular interest to a number

of market participants, including some specific items that FINRA raises in its letter. High-Risk and Recidivist Brokers Consistent with its recent inquiries regarding firm culture and hiring practices, FINRA will focus on the hiring and monitoring of “high-risk and recidivist brokers.” FINRA will establish a dedicated exam unit to identify brokers that may pose high risks; this unit will review the interactions of the high-risk brokers with customers, including their compliance with know-your-customer and suitability obligations, their outside business activities, their private securities transactions, and commissions and fees. FINRA also will explore the implementation by member firms of supervisory and compliance controls for recidivist individuals. The letter indicates that FINRA will, among other things, review whether a firm or a third-party agent reviews available public records to verify the accuracy of the relevant individuals’ form filings. FINRA will also scrutinize applications by firms to associate with statutorily disqualified persons. Finally, FINRA will evaluate firms’ branch office inspection programs and the supervisory systems for branch and non-branch locations. In the context of these reviews, FINRA notes that it will focus on supervision of account activity, advertising and communications with customers, including social media, the use of websites, outside business activities, the use of consolidated account statements, and operational activities. Sales Practices Senior Investors. FINRA continues to take a strong interest in protecting senior investors. FINRA’s concern arises from its observations that brokers have continued to recommend unsuitable products to senior investors, including complex or novel exchange-traded products, structured products, leveraged and inverse exchange-traded funds, non-traded REITs, and nontraded BDCs. FINRA also notes that it will focus on instances of microcap fraud and boiler room schemes, because it has observed an increase in such activities in recent years and senior investors often fall prey to these schemes. In fact, various FINRA enforcement actions have begun with a review of sales of products that are unsuitable for senior investors.

About the Authors Jay Baris is a Partner at Morrison & Foerster LLP, www.mofo.com. He can be reached at [email protected]. Lloyd Harmetz is a Partner at Morrison & Foerster LLP. He can be reached at [email protected]. Anna Pinedo is a Partner at Morrison & Foerster LLP. She can be reached at [email protected]. FEBRUARY 2017

7

NSCP Currents As a result, in its examinations, FINRA will assess the supervisory controls that are in place in order to prevent problematic sales practices. FINRA reminded firms of a variety of tools that can be used to help protect elderly clients from exploitation under questionable circumstances, including contacting the investor about orders placed through an online brokerage account, or about instructions to transfer funds to persons who may be linked to an issuer. Product Suitability and Concentration. FINRA remains concerned that brokers are recommending unsuitable complex products to customers. Accordingly, examinations will assess how firms discharge their reasonable basis and customer-specific suitability obligations. The letter notes: …we will assess how firms conduct reasonable-basis and customer-specific suitability reviews.  This may include examining firms’ product vetting processes, supervisory systems and controls to review recommendations.  Firms should be attentive to the adequacy of their supervision and training when new products come to market, new features of existing products are introduced or market conditions change in ways that could affect product performance.  Firms that hire registered representatives who sell products with which the firm is not familiar should educate themselves on the products and then carefully evaluate their ability to supervise recommendations.  Training should ensure that registered representatives, compliance and supervisory staff understand the objectives, risks and pricing factors of the products sold, including any changes in the features of those products. FINRA will also focus on the controls that brokers use to monitor recommendations that could result in excess concentration in client accounts. Excessive and Short-Term Trading of Long-Term Products FINRA will evaluate firms’ ability to monitor the short-term trading of long-term products. FINRA’s concern is that registered representatives may recommend that clients trade long-term products, including mutual funds, closed-end funds, and UITs, on a short-term basis, resulting in increased costs to clients or other adverse results. This review follows on the heels of FINRA’s September 2016 targeted exam relating to UIT rollovers. FINRA believes that some registered representatives use early UIT rollovers to increase their sales credits to the detriment of clients. In addition, FINRA urges firms to evaluate whether their supervisory systems can detect activity intended to evade automated surveillance for excessive switching activity. For example, FINRA believes that some registered representatives

may be switching customers across products to evade surveillance that focuses on switching within the same product class. Outside Business Activities and Private Securities Transactions FINRA will evaluate procedures used to vet whether a registered representative may engage in an outside business activity. FINRA also will focus on the procedures employed to track investments in private securities transactions. Social Media FINRA will review firms’ compliance with their supervisory and record-retention obligations with respect to social media and other electronic communications. Financial and Operating Risks Financial Stability. The FINRA letter addresses a number of issues related to member firm financial stability and continuity planning. For example, FINRA notes that it will review the funding and liquidity plans of member firms in order to ensure that firms are able to withstand periods of financial stress, and to determine whether firms have adequate contingency funding plans. The letter references Regulatory Notice 15-33, which was directed at senior managers and risk officers of firms that hold inventory positions or that clear and carry customer transactions. In the Regulatory Notice, FINRA reported on the practices it found effective from a liquidity management perspective based on a review of practices at 43 firms from 2014 to 2015 related to managing liquidity needs under a stressed environment. FINRA also notes that it will ask a select group of firms how they would react to specific stress scenarios in order to understand better their financial risk management approach. FINRA also will review compliance with certain margin requirements for covered agency transactions. Cybersecurity. The priorities letter highlights as a key operational risk cybersecurity threats, and notes that it has observed in its examinations repeated cybersecurity control shortcomings. As a result, FINRA will review, among other things, methods for preventing data loss, controls used to monitor and protect data, firm management of vendor relationships, and the controls used to protect sensitive information from insider threats. Supervisory Controls Testing. FINRA will assess the effectiveness and regularity of the testing of internal supervisory controls. The FINRA letter notes that during examinations, FINRA has observed breakdowns of systemic controls as a result of significant changes in a firm’s business and operations, as well as in connection with the implementation of new compliance systems. Customer Protection and Segregation of Client Assets. As evidenced by recent enforcement actions, regulators are focused on compliance with firm obligations to protect customer assets, including policies and processes used to identify which securities are held in custody, compliance with reserve and segregation requirements, and related matters. Regulation SHO. FINRA indicates that it will continue to assess firms’ compliance with SEC Regulation SHO.  The letter notes: In light of recent SEC enforcement actions, FINRA will focus on the locate process to ensure firms have reasonable grounds to believe securities are available for borrowing

8

FEBRUARY 2017

NSCP Currents prior to accepting a short sale.  FINRA will assess firms’ preparation and use of the easy-to-borrow list as well as evaluate the adequacy of firms’ automated locate models.  FINRA has observed fails-to-deliver on settlement date, when locates are granted without the requisite reasonable grounds to believe that the security could be borrowed. Firms should continue to monitor their close-out processes and ensure that they appropriately close out fails-to-deliver by the designated close-out date pursuant to Rule 204 of Regulation SHO. Anti-Money Laundering and Suspicious Activity Monitoring. Both FINRA and the SEC remain actively focused on anti-money laundering programs. The FINRA letter cites shortcomings observed during examinations, including gaps in automated trading and money movement surveillance systems caused by data integrity problems, poorly set parameters, or surveillance patterns that fail to capture suspicious microcap activity. We discuss below the OCIE letter addressing suspicious activity reporting, which raises concerns consistent with those raised by FINRA. Municipal Advisor Registration. FINRA will focus on whether certain entities have failed to register correctly with both the SEC and the Municipal Securities Rulemaking Board, whether the firm information is properly updated, whether all of the individuals involved in municipal advisor activity are properly identified, and whether firms are providing services under permitted exemptions and exclusions from the registration requirements. Market Integrity Manipulation. The letter discusses the importance of deterring manipulation. In that regard, FINRA notes that it has amended its Order Audit Trail System (OATS) rules to require alternative trading systems to submit broader order book information to OATS and to require FINRA member firms to capture in their OATS reports the identity of non-FINRA member firms participating on the OTC market. In its examinations, FINRA will assess compliance with these reporting requirements. FINRA also monitors other activities that may indicate manipulative behavior, such as aggressive and dominant trading on one side of the market to benefit a position on the other side of the market, monitoring of layering and spoofing activity, and other potentially manipulative trading practices. Best Execution. The FINRA letter reminds member firms of their best execution obligation for equities, options, and fixed income transactions. Market Access Rule. The FINRA letter notes that member firms need to do a better job evidencing their compliance with the Market Access Rule, and suggests various improvements that can be undertaken, such as better documenting market access controls, providing the rationale for decisions regarding setting controls, identifying the individuals responsible for monitoring controls, monitoring the effectiveness of the controls employed, etc. The OCIE Priorities Letter OCIE’s National Examination Program announced that its examination priorities in 2017 will focus on three general areas: retail investors, risks specific to elderly investors and retirement investing, and assessing market-wide risks.

Protecting Retail Investors Consistent with the Commission’s heightened concerns in recent years regarding the sale of complex products to retail investors, the sale of alternative investment products to retail investors, and advice provided to retirement accounts, OCIE identified several examination initiatives that are all designed to address potential dangers faced by retail investors, including the following: Robo-advisers. For the first time, OCIE will focus on investment advisers and broker-dealers that provide automated online investment advice, including so-called “robo-advisers.” OCIE will likely examine compliance programs, marketing practices, the formulation of investment recommendations, data protection, and conflicts of interest disclosures. OCIE also intends to review compliance practices for overseeing the advisers’ algorithms that generate investment recommendations. As robo-advisers grow in popularity, so will the regulatory focus. Wrap Fee Programs. OCIE will expand its focus on wrap fee programs, which charge investors a bundled fee for advisory and brokerage services. Examinations will focus on investor suitability, disclosures, and conflicts of interest. Some wrap fee programs in the past have been scrutinized for “reverse churning,” a practice that minimizes trades in a client’s account in an effort to reduce out-of-pocket expenses to an adviser charging a fixed fee. This focus is consistent with OCIE’s interest in identifying and preventing potential conflicts of interest that concerns about potential conflicts of interest of advisers and broker-dealers that when providing advice to clients. Exchange-Traded Funds. With record inflows into U.S. listed ETFs in 2016, it is no surprise that OCIE has identified as a priority a review of the sales practices and disclosures involving ETFs, as well as a review of the manner in which ETFs comply with SEC exemptive orders. The OCIE release also notes that examinations will consider the suitability of recommendations to purchase ETFs with niche strategies. This is consistent with the questions raised by SEC representatives as to whether retail investors understand more complex or alternative trading strategies. Never-Before-Examined Investment Advisers. OCIE will expand its focus on newly formed advisers and those that have never been examined. In 2014, OCIE sent a letter to registered investment advisers that it has never examined, with priority to advisers that have been registered for more than three years. The letter put these advisers on notice that they can expect an OCIE visit soon, and explained that the examinations will focus on compliance programs, filings and disclosure, marketing efforts, portfolio management and custody of assets, among other things. Recidivism. OCIE will step up its attempts to identify individuals with a track record of misconduct at investment advisers and broker-dealers, as well as the diligence efforts undertaken by the advisers and broker-dealers that employ them. Recidivism also was a focus during last year’s exam cycle. Multi-Branch Advisers. OCIE will continue to focus on advisers that provide advisory services from multiple locations. In 2016, OCIE published compliance guidelines for multi-branch advisers, which provide some insight regarding OCIE’s areas of concern. As a result of an increase in the number of advisers that maintain branch offices and have geographically dispersed locations, OCIE believes that there may be compliance risks. OCIE seeks to understand the adequacy of compliance and supervision policies and procedures, especially under circumstances in which those responsible for testing and enforcing the policies may be in a different physical location. FEBRUARY 2017

9

NSCP Currents Senior Investors and Retirement Investments As discussed above, for some time now, NASAA, FINRA, and the SEC’s Division of Enforcement have focused on cases involving sales of securities to at-risk investors, including senior citizens. In 2015, OCIE announced its multi-year Retirement-Targeted Industry Reviews and Examinations (ReTIRE) Initiative. The initiative focuses on the types of services offered by investment advisers and broker-dealers to investors with retirement accounts. In this year’s letter, OCIE notes that the examination will consider recommendations relating to variable insurance products and target date funds in retirement accounts. OCIE also will look at how pension plans of government entities manage conflicts of interest in managing retirement assets and focus on “interactions” with senior investors with a view to identifying “financial exploitation.” Market-Wide Risks Consistent with last year’s letter, OCIE again has identified a number of market structure risks that will be considered during examinations. Money Market Funds. OCIE will focus on how money market funds comply with recent changes to the rules that govern them, including the amendments that became effective in October 2016. OCIE will peak inside the boardroom to assess how fund boards oversee fund compliance with the new money market reform rules, especially policies and procedures relating to stress testing and reporting. Payment for Order Flow. OCIE will focus on ensuring that brokerdealers comply with their duty to seek best execution when routing customer orders for execution, a perennial favorite issue for examiners. 10th Annual Focus Event on

REGISTR ANT REGULATION Conduct

Compliance

Clearing Agencies. Using a risk-based approach, OCIE will continue to focus on “systemically important” clearing agencies pursuant to the authority granted to the SEC by the DoddFrank Act. In September 2016, the SEC adopted a final rule with an April 2017 effective date that establishes standards for the operation and governance of “covered clearing agencies.” Systemically important clearing agencies are subject to requirements regarding governance, recovery planning, risk management, and disclosures to market participants. FINRA. OCIE will enhance its oversight of FINRA, including inspections of FINRA’s operations and regulatory programs, with a focus on assessing how well FINRA examines individual brokerdealers. Regulatory Systems Compliance and Integrity (SCI). In 2014, the SEC adopted Regulation SCI, which applies to SCI entities, which include certain self-regulatory organizations, including registered clearing agencies, alternative trading systems, plan processors, and exempt clearing agencies. These SCI entities are required to design, develop, test, and maintain surveillance systems, as well as to comply with SEC requirements related to stress tests, collection of market data, and other detailed obligations. OCIE will step up examinations of SCI entities to ensure the integrity and efficiency of their systems. Cybersecurity. Cybersecurity continues to be a top priority of OCIE examiners. National Securities Exchanges. OCIE will continue risk-based examinations of national securities exchanges, focusing on operational and procedural controls. Anti-Money Laundering (AML). OCIE will review broker-dealer AML programs in order to ensure that these programs are tailored to address the specific risks that a firm faces. OCIE will review how broker-dealers monitor suspicious activity at the firm and compliance with the requirement to file suspicious activity reports (“SARs”). Recent FINRA and SEC enforcement actions have targeted non-compliance with SAR filing requirements and have identified other compliance violations through a review of SAR filings. Other OCIE Initiatives

Hear from

the provincial regulators NSCP members receive

20%

using code NSCP20 DOWNLOAD BROCHURE

10 FEBRUARY 2017

OCIE will also allocate resources to examinations of municipal advisors, transfer agents, and private fund advisers. In connection with examinations of transfer agents, OCIE will focus on transfer agents that serve microcap issuers in order to detect issuers engaged in unregistered securities offerings. Recent SEC enforcement efforts have highlighted many instances of microcap fraud. Conclusion The exam priorities have a broad scope. Broker-dealers and investment advisers likely will draw from a broad array of compliance, sales and operational areas to address the issues that FINRA and OCIE raise in their examinations. The exam priorities address not only the recurring legal issues that form the bread and butter of the work of compliance personnel, but a variety of other financial, trading, operational and technology areas as well. Accordingly, we encourage firms to review the exam priorities set forth in these letters across a broad crosssection of personnel, with a view to assessing how well a firm, and its policies and procedures, would pass muster under the rules and expectations of these regulators. H

NSCP Currents

Tech Tools to Ease Compliance Testing By Colleen Corwell This is the first in a two-part series of articles developed to help compliance professionals understand how technology can make it easier to manage risk in light of regulators’ plans to make compliance a top focus this year. The second in the two part series will offer an objective deep dive into the technological tools and tactics firms can implement to establish a robust internal control framework.

T

his year, regulators will be “blocking and tackling” compliance issues1 head-on during examinations as one of their stated priorities for the year, including assessing the compliance controls financial firms have in place to mitigate compliance, supervisory and risk management breaches. The Financial Industry Regulatory Authority (“FINRA”), the selfregulatory organization responsible for overseeing broker-dealers and brokerage firms, announced in its 2017 Priorities Letter that it will be focusing exams this year on assessing registrants’ supervisory controls. The Securities and Exchange Commission (“SEC”) is also including compliance risk management among its 2017 examinations priorities, focusing its efforts on minimizing market-wide risk. To this end, the regulator will be assessing companies’ enterprise risk management programs to ensure that they cover all business units, subsidiaries, and interconnected infrastructures.2 Technology can make it easier for firms to be audit-ready. For small and large organizations alike, technology can help firms perform compliance reviews much more easily and produce evidence of the controls they have in place, at the click of a button. Benefits of Technology-Powered Testing • • • • • •

Allows firms to identify risks proactively, e.g., before they become violations; Less time chasing down paper documents affords compliance professionals more time to analyze testing to improve the effectiveness of their compliance program; Centralization of processing and test results facilitates faster response to findings that may have implications for firm operations, business or investment strategies; Reduces the impact of staff turnover; since testing processes are standardized and documented, institutional knowledge can be shared fluidly within the firm; New hires can quickly plug in, learn and participate in the review process; Easy to change or update policies and procedures and related testing;

• • •

Improves the quality of testing to deliver more relevant results; Replacing manual processes saves time while allowing for more frequent reviews; and Generates automated robust, reports that can easily be produced to satisfy annual testing requirements or a regulatory request.

Depending upon the type of firm and the risks identified through the risk assessment process, there may be specific focus areas of the business that require testing on at least an annual basis. Investment Advisors Rule 206(4)-7 requires advisers to review their policies and procedures (“P&Ps”) at least annually to determine their adequacy and effectiveness. Although Rule 206(4)-7 and all major securities rules stipulate that reviews be conducted annually, advisers should conduct interim reviews in response to changes or developments that could impact their business, such as adding a new product, a rule change or a risk alert. Focus Areas for Investment Advisers (1) Portfolio management compliance, including the allocation of investment opportunities among clients and consistency of portfolios with clients’ investment objectives; (2) Trading practices, including best execution; (3) Proprietary trading by advisers; personal trading by employees; (4) Disclosures made to investors, clients and regulators; (5) Safeguarding of client assets from conversion or misuse; (6) Records retention; accuracy of books and records; (7) Marketing of advisory services, including the use of solicitors; (8) Appropriate valuation of client holdings and fees assessed; (9) Privacy protection of client records and information; and (10) Business continuity preparedness.

1. http://www.finra.org/industry/2017-regulatory-and-examination-priorities-letter 2. https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2017.pdf

About the Author Colleen Corwell is a Director at Alaric Compliance Services, www.alariccompliance.com. She can be reached at [email protected] FEBRUARY 2017

11

NSCP Currents Investment Companies / Funds Under Rule 38A-1 of the Investment Company Act3, funds and investment companies are required to review their P&Ps, as well as those of their service providers, at least annually. Investment companies and funds are subject to recurring compliance testing and reviews as regulators look to stem unlawful conduct involving fund advisors, broker-dealers and affiliates, including market timing, late trading practices as well as improper disclosures and/ or misuse of nonpublic portfolio information.4 Focus Areas for Investment Companies and Funds (1) Processing and pricing of portfolio securities and fund shares; (2) Protection of non-public information; (3) Identification of “Affiliated Persons” to prevent market timing, self-dealing and overreaching by persons in a position to take advantage of the fund; (4) Accuracy of disclosures made to shareholders, affiliates and regulators; (5) Compliance with governance requirements to ensure that fund oversight is being conducted for the benefit of the fund and its shareholders. Brokerage Firms / Broker-Dealers Brokers must also conduct compliance testing to ensure controls are in place to prevent securities law violations. FINRA Rule 3120 requires firms to establish, maintain, and enforce written supervisory control policies and procedures (“WSPs”) to effectively manage the types of business in which it engages, and to ensure compliance of all affiliated personnel with applicable securities laws and regulations. Rule 3120 also requires testing of a firm’s WSPs on at least an annual basis. Under this rule, however, registrants need not verify all of their P&Ps on an annual basis. FINRA allows regulated brokerage firms and brokerdealers to use interim risk-based sampling methodologies to test a subset of their P&Ps, focusing on areas that represent the greatest risk to the firm. Focus Areas for Broker-Dealers (1) Business activities that resulted in the termination of personnel; (2) Business activities in which the firm has had prior customer complaints; (3) Business activities that resulted in regulatory deficiencies in the past, including: • Books and records omissions and/or record-retention lapses; • Dissemination of inaccurate data related to products or order types; • Failures to deliver required disclosures or other documents to clients; (4) Products, rules or issues identified as potential future areas of concern; and (5) New business activities or products.

3. https://www.sec.gov/rules/final/ia-2204.htm#P65_13121 4. https://www.sec.gov/rules/final/ia-2204.htm#P170_59174

12 FEBRUARY 2017

Regulated firms occasionally fail to conduct mandated reviews, sometimes over the course of many years, faulting a shortage of time, resources or qualified personnel. Firms found at fault for failing to implement an organized and efficient testing regime as part of an actively managed compliance program may find themselves in the public eye as a consequence. In these cases, it is not uncommon for regulators to operate with 20/20 hindsight, indicating compliance breaches could have been avoided had appropriate testing processes been in place. Common features of compliance testing software include a risk management dashboard that offers a snapshot of a firm’s compliance manual, P&Ps, compliance calendar with prescheduled tasks and alerts, as well as system for distributing notifications, test assignments, reports and other output to authorized responsible parties, individually or as a defined group. Automated compliance testing tools enable compliance officers to easily summarize and generate reports in a variety of formats to compile a range of invaluable information, including: 1. an inventory of controls that a firm has in place to mitigate compliance, supervisory and risk management breaches; 2. the status of internal compliance tests, the personnel assigned and the actions in progress; 3. an inventory of identified or known risk-weighted gaps with measurable impact on the firm; 4. effectiveness of testing performed and metrics such as frequency of tasks by employee; and 5. identification of risks associated with responsible parties, compliance controls, data and documentation. As firms grow and become more operationally complex, compliance test management software allows firms to more easily assess the quality of internal controls in a way that was simply not possible before. By leveraging technology, firms can spend more time analyzing and improving their compliance programs, and working proactively to minimize compliance and supervisory risk. Doing so, enables firms to demonstrate they are maintaining effective compliance programs. H Stay tuned for Part II in this series: “Tech Tools and Tips to Improve Your Compliance Testing” This article will offer a vendor-agnostic nuts-and-bolts perspective into how technology can help firms test and better manage compliance controls on an ongoing basis, including topics such as: • • •

Still Using Excel to Manage Compliance? Tech tools and tips to improve compliance testing Cautionary tales of manual compliance reviews gone awry

Advertise in NSCP Currents! Members receive special pricing, and we offer four different ad sizes (full color with hyperlink); for more information, please visit our website.

NSCP Currents

Lessons from the SEC’s Whistleblower Anti-Retaliation Cases By Vincente L. Martinez and Curtis S. Kowalk I. Introduction

W

hile announcements of large cash awards grab most of the spotlight for the Securities and Exchange Commission’s (SEC or the Commission) whistleblower program, SEC officers have also stated that protecting whistleblowers is an SEC priority, and that they are committed to enforcing the program’s whistleblower anti-retaliation provisions.1 To date, the SEC has brought three actions where it has found an employer’s treatment of an employee whistleblower to be retaliatory. Through two of those actions, the SEC has also made clear that it will bring charges against employers based solely on the manner in which they handle employee whistleblowers, without charging other violations of the federal securities laws. Management, compliance, legal and human resource professionals should therefore understand how the SEC’s antiretaliation provisions work, as well as the circumstances that have led to enforcement actions, in order to avoid unnecessary liability. This article explains the relevant law, describes the SEC’s anti-retaliation enforcement actions, and offers suggestions for responding appropriately to employee whistleblowers. II. The Anti-Retaliation Provisions Section 21F(h)(1)(A) of the Exchange Act of 1934 (Exchange Act) states that “[n]o employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistle-blower in the terms and conditions of employment because of any lawful act done by the whistleblower ….”2 The provision is worded broadly in terms of the conduct that may constitute a violation. It also applies to a wide variety of activities, including (i) providing information to the Commission, (ii) participating in any Commission investigation or judicial or administrative action, or (iii) making disclosures required or protected by the Exchange Act, the Sarbanes-Oxley Act of 2002, “and any other law, rule or regulation subject to the jurisdiction of the Commission.”3 1. See, e.g., SEC Charges Hedge Fund Adviser with Conducting Conflicted Transactions and Retaliating against Whistleblower, SEC Press Rel. No. 2014-118 (June 16, 2014) (“We will continue to exercise our anti-retaliation authority in these and other types of situations where a whistleblower is wrongfully targeted for doing the right thing and reporting a possible securities law violation” – Sean McKessy); Mary Jo White, Speech for the Ray Garrett, Jr. Corporate and Securities Law Institute-Northwestern University School of Law, The SEC as the Whistleblower’s Advocate (Apr. 30, 2015) (“The ambivalence about whistleblowers can indeed sometimes manifest itself in an unlawful response by a corporate employer and we are very focused at the SEC on cracking down on such misconduct”). 2. 15 U.S.C. 78u-6(h)(1)(A). Section 21F, entitled “Securities Whistleblower Incentives and Protection,” was added to the Exchange Act by Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. 3. Id.

About the Author Vincente L. Martinez is Partner at K&L Gates LLP, www.klgates.com. He can be reached at [email protected]. Curtis S. Kowalk is an Associate at K&L Gates LLP, www.klgates.com. He can be reached at [email protected].

The SEC’s whistleblower program is implemented through a set of Whistleblower Rules.4 Rule 21F-2(b)(2) states that “Section 21F(h)(1) of the Exchange Act …, including any rules promulgated thereunder, shall be enforceable in an action or proceeding brought by the Commission.”5 This rule is meant to make clear that the SEC can bring an action for retaliation against a whistleblower. It is important to note, however, that Exchange Act Section 21F(h) also permits employees to bring suit in federal district court to seek reinstatement, back pay, and compensation for litigation costs, expert witness fees, and reasonable attorneys’ fees.6 Accordingly, a violation of the antiretaliation provisions exposes an employer to potential liability from both the SEC and the employee whistleblower.7 III. The Anti-Retaliation Cases8 A. In the Matter of Paradigm Capital Management, Inc. et al. (Paradigm)9 In this matter, Paradigm’s head trader reported to the SEC that the firm had engaged in principal transactions with an affiliated broker-dealer without providing effective disclosure to, or obtaining effective consent from, its managed fund. The trader then told the firm’s owner and its Chief Compliance Officer about his report. The SEC found that the firm removed the trader from Paradigm’s trading desk, changed his job function from head trader to compliance assistant, stripped him of supervisory responsibilities, moved him to another floor, forced him to find suspect trades by reading through hard copy printouts, deprived him of access to the firm’s trading systems, and otherwise marginalized him. The trader ultimately resigned. The SEC brought an action for violations of both the antiretaliation provisions and the Investment Advisers Act of 1940. The firm and its principal settled to a cease-and-desist order, disgorgement of $1.7 million, a $300,000 penalty, prejudgment interest and a set of undertakings related to the transactions at issue. In announcing the settlement, the SEC’s Enforcement Director stated, “Paradigm retaliated against an employee who reported potentially illegal activity to the SEC. Those who might consider punishing whistleblowers should realize that such retaliation, in any form, is unacceptable.” B. In the Matter of International Game Technology (IGT)10 Here, a director of one of IGT’s divisions became concerned that there were errors in the accounting for certain intracompany sales, which he believed could result in financial statement inaccuracies. The director raised his concerns during 4. 17 C.F.R. 240.21F-1 through 17. 5. 17 C.F.R. 240.21F-2(b)(2). 6. 15 U.S.C. 78u-6(h)(B) and (C). 7. In certain circumstances, a whistleblower may also be able to assert retaliation claims under state law. See, National Conference of State Legislatures, State Whistleblower Laws, which can be found at http://www.ncsl.org/research/labor-and-employment/state-whistleblower-laws.aspx. 8. It should be noted that all three of the actions described herein were settled without the respondents admitting or denying the Commission’s findings. Accordingly, we take no view on whether the findings are accurate, but rather report what is stated in the settlement orders. 9. Exchange Act Rel. No. 72393 (June 16, 2014). 10. Exchange Act Rel. No. 78991 (Sept. 29, 2016).

FEBRUARY 2017

13

NSCP Currents a presentation which led to a “heated disagreement” with a superior, who then purportedly took actions to terminate the director. The director in turn reported his concerns to the company’s internal hotline, claimed he was being retaliated against, and then immediately reported to the SEC. The company put the termination proceedings on hold and brought in outside counsel to conduct an internal investigation. The SEC found that during the internal investigation IGT removed the employee from “two opportunities he considered significant to performing his job successfully;” namely, he was removed from a cost saving project associated with a merger and was directed not to attend an annual industry convention. The company terminated the employee after the internal investigation which, notably, found that there was no error in the company’s financial statements because the sales at issue were addressed during an accounting reconciliation process. Likewise, the SEC did not bring any action with respect to IGT’s accounting or disclosures. The SEC did, however, bring charges based solely on the anti-retaliation provisions. In announcing the settlement, the SEC’s Chief of the Office of the Whistleblower stated, “Bringing retaliation cases, including this first stand-alone retaliation case, illustrates the high priority we place on ensuring a safe environment for whistleblowers.” In settling the action, the company agreed to pay a $500,000 penalty. C. In the Matter of SandRidge Energy, Inc. (SandRidge)11 In this matter, an employee raised concerns about the company’s process for calculating its publicly disclosed oil and gas reserves, as well as an internal audit designed to address the matter. In conjunction with a large-scale reduction in force, the company terminated the employee. The SEC found, however, that in discussing the employee’s termination, “members of SandRidge senior management expressed among themselves their belief that the manner in which the Whistleblower was raising concerns regarding the reserve process was disruptive, and that the company could replace the Whistleblower with someone ‘who could do the work without creating all of the internal strife.’” The SEC also found that the company did not investigate the employee’s concern other than by conducting an internal audit, which it did not finish. The SEC brought charges for violating the anti-retaliation provisions, as well as for violating Whistleblower Rule 21F-17(a), which prohibits employers from taking actions to impede individuals from communicating with the SEC. In connection with the settlement, the company agreed to pay a $1.4 million penalty. 11. Exchange Act Rel. No. 79607 (Dec. 20, 2016).

14 FEBRUARY 2017

IV. Analysis A. When Does an Employee Become a Whistleblower? For several reasons, the most prudent course of action for employers is to treat an employee as a whistleblower from the moment he or she raises concerns about potential violations of the federal securities laws. First, there is no way to know whether an employee has already reported to the SEC. For purposes of anti-retaliation protections, an employee may report to the SEC at any time and in any manner. The definition of “whistleblower” in the SEC’s Whistleblower Rules distinguishes between individuals eligible for an award and individuals eligible for anti-retaliation protections. To be eligible for an award, an individual must follow certain procedures.12 Further, certain persons – such as officers, internal compliance personnel and attorneys – cannot receive an award unless they first report internally, and then only after certain circumstances occur.13 However, none of these conditions apply to anti-retaliation protections; the Whistleblower Rules make clear that “[t]he anti-retaliation protections apply whether or not you satisfy the requirements, procedures and conditions to qualify for an award.”14 Nor does the employee need to be correct about the existence of a violation. Instead, an employee is eligible for anti-retaliation protections whenever he or she reports information based on a “reasonable belief that the information [the employee] is providing relates to a possible securities law violation … that has occurred, is ongoing, or is about to occur.”15 In the Adopting Release to the final Whistleblower Rules, the SEC explained that the “reasonable belief” standard merely requires that the employee have a “subjectively genuine belief that the information demonstrates a possible violation” and that this belief is one that “a similarly situated employee might reasonably possess.”16 Accordingly, it is very easy for an employee to bring concerns to the SEC and be protected by the anti-retaliation provisions. It is also possible that an employee may be eligible for antiretaliation protections even if he or she does not report to the SEC, and only reports internally. While some courts have held that a person needs to report to the SEC before invoking antiretaliation protections,17 the SEC’s position18 and the position of some courts19 is that internal reporting alone can qualify an 12. See 17 C.F.R. 240.21F-9. 13. See 17 C.F.R. 240.21F-4(a)(4). 14. 17 C.F.R. 240.21F-2(b)(1)(ii). 15. 17 C.F.R. 240.21F-2(b)(1)(i). 16. Implementation of the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934, Exchange Act Rel. No. 34-64545 (May 25, 2011), at 16. The SEC further explained that this standard was designed with the intention of encouraging employees to provide tips without fear of retaliation, while also not encouraging frivolous tips. 17. Asadi v. G.E. Energy (USA), LLC, 720 F.3d 620 (5th Cir. 2013), is the leading case taking this position. It held that a person may not be deemed a whistleblower unless he or she has reported information to the SEC because Exchange Act Section 21F(a)(6) defines a whistleblower as someone who reports information “to the Commission.” Other decisions adopting this reasoning include Wiggins v. ING U.S., Inc., 2015 WL 3771646, at *9–11 (D. Conn. June 17, 2015); Verfuerth v. Orion Energy Systems, Inc., 65 F.Supp.3d 640, 643-46 (E.D. Wis. 2014); Banko v. Apple Inc., 20 F.Supp.3d 749, 756-57 (N.D. Cal. 2013); Wagner v. Bank of America Corp., No. 12-cv-00381-RBJ, 2013 WL 3786643, at *4-*6 (D. Colo. July 19, 2013); Verble v. Morgan Stanley Smith Barney, LLC, 148 F.Supp.3d 644, 656 (E.D. Tenn. 2015); and Puffenbarger v. Engility Corp., 151 F.Supp.3d 651, 664–65 (E.D. Va. 2015). 18. Interpretation of the SEC’s Whistleblower Rules Under Section 21F of the Securities Exchange Act of 1934, 80 Fed. Reg. 47,829 (Aug. 10, 2015). As the SEC stated, “an individual who reports internally and suffers employment retaliation will be no less protected than an individual who comes immediately to the Commission . . . . A contrary interpretation would undermine the other incentives that were put in place through the Commission’s whistleblower rules in order to encourage internal reporting.” 19. Berman v. Neo@Ogilvy LLC, 801 F.3d 145 (2d Cir. 2015), is the leading case taking this position. It held that the tension between Exchange Act Sections 21F(a)(6) and 21F(h)(1)(A) (iii), which protects reporting in circumstances other than to the Commission, renders the statute

NSCP Currents individual for anti-retaliation protections. Accordingly, the simple act of raising concerns internally may be sufficient to cover an employee under the anti-retaliation provisions. B. How Should an Employer Respond to a Potential Whistleblower? Any adverse employment action may be deemed retaliatory if it is found to be caused by a lawful action taken by a whistleblower. As the actions described above show, the SEC has found a wide variety of employer responses to be retaliatory. These actions included changing an employee’s job functions, removing responsibilities, removing access to systems and email accounts, moving an employee to another office, and depriving an employee of networking opportunities. While some responses may not appear to be significant in isolation – such as directing an employee not to attend an industry conference – the SEC’s orders do not provide much analysis as to whether any of these actions, standing on their own, would be deemed actionable. However, given the broad wording of Exchange Act Section 21F(h)(1)(A), it should be understood that all such actions could be the basis for a charge. On a practical level, initial reactions to employees who raise concerns can be very important for limiting potential antiretaliation liability. A poor reaction can put an employee on the defensive and set into motion an irreconcilable chain of events. The IGT matter is instructive. In that case, the employee’s presentation of his concerns was met with a hostile reaction. In the aftermath of that exchange, and perhaps because the employee understood that his superiors were taking steps to terminate him, the employee brought what was initially a matter for internal discussion directly to the SEC. In the Paradigm matter, the firm removed the employee from his duties the day after he told them he had brought concerns to the SEC, and subsequent negotiations on a severance package appear to have broken down quickly. From that point forward, the relationship between the firm and the employee was strained, and the firm’s attempt to bring the employee back to work in another capacity was deemed retaliatory. In sum, an employer should not react hastily or reflexively. Instead, a neutral response, or even an appreciative reaction for bringing concerns forward, has the potential for creating a more positive set of exchanges with an employee, one that need not create a chain of events liable to incur anti-retaliation charges. At the very least, a measured response is more likely to buy the employer time to assess the situation fully. It should also be understood, however, that fault can be found even with more measured responses. In each of the cases above, the employer responded to the employee’s concerns by conducting an internal investigation. That is a reasonable response. Yet, the manner in which the employers handled the employees while investigating was found to be retaliatory. An employer may understandably wish to separate an employee from the alleged conduct to determine for itself whether the allegations have merit. But in doing so, the employer risks being accused of marginalizing the employee or adversely changing “sufficiently ambiguous” as to require the court to afford administrative deference, under the holding of Chevron U.S.A., Inc. v. Natural Resources Defense Council, Inc., 467 U.S. 837 (1984), to the SEC’s interpretation that internal reporting qualifies an employee as a whistleblower for anti-retaliation purposes. Other courts taking the same position include Lutzeir v. Citigroup Inc., No. 4:14-cv-183, 2015 WL 7306443, at *2-3 (E.D. Mo. Nov. 19, 2015); Somers v. Digital Realty Trust, Inc., 119 F.Supp.3d 1088, 1094-1106, No. C-14-5180 EMC, 2015 WL 4483955, at *4–12 (N.D. Cal. July 22, 2015); Yang v. Navigators Grp., Inc., 18 F.Supp.3d 519, 533-34 (S.D.N.Y. 2014); Khazin v. TD Ameritrade Holding Corp., No. 13-4149 (SDWQ)(MCA), 2014 WL 940703, at *3-6 (D.N.J. Mar. 11, 2014); Azim v. Tortoise Capital Advisors, LLC, No. 13-2267-KHV, 2014 WL 707235, at *2-3 (D. Kan. Feb. 24, 2014); Ellington v. Giacoumakis, 977 F.Supp.2d 42, 44-46 (D. Mass. 2013); Genberg v. Porter, 935 F.Supp.2d 1094, 1106-07 (D. Colo. 2013); Nollner v. S. Baptist Convention, Inc., 852 F.Supp.2d 986, 995 (M.D. Tenn. 2012); and Kramer v. Trans–Lux Corp., No. 3:11CV1724 SRU, 2012 WL 4444820, at *4 (D. Conn. Sept. 25, 2012).

his or her job functions. For instance, in Paradigm, the SEC pointed out that the employee was moved to another floor. The SEC also noted that the firm prevented the whistleblower from accessing its trading systems and instead asked the whistleblower to complete a task by hand. In IGT, the employer prohibited the employee from attending a supposedly important annual industry conference. The SEC’s message in citing these facts is that actions that marginalize or ostracize employees can be deemed retaliatory. More important, of course, are actions that are material to an employee’s career. In Paradigm, the employee’s duties were changed from trading to compliance. In IGT, the employee was removed from a project very similar to the one that he raised concerns over. Employers face a very difficult dilemma when separating employees from the conduct at issue. The better course of action, which in some cases can be very difficult, is to change the employee’s duties, responsibilities and opportunities as little as possible during an internal investigation. Of course there may be situations in which it is impossible to leave an employee in the same position. This would be especially true if the employer believed the employee was culpable for the conduct at issue. Indeed, in such a case the employer could face another issue with the SEC if it finds the company did not take sufficient steps to remediate the misconduct. Such a finding could undermine a company’s ability to seek cooperation credit, which in turn could lead to more severe remedies. The only way to navigate these obstacles is through careful deliberation. It is therefore a best practice to have a whistleblower matter handled by personnel with as little connection to the facts and the employee as possible. Further, and just as important, any changes in position and duties must be well-reasoned and well-documented. C. Why Should Employers Encourage Internal Reporting? Employers should also understand that the SEC’s Whistleblower Rules are populated with incentives for whistleblowers seeking monetary awards to report internally and to allow an employer to investigate the matter. First, there is a 120-day look back provision that allows an internal whistleblower’s information to be deemed “original” as of the date that he or she first reported internally, so long as the employee then reports to the Commission within 120 days.20 Second, if an employee reports misconduct internally and the employer then conducts an investigation that yields further information that aids the Commission’s successful enforcement action, the employee will be deemed to have been the original source of all of this information.21 Third, the whistleblower award calculation criteria 20. 17 C.F.R. 240.21F-4(b)(7). 21. 17 C.F.R. 240.21F-4(c)(3).

•

FEBRUARY 2017

15

NSCP Currents include provisions under which an award can be increased if the employee at issue first reported internally.22 Conversely, an award can be reduced where an employee interferes with internal compliance and reporting systems.23 With respect to anti-retaliation liability, these incentives can have the effect of creating time for an employer to assess the concerns raised and to engage in a positive dialogue with the employee that allows an issue to be resolved amicably. For many reasons, it is a good idea to create a compliance and human resources culture that encourages employees to raise their concerns internally with confidence. First, one of the bases for cooperation credit with the SEC is the act of self-reporting.24 Also, creating a culture of healthy internal reporting maximizes the investment spent on compliance. The ability to self-report is good in its own right because it gives an entity the opportunity to determine whether and how it approaches the SEC, and gives it the best chance to have a cooperative relationship during an investigation and/or to mount the most vigorous defense. On the other hand, entities that do not seek to maximize internal reporting possibilities may miss opportunities to bring issues to regulators cooperatively, which can result in more aggressive enforcement actions and steeper penalties. D. How Should Employers Handle Separation? Terminating whistleblowers is fraught with risk because it can be extremely difficult to separate the reasons for termination from the circumstances of the employee’s whistleblower report. This is especially true if the events are close in time and there is little or no prior record to support employee discipline. Further, the employee’s record may support a conclusion that the report was the reason for the termination. For example, in IGT the employee had an exceptional employment record, which the SEC cited at length in support of its finding that the termination was retaliatory. In SandRidge, management created a record in which they discussed the employee’s termination in terms of finding someone not likely to raise concerns in the same way. Such statements can support a finding that the termination was retaliatory. In short, unless there are well-documented reasons sufficient for termination that exist independently of the circumstances surrounding the employee’s report, then an employer is vulnerable to a charge of retaliation. Accordingly, as a practical point it is a good practice to memorialize an employee’s accomplishments and shortcomings contemporaneously and diligently in order to support appropriate employment actions. Assuming, on the other hand, that a separation is based on 22. 17 CFR 240.21F-6(a)(4). 23. 17 CFR 240.21F(b)(3). 24. See Exchange Act Rel. No. 44969 (Oct. 23, 2001).

amicable and mutually agreed upon terms, the wording of the separation agreement can also create liability. An employer will naturally want to include language in a separation agreement that protects confidential information or prevents the employee from disparaging the company. Employers need to pay attention to SEC Whistleblower Rule 21F-17(a), which states that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.”25 Over the past two years, the SEC has brought and settled nine cease-and-desist actions for violations of this provision.26 These actions have involved both separation agreements and internal investigation agreements, and they have taken issue with several clauses often found in confidentiality agreements, including: provisions prohibiting disclosure of confidential information absent a subpoena or the company’s permission; provisions that impose financial penalties on an employee who discloses confidential information; and non-disparagement clauses. In short, the SEC will take issue with any agreement that it believes impedes an employee’s ability to volunteer information to the government. Moreover, as a condition of settlement in these cases, the SEC has required employers to inform all current and former employees who have signed an agreement found to violate the Rule that the restriction no longer applies and that they are free to report information to government authorities. Employers should not only be concerned about such language when negotiating separation agreements, but should also be reviewing their current employment agreements, compliance manuals and other policies and procedures for language that might violate the Rule. V. Conclusion The most well-informed whistleblower is only as good as an entity’s true culpability. Moreover, the SEC’s Division of Enforcement is adept at separating substantive allegations from frivolous ones. Therefore, companies and firms with sound financial controls, disclosure practices and compliance programs should have little to fear from whistleblowers. Nevertheless, an ill-considered reaction to an employee whistleblower can create a separate and wholly unnecessary source of liability. Employers should therefore anticipate the possibility of employee whistleblowers by creating deliberate response mechanisms that address employee concerns positively and carefully. H 25. 17 C.F.R. 240.21F-17(a) 26. KBR, Exchange Act Rel. No. 74619 (Apr. 1, 2015); Merrill Lynch, Exchange Act Rel. No. 78141 (June 23, 2016); BlueLinx Holdings, Exchange Act Rel. No. 78528 (Aug. 10, 2016); Health Net, Exchange Act Rel. No. 78590 (Aug. 16, 2016); Anheuser-Busch InBev, Exchange Act Rel. No. 78957 (Sept. 28, 2016); NeuStar, Exchange Act Rel. No. 79593 (Dec. 19, 2017); SandRidge Energy, Exchange Act Rel. No. 79607 (Dec. 20, 2016); BlackRock, Exchange Act Rel. No. 79804 (Jan. 17, 2017); and Homestreet, Exchange Act Rel. No. 79844 (Jan. 19, 2017).

NSCP Compliance Forum Quick User Notes Would you like to update your username or post anonymously with an ambiguous nickname on your Compliance Forum Posts? To change your display name in the NSCP Compliance Forum, go to the NSCP Member Center and choose “My Account”>”User Profile”>”Nickname”. Change your display name and click Save. Click NSCP Compliance Forum to view the changes. 16 FEBRUARY 2017

NSCP Currents

The SEC’S 2017 Priorities: What They Are and What Compliance Professionals Need to Know

A

s we all have anticipated, the SEC released its 2017 Examination Priorities Letter (“Letter”) from the Office of Compliance Inspections and Examinations (“OCIE”). The Letter is broken down into three main categories: 1. Examination of matters of importance to retail investors; 2. Focusing on risks specific to elderly and retiring investors; and 3. Assessing market-wide risks. The Letter also states that the SEC staff has incorporated data analytics into its examination initiatives, using data analytics to identify high risk profiles and to analyze complex products.1

A. PROTECTING RETAIL INVESTORS Electronic Investment Advice. Regulators are taking a closer look at electronic investment advice. The SEC hosted its first FinTech Forum in November 2016, and FINRA published its Report on Digital Investment Advice in March 2016. According to the report, FINRA is concerned about investment recommendations made without any personal contact. The SEC permits this type of advice; however, firms should carefully manage their processes. As it relates to third party “robo”, or digital adviser activities, OCIE plans to focus on the firm’s compliance program, marketing, formulation of investment recommendations, data protection, disclosures related to conflicts of interest, and the compliance program’s oversight of algorithms that generate recommendations. Firms should carefully: • • •

•

Review/approval of website and social media; Review requirements for mutual funds if they are part of the make-up of portfolio(s) or part of 529 Plan offerings; Consider how the digital tool reviews the customer information and investment objectives to arrive at the investment portfolio and the strategy recommended and implemented; Evaluate all potential conflicts of interest, including the use of such things as affiliated investment products, all vendors, the activities of boards of directors and advisory boards; and

1. Presentation by Stephanie Avakian, Deputy Director, Division of Enforcement, at the SIFMA C&L New York Regional Seminar, Nov. 2, 2016.

About the Authors This article was drafted by Oyster Consulting LLC consultants. http://oysterllc.com Oyster wishes to acknowledge the following for contributing to the article: Hank Sanchez, Libby Hall, Richard Chase, Bill Reilly, Jill Bening, Bob Tuch, Harriet Britt, Don Horwitz, George Jennison, Buddy Doyle, Andy Favret, Ann Griffith, Lance Whittemore, and Dan Labovitz.

• Supervise the digital investment tool or algorithm. As smaller advisers establish relationships with “robo-advisers”, the compliance officer(s) of those firms will need to take up the same issues as the teams in the larger firms. If a firm is considering creating or using a digital advice model, consult with someone who has already thought through some of the issues. Wrap Fee Programs. The Letter also indicated that areas of focus may include wrap account suitability, effectiveness of disclosures, conflicts of interest and brokerage practices. OCIE has previously indicated it would evaluate: • • •

how financial professionals and firms satisfy their suitability requirements when determining whether to recommend brokerage or advisory accounts; the financial incentives for making such recommendations; and whether all conflicts of interest are fully and accurately disclosed.

OCIE also indicated that, when different fee arrangements are offered for advisory accounts, the staff would assess whether the recommendation of an advisory account is in the best interest of the client at the inception of the arrangement and afterward, including the fees charged, services provided and disclosures made about such relationships. In a 2003 FINRA Notice to Members2, it was noted that before opening a fee-based account for a customer, members must have reasonable grounds to believe the account is appropriate for that customer. Firms should identify and address the following: • •

•

Whether a wrap account is in the best interests of a client at the inception of the arrangement and thereafter. Wrap accounts should be monitored and reviewed on a regular basis to determine if they continue to be suitable for clients. This should include a review for inactivity (“reverse churning”). The firm’s disclosure to clients of all material components of a wrap account, including the fee schedule, services provided, and the fact that the wrap fee program may cost more than paying for the services separately.

Exchange-Traded Funds (“ETFs”). The SEC will continue to examine ETFs, including the review of ETFs’ unit creation and redemption processes. The Commission’s focus will also be on sales practices and disclosures involving ETFs and the suitability of broker-dealers’ recommendations to purchase ETFs with niche strategies (those that track a basket of stocks that are aimed at a single industry or theme). As exchange-listed products, all ETFs must be registered with the 2. http://www.finra.org/sites/default/files/NoticeDocument/p003079.pdf

FEBRUARY 2017

17

NSCP Currents SEC under the Securities Act of 1933. They are also subject to ongoing reporting and trading requirements under the Securities Exchange Act of 1934. The funds and their issuers are also subject to regulation under the Investment Company Act of 1940.

The takeaway here is that those advisers that have not been examined in years, and newly-registered advisers, should be ready for an SEC exam. These firms should consider engaging Compliance or outside consultants to conduct a mock-SEC examination.

The focus of the SEC’s registration process has been primarily to assure there is adequate disclosure of the nature of the ETF, its composition, its relation to the underlying index, basket or other investment target, and the risks of investment in the ETF. As the number and kinds of ETFs have proliferated, the investor protection issues associated with them have also increased.

Recidivist Representatives and their Employers. Both the SEC7 and FINRA8 have expressed concerns about individuals with multiple disclosures, and how firms supervise them. The Letter notes that the SEC will continue to use its analytic capabilities to identify individuals with a track record of misconduct and examine the firms that employ them, focusing on the firms’ compliance oversight and controls.

Firms should consider having training programs for their sales personnel and investor education programs for their customers if their marketing efforts venture beyond the more broad-based and established ETFs.

These exams will focus on the firm’s compliance program to ensure it has processes to assess incoming advisers and to properly supervise those with disclosure histories.

Firms should also have programs to assess the risk levels associated with certain kinds of ETFs, such as actively traded, niche, leveraged and inverse funds, and their suitability for certain kinds of investors. Some firms have adopted policies imposing special approval requirements, or even outright restrictions, on some ETFs for certain classes of investors.

Further, the SEC will be looking at firms’ marketing pieces to identify any conflicts of interests or risks associated with supervised persons with a history of disciplinary events, to determine whether the conflicts or risks are clearly disclosed, and to determine if the firm has procedures in place to address the conflicts and mitigate the risks.

Never-Before Examined Investment Advisers. In 2014, the SEC launched its “Never-Before Examined Initiative”, focusing on firms that have been registered three years or more3. In this year’s Letter, the SEC notes it is expanding the “Never-Before Examined Adviser initiative”3 to include focused, risk-based examinations of newly-registered advisers4, and of selected advisers that have been registered for a longer period but have never been examined by OCIE.

Multi-Branch Advisers. OCIE will continue to focus on registered investment advisers that provide advisory services from multiple locations. The Letter referenced a December 2016 Risk Alert that addresses OCIE’s Multi-Branch Adviser Initiative9.

The “Never-Before Examined Initiative” noted the staff will take a two-pronged approach in conducting its reviews: the risk assessment approach and the focused review approach. The risk-assessment approach is a review of an adviser’s overall business activities, focusing on the compliance program and documents needed to assess the representations made on disclosure documents. The focused review approach includes conducting comprehensive, risk-based examinations of one or more of the following: • • • • •

Compliance Program Filings/Disclosures Marketing Portfolio Management Safety of Client Assets

Just how is the SEC staff going to accomplish these additional reviews? The Commission traditionally has reviewed only 10% of advisers annually. In 2016, the SEC shifted its broker-dealer staff over to investment adviser examinations5. The SEC has also indicated it was exploring allowing third-party examiners to conduct reviews6. 3. See OCIE’s Letter to Never-Before Examined Investment Advisers, February 20, 2014, http:// www.sec.gov/about/offices/ocie/nbe-final-letter-022014.pdf. 4. The SEC has provided guidance to Newly-Registered Advisers. https://www.sec.gov/divisions/ investment/advoverview.htm 5. http://www.reuters.com/article/us-sec-brokers-idUSKCN0VT0SQ 6. Speech by SEC Chair Mary Jo White. https://www.sec.gov/news/speech/white-speech-be-

18 FEBRUARY 2017

With that in mind, the Risk Alert highlighted the following areas regarding multi-branch advisers: 1. Compliance Programs. The OCIE staff will assess, among other things, the: • • • •

implementation of policies and procedures in the main and branch offices; firm’s assessment of how such supervision is tailored to the unique risks around branches; role and empowerment of compliance personnel charged with overseeing branch offices; and accuracy of information contained in the firm’s filings regarding branch offices, as compared to actual practices.

2. Fees and Expenses, Advertising and Code of Ethics. The SEC staff may focus attention on assessing compliance and testing controls in one or more of these areas, including compliance with the Custody Rule. 3. Investment Recommendations. The SEC staff will review the process by which investment advice, including the formulation of investment recommendations and the management of client portfolios, is provided to advisory clients from supervised persons located in branch offices.

yond-disclosure-at-the-sec-in-2016-021916.html 7. See OCIE Risk Alert, “Examinations of Supervision Practices at Registered Investment Advisers,” Sept. 12, 2016, https://www.sec.gov/ocie/announcement/ocie-2016-risk-alert-supervision-registered-investment-advisers.pdf. 8. See, FINRA 2017 Priorities Letter. http://www.finra.org/sites/default/files/2017-regulatory-and-examination-priorities-letter.pdf 9. https://www.sec.gov/ocie/announcement/risk-alert-multi-branch-adviser-initiative.pdf

NSCP Currents 4. Oversight, Conflicts of Interest and Allocation of Investment Opportunities. The staff may focus attention on assessing compliance and testing controls in the following risk areas: • •

•

• • •

supervision and review of investment recommendations made to clients within branch offices; identification, management and disclosure of conflicts of interest arising through branch office activities, including conflicts from compensation arrangements and advisers’ outside business activities; allocation of investment opportunities among client accounts, including how branch office trading activity is monitored and disclosures regarding trade allocation; the experience level and level of autonomy of branch office personnel operating as advisers; portfolio management practices, including consistency of portfolios with clients’ objectives; and safeguards for the privacy and protection of client records.

Share Class Selection. OCIE will continue reviewing factors that may affect recommendations relating to mutual fund share classes. As an example, OCIE noted that examiners will identify and assess conflicts that advisers may have, such as those situations in which investment adviser representatives are also registered representatives of a broker-dealer10. OCIE indicated this type of conflict may influence recommendations in favor of share classes that have higher loads or distribution fees. In a July 2016 Risk Alert detailing its Share Class Initiative, OCIE stated it will seek to identify conflicts of interest tied to advisers’ compensation or financial incentives for recommending mutual fund and 529 Plan share classes that have substantial loads or distribution fees. With the foregoing in mind, the Risk Alert highlighted the following topics that the OCIE staff will focus on when conducting examinations: 1. Fiduciary Duty. Whether advisers are acting in clients’ best interests when recommending mutual fund investments. 2. Disclosures. Whether advisers provide narrative disclosure in the ADV Part 2A brochure if the firm or its supervised persons receive compensation for the sale of securities or other investment products. Firms must also explain the conflict of interest that such compensation creates and how the conflict is addressed. 3. Compliance Program. Firm practices surrounding the selection of mutual fund share classes and assess the adequacy and effectiveness of the firm’s policies and procedures. Compliance officers should work with firm personnel to: •

Identify all relevant conflicts of interest related to mutual fund share class recommendations and take steps to ensure they are adequately addressed in the firm’s policies

10 See OCIE Risk Alert, “OCIE’s 2016 Share Class Initiative,” July 13, 2016, https://www.sec.gov/ ocie/announcement/ocie-risk- alert-2016-share-class-initiative.pdf.

• •

and procedures. Ensure such conflicts are adequately disclosed in the ADV Part 2A. Periodically review client accounts to ensure that mutual fund share classes held in those accounts are appropriate.

B. SENIOR INVESTORS AND RETIREMENT INVESTMENTS ReTIRE. In June 2015, the SEC issued a National Examination Program Risk Alert announcing the Retirement-Targeted Industry Reviews and Examination (“ReTIRE.”) initiative. OCIE will continue its multi-year ReTIRE initiative, focusing on investment advisers and broker-dealers, along with the services they offer to investors with retirement accounts11. This year, these examinations will likely focus on, among other things, registrants’ recommendations and sales of variable insurance products, as well as the sales and management of target date funds. These reviews focus on issues relating to senior investors, who are dependent on retirement funds, in the following areas: 1. 2. 3. 4.

Suitability Supervision and Compliance Controls Conflicts of Interest Marketing and Disclosure

Public Pension Advisers. Pension plans of government entities hold a large amount of U.S. investors’ retirement assets. The Commission will examine investment advisers to these entities to assess how they are managing conflicts of interest and fulfilling their fiduciary duty. The Commission will also review other risks specific to these advisers, including pay-to-play and undisclosed gifts and entertainment practices. Ongoing firm training on pay-to-play, receipt of gifts and entertainment expenses is a vital component to educating individuals on these issues. Procedures should include activities requiring pre-approval, and logs for political contributions and entertainment expenses. Firms also may wish to require affirmations, to be completed at various intervals during the year, requiring disclosures on gifts, as well as political contributions and entertainment expenses. Senior Investors. OCIE will evaluate how firms manage their interactions with senior investors, including their ability to identify financial exploitation of seniors. Examinations will likely focus on registrants’ supervisory programs and controls relating to products and services directed at senior investors. Procedures should include requirements pertaining to the discussion of the investment objectives, risk tolerance and time horizon, not only in the early stages of the account, but also to conduct enhanced and more active account reviews as the account holder(s) begin to approach, and during, their retirement years. In addition, firms should address other items with clients such as whether the client has a Power of Attorney, long-term care insurance and a current will. Another area of concern involves the onset of cognitive decline 11. See OCIE Risk Alert, “Retirement-Targeted Industry Reviews and Examinations Initiative,” June 22, 2015, http://www.sec.gov/about/offices/ocie/retirement-targeted-industry-reviews-and-examinations-initiative.pdf.

FEBRUARY 2017

19

NSCP Currents as an investor ages. Firms should adopt procedures to escalate any such concerns to a supervisor, Legal or Compliance. In October 2016, proposed FINRA Rule 2165 was filed with the SEC, which addresses disbursement holds on client accounts where suspected financial exploitation may be present. Firms should follow the progress of this proposal. In addition, as of January 1, 2017, seven states12 have regulations in place to address disbursement holds by firms on accounts where financial exploitation is suspected. C. ASSESSING MARKET-WIDE RISKS The SEC has indicated it will examine for structural risks and trends that may involve multiple firms or entire industries. In 2017, the focus will be on the following initiatives: Money Market Funds. In 2014, the SEC adopted amendments to rules governing money market funds (“MMFs”) to make structural and operational reforms to address redemption risks in MMFs13, while preserving the benefits of the funds for remaining investors. The SEC will examine these funds for compliance with these rule amendments, which became effective in October 2016. Examinations will likely include assessments of the boards’ oversight of the funds’ compliance with these new amendments, as well as a review of compliance policies and procedures relating to stress testing and funds’ periodic reporting of information to the Commission. Overview of the 2014 Money Market Mutual Fund Rule Changes14 Money Market Fund Reform

As this is the first round of examinations under revised SEC Rule 2a-7, this should be a learning curve for both registrants and OCIE. However, there is plenty of guidance, including a slew of releases and information issued by the Commission and others with respect to this rule.16 Payment for Order Flow. The SEC states in the Letter it will examine select broker-dealers, especially market makers and those handling retail order flow, to ensure they are attending to their obligation to seek and achieve Best Execution for clients on orders. The SEC describes payment for order flow as a way to attract orders from brokers. Some exchanges or market makers will pay a broker-dealer for routing orders to them – perhaps a penny or more per share. Payment for order flow is one of the ways broker-dealers can make money from executing trades17. Under SEC Rule 607, upon opening a new account and on an annual basis, firms must inform their customers in writing whether they receive payment for order flow and, if they do, a detailed description of the type of payments18. Firms must also disclose on trade confirmations whether they receive payment for order flow and that customers can make a written request to find out the source and type of the payment for each transaction. In the 2015 FINRA Release 15-46,19 FINRA noted that given the potential conflict between the receipt of payment for order flow, which is broadly defined under Rule 10b-10, and the duty of Best Execution, firms should carefully evaluate their receipt of payment for order flow and the impact of such practices on execution quality.

Final Rule

Implementation Date

Stress Testing

Funds must test their ability to maintain weekly liquid assets of at 14 April 2016 least 10% in response to several SEC defined stress scenarios. Results must be presented to the fund’s board at regular intervals.

Disclosure

Daily and weekly liquid assets as a percentage of total fund assets 14 April 2016 must be displayed on a website daily. Prior day net shareholder flows must also be displayed.

Floating NAV

Nonexempt funds price and transact at a net asset value per share that “floats” based on the underlying fund holdings calculated to four decimal points.

14 October 2016

Liquidity Fee

If weekly liquid assets fall below 30%, the fund may impose a 2% redemption fee. If weekly liquid assets fall below 10%, redemptions are subject to a fee up to 2% unless the fund’s board votes otherwise. Need approval of majority of disinterested as well. Fee/gate decisions are non-delegable Board decisions.

14 October 2016

Redemption Gate

If weekly liquid assets fall below 30%, a fund’s board may suspend redemptions for up to 10 days.

14 October 2016

Consistent with these amendments, OCIE will be looking at the activities of MMF boards in adopting these changes and other such issues. A report to a Board must include: • •

A summary of significant assumptions Information to allow the board to evaluate results15

12. Alabama, Delaware, Indiana (for BDs only), Louisiana, Missouri, Vermont, State of Washington 13. https://www.sec.gov/News/PressRelease/Detail/PressRelease/1370542347679 14. See Money Market Mutual Funds: Stress Testing & New Regulatory Requirements, Posted by Dr. Jeremy Berkowitz, NERA, on Tuesday, July 14, 2015 https://corpgov.law.harvard. edu/2015/07/14/money-market-mutual-funds-stress-testing-new-regulatory-requirements/ 15. See, Joan Ohlbaum Swirsky, Esq. Stradley Ronon Stevens & Young, Money Market Fund

20 FEBRUARY 2017

The following approach should be kept in mind by broker-dealers in relation to their Best Execution obligations: •

Payment for Order Flow is accepted by the SEC and FINRA, but heightens a firm’s burden to complete a thorough Best Execution analysis.

Reform (Exactly) One Year Later, slide presentation. http://mfdf.org/images/ArchiveMaterial/ MMFReformUpdate.pdf 16. See, SEC Division of Investment Management 2014 Money Market Fund Reform Frequently Asked Questions Revised May 23, 2016. https://www.sec.gov/divisions/investment/guidance/2014-money-market-fund-reform-frequently-asked-questions.shtml 17. https://www.sec.gov/answers/payordf.htm 18. https://www.law.cornell.edu/cfr/text/17/242.607 19. http://www.finra.org/sites/default/files/notice_doc_file_ref/Notice_Regulatory_15-46.pdf

NSCP Currents • • •

•

Best Execution analysis should evolve to accommodate a changing marketplace. Best Execution Reviews should be regular and rigorous, and, most importantly, documented adequately. A healthy and functional Best Execution Committee process is one that uses monthly committee meetings to review Best Execution analysis and trends, evaluates competing markets and venues, informs constituents internally regarding the ongoing work to attain Best Execution, includes a decision-making process to re-route order flow as needed in response to the date reviewed, and evolves as needed as new evaluation tools and aspects to the markets develop. Best Execution analysis and review should be separate from payment for order flow analysis.

Most importantly, whether it is a global firm with multiple distribution channels and divisions, or a small broker-dealer in one location, the firm still carries the burden of seeking Best Execution for clients’ orders, for evaluating execution quality on an ongoing basis, and for defining who owns that obligation within the firm. Clearing Agencies. The SEC will continue to conduct annual examinations of clearing agencies designated “systemically important” and for which the Commission is the supervisory agency pursuant to the requirements of the Dodd-Frank Act20. Areas for review will be determined through a risk-based approach in collaboration with the Division of Trading and Markets and other regulators, as applicable. Once compliance is required, the staff will examine for compliance with the Commission’s Standards for Covered Clearing Agencies. The Dodd-Frank Act called for an enhanced regulatory framework for certain securities clearing agencies that perform a range of services, including acting as intermediaries between the parties to a securities transaction, ensuring that funds and securities are correctly transferred between parties and, in some cases, assuming the risks of a party defaulting on a transaction by acting as a central counterparty.  Securities clearing agencies covered by the rules are subject to requirements regarding, among other things, their financial risk management, governance, recovery planning, operations, and disclosures to market participants and to the public.  FINRA. In the past, the SEC conducted periodic reviews of FINRA operations and programs through OCIE. These exams typically focused on targeted areas (e.g., FINRA’s arbitration or Enforcement programs). In addition, OCIE conducted oversight of several of FINRA examinations of specific broker-dealers. Last year, OCIE announced the formation of a new unit named FINRA and Securities Industry Oversight (“FISIO”). This group, comprised of approximately 40 individuals throughout the country, is tasked specifically with overseeing FINRA programs and is aimed at increasing efficiencies in conducting these reviews. The creation of this dedicated FINRA unit will allow OCIE to direct additional resources to its adviser exam program. One likely result of this enhancement of FINRA oversight will be a reduction in the number of the SEC’s own on-site examinations of broker-dealers. As the SEC increasingly relies on FINRA to conduct broker-dealer exams, it will instead focus its efforts on ensuring that FINRA is adequately performing that function. 20. See Standards for Covered Clearing Agencies, Release No. 34-78961 (adopted Sept. 28, 2016), https://www.sec.gov/rules/final/2016/34-78961.pdf (compliance date April 11, 2017).

Regulation Systems Compliance and Integrity (“Reg SCI”)21. The SEC will continue to examine Reg SCI entities to evaluate whether they have established, maintained, and enforced written policies and procedures reasonably designed to ensure their systems have levels of capacity, integrity, resiliency, availability, and security adequate to maintain operational capacity and promote maintenance of fair and orderly markets, and that they operate in a manner compliant with the Securities Exchange Act of 1934. OCIE will also review, among other things, controls relating to (i) how systems record the time of transactions or events, (ii) how they synchronize with other systems, as well as (iii) collection, analysis, and dissemination of market data. Examinations will also assess entities’ enterprise risk management, including whether these programs cover appropriate business units, subsidiaries, and related interconnected infrastructure. The SEC updated its FAQs on Reg SCI in early December 2016, including a new FAQ on disseminating information when there is a Reg SCI event.22 The SEC did not directly prescribe specific technical standards for resiliency, system integrity or operational capacity; instead, it provided guidance to firms on those areas,23 and required firms to adopt policies and procedures addressing those issues, to ensure that firms think through, and are prepared for, technology and controls issues that could affect their systems and market integrity. • • • •

Firms should review their policies and procedures (including their software development life cycles) to ensure that they: adequately document and respond to technology issues, including automatically switching over to an established back-up system or manual process; are reasonably designed to ensure that the firm meets its ongoing compliance obligations; and, provide for timely and appropriate communications to customers, counterparties and regulators regarding technology issues, outages and remedial measures.

Firms should also specifically review how their systems are recording transaction information including, but not limited to, the time of transactions and events, how their systems synchronize with other systems, and how they collect, analyze and disseminate market data. Cybersecurity. In 2017, OCIE will continue its initiative to examine for cybersecurity compliance procedures and controls, including testing the implementation of those procedures and controls. The National Exam Program Risk Alert, 2015 Cybersecurity Examination Initiative, Vol. IV, Issue 8 (September 15, 2015)24 is a good reference to guide firms. The NIST – Framework for Improving Critical Infrastructure Cybersecurity (vers. 1.0, 201425) is another great reference to help firms understand how to build a robust cybersecurity program. Firms should take steps to make sure they have: 21. See Regulation Systems Compliance and Integrity, Release No. 34-37639, (November 19, 2014), http://www.sec.gov/rules/final/2014/34-73639.pdf. 22. FAQs question 3.08 23. See, e.g., “Responses to Frequently Asked Questions Concerning Regulation SCI” (last modified December 8, 2016) (“FAQs”) https://www.sec.gov/divisions/marketreg/regulation-sci-faq. shtml; see also “Staff Guidance on Current SCI Industry Standards” (November 19, 2014) https:// www.sec.gov/rules/final/2014/staff-guidance-current-sci-industry-standards.pdf 24. https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf 25. https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

FEBRUARY 2017

21

NSCP Currents • • • • • • • •

a cybersecurity risk assessment tailored to the business, and has been reviewed within the last twelve months; senior management and the board of directors involved in the development and approval of the program; robust policies and procedures established to prevent data loss; “least privilege” access controls26 in place; systems that are consistently patched and continuously monitored; vendors that are reviewed and assessed; properly trained employees; and a well-designed incident response plan.

As a note of emphasis, New York is raising the bar for cybersecurity compliance27. Firms should pay close attention to New York as it may become the new standard for cybersecurity in other states. National Securities Exchanges. The SEC will continue to conduct risk-based inspections of the national securities exchanges. OCIE did not issue a separate priorities letter to exchanges in 2017, as it had done in 201528 and 2016.29 We believe that the 2016 priorities will form the basis for this year’s exams as well. Last year’s priorities included a focus on: •

• • • •

Exchanges’ regulatory programs (performance by the exchange, outsourcing of regulatory functions, internal controls over regulatory programs, funding, and governance and oversight) Listing programs (evaluating listing and delisting criteria) Reg SCI compliance (in coordination with OCIE’s Technology Controls Program) Section 31 compliance30 Compliance with undertakings imposed by SEC orders

Exchanges (and all firms) should develop and fine-tune their enterprise risk management infrastructures, including reviewing existing businesses for new or amplified risks to business lines; reviewing the enterprise as a whole and the integrity of the market; and, developing policies and procedures to address any identified shortcomings. Anti-Money Laundering (“AML”). OCIE will continue to assess whether AML programs of broker-dealers are adapted to meet and detect the specific risks that the individual firm may encounter. OCIE will also be reviewing broker-dealers’ procedures for monitoring of suspicious activity. OCIE has indicated it will be looking at the effectiveness of the independent testing conducted 26. Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this limits the damage that can result from an accident or error. It also reduces the number of potential interactions among privileged programs to the minimum for correct operation, so that unintentional, unwanted, or improper uses of privilege are less likely to occur. Thus, if a question arises related to misuse of a privilege, the number of programs that must be audited is minimized. https://www.us-cert.gov/bsi/articles/knowledge/ principles/least-privilege 27. http://www.natlawreview.com/article/new-york-revamps-proposed-cybersecurity-regulation-financial-services-and-insurance 28. https://www.sec.gov/about/offices/ocie/omo-letter-to-exchanges-011315.pdf 29. https://www.sec.gov/about/offices/ocie/omo-letter-to-exchanges-011116.pdf 30. https://www.sec.gov/divisions/marketreg/sec31feesbasicinfo.htm

22 FEBRUARY 2017

for the firm and how the firm has complied with the reporting requirements of suspicious activity reports (“SARs”). FINRA stated in its 2017 Annual Regulatory and Examination Priorities Letter that it, too, will continue to focus on the AML programs of broker-dealers, especially those areas where FINRA has observed shortcomings by firms in the past, such as gaps in a broker-dealer’s automated trading and money movement surveillance systems caused by data integrity problems, poorly set parameters or surveillance patterns that do not specifically capture problematic behavior. OCIE released on January 11, 2017 the Anti-Money Laundering (AML) Source Tool for Broker-Dealers31. This “source tool” is a compilation of key AML laws, rules, orders and guidance specifically applicable to broker-dealers. Investment advisers must watch the progress of the proposed FinCEN rule that would impose AML program responsibilities on them32. D. OTHER INITIATIVES Municipal Advisors. The SEC intends to continue its focus on municipal advisers. Although the Letter provided little guidance concerning this area, the SEC is expected to continue its review of its own, and the MSRB’s, registration requirements for municipal advisers. The SEC will continue to focus on advisers’: • • •

compliance with MSRB rules involving gifts and gratuities (Rule G-20); registration and continuing education requirements (Rule G-3); and the use of ownership information obtained in a fiduciary or agency capacity (Rule G-23).

The SEC has also stated its focus on municipal adviser disclosure obligations to their municipal clients, specifically as outlined in MSRB Rules G-32 and G-42; and on advisers’ fair dealing obligations as outlined in Rule G-17; and, more specifically, in MSRB rules involving political contributions and suitability (Rules G-19, G-37 and G-38). Compliance personnel are encouraged to conduct regular reviews of certain targeted areas of regulatory concern, such as gifts and gratuities, political contributions, and registration requirements. Transfer Agents. In addition to examining transfer agents’ timely turnaround of items and transfers, recordkeeping and record retention, and safeguarding of funds and securities, the SEC indicated it will examine transfer agents that service microcap issuers, focusing on detecting issuers that may be engaging in unregistered, non-exempt offerings of securities. All transfer agents are required to be registered with the SEC, but they are among the most lightly regulated of any class of securities professionals. They have come into increasing focus in recent years for the central role they play in the issuance of microcap stocks. 31. https://www.sec.gov/about/offices/ocie/amlsourcetool.htm 32. Financial Crimes Enforcement Network: Anti-Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers, Public Comment, 80 Fed. Reg. 52680, available at https://www.regulations.gov/docketBrowser?rpp=50&so=DESC&sb=postedDate&po=0&dct=PS&D=FINCEN-2014-0003.

NSCP Currents Using private placements, conversions and exchanges of securities, and the issuance of stock as compensation for legal, sales, consulting or other services, many issues of microcap stocks are not registered with the SEC. In reliance on SEC Rule 144, these microcap stocks can then be sold to the public, making their way without many of the regulatory protections afforded by the normal securities registration process. Transfer agents facilitate the initial issuance, conversion or exchange, delegending, and other steps in this process of introducing these securities to the public. Firms that accept deposits by customers of unregistered securities, especially microcap stocks, should have written policies and procedures that provide clear guidance to their registered representatives, operations, supervisory and compliance personnel, on the firm’s handling of the deposits and any subsequent liquidations. In 2009, FINRA issued guidance, in Regulatory Notice 09-05, regarding some of the major issues raised by these activities, including guidance regarding a firm’s policies and procedures. The Regulatory Notice underscores that both the SEC and FINRA have repeatedly warned broker-dealers that they are obligated to conduct their own review. A broker-dealer cannot assume that, because a transfer agent has been willing to remove the restrictive legend from a securities certificate, the securities are in fact unrestricted and can be sold under Rule 144 without being registered. Because of the close relationship between the promoters and issuers of microcap stocks and their transfer agents, regulators expect broker-dealers to exercise caution and to independently verify relevant information related to a sale of such stocks. Private Fund Advisers. OCIE will continue to examine private fund advisers, focusing on conflicts of interest and disclosure of conflicts, as well as actions that appear to benefit the adviser at the expense of investors. The Letter indicates the SEC’s focus has narrowed since last year’s letter, which described the conflicts inherent in side-by-

side management of performance- and asset-based accounts. Among other practices, the SEC has brought actions involving the following33: • • • •

The acceleration of payments of a fund manager’s monitoring fees, without disclosure of the manager’s ability to do so. Payment of legal fees for personal work on behalf of the adviser was less than for fees charged to funds. Failure to disclose fees paid to affiliated entities. Failure to disclose a loan made to the fund by a general partner, with said loan also for the benefit of the general partner rather than the fund.

Firms and their compliance officers need to review their fee billing practices to ensure that appropriate controls are in place to identify and address potential conflicts of interest and ethical violations. E. SUMMARY All firms are well-advised to assess the topics addressed by the SEC’s 2017 Examination Priorities Letter. The timing of the letter comes right as a new administration is coming into office and it remains to be seen if these priorities will shift with the new Republican SEC Chairperson. Stay aware of further developments. H

33. These include The Blackstone Group, Fenway Partners, Cherokee Investment Partners, JH Partners LLC, Blackstreet Capital Management, WL Ross & Co LLC, Apollo Global Management, First Reserve Management L.P.

NSCP Currents will be launching a new column, Comply With Me: Tips for Advancing in the Compliance Profession. Two well-seasoned compliance practitioners, Barbara Boehler of Wolters Kluwer and Robert Zondag of American Deposit Management Company, will explore some of the integral but perhaps lesser-examined skills, strategies and approaches that compliance professionals need to succeed in today’s complex, rapidly evolving compliance environment. Think of this as a new twist on your advice column favorites. To kick-start this exciting addition, please email us so Robert and Barbara can answer your questions and help tackle those “soft skill” conundrums. Robert and Barbara look forward to addressing your issues on a regular basis and providing insightful tips for advancing as a compliance professional. FEBRUARY 2017

23

NSCP Currents

Not Throwing Away Your Shot: Relying on Compliance Consultants to Defend Regulatory Actions1 by Brian L. Rubin and Rebekah R. Runyon You are the Chief Compliance Officer (CCO) of Hamilton Investments (“serving America’s financial needs for over 200 years”), and you’re young, scrappy and hungry.2 In your role, you are responsible for completing and filing Hamilton’s Form ADV. In an effort to ensure that you are making appropriate disclosures, you hire Washington Consultants, headed by G. Washington, a former regulator and a former president—of an investment adviser that is (“first in regulation, first in peace and first in the hearts of compliance officers”), to advise you on what information to include on the Form ADV. In accordance with the advice you receive from Washington, you complete and file the Form ADV, only to find out later that the Securities and Exchange Commission (the SEC or Commission) has instituted a proceeding against you and the firm due to the firm’s inadequate disclosures. So, what now? What are the Ten Duel Commandments3 to defend yourself and the firm in this proceeding? The obvious answer appears to be raising the defense that you relied on the professional advice of a consultant when making the decision of what information to disclose. Will that succeed? Who lives, who dies, who tells your story?4 1

T

his hypothetical scenario and the issues it raises are all too real examples for investment advisers (IAs) and brokerdealers (BDs) that hire consultants to provide advice about complying with regulatory requirements. And, unfortunately, a recent SEC enforcement proceeding has called into question whether firms may rely on compliance consultants as a defense to allegations of violating the law.5 However, as discussed more thoroughly below, if firms are willing to take proper steps, IAs and BDs may still be able to retain consultants and defend themselves based on the advice they receive. The case began in 2015, when the SEC sued an IA and two of its principals (collectively, Respondents) for failing to disclose conflicts of interest to the IA’s clients. The SEC alleged that the IA failed to disclose to its clients that it received compensation from its custodian for maintaining client assets in certain mutual funds. 1. See Lin-Manuel Miranda, “My Shot,” Hamilton, https://genius.com/Lin-manuel-miranda-my-shot-lyrics. 2. Id. 3. Miranda, “Ten Duel Commandments,” https://genius.com/Lin-manuel-miranda-ten-duel-commandments-lyrics. 4. Miranda, “Who Lives, Who Dies, Who Tells Your Story,” https://genius.com/Lin-manuel-miranda-who-lives-who-dies-who-tells-your-story-lyrics. 5. Robare Grp., Ltd., Mark L. Robare & Jack L. Jones, Jr., Opinion of the Commission, Release No. 4566 (Nov. 7, 2016), available at https://www.sec.gov/litigation/opinions/2016/ia-4566.pdf [hereinafter SEC Robare Opinion].

About the Authors Brian Rubin is a Partner at Eversheds Sutherland, https://us.eversheds-sutherland.com. He can be reached at [email protected]. Rebekah R. Runyon is an Associate at Eversheds Sutherland. She can be reached at [email protected].

24 FEBRUARY 2017

The administrative law judge (ALJ) dismissed the proceeding and held that the SEC’s Division of Enforcement failed to prove Respondents committed fraud by acting with scienter or negligence. The judge noted that Respondents relied on the advice of compliance firms and such reliance “demonstrates good faith and represents possible evidence of an absence of any intent to defraud.”6 In November 2016, on appeal, the SEC reversed the decision of the ALJ. The Commission held that although there was no finding of scienter, or intent or knowledge of wrongdoing, Respondents were negligent for failing to disclose conflicts of interest to clients, despite the assertion that they relied on the advice of compliance consultants. The Commission found that Respondents did not adequately disclose on the firm’s Forms ADV the existence of its arrangement with the custodian or details about the conflict the arrangement presented and therefore violated Sections 206(2) and 207 of the Investment Advisers Act of 1940. The Commission imposed a cease-and desist order on Respondents and ordered each Respondent to pay a $50,000 civil money penalty. The ALJ Decision In dismissing the allegations against Respondents, the ALJ analyzed Respondents’ reliance on the advice of professional securities consultants in drafting the firm’s disclosures. The ALJ noted that the firm “attempted to meet its responsibility for determining what it needed to disclose in its Form ADV by hiring outside consultants.”7 The principals paid compliance consultants to assist them in preparing disclosures and in reviewing and updating the firm’s Form ADV. The consultants were provided with the necessary information to render this advice. At the trial, the principals could not recall the specific conversations about when they informed the consultants of the arrangement with the custodian. However, the consultants confirmed that such an arrangement would ordinarily be a topic of discussion and that the principals were forthcoming with information and were engaged and proactive during their discussions.8 After reviewing the Forms ADV, the consultants told the principals that the firm’s disclosures were adequate and compliant with then-current requirements.9 Therefore, the ALJ held that the principals “belt-and-suspenders approach to compliance, through which they relied on multiple [compliance] firms” to ensure the firm “was compliant with its disclosure obligation belie[d] any argument that [the principals] acted with intent to deceive, manipulate, or defraud anyone.”10 The ALJ concluded that Respondents’ good faith reliance on compliance firms was clear evidence of an absence of scienter.11 6. Robare Grp., Ltd., Mark L. Robare & Jack L. Jones, Jr., Administrative Law Judge Decision, Release No. 806, at 39 (June 4, 2015), available at https://www.sec.gov/alj/aljdec/2015/id806jeg. pdf (quoting United States v. Peterson, 101 F.3d 375, 381 (5th Cir. 1996)). 7. Id. at 18. 8. Id. at 40. 9. Id. at 44. 10. Id. at 39. 11. Id. at 39–42.

NSCP Currents The SEC Opinion The Division of Enforcement appealed the ALJ’s decision to the full Commission. On appeal, the SEC analyzed Respondents’ reliance on the advice of compliance consultants and addressed Respondents’ contention that, by relying on consultants, they did not act negligently. At the trial, Respondents testified that throughout the relevant period, outside consultants advised the firm about its disclosures to ensure that the firm met its disclosure requirements. However, in reversing the ALJ’s decision, the Commission held that neither Respondents nor the ALJ cited any case recognizing reliance on compliance consultants as a defense.12 The Commission further noted that even if such a defense existed, Respondents had been unable to establish their reliance on compliance consultants: “[T]he record also does not contain convincing evidence that [the firm] specifically sought or received advice from its consultants about how to disclose the Arrangement and relied on that advice in good faith.”13 The SEC noted that neither principal was able to recall specific details about the discussions with the consultants nor did they remember providing the consultants with copies of the agreement the firm entered into with the custodian. The Commission concluded that the firm and one principal (the president and CEO) “could not reasonably rely on any advice that the disclosures were adequate because they knew their obligations as investments advisors, that they were required to disclose potential conflicts of interest, and that the Arrangement presented such a conflict but was not disclosed.”14 Is Reliance on Compliance Consultants an Available Defense? Unfortunately for the CCO of Hamilton Investments (and for you, dear reader), the Commission failed to clearly answer this question. Rather, the SEC stated: “Neither Respondents nor the law judge cite any case recognizing a defense of reliance on compliance consultants.” Despite the fact that no case law was cited by the parties or by the ALJ, the SEC pointed to Edgar R. Page, Advisers Act Release No. 4400, 2016 WL 3030845, at *6 (May 27, 2016) and included the following parenthetical—“assuming arguendo ‘that engagement of compliance professionals—as compared to counsel—might under some circumstances mitigate the egregiousness of a wrongdoer’s misconduct,’ but concluding that the alleged reliance was, in fact, not mitigating.” The cited case, however, does not answer the question of whether a defense of relying on a compliance consultant exists, but instead raises more unanswered questions regarding whether and in what circumstances the hiring of a compliance consultant could mitigate a firm’s misconduct. The SEC could have affirmatively decided that such a defense exists by relying on its own cases where the Commission has heard expert testimony from compliance professionals on industry standards.15 While the controlling standard for 12. SEC Robare Opinion, at 13. 13. Id. (citing United States v. Masat, 948 F.2d 923, 930 (5th Cir. 1992) (rejecting a reliance on professionals defense because the defendant did not “clearly articulate how he relied on these professionals”)). 14. Id. at 14 (citing SEC v. Goldfield Deep Mines, 758 F.2d 459, 467 (9th Cir. 1986) (“If a company officer knows that the financial statements are false or misleading and yet proceeds to file them, the willingness of an accountant to give an unqualified opinion with respect to them does not negate the existence of the requisite intent or establish good faith reliance.”)). 15. See, e.g., Thomas R. Delaney II & Charles W. Yancey, Release No. 755 (Mar. 18, 2015) (noting that compliance experts testified at length concerning the standard of care for compliance); Dean Witter Reynolds Inc., Henry L. Auwinger, and Dennis W. Peterson, Release No. 179 (Jan. 22, 2001) (noting that compliance expert testified that respondents’ supervisory procedures and activity letters comported with industry standards); George J. Kolar, Release No. 152 (Oct. 28, 1999) (noting that the Division’s compliance expert acknowledged that the supervisory procedures were in accordance with industry standards at the time).

negligence-based actions is reasonableness, “industry standard is a relevant factor.”16 If industry standard is a good enough factor for the SEC to rely on to determine whether a party complied with its rules, that same industry standard—when supplied by compliance professionals in the course of their day-to-day jobs, as opposed to when provided in expert testimony—should also be good enough for IAs and BDs to rely on. At a minimum, the SEC could have stated that reliance on compliance consultants mitigates sanctions even if it doesn’t affect liability. Key Considerations for Firms Hiring Compliance Consultants The Commission’s opinion provides a clear warning that IAs and BDs may want to be careful when relying on the advice of a compliance consultant regarding disclosures. While it is fairly common for firms to tap into the experience and expertise of consultants, the SEC’s opinion could cause firms to question whether to engage compliance consultants at all. In its opinion, the Commission did not recognize that a defense of relying on compliance consultants exists. The SEC further noted that even if such a defense did exist, firms would need to provide convincing evidence that they sought, received and relied on specific advice in good faith to invoke such a defense. Therefore, it may be difficult for firms to simply assume that if they retain a consultant, they will be able to use that advice to defend themselves in an enforcement proceeding. If firms cannot rely on the advice of compliance consultants and use that advice as a defense in a regulatory enforcement action, firms may be able to get similar results by having their in-house or outside counsel retain compliance consultants to assist the lawyers in providing legal advice. In Robare, the SEC did acknowledge that while reliance on a consultant may not 16. SEC v. Dain Rauscher, 254 F.3d 852, 857 (9th Cir. 2001).

REGISTRATION IS OPEN!

MAY 3-5, 2017

ACA’S SPRING 2017 COMPLIANCE CONFERENCE PGA NATIONAL RESORT & SPA PALM BEACH GARDENS, FL

Register now and use discount code NSCP10% to receive 10% off conference registration.* *for a limited time

For more information, visit our website or email us at [email protected]

www.acacompliancegroup.com Register now and use discount code NSCP10% to receive 10% off conference registration.*FEBRUARY *for a limited time

2017

25

NSCP Currents constitute a defense, reliance on counsel is still a recognized defense. To establish such a defense, a respondent must demonstrate “that he made complete disclosure to counsel, sought advice as to the legality of his conduct, received advice that his conduct was legal, and relied on that advice in good faith.”17

Therefore, firms should consider taking the following steps to better position themselves to argue that they reasonably relied on the advice of a compliance consultant: • • •

Document all disclosures made to the consultant; Save all communications to and from the consultant; and Keep records of the firm’s compliance with the consultant’s advice.

This well-recognized defense may be a way to help firms seeking the advice of compliance consultants. If inside or outside counsel hires a compliance consultant and uses the consultant’s advice to form a legal opinion and advise the firm, then it appears that firms could rely on the combined advice of the consultant and counsel under the reliance on counsel defense. The IA or BD would, of course, need to ensure that the advice coming from counsel clearly met the elements of the reliance on counsel defense. In a somewhat similar context, courts have found that when attorneys retain accountants to assist the attorneys, the attorney-client privilege extends to the accountant.18 While this analysis appears to make sense from a practical standpoint, no cases have been identified in which the Commission has opined on this practice.

As a CCO, you know that you get a lot farther by working a lot harder, by being a lot smarter, by being a self-starter21 (although some might say you should smile more and talk less).22 So, how do you do your job? Can you rely on the advice of a compliance consultant, like Washington, when making decisions about your firm’s disclosures? Will the Commission consider such reliance an available defense when charged with violating the law?

Alternatively, it is possible that in a future case, with a better factual record, the Commission will recognize a defense of relying on compliance consultants. In Robare, the SEC left the door open for such a defense, concluding that the firm was unable to show evidence that it disclosed the necessary information to the consultants and relied in good faith on the opinion of the hired consultants.19 However, had the firm been able to prove elements similar to the reliance on counsel defense, the Commission may have found that such a defense was available. The concept of defending one’s conduct by relying on a nonlawyer professional has been recognized in other contexts, such as when parties have retained tax professionals.20

Unfortunately, given the Commission’s Robare opinion, the answers to these questions are not entirely clear. Although the SEC did not directly decide whether a reliance on consultant defense exists, the SEC did leave open the possibility of such a defense. However, if the Commission were to permit such a defense, firms would need to make a strong showing of their reliance on consultants and be able to prove elements similar to those of the reliance on counsel defense. For example, a firm would need to present evidence that it sought the advice of a compliance consultant, disclosed the appropriate information to that consultant, and then relied on the advice the consultant provided in good faith.

17. Markowski v. SEC, 34 F.3d 99, 105 (2d Cir. 1994). 18. United States v. Kovel, 296 F.2d 918 (2d Cir. 1961). 19. SEC Robare Opinion, at 13. 20. See, e.g., New Phoenix Sunrise Corp. v. C.I.R., 408 F. App’x 908, 917 (6th Cir. 2010) (holding good faith reliance on professional tax advice may establish a defense to penalties if the advice is “from a competent and independent advisor unburdened with a conflict of interest and not from promoters of the investment.”); United States v. Bishop, 291 F.3d 1100, 1107 (9th Cir. 2002) (holding a defendant claiming good faith reliance on the advice of a tax professional as a defense to willfulness in cases of tax fraud and evasion must have made full disclosure of all relevant information to that professional); Addington v. C.I.R., 205 F.3d 54, 58 (2d Cir. 2000) (holding good faith reliance on professional advice is a defense to negligence penalties; however, such reliance must be objectively reasonable, which means the adviser has to have knowledge about the industry in which the taxpayer is investing); Chamberlain v. C.I.R., 66 F.3d 729, 732 (5th Cir. 1995) (holding good faith reliance on professional advice concerning tax laws is a defense if the reliance is objectively reasonable, and the reliance is not “on someone with an inherent conflict of interest, or someone with no knowledge concerning that matter upon which the advice is given”).

***

Additionally, firms may still be able to rely on the advice of a consultant if counsel hires the consultants directly and uses the consultant’s advice to form its legal opinion. While the ultimate impact of the Robare opinion has yet to be determined, it appears that if firms are willing to jump through the right hoops, they may find that they can use the advice of compliance consultants to defend their conduct against regulators. Just remember, “When you got skin in the game, you stay in the game but you don’t get a win unless you play in the game.”23 H 21. Miranda, “Alexander Hamilton,” https://genius.com/Lin-manuel-miranda-alexander-hamilton-lyrics. 22. Miranda, “Aaron Burr, Sir,” https://genius.com/Lin-manuel-miranda-aaron-burr-sir-lyrics. 23. Miranda, “The Room Where It Happens,” https://genius.com/Lin-manuel-miranda-theroom-where-it-happens-lyrics.

LOG IN TO THE RESOURCE LIBRARY TO VIEW OUR ARCHIVED WEBINARS (2017): -----------------------------------------------Managing Regulatory Relationships – Playing by the Regulator’s Rulebook SEC Rule 17-h Risk Assessment and Recordkeeping Requirement CCO Liability (Part III): Managing Liability: Navigating Indemnities and Insurance Options 26 FEBRUARY 2017

NSCP Currents

NEW MEMBERS Please help us welcome our newest members. You never know, you may spot an old colleague or someone close to your office amongst the names. If so, please contact them through our member directory. Conor Anderson AdvisorAssist Marshfield, MA

Brendan Furey Advisors Assist Stuart, FL

David Ravie U.S. Bancorp Minneapolis, MN

Emilio Annunziato Recovery Planner

Ashlie Gerrish Graydon Cincinnati, OH

Patricia Ross AmericaFirst Capital Management El Dorado Hills, CA

Brian Giue Commonwealth Financial Network Waltham, MA

Megan Roudebush Chicago, IL

Gabino Arana Sawtelle Financial Management San Antonio, TX Rodrigo Arce Advisor Solutions Group Newport Beach, CA Mitch Atkins FirstMark Regulatory Solutions, Inc. Boca Raton, FL Evan Barrows Advisors Assist Stuart, FL Marc Bassewitz William Harris Investors, Inc. Lincolnshire, IL Shachi Bhatt NYC Office of the Comptroller New York, NY Daniel Borck US Bancorp Fund Services Milwaukee, WI Trish Campbell Silver Heights Capital Management Inc. Toronto, ON Ann Clarkson U.S. Bancorp St. Paul, MN Kerry Dalson Strategic Wealth Management Group, LLC Columbia, MD Pamela DeDominicis DiNuzzo Index Advisors, Inc Beaver, PA Shannon Duncan Blooom Leawood, KS Kenneth Fox Valmark Advisers, Inc. Akron, OH Craig Freedman The Retirement Readiness Institute Boca Raton, FL

Paula Heffron USAA San Antonio, TX Will Huffaker Hodges Capital Dallas, TX Jack Huntington Foreside Boston, MA Supriya Kapoor West Face Capital Toronto, ON Jennifer Kienbaum U.S. Bancorp Milwuakee, WI Jennifer Landefeld Pacific Life Newport Beach, CA Dale Miller National Regulatory Services New York, NY Lilian Morvay Independent Broker Dealer Consortium, LLC Nyack, NY Eli Natale John F. Suby Wealth Management Madison, WI Marianne Nave Changing Parameters LLC Los Altos, CA Erin Nelson ALPS Denver, CO Monica Ollivierre NRECA Arlington, VA Ioannis Pavlakos TD Bank New York, NY

Mark Russell Omega Funds Boston, MA Jaclyn Salorio Advisor Solutions Group Newport Beach, CA Bret Sanders Sanders Morris Harris Houston, TX Betsy Schaaf Ohio National Financial Services Cincinnati, OH Elizabeth Sipes Bryan Cave LLP Denver, CO Micah Taylor Taylor & Gray, LLC New York, NY Edward Jason Walter US Bancorp St. Louis, MO Christine Warner Clarity Compliance & Operations Services Livonia, NY Colleen Whelan U.S. Bancorp Minneapolis, MN Christopher Winn Advisors Assist Pembroke, MA Thomas Yates Advisors Assist Stuart, FL Brian Young AdvisorAssist Marshfield, MA Tricia Zehr AlphaCore Capital La Jolla, CA

FEBRUARY 2017

27

NSCP ShareCurrents your Expertise! If you would like to share your knowledge and/or provide “how to” advice on: • Industry best practices • Securities regulation and its impact • Practical advice on compliance program implementation • Industry changes

NSCP would love to hear from you, and your peers will appreciate your efforts. Please click here for NSCP Currents submission guidelines, or visit our website (www.nscp.org) under the Membership tab. NSCP CURRENTS is a publication of the National Society of Compliance Professionals, Inc. 22 Kent Road Cornwall Bridge, CT 06754 860-672-0843 / [email protected] Currents is a member benefit of NSCP membership. NSCP members should not copy, disseminate or distribute Currents or any article thereof, to non-members. Reprint permission is available upon request by contacting [email protected]

WANT TO GET MORE INVOLVED WITH NSCP? We invite you to join your fellow compliance colleagues on one of our industry committee conference calls for: Broker-Dealers :: Canadian Investment Advisers Municipal Advisors :: Private Funds New Compliance Professional Roundtable To join, simply log in to your account in the Member Center and navigate to the “Committees” tab. 28 FEBRUARY 2017

NSCP Board of Directors Lisa D. Crossley Executive Director Meghan Flanagan Deputy Executive Director Adán D. Araujo Jasper Ridge Partners Norman L. Ashkenas Fidelity Brokerage Services Joe Jatinder Banwait Alignvest Capital Management Glen P. Barrentine Winston & Strawn LLP Michelle Canela, CSCP INTECH Mark T. Carberry J.P. Morgan Christopher D. Charles Wulff, Hansen & Co. Jerry C. Danielson Lincoln Financial Group Louis Dempsey, CSCP Renaissance Regulatory Services, Inc. James R. Downing BMO Harris Financial Advisors Steve Farmer Northern Trust Alternatives Group Shannon Fitzgerald Regulatory Ridge, LLC Kevin Gleason Voya Joan Hinchman Founder & Executive Director Emeritus Carolyn Kasky, CSCP Compliance Support Services, LLC Miriam Lefkowitz Summit Financial Resources, Inc. Lynn M. McGrade Borden Ladner Gervais LLP Manoj “Tito” Pombra Matthews International Capital Management, LLC Adam J. Reback J. Goldman & Co., L.P. Z. Jane Riley, CSCP The Leaders Group, Inc. / TLG Advisors, Inc. Robert S. Tull, CSCP CBRE Clarion Securities Gwen Weithaus Northwestern Mutual Krista S. Zipfel Advisor Solutions Group, Inc.