Jim Leahy and David Lacker compiled this outline. The Compliance Outreach agenda and webcast archive may be found on the SEC’s website at https://www.sec.gov/video/webcast-archive-player.shtml?document_id=041218ccoiciapart1. A summary of many of the cases referred to during the program may be found at Exhibit A. If you have any questions please do not hesitate to reach out to us at jleahy@orical.org, gflorio@orical.org or (212) 257-5790.

SEC COMPLIANCE

OUTREACH PROGRAM: NATIONAL SEMINAR

FOR INVESTMENT ADVISER AND

INVESTMENT COMPANY SENIOR OFFICERS

HEADQUARTERS – WASHINGTON D.C.

APRIL 12, 2018

i

TABLE OF CONTENTS Welcome and Opening Remarks .............................................................................................................. 1

Introductory Remarks from SEC Directors ................................................................................................ 2

Panel I. Insights from SEC Leadership Regarding Program Priorities ......................................................... 6

Question & Answer Session 1 ................................................................................................................ 16

Panel II. Fees and Expenses Impacting Retail Investors .......................................................................... 23

Panel III. Emerging Trends in Portfolio Management ............................................................................. 33

Question & Answer Session 2 ................................................................................................................ 40

Panel IV. Regulatory Hot Topics ............................................................................................................. 48

Panel V. Cybersecurity ........................................................................................................................... 58

Panel VI. Observations on Ways to Improve Compliance ....................................................................... 68

Exhibit A – Case Summaries ................................................................................................................... 78

Topic: CCO Liability/Compliance Program .......................................................................................... 78

In the Matter of Southwind Associates of NJ Inc., Advisers Act Release No. 4834 (Dec. 22, 2017)... 78

SEC vs. Strong Investment Management, Joseph Bronson, John Engerbretson (Feb. 20, 2018) ....... 78

Topic: Self Reporting Violations to the SEC ......................................................................................... 78

In re Calvert Investment Management, Inc., Advisers Act Release No. 4577 (Oct. 18, 2016) ........... 78

Topic: Undisclosed Revenue/Conflicts................................................................................................ 79

In re Voya Financial Advisers, Inc., Advisers Act Release No. 4661 (Mar. 8, 2017) ........................... 79

In re Advantage Investment Management, LLC, Advisers Act Release no. 4455 (July 18, 2016) ....... 79

In re Washington Wealth Management, LLC, Advisers Act Release No. 4456 (July 18, 2016) .......... 80

In re The Robare Group Ltd., Advisers Act Release No. 4566 (Commission Dec.) (Nov. 7, 2016) ...... 80

Topic: Overcharging Fees ................................................................................................................... 81

In re Equinox Fund Management, LLC, Advisers Act Release No. 4315 (Jan. 19, 2016) .................... 81

In re Morgan Stanley Smith Barney, LLC, Advisers Act Release No. 4607 (Jan. 13, 2017) ................. 82

Topic: Improper Trade Allocations ..................................................................................................... 82

In re Welhouse & Associates, Inc., Advisers Act Release No. 4231 (Oct. 16, 2015) .......................... 82

In re Tellone Management Group, Inc., Advisers Act Release No. 4701 (May 5, 2017) ................... 83

Structured Portfolio Management, LLC, Advisers Act Release No. 3906 (Aug. 28, 2014) ................. 83

Topic: Wrap Fee Account Issues ......................................................................................................... 84

In re Raymond James & Associates, Inc., Advisers Act Release No. 4525 (Sept. 8, 2016) ................. 84

In re Robert W. Baird & Co., Inc., Advisers Act Release No. 4526 (Sept. 8, 2016) ............................ 84

In re Stifel and Nicolaus & Company, Inc., Advisers Act Release No. 4665 (Mar. 13, 2017).............. 85

ii

Topic: Failure to Provide Promised Due Diligence and Monitoring Re Third Party Managers .............. 85

In re Barclays Capital, Inc., Advisers Act Release No. 4705 (May 10, 2017) and SEC Press Release .. 85

In re Royal Alliance Associates, Inc., Advisers Act Release No. 4351 (Mar. 14, 2016)....................... 85

Topic: Principal Trades in Wrap Accounts without Proper Disclosure or Consent ............................... 85

WFG Advisers, LP, Advisers Act Release No. 4441 (June 28, 2016) .................................................. 86

Topic: Unlawful Cross-Trades via Pre-Arranged Sales/Buybacks with Intermediary (No “Parking”) ..... 86

In re Morgan Stanley Investment Management, Inc., Advisers Act Rel. No. 4299 (Dec. 22, 2015) ... 86

Aviva Investors Americas, LLC, Advisers Act Rel. No. 4534 (Sept. 23, 2016) .................................... 86

Topic: Undisclosed Financial Conflicts ................................................................................................ 87

In re Voya Investments LLC and Directed Services LLC., Advisers Act Release No. 4868 (Mar. 8, 2018)

...................................................................................................................................................... 87

In re J.P. Morgan Chase Bank, N.A., Advisers Act Release No. 4295 (Dec. 18, 2015) ........................ 87

In re Jan Gleisner and Keith D. Pagan, Advisers Act Release No. 4537 (Sept. 28, 2016) ................... 88

Topic: False and Misleading Advertising ............................................................................................. 89

In re Cantella & Co., Advisers Act Release No. 4338 (Feb. 23, 2016) ............................................... 89

In re Jeffrey Slocum & Associates, Inc., Advisers Act Release No. 4647 (Feb. 8, 2017) ..................... 89

Topic: Mutual Fund Disclosure and Compliance Issues ....................................................................... 90

In the Matter of Commonwealth Capital Management, LLC, Investment Company Act Release No.

31678 (Jun. 17, 2017)..................................................................................................................... 90

Topic: Compliance/Annual Review ..................................................................................................... 90

In the Matter of LKL Investment Counsel, LLC, Advisers Act Release No. 4836 (Jan. 3, 2018) .......... 90

In re Dupree Financial Group, LLC, Advisers Act Release No. 4546 (Oct. 5, 2016) ............................ 90

Topic: Misrepresentations of Credentials in Form ADV ...................................................................... 91

In re Source Financial Advisers, LLC, Advisers Act Release No. 4702 (May 5, 2017) ......................... 91

Topic: Custody Rule ........................................................................................................................... 91

In re Sands Brothers Asset Management, LLC, Advisers Act Release No. 4273 (Nov. 19, 2015) ....... 91

In re Knelman Asset Management Group, LLC, Advisers Act Release No. 3705 (Oct. 28, 2013) ....... 91

Topic: Accountant/Annual Surprise Exam .......................................................................................... 91

In re Rodney A. Smith, Advisers Act Release No. 3738 (Dec. 12, 2013)............................................ 91

Topic: Share Class/Best Execution Cases ............................................................................................ 91

In re Geneos Wealth Management Inc., Advisers Act Release No. 4877 (Apr. 6, 2018) ................... 91

In re PNC LLC, Advisers Act Release no. 4878 (Apr. 6, 2018) ........................................................... 91

In re Securities America Advisors Inc., Advisers Act Release No 4876 (Apr. 6, 2018) ....................... 91

In re Everhart Fin. Group, Inc., et al., Advisers Act Release No. 4314 (Jan. 14, 2016) ....................... 92

iii

In the Matter of Credit Suisse Securities (USA) LLC, Adm. Proc. File No. 3-17899 (April 4, 2017) ..... 93

In re William Blair & Co., Advisers Act Release no. 4695 (May 1, 2017)........................................... 93

Topic: Failure to Supervise ................................................................................................................. 91

In the Matter of Brahman Capital Corp., Advisers Act Release No. 4819 (Dec 5, 2017) ................... 93

1

WELCOME AND OPENING REMARKS

Speaker:

Jay Clayton, Chairman of SEC

Purpose of this program:

The importance of investment advisers and investment companies to investors, particularly to retail

investors, has increased dramatically. Many statistics support this, but the one I look at most frequently

is the shift from direct investment from retail investors to investment through investment companies and

through advisers—the numbers are dramatic. This only increases the importance of compliance functions,

investment advisers and investment companies. We are counting on you to do your jobs; we know your

jobs are not easy, but part of what we want to do today is make them easier by continuing the open

dialogue that these sessions have created. I want to thank my predecessors and colleagues for

understanding how important it is to have this dialogue.

Our program priorities for today are: fees and expenses impacting retail investors; trends in portfolio

management; fintech managing liquidity; cryptocurrencies and initial coin offerings; business continuity;

custody; the impacts of MiFID; cybersecurity; and a general session on ways to improve compliance.

2

INTRODUCTORY REMARKS FROM SEC DIRECTORS

Speakers:

Dalia Blass, Director, Division of Investment Management (“IM” or “Division”)

Stephanie Avakian, Co-Director, Division of Enforcement (“Enforcement”)

Peter Driscoll, Director, Office of Compliance Inspections and Examinations (“OCIE”), (National Exam Program)

Dalia: It’s a pleasure to be part of this program this morning. I know I’m speaking to a room full of investment adviser and investment company senior officers who are working hard to provide leadership, counsel, and support to the firms that our Division regulates. For those of you who are compliance professionals, the work that you do has a very direct and material impact on the welfare of investors, and is tied to one of our core missions of investor protection. IM works closely with OCIE and Enforcement, and all the other divisions within the SEC. Open communication and collaboration is really important—it fosters consistency and transparency in our work. The Importance of Engagement Dalia: Starting with engagement: I believe that good policy starts with good information. You have to talk to people to get to good policy outcomes. You can’t look everything up. Google is great, but it has its limitations. This outreach event is an opportunity for us to have this engagement. It’s a valuable opportunity to build relationships, to hear from staff on the Commission and for us to hear from you as well. We benefit from getting your perspectives and insights as we consider policy affecting investment companies and investment advisers. Our doors are always open—even after the official comment period ends. Investment Management Short-Term Rulemaking Priorities Dalia:

1. Yesterday, the Commission issued a Sunshine Act Notice for the standards of conduct rule making.1 It has three pieces:

a. whether to propose new and amended rules and forms to require registered investment advisers and registered broker-dealers to provide a brief relationship summary to retail investors;

b. whether to propose a rule to establish a standard of conduct for broker-dealers, and natural persons who are associated persons of a broker-dealer when making a recommendation of any securities transaction or investment strategy involving securities to a retail customer; and

c. whether to propose a Commission interpretation of the standard of conduct for investment advisers.

1 See https://www.sec.gov/news/openmeetings/2018/ssamtg041818.htm

3

As we and the Chairman have said repeatedly, bringing clarity to this space is very important, and this is a joint rulemaking effort by IM and the Division of Trading and Markets, as well as input from many divisions and offices throughout the Commission.

2. Exchange Traded Funds. Delivering a recommendation to the Commission is a high priority for the Division, and our team is hard at work.

3. As many of you are aware, as part of the Investment Company Modernization Initiative, the Commission proposed Rule 30e-3 in May 2015.2 The proposed measure received considerable comment. The staff remains committed to modernizing the delivery, design and content of disclosure and shareholder reports.3

4. Last fall, Congress passed the Fair Access to Investment Research Act of 2017,4 also known as the FAIR Act. That essentially translates into research reports for covered funds.

5. Summary prospectus for variable annuity products to improve disclosure to investors. Board Outreach Initiative Dalia: As you may be aware over the last few months, IM has met with many fund boards and groups of independent directors. We’ve spoken to independent directors’ counsel to funds, and independent auditors. I’d like to make clear that when we consider the role and responsibilities of fund boards, we are not looking to simply shift responsibilities from directors to chief compliance officers or compliance personnel. Rather, we are taking a holistic view of this area and asking if funds and boards can benefit from recalibrating the what and the how of board responsibilities. When the compliance rules were created, and it created this chief compliance officer function, our approach did not necessarily catch up. There are many cases where our rules or exemptions asked boards to essentially redo your work. We are asking boards and other interested stakeholders—and again, I can’t keep on stressing it more than enough, your input is very valuable here—where is the board’s focus the most valuable? How does the information flow to directors? When do directors feel that they are playing a meaningful role? And when is overseeing certain matters better handled or already being handled by others, and who those others might be? Again, this is not a shift, it is a recognition of a changing landscape, and making sure that directors and boards focus on the rule mandated by the Act, which is oversight and not management and compliance. This, for example, comes up really often when we speak about valuation. Directors obviously acknowledge that they can and do play a very important role in that, given significant conflicts present, but they do express that there is a line between overseeing the work of experts and being asked to serve as experts themselves. CCO Liability Stephanie Avakian: Broadly, the cases where we charge CCOs is a very small number of cases. When you think about the number of investigations we have ongoing at any given time and the number of cases we bring in any given year, it is a very tiny number of cases, and it is a rare circumstance where we charge a compliance officer. And I’d put those cases, broadly, into two categories:

The first category are those sorts of cases a compliance officer was affirmatively involved most of the conduct at issue or somehow helped to mislead regulators or obfuscate with OCIE, or the like. The

2 See https://www.sec.gov/rules/proposed/2015/33-9776.pdf. 3 On June 5, 2018, the SEC adopted new Rule 30e-3. See https://www.sec.gov/rules/final/2018/33-10506.pdf. 4 See https://www.congress.gov/115/plaws/publ66/PLAW-115publ66.pdf.

4

second category are those category of cases where a compliance officer had a clear responsibility to implement compliance programs and policies and wholly failed to carry out that responsibility. The vast majority of the cases we bring are in that first category; cases where someone was involved in the underlying misconduct, either directly, or by virtue of wearing several hats—like also serving as a portfolio manager in addition to being the CCO—or where someone misled regulators. That really is the large majority of our cases. That second category of cases is those where the CCO caused violations of the compliance rule 206(4)-7, and that is a very small number of cases. We’ve brought a handful of actions over the years, I think those are followed very closely and people are very familiar with them. I would broadly say that the charging decisions around those are ones where we have not second-guessed someone’s professional judgment; where we’ve not critiqued choices folks have made in creating the policies at issue; but rather where we see a wholesale failure to adopt policies or to implement policies. And just to underscore the point, I’ve now been in this job since last June and was acting director before that. In the amount of time I’ve been in the job, I think we have brought one case against a CCO in the adviser space. It was the Southwind Associates case5 several months ago, which, broadly speaking, is a case where the Commission found that the firm’s CCO knew for years about numerous violations of the Advisers Act, including violations of the Custody Rule, the Compliance Rule, the Safeguards Rule, and had direct knowledge of violations for years and didn’t act on them. I would suggest folks read the case. The CCO in that case was also found to have made misrepresentations to the firms outside compliance consultant and to have withheld information from OCIE during an examination. We really aren’t trying to second guess good-faith judgements.

Share Class Disclosure Initiative6 Stephanie: The initiative is a voluntary program for investment advisers to self-report undisclosed conflicts of interest in the selection of mutual fund share classes. The deadline for self-reporting is June 12. Our thinking in doing this was really to find what we hope was an efficient and effective way to address something we see as an ongoing problem; OCIE continues to identify deficiencies in this space, and Enforcement continues to open cases. We are really trying to attack this in a more efficient way. By offering to recommend set settlement terms that do not include the recommendation of a civil penalty, we hope we’ve also created an incentive for folks to come forward and deal with this issue to the extent they have it. Ultimately, our goal is to get money back in the pockets of investors and firm clients and do it as quickly and as efficiently as possible. We are working on a set of FAQs which we hope to publish in the coming days.7 But the one question I thought I’d ask and answer that we’ve been getting a fair amount of, is OCIE exams. We’ve been asked: if this issue is raised in the context of an OCIE exam, do you still need to self-report? The answer is yes, you do need to self-report as a precondition to eligibility for the program, and you need to do it by June 12.

5 See https://www.sec.gov/litigation/admin/2017/34-82397.pdf. 6 See https://www.sec.gov/news/press-release/2018-15. 7 See https://www.sec.gov/enforce/educationhelpguidesfaqs/share-class-selection-disclosure-initiative-faqs.

5

The Office of Compliance Inspections and Examinations Peter: The theme in the final few minutes is from an OCIE perspective. The industry is growing dramatically. To Dalia’s point, she has an analytics office that puts together just some tremendous risk metrics and other things that OCIE uses. I’ve looked through it, and I was glad to see that IA’s had kind of slowed a little bit the first six months: there was only 18 new ones incrementally as opposed to the 300-400 that we’ve been tackling over the last couple years of incremental growth. But AUM is up to $82 trillion. So, we see growth. We’re up a little bit more this year on a flat budget. Our OCIE exams grew to 15% of all IAs last year (up from 11%). And we are up a bit from last year. We need to partner with CCOs, as a result. We’ve been doing risk alerts since 2011. Since 2013, we’ve published our priorities. Use that as leverage to move people in your organization to raise the level of compliance and promote compliance overall. In terms of our priorities, you’re going to hear a lot today about things that we’re focused on. But in the exams, we are still going to look at high risk areas, such as SARS data that we look at, tips, complaints, and referrals. It’s only about 10% of what we do but we do it. In conclusion, we want to provide you as much information as we can to make you successful in your roles, and that’s why you’re here today. That’s why we’re here today. On our Risk Alerts and our priorities, we work hand in hand with TM, IM, Enforcement, DERA, etc. It’s a collaborative document that, when it goes out, it’s a Commission set of priorities.

6

PANEL I. INSIGHTS FROM SEC LEADERSHIP REGARDING PROGRAM PRIORITIES

Panelists:

Paul Cellupica, Deputy Director, Division of Investment Management

C. Dabney O’Riordan, Co-Chief, Division of Enforcement, Asset Management Unit, LA Regional Office

Kristin Snyder, Co-National Associate Director, National Exam Program, San Francisco Regional Office

Introductory Remarks:

Kristin: Thank you. We will discuss the priorities for OCIE for the Division of Investment Management and for the Asset Management Unit and Enforcement. We’ll also talk about fiscal ’18 priorities and some initiative, cases and guidance that we issued in prior years where we may be getting some feedback that we think would be important to share with you. One theme is just how closely our offices and groups work together.

IM near, medium and long-term rulemaking initiatives:

Kristin: We’ll start with Paul. I know that IM has been very busy with a number of rulemaking initiatives, so give us an overview of what IM has been working on.

Sunshine Act Notice: Recommendations Related to the Standard of Conduct for Broker-Dealers and Investment Advisers

Paul: Okay, I’ll give a drive-by of some of the items that are on our rule-making agenda, and some other initiatives in the rule-making area that have been announced publicly. We have a so-called “Sunshine Act Notice” that went out last night for an open meeting of the Commission on Wednesday. Three recommendations related to the standard of conduct for broker-dealers and investment advisers.8 A major goal of this initiative is to address investor confusion and lack of clarity among investors regarding the services that they receive from investment advisers and broker-dealers. If the Commission approves the recommendations, we’re going to be seeking feedback and input from a wide variety of constituencies including investors and financial services firms. To the extent lack of clarity and lack of understanding among investors is an important goal that the initiative wants to address, you as CCOs—particularly of investment advisers, and particularly of firms that are duly registered as IAs and BDs—are in some ways uniquely situated to understand whether what the Commission is proposing is going to get at that problem. You’re very well situated to suggest ways in which the Commission’s proposal could be improved. I would encourage all of you—particularly those of you who are at retail investment advisory firms to provide feedback on the proposal.

Recommendation for a Proposed Rule Addressing Inconsistencies Among ETF Exemptive Orders

A couple of other initiatives that are on the rule-making agenda short term, as well as medium and long term. An ETF rule is very important. ETFs have been an incredible growth story for the asset management industry. They first began with an exemptive order in 1992 and since then all ETFs have had to rely on exemptive orders to get launched. We now have around a $3.5 trillion market in ETFs that are operating under 300 or so exemptive orders. It’s not ideal for such an important segment of our asset management market to operate under so many individual orders particularly when there are variations in the terms of

8 See supra footnote 1.

7

some of those orders. There’s also an expense that is imposed on entrance into the ETF market when a cost of entry is going out and getting an exemptive order. We’re working on a recommendation for a proposed rule that would address those inconsistencies among the exemptive orders, and would enable new ETFs to launch without exemptive orders. Those are high and more near-term priorities for us.

Revision of Volcker Rule

This is a more near-term priority. This rule is very complex. It was adopted by five different agencies. The SEC is only one of the five. It’s not of interest to every asset management firm or adviser we know, but particularly bank affiliated advisers we understand it’s an important issue. We are working with the bank regulatory agencies as well as the CFTC, to look at whether there are elements of the rule that are unnecessarily complex or difficult to comply with, and that can be revised without altering the essential goals of the rule. That may include, for example, some of the requirements of the rule that relate to covered funds, including: Foreign Public Funds, which are basically the equivalent of U.S. 40-Act registered funds; and the treatment of Family Wealth Vehicles which can potentially be swept into the covered fund exemption. That, I would say is a priority for us. It’s an interagency process, so the SEC isn’t necessarily driving the bus, but we are certainly on the bus and are making sure that our input is heard.

Initiative to Clarify Grey Area Between FAIR Act Fund Research Reports and Advertising Material

A third near-term priority is the “FAIR Act,” (Fair Access to Investment Research Act). This is a congressionally mandated rulemaking that basically relates to research reports that are done on different types of investment companies, including ETFs and business development companies as well as certain non-40-Act funds. The FAIR Act requires the Commission to extend the safe harbor in Securities Act Rule 139 to a broker-dealer’s publication or distribution of research reports about investment funds. Under that Rule, if the conditions of the Rule are met, an activity by a broker-dealer in distributing research reports doesn’t constitute an offer, even if the BD is participating, or may participate in the offering of the issuer’s securities. In the past, that Rule has applied to ordinary public operating companies, but it is not extended to registered investment companies. This is a proposed rule that we’ll be very interested in feedback from fund CCOs. One of the areas that we are trying to grapple with as we draft this rule is what you might call the grey area between fund research reports and advertising, particularly when you’ve got research reports that contain performance information. We really would value your input as fund CCOs because many fund CCOs have a responsibility for review of fund advertising, and may be well-positioned to provide input on what to do about that grey area where research reports start to shade into advertising.

Revision of “Anti-Testimonial Rule” and “Cash Solicitation Rule”

The last initiative I’ll mention is not a near-term initiative, but it’s more of a medium to long-term, and that is a revision to IA marketing rules and solicitation rules. As many IA CCOs know, we have advertising rules under the Advisers Act which were adopted back in 1961, which include the “anti-testimonial rule,” which was probably a good idea in 1961. But social media didn’t exist in 1961. Today, of course, a lot of people won’t make a reservation for things like vacations or restaurants without first going onto social media and researching reviews, and seeing what other people had to say. It’s not surprising that many people would like to do the same in researching and selecting investment advisers, but the anti-testimonial rule makes it very hard for them to do that. So, we’re looking at updating that rule for the age of social media, and in light of other developments in technology. We’re also looking at the cash solicitation rule, which has a similar vintage. We know that these are important areas for a lot of adviser’s CCOs, because they play a very important role in ensuring adviser marketing practices comply with the law. So we’ll be interested in your input.

Division of Enforcement Asset Management Unit: Disclosing Conflicts of Interest

8

Kristin: I’ll turn it over to Dabney to talk about some of the AMU’s priorities for fiscal 2018. Are there any cases that the Asset Management Unit brought in the near term that you think CCOs should be paying attention to, particularly with respect to the retail space?

Dabney: I’ll run through some of the things that we’re looking at within the Unit specifically, but the Division of Enforcement as a whole looks into this type of conduct as well. It’s not just the AMU; we just happen to focus in the area so that we have some expertise to identify issues. One of the big ones is disclosure of your conflicts of interests. Part of that is trying to figure out what your firms conflicts of interest are, which is a lot especially as the firms get bigger and things get more complex. But some things that we’ve seen are fees that clients are paying either directly or indirectly to the investment adviser—my colleague Adam Aderton is going to talk about that later. We are also looking into the compensation that the investment adviser receives from third parties such as brokers, etc., that don’t directly come from the client. Those also pose conflicts of interest in terms of investment selection for that client. Products generally that generate higher fees than other ones—obviously that’s going to be a conflict of interest for the investment adviser.

Another one that’s been coming up more lately is transactions engaged in to benefit the adviser’s affiliates. There was a case [Voya Advisers] earlier this year9 where we charged an investment adviser for engaging in conduct dealing with securities lending out of a mutual fund complex. The mutual fund had been lending out its securities on a regular basis, and the affiliate of the adviser could get a tax benefit—a dividend reclaim benefit. Essentially they could get a benefit if the securities were recalled over the dividend record date. And that’s what the investment adviser went ahead and did for the mutual funds—they recalled the securities that were out on loan over the dividend record date so that the affiliate of the adviser could get that tax benefit. The consequence was that the mutual fund didn’t get the benefit or an income over that period where the securities were recalled. That was a conflict of interest; it was done for the benefit of the adviser’s affiliate, and it actually caused harm to the fund. It wasn’t disclosed either to the fund board what that harm would be, and it wasn’t disclosed to the investors in the fund. So that would be a very good example of a situation where the adviser starts doing something for the benefit of its affiliate that actually harms the client where we would expect clear disclosure of the conflict.

Trade Allocation Issues/“Cherry Picking”

Another issue that you will hear us say over and over again is trade allocation issues—what we also call cherry picking. I think you’ve seen quite a few cases over the last several years in this space. The one tip I can give you—because no one really wants cherry picking at their firms—is how we often identify that conduct even though our investigations don’t end at that point is through data analysis of the trading records. And you all have access to the same trading records that we have access to. That’s often how we find the conduct to begin with when we start our investigation. Trade allocation issues, generally from our viewpoint, come in three different buckets. It’s when, let’s just say an adviser or rep is favoring himself over his clients, you have sometimes where certain clients are favored over other clients for a variety of reasons. One of those reasons could be that let’s say one client is a private fund may pay higher fees, so that creates a conflict there. And then also when the allocations are contrary to the disclosures that you’ve provided to your clients, usually in your form ADV or somewhere else about how you will do allocations, and then you end up allocating in a manner that’s different from that.

Performance Advertising, Custody, and Side-by-Side Management

9 See https://www.investor.gov/additional-resources/news-alerts/press-releases/voya-advisers-agree-replay-clients-settle-charges and https://www.sec.gov/news/press-release/2018-35.

9

Another thing we’ll continue to look at is performance advertising and how it is done. We’ve brought a series of cases where the performance was back-tested, and that wasn’t clearly disclosed, which is an important consideration.

We will always look at custody issues. Custody is a really important thing for us just because of the high risk nature. So, you often see that we will charge a rule violation for not following the Custody Rule, even when there’s not been misappropriation, because the risks associated with not following the Custody Rule are so great, we really aren’t going to wait for money to be taken.

Another issue that we’ve been seeing lately is side-by-side management, and how firms are handling those issues and those conflicts of interests. A lot of times, for example, it could be that a firm manages both private funds and mutual funds, and so how you deal with the conflicts of interests of those side-by-side management and how you disclose that, and how you deal with issues such as cross trading between those two clients. Those are things we look at very hard because we see a lot of risk in those areas.

Share Class Disclosure Initiative

Kristin: I know Stephanie touched on the Share Class Selection Disclosure initiative that the AMU recently launched, and I know the reporting date is June 12. Can you give us just a little more detail about the initiative?

Dabney: Sure, I can give a little bit more detail, and then Adam Aderton will go through a little more detail again in the panel that follows the Q&A section. Steph went over generally about our thinking and why we did this. The main reason is we saw it happening over and over again, despite the fact that the Commission brought a charge against this several years ago involving share class issues. OCIE was still seeing the problem repeatedly. As we were talking to OCIE as part of our collaboration about what they were seeing, we tried to figure out the best way to tackle the problem. Part of the reason we thought it was urgent to tackle the problem is that it’s critical to get money back to people who’ve been harmed over the years because of this. So, we announced the initiative and we’re continuing to look for the conduct as well at the same time, and we’re hoping most of this is resolved through voluntary self-reporting by June 12. But at the same time, you’ll see that we’re also continuing to look for advisers who may have engaged in this conduct. Last week, we filed three cases10 collectively which I think highlight the need for the initiative. Altogether, those three cases returned $12 million to harmed clients for the share class issues. And I think that demonstrates the need for the initiative.

One thing I did want to touch on with respect to the initiative is why firms should self-report, and this is just my personal views. We’re still looking for the conduct, and so firms that do have the problem that choose not to self-report run the risk that we’re going to find out about it after June 12. As noted in the announcement, should we find out about it after June 12 there is no guarantee that you would get the same settlement terms as what’s outlined in the announcement—and I feel fairly strongly that is pretty assured—and that would be in terms of both the charges that could potentially be laid out as well as the remedies that we would seek.

In the announcement we agreed not to recommend that the Commission civil penalties. I can’t imagine that would stay the same if we found out about the conduct after June 12. Firms could cross their fingers and hope we don’t find them, but there’s always a risk that we will get a tip or complaint from another source. Again, we’re actively looking. One thing I think about is how would a firm explain it to their clients

10 See https://www.sec.gov/news/press-release/2018-62. The three cases concern PNC, Geneos and Securities America.

10

if they didn’t self-report and we caught them afterwards? I think that would be a difficult conversation for a firm to have with their client.

Paul: If I could just say, the share class selection disclosure initiative is a great example, and there are lots of other partnerships between OCIE and Enforcement and IM. IM is the division with substantive responsibility for mutual funds and we had some input into the development of that.

Kristin: I will echo that as well, I think Pete touched on this in his opening remarks but share class has been a priority area for OCIE for the last several years. We launched an initiative in 2016 and we continue to see in our examinations where there’s insufficient disclosure around share class selection, coupled with cheaper share classes being available. It really does erode investor returns over time. With so many Americans relying on mutual funds as part of their retirement, those returns eroding really add up. This has been a really good area where we have been able to partner with all three groups.

DoE Retail Strategy Taskforce

Last question for Dabney in the retail space, and I’ll touch on some of the OCIE priorities after this that are in the retail space. I know Enforcement recently created a Retail Strategy Taskforce. How does the retail strategy taskforce fit overall within Enforcement?

Dabney: We’ve been talking about retail a lot, and that’s come out from a message from our Chairman. And my view is that Stephanie and Steve feel very strongly about protecting the retail investor. And while that has always been a concern, I think there has been a trying to take a new approach to how we tackle the problem of protecting the retail investor and making sure that we’re always being responsive and reevaluating our thinking. The Retail Strategy Taskforce is going to be looking at retail investors and trying to figure out the broader issues of misconduct that may involve those individuals. That is not limited to the investment adviser or investment company space by any stretch. This is a very broad thinking taskforce—microcap issues as well. But it obviously does involve the investment adviser and investment company space. The group is being led by an assistant director and there’s a team of lawyers who have been dedicated to that task force and that is all that they are going to be doing, is focusing on that taskforce. The taskforce goal is to use data analytics to uncover widespread misconduct that targets retail investors. Stephanie Avakian previously did discuss this earlier, and she identified some examples relevant to the work that you do. Some of the things that we can imagine the taskforce would look at are something like what we are doing now in the Share Class Initiative, of finding conduct that is a problem and trying to find where that problem exists. Also issues that involve wrap fee accounts and certain abuses that happen in that space as well, such as trading away and things like that may be improper in certain circumstances.

The other thing that the taskforce is also going to be doing is going to be outreach and reaching out to the retail investing public for educational purposes to really try and educate that population as well.

OCIE Exam Priorities

Kristin: The priorities are published.11 In terms of our priority setting process, we have a great collaboration with the other divisions within the Commission. I also want to make the point that we do not take a top-down approach regarding our priorities. Our priorities setting process starts months in advance of the priorities actually being released and many of the ideas and initiatives that we launch really come from engaging with staff in our regional offices, our examiners who are out in the field talking with the industry, hearing about different trends and issues, and then reporting those back. Many of the national initiatives that we do actually start and incubate in the regions as local priorities. A few of the

11 See https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2018.pdf.

11

priorities that I’ll talk about today are the initiatives that we’re doing that really started at a local level and then expanded out. And of course, we are following the news as well, so any emerging risks and trends will also be included in the priorities. So just because something makes it into our priorities document—whether it’s a business model or a particular product—doesn’t necessarily mean that we think something is wrong with that business model or product. It just means that those products and business areas we may want to gather additional information about so that we have our arms around them and we can really understand the risks appropriately. Priorities process starts very early in the year and we do collaborate very closely with our counterparts in other divisions; our chairmen and commissioners also weigh in on the priorities. So, it’s really an SEC document that goes out at the end of the day. Also, the list is not exhaustive—I can’t stress that enough—because we do want to be nimble if market events arise. We want to be able to pivot so that we can gather information if something isn’t in our priorities to be able to inform policy and report to others within the Commission. But we welcome your feedback on our priorities through events like this. We do a lot of engagement with the industry across the country so if you are seeing an issue or a trend, we really view you as partners and hope that you will flag something for us as well.

The priorities document that we put out this year really focuses on a number of perennial risk areas that we’ve focused on in the past as well as some emerging trends and new issues and we have a heavy focus, as we always have, on protecting retail investors and individuals saving for retirement.

One of the first priorities, and this isn’t specifically spelled out in the document although protection of seniors is referenced, it actually originated in our Chicago office. In a number of our exams where we know or believe that firms have a significant compliment of clients who are either seniors or are retirement accounts, industry folks are really paying attention to issues around diminished capacity, potential elder abuse, and other retirement issues generally. We’ll be asking a number of questions to get what firm’s policies and procedures look like in this area, whether it’s dealing with seniors, or around how to handle red flags or issues that might arise related to potential or suspected elder abuse as well as diminished capacity. If you’re in this business line and those questions arise on an examination, it’s really part of a broader information gathering exercise that we have in the senior space.

Another initiative we’re continuing is our multiyear RETIRE Initiative. We launched that initiative with a risk alert in June 201512. In 2015 and 2016 we conducted more than 250 examinations of both investment advisers and broker-dealers. About 75% of the exams done were in the investment adviser space where we were trying to gather information about distribution and sales practice issues around account rollovers in particular. When an individual was reaching retirement age and rolling over an account, maybe from an employer-sponsored program into an individual retirement account. We looked at a number of issues with a broad brush. In our first phase of the initiative, some of that information from the initiative has been reported out publicly in different ways. One is through the share class cases that have been brought because we definitely saw share class selection issues through the RETIRE examinations. We also put out an advertising risk alert13 in 2017, and as part of that, we talked about some findings that we’d had around use of professional designations and touting and much of that information also stemmed from some of the work that we did in the RETIRE initiative. We’ve continued to refine that initiative and now are focused in on specific issues that we saw through the broader look that we did. For fiscal 2018, we are focused on a few different areas: We’re taking a particular look at target date funds, and we want to understand whether firms’ disclosures are matching up with the way the portfolios are actually performing and we

12 See https://www.sec.gov/about/offices/ocie/retirement-targeted-industry-reviews-and-examinations-initiative.pdf. 13 See https://www.sec.gov/ocie/Article/risk-alert-advertising.pdf.

12

also want to understand how the glide path is being implemented and whether that is matching with disclosure. We’re looking at compliance disclosure in that space.

We’re also looking at cross trades, primarily fixed income cross trades. Finally, we’re going to be launching later in the year an initiative related to sales and marketing around variable insurance products, in particular with respect to the marketing of those products to investors who maintain a 403(B) or 457(B) account, including teachers and public employees. In particular, those accounts are not covered by another regulatory regime like ERISA, so that is the continuation of the RETIRE initiative.

If you’re a never-before-examined investment adviser, we’re continuing that initiative. So, if you’ve never been examined, you’re very likely to be. I think we conducted a formal initiative in that space, and the formal initiative has ended. It’s something as we try to increase our coverage of the industry, which we’ll never have enough resources to cover as much as we would like, we will be continuing that initiative. We’ve also implemented a new program which is a very high-level risk assessment exam that we’ll do as advisers come online with registration with the SEC. Those are our new registrant exams, which we think are important. We’ve gotten good feedback from our new registrants after we implemented this program. It gives us an early opportunity to engage with a new registrant to explain some of our expectations about what it means to be registered. Hopefully, we can pinpoint any issues or answer questions that could turn into something more serious later down the line, as we engage early in the adviser’s life as a registrant with the SEC. But it also provides an early point of contact for that registrant should an issue come up down the road. So, we’ve been trying to do more touches, cover more ground, and also engage with more registrants, and that has been an effective means of doing so.

We also have particular priorities related to the retail spaces around disclosure of the cost of investing. In particular, this year we are going to be looking at accounts where an investor adviser rep may have left the firm and no new advisory rep has been assigned to manage the account, which creates a whole host of issues, not the least of which is that the client is paying for a service that he or she is not getting if the adviser has left and the account is unmanaged. A perennial risk area that we’ll continue to look at this year, which we often look at in our examinations including in our wrap fee initiative, is account type selection and account switching from maybe a BD to an IA account. We just want to make sure that there is good analysis done; that the account type is suitable for the needs of the client or customer. This is a perennial risk area because we’ve seen some abuses or issues in this space. And then we are continuing our wrap fee initiative that we announced in fiscal ’17. That’ll continue through our fiscal year ’18. And many of the issues that we’re looking at are issues that Dabney touched on in terms of what the AMU is prioritizing when it looks at these types of accounts, and that is suitability at the time the account is opened for the client, and then looking to see if the adviser is following its policies and procedures to monitor any trading or movement in the account during the life of the relationship, as well as looking at whether there’s good disclosure around additional fees and expenses that might be associated with that account and any trading away from the sponsor.

We have a number of mutual fund and ETF related priorities, given the growth in the ETF space over the last few years. It has been and remains a priority. We have some particular initiatives that we’re looking at this year. One is around ETFs that are following a custom index, or a bespoke index. Essentially, we’re looking at conflicts that may exist between the adviser and the index provider as well as whether the adviser has a significant and an ongoing role in the selection of weighting of the index components.

Another area in the ETF space that we are taking a look at is where an ETF may be close to liquidation of delisting. We want to understand and ensure that the risk disclosures to investors are robust and that the liquidation process is happening in a fair and orderly way.

13

Another initiative is in the crypto asset or crypto currency space. With the proliferation of initial coin offerings and cryptocurrencies in the marketplace we are taking a look and we’re going to be doing a series of initiatives, including some due diligence to understand what firms are doing in this space. We will do some risk assessment exams to assess whether firms are thinking about engaging in the cryptocurrency or crypto asset front, and then we’ll do some deeper dive examinations, likely in the private fund context, where firms are actively engaged in managing crypto assets for their investors. The Commission has put out a tremendous amount of guidance across the various divisions in this space. Our Chairman has made a number of statements. We actually have an ICO focused page on the SEC website. There have been a number of enforcement cases that have come out in this space too.

Collaboration Among Divisions

Paul, can you provide us with some additional examples of the that IM interfaces with OCIE and Enforcement?

Paul: Sure. A good example of this is the use of Form PF. Form PF is the form that has to be filed with respect to private funds. It’s a relatively new form. It was mandated by the Dodd-Frank Act (“DFA”). We now have about five years of experience with Form PF. Prior to the DFA, the SEC really did not have oversight of the private fund space, so developing that form and developing a program to take in a and review the information from that form has been a real learning experience for the SEC. IM now has an office—the Office of Analytics—which didn’t exist a few years ago, that has a number of staff who are dedicated primarily or in part to reviewing and analyzing the data that we get on Form PF. We are aware that a lot of that data is very sensitive—it contains information about portfolio management strategies that are proprietary, and only a select number of SEC and IM staff have access to that data. But there’s a lot of effort dedicated to reviewing and analyzing the data that we get on Form PF. The Commission puts out a quarterly report on private fund statistics. That is public; it’s available on the SEC website. There’s also an annual report that goes out. I’d recommend that you take a look at the most recent annual report from late last year which has some good summary of the various uses to which we put Form PF data. But one of the primary uses of PF data is partnering with our colleagues in OCIE and Enforcement, helping them identify risk areas for potential examination to the extent that there are enforcement actions in the private fund space. Form PF data has been an important input to that. In addition to sharing the data without colleagues and the Commission, I would add that Form PF data is important for a couple of other purposes. One is helping to inform our rule making efforts. As many of you know, there are some new questions added to Form ADV that was filed this spring. Our experience with Form PF was used to inform a lot of those new questions. Second, for some PF data—aggregate data, not data about individual advisers and funds, is shared with other regulators outside the SEC including FSOC (Financial Stability Oversight Council) which has an interest in systemic risk and to what extent advisers to private funds and private fund strategies have systemic risk impacts.

An additional example that is emerging relates to liquidity, which the Chairman mentioned is a priority. In 2016, the SEC adopted some new rules that brought new focus to liquidity risk management by funds and those rules required funds to adopt holistic liquidity risk management programs. They also updated and enhanced the preexisting 15% limit for registered funds on illiquid investments. Since those rules were adopted in 2016, the staff has actively engaged in outreach. We’ve heard from a lot of you, from a lot of your firms, your partners and colleagues in the risk management and operational areas, and we’ve learned that funds face various implementation challenges, particularly with aspects of the rule that require funds to classify their investments in four liquidity buckets. The other month, the SEC granted a delay for certain requirements in the liquidity rule in recognition of those compliance and operational difficulties. That being said, certain parts of the rule are still going into effect on the original timetable, and that’s December

14

for large fund groups. These include the requirement to implement a liquidity risk program; the requirement to designate an administrator of liquidity risk program; and the codification of the 15% limit on illiquid securities. And we know that fund CCOs have been on the frontlines of helping to develop liquidity risk management programs, and we appreciate that effort. We also issued last month and in January some FAQs14 to help advisers comply with some of the requirements in liquidity risk management rules and we encourage additional questions from advisers and we are open certainly to supplementing those FAQs to the extent appropriate. Going forward, once the compliance state passes we expect we’ll be partnering with our colleagues in OCIE to look at how funds are complying to look at how funds are complying with the elements of the rule that we think are significant. We’ll also be working with Enforcement to address those issues as appropriate.

Kristin: Great, and one other area where we had a significant partnership with IM, both with the analytics office and members of chief counsel was in the robo-adviser space or with our electronic investment advice initiative. With some of our early examinations, both in IM and OCIE, we’re able to inform policy and really contribute to the guidance that was issued back in February of 2017.

Dabney: I want to touch on a point you were all talking about how we all collaborate. I can give you a sense from an Enforcement perspective, so you don’t think Enforcement is off on its own and interpreting what you’re supposed to be doing on its own. We work extremely closely with IM and OCIE. We often consult with IM at the very outset of an investigation. We do not want to waste a firm’s time conducting an investigation if in the end it turns out IM would take a different view from us. That is also the case on the back end. When you see an order that has been issued by the Commission, it has not only been reviewed by at least seven people within Enforcement, it has also been reviewed by people in IM, OCIE, and any other division that may have any sort of interest in that case, which includes trading and markets, corporation finance, the office of the chief accountant, and the Commissioner.

Questions for Panel

Q: Can you elaborate on possible revisions to the Cash Solicitation Rule?

Paul: We really are in the early stages of this particular rulemaking proposal and welcome input. One question we should ask is should it address incentives other than cash—non-cash compensation. Second, when the solicitation rule was written, there was not such a thing as email or the internet, so there’s some disclosure delivery requirements in that rule that perhaps can be updated in light of modern technology and the availability of advisers to deliver disclosure via the internet.

Q: Can you elaborate on the litigation case against the DOL’s fiduciary rule?

Paul: The rulemaking that is being recommended to the Commission stands on its own, and it’s designed to address investment advisers and broker-dealers that are providing services both to retirement accounts that might also be covered by ERISA, but also non-retirement accounts. To the extent it’s a recommendation that’s going to be approved, it will be approved on the basis that it’s good for both retirement and non-retirement accounts, ERISA and non-ERISA.

Q: In the past, Enforcement staff participated in OCIE exams. Will Enforcement staff continue to participate in OCIE exams, and if yes, will Enforcement staff identify themselves at the outset?

Kristin: I can tell you if we do have Enforcement staff on an exam we’re always transparent, and the Enforcement staff are always transparent about the fact that they are from Enforcement.

14 See https://www.sec.gov/investment/investment-company-liquidity-risk-management-programs-faq.

15

Dabney: My general experience is that an Enforcement personnel goes on an exam for educational purposes. I went on one when I was a staff attorney so that I could understand how the business operates and functions practically. A lot of our Enforcement staff investigators have not worked at an IA firm, so they aren’t there necessarily because we think something is going to lead and enforcement investigation or action, but truly for educational purposes, and they are identified at the outset.

Q: Can you describe what a new registrant exam might look like; is it the same or different from other types of examinations?

Kristin: In general, I think new registrant exams are meant to be higher level exams. There are different exam types that we have in our program: risk assessment, which is meant to be a higher-level examination where we take a higher-level look at your policies and procedures. We’ll look at your filings just to determine and get a picture of your business, and then we will likely have a conversation with you. It may be in person, or it may be through what we call correspondence—conducting an interview over the phone rather than coming on site. We’re doing a variety of different ways. If you are new to registration and somebody is coming in to do fieldwork, there may be a different reason that we’re coming in to see you. You might be in a line of business or have a product that’s covered by one of our priorities that are set forth in our priorities document. But in general, if it’s a new registrant exam, its usually a higher-level look at the firm, although we may come back depending on the risk and complexity, we may come back and do something that’s fuller scope.

Q: Exam Schedule: If an adviser has been examined in the last few years, what is your sense for the schedule of the next exam, assuming that there were not major issues?

It is completely going to depend on the facts and circumstances. Part of the reason that we publish our priorities and our risk alerts is so that folks who are in the industry can see where our orientation is in a given year. So even if you’ve been examined in the relatively recent past, but your business falls within one of our stated priorities, we may examine you again, but we’re not on any kind of a cycle or timeline. We are very resource constrained. We’re a risk-based program. We have a number of risk factors and a number of inputs, both public and non-public information that goes into helping us assess the risk profile of our registrants each and every year. Some registrants are going to pop up as candidates for various initiatives, but the regions also may take a look based on the risk profile of the registrant. Some of the risk profiles are driven by size, so we may visit some of our larger registrants more frequently because they’re engaged in more business lines.

Dabney: One of the questions that I got was asking about the most common types of enforcement actions we see for emerging firms.

Reflecting back, a lot of the issues I can recall happening with firms that are just starting out is the conflicts disclosures, and not adjusting as the business adjusts. Usually smaller firms are growing and trying to develop new businesses, and those disclosures aren’t changing to reflect those changes in new revenue streams, new type of investments, new types of accounts and things like that. That goes to reevaluating what your disclosures should be on a more regular basis as your business changes. Also, a lot of our cherry-picking and trade allocation cases end up happening at smaller firms.

Q: What are the AMU’s priorities in the private fund space? You touched on retail, but didn’t necessarily cover private funds, and there has been a lot of AMU activity in that space over the last few years.

Dabney: Since the inception of the AMU we have been investigating and looking at issues at various private funds, and a frequent question we get is, given the focus on retail, are you looking in that space still? I can tell you unequivocally, yes. We are still looking at side by side management issues in the private

16

fund space as it may apply to the investment company space. Also, fees, expenses and disclosures are perennial issues that we deal with. In the last year, we have brought 10 or so cases against private fund advisers regarding issues on disclosures, including broken deal expenses; accelerated monitoring fees; employee expenses that were allocated to the fund that should have gone to the adviser; unauthorized loans; a fund at private fund assets; affiliated transactions. There are just a lot of complexities because of the various hats that the adviser wears throughout the process and what they do, and a lot of those conflicts are just not always disclosed as clearly as they should be, as well as new conflicts that sometimes arise during the course of the relationship. These are long term relationships for private equity funds. They have a lockup period of an extended period of time. There are expectations for the fund documents; they try and say how they’re going to handle conflicts as they arise and come up, and how the parties come to an agreement, but then the adviser isn’t following that agreement on how to resolve those conflicts. So, if the agreement is silent on how to resolve the conflicts, then there is an expectation that there will be disclosure and that the limited partners will agree on how to handle the conflict going forward. It requires a lot of work by the investment advisers for those funds to stay on top of all the conflicts and all the hats that the adviser is wearing, but those are really important issues.

Kristin: Private Fund Space: About 37% of our adviser population manage one or more private funds, so it’s an area that we pay attention to very carefully. In our priorities document, we reference fees and expenses, as well, as being a priority area. In particular we highlighted the fact that roughly 25% of private fund investors are pensions, 10% are non-profits, and 11% are U.S. individuals. So, it’s definitely an area that we pay attention to. In the private equity space, where we have devoted a number of resources over the last few years, we’re seeing improved transparency with fees and expenses, but we still see issues. Firms still struggle with allocating broken deal expenses. We’re still seeing that quite frequently in our examinations.

Q: What is the goal to get to never before examined firms, within how many years of initial registration?

Kristin: When we initially started our never-before examined initiative, we were looking at firms that had been registered with the Commission at least three years and that had never been examined. Now, with the new registrant exams, we’re hopefully getting out to firms as they register and at least doing an initial touch. But with our never before examined initiative, we are still looking at firms that have been registered for multiple years. Also, there are situations where we haven’t been to an adviser in 8 or 10 years, and a number of regions have started initiatives where they are looking at firms that haven’t been examined in a long period of time, and maybe the business has changed quite significantly since the last time we were out at the firm. One thing we’ve been heartened by is, with our never before examined initiative, we are finding that part of the reason that those firms were never examined is they often came up as low risk during our risk assessments. In terms of our rates of enforcement referrals they are a much lower rate of referral, even now that we’ve gone in to examine those firms.

Paul: We hear a lot in our capacity as writers of rules and writers of no action relief for funds and advisers from lawyers for funds, particularly outside counsel. It would be great to hear more directly from CCOs about the real world impact of some of the things that those of us in IM are considering. We encourage you to provide that input, both when there’s a formal request for comment but also outside of the comment process.

QUESTION & ANSWER SESSION 115

15 Time 1:47:23 on the Webcast.

17

Panelists:

Ahmed Abdul-Jaleel, Assistant Regional Director, National Exam Program, Chicago Regional Office (Moderator)

Brian Blaha, Staff Accountant, National Exam Program, Denver Regional Office

Louis (Lou) Gracia, Deputy Associate Regional Director, National Exam Program, Chicago Regional Office

Barbara Gunn, Assistant Director, Division of Enforcement, Asset Management Unit, Fort Worth Regional Office

Michael (Mike) Spratt, Assistant Director, Division of Investment Management, Disclosure Review Office

Q: Is the staff considering ways to improve registered fund disclosures such as moving towards more electronic communications, and if so, in what ways?

Mike Spratt: Yes. When our new Director Dalia Blass started, in her first speech one of the things that she announced was an initiative on improving the investor experience. A key aspect to that initiative reevaluating our disclosure regime, particularly for registered investment funds and thinking about how that regime is currently working, and how it can be improved. In particular, that initiative is going to look at ways to improve the design, delivery and content of fund disclosures. Right now, investors get a lot of information, whether it’s through prospectuses, Form ADVs, advertisements, media publications. The initiative is evaluating the totality of that information and thinking about how it helps achieve the goals of our disclosure; the ultimate goal being that we want information that is usable by investors that will allow them to make informed investment decisions.

Regarding how disclosures are delivered, utilizing technology is a key aspect of that initiative. In addition, the Commission had proposed a rule that would allow registered investment companies to deliver shareholder reports to investors electronically, so long as they followed procedures to ensure that investors that wanted to receive those disclosures in paper could continue to do so. We’ve received extensive comments on that proposal and the staff is considering and evaluating those comments and thinking about ways to move forward in a way that preserves investors’ preferences to receive information and also cuts costs for funds and investors.

Ahmed: The next questions relate to the examination programs. I’ll address to Lou and Brian.

Q: Please discuss the latitude that regional office examination staff have to create their own examination programs with respect to registrants in their regions.

Lou Gracia: All regional office exam programs abide by our internal NEP Exam Manual, national exam priorities, and national exam initiatives. However, even within those parameters and directives each regional office still has quite a bit of latitude to determine what registrants are selected for examination through various means. For example, risk ratings are done and much of that responsibility lies in the local office using algorithmic analysis and due diligence. We create those metrics and then select the ones near the top to decide whether we’re going to do due diligence or just go ahead and conduct exams if warranted. Within national initiatives, often we’re given the latitude to decide which particular firms really fall within that national initiative, and thus that we will be conducting exams. We create local exam initiatives. In fact, many of the national initiatives started off as a regional initiative. An idea can start in a regional office and then someone decided that it is probably a significant issue and that it’s probably nationwide. So, in those local exam initiatives, we’re selecting those exam candidates as well.

18

TCRs (tips, complaints and referrals), that triage process, once it’s determined that the firm belongs to a particular region, it is that region’s responsibility to triage those TCRs and decide how to react to them, either by conducting further inquiry, reaching out to the complainant, or just going ahead and conducting an exam.

New registrants and age registrants: if you’re new then you’re part of our new registrant exam process, but even within that, we’re still making some selections. Just because some firm is newly registered doesn’t necessarily mean they’re really new; there’s obviously financial institutions that are complex and therefore have registered many investment advisers. A new investment adviser that is only managing a particular new private fund, we’re probably not going to engage in a new registrant exam with them. It would really fail the purpose of what we’re trying to accomplish with new registrant exams.

We are looking more at age registrants which have never before been examined, but we’re also looking at firms in which it’s been a long time since they’ve been examined: where some firms approach 11, 12, 13 years between examinations. We’re trying to make a determination as to when it is too long, and at what point do we want to conduct another exam of that entity.

CARS exams are essentially determining when we do an exam of a firm, trying to determine whether there should be some type of follow-up exam of that firm. That is also a determination that is done at the regional level.

Finally, large and significant registrants: the feeling, generally, is that the regional offices have the best sense of what are the most significant registrants in their region, and therefore which ones should we be touching on a more frequent basis, or getting updates as to changes in practices, new lines of business and the like.

Q: What does the Commission feel are current best practices to prepare for an exam?

Brian: The national exam programs stand on four pillars: promoting compliance; preventing fraud; identifying and monitoring risk; and informing policy. I would like to say there’s an abundance of guidance information out there on the Internet from reputable sources that provide registrants with a great framework to take a look at when you are preparing for an examination. Some general best practices, obviously not limited to these points:

1. You should all get SEC Form 2389.16 That is just examination information for entities subject to examination or inspection by the Commission. That provides a lot of good guidance on the overall exam process and what you can look forward to.

2. Make sure you appoint a primary contact for the exam, and that’s typically the CCO. 3. Make sure there’s open lines of communication with the staff before, during and after

fieldwork. If you’re not communicating, it’s hard to resolve issues from your end or the staff’s end.

4. Be prepared to provide the staff team with a detailed presentation, either verbally or through presentation of slides of your advisory business. It gives the staff a good overview of the business, hear it from you and compare it to what you have in your disclosure forms ADV 1A and 2A or on your website.

5. Ensure that you’ve maintained all the required books and records and make sure you have them in a location and format that is easily accessible. That’s critical for us to be able to review the documents.

16 See https://www.sec.gov/about/offices/ocie/ocie_exambrochure.pdf.

19

6. Ask questions. Seek clarification from the staff in relation to the document request list. A lot of times you may get something and not totally understand what they’re looking for. It’s better to pick up the phone and ask.

7. Produce the documents requested in a timely manner. If there’s going to be delays, let us know about it. Preemptively tell us if it’s a large request.

8. Answer the staff’s questions in a clear and concise manner. Don’t provide information that leads the staff to make assumptions on what was provided.

9. Make sure that you understand your compliance manual. Make sure it’s tailored to your business. Make sure that all the personnel that we may talk to during the exam process have read the compliance manual recently, within the last couple weeks. We’re going to ask questions based off of the manual, and if people are unfamiliar with it, that just raises potential additional red flags.

10. Make sure you have a current risk analysis of your business and be prepared to discuss what the high, medium and low risks are. It’s also critical that you are able to answer how you actually go about monitoring those risks; how does the compliance manual address those risks; what testing and controls do you have, and what documentation do you have to show us for those particular risks.

11. Prepare your staff to have discussions with us; answer questions; interact with us. 12. At the end of the exam, be prepared to discuss any deficiencies, findings and weaknesses with

the staff. That should be done in a proactive and nonconfrontational manner. 13. Have a positive, cooperative attitude.

Q: Have enforcement actions in the private equity industry improved conduct? And what types of violations, or two or three key challenges areas have been involved in recent private fund cases?

Barbara: I’ll leave it to Kristin and others to determine whether conduct has actually been improved. But I will say that it’s been educational for limited partners and also, and also for advisory firms, the types of conduct that have been revealed in some of the private equity and private fund cases. We are still continuing to look at private equity and private fund firms. Our focus areas include a couple that Dabney touch on: affiliated, conflicted, or unauthorized transactions or activities, and fees and expense allocations. We continue to have cases in both those areas. In addition, we also continue to look at performance and valuation issues, and also gatekeepers. And in particular in the past year or two, in addition to the traditional cases involving auditors as gatekeepers, we also have had cases where we brought, I believe it was the first ever enforcement case against a valuation agent who misrepresented information in their interactions with an adviser. We’ve also brought cases against fund administrators: the Apex17 and Gemini18 cases.

Q: Can you give us an overview of the current status of the liquidity rule?

Mike: Sure. First, I think it’s informative just to give everybody some background on the rule itself. This was a rule that the Commission adopted in 2016. The goal was to enhance registered, open-end investment companies’ risk management programs around liquidity to minimize the risks that those funds would not be able to meet redemptions by investors. When you have an open-end fund, one of the key expectations of an investor is being able to get its money back when it puts in a redemption request, and funds have strict obligations to honor those requests. So, the rule tried to minimize that risk that funds wouldn’t be able to meet those requests.

17 See https://www.sec.gov/litigation/admin/2016/ia-4429.pdf. 18 See https://www.sec.gov/litigation/admin/2018/ia-4847.pdf.

20

So, what did the rule do? Primarily it requires open-end funds to establish liquidity risk management programs. In addition, it strengthened the existing obligation that an open-end fund can invest no more than 15% of its assets in illiquid investments. In addition, it set up a requirement that funds classify their portfolio into four buckets based on liquidity of investments in the portfolio. Finally, another key aspect was it required funds to establish a highly liquid investment minimum based on its particular portfolio.

Does the new liquidity rule and program only apply to private funds? The answer is no. It actually doesn’t apply to private funds although private funds should obviously have policies and procedures in place that are tailored to the liquidity of those private funds. But this particular rule only applies to registered open-end investment companies. And certain aspects of the rule do not apply to what are called “in-kind ETFs” as defined by that rule.

Since its adoption, the Commission and the staff have done a lot of outreach with the industry recognizing that compliance with this rule could be challenging. As a result of that outreach and dialogue, the staff has issued a few FAQs.

In addition, the Commission recently passed amendments that would delay the compliance date for certain aspects of the rule. In particular, those delays to the compliance date apply to the classification program that I discussed before where liquidity needed to be classified into certain buckets, as well as parts of the rule that were integrally related to the classification requirements. The important thing to note is the compliance date on the liquidity risk management program and the 15% limit on illiquid investments did not change as a result of that Commission action.

The Commission also proposed additional disclosure for funds to make in their annual reports concerning the operation of their liquidity programs. This would replace disclosure that was pending that would have required funds to provide public disclosure of aggregated, bucketed classification of their liquidity of their investments. The Commission ultimately in that proposal thought that this was the right way to go based on some feedback that we’d received that the liquidity determinations in the rule are highly subjective and investors may not necessarily have the context to evaluate those determinations. So, there was a concern that the bucketing disclosure could be somewhat misleading to investors. So, the Commission thought that more meaningful disclosure could be provided in the annual report. And so that’s an open proposal to the extent that you have any thoughts on that.

Q: How does the National Exam Program leverage better technology and analytical capabilities to

strengthen its oversight of registered investment advisers? To be more specific, what ways does the

exam staff use technology to search registrants? [2:08]

Lou: Exam Candidate Selection: We’re now doing analyses of Form ADV responses, meaning we are

doing this in a more electronic fashion using algorithms based on the responses to Part 1. We’re

reviewing performance returns, both of registered investment companies, private funds, and IA

composite returns that are out there on various databases. The Division of Economic Research has been

doing some really great work with tech analytics with ADV Part 2A filings. The OCIE Risk Analytics Group

has pulled in some bulk data from clearing firms, primarily trading data, from clearing firms that can be

used to identify IA exam candidates. We’re getting better use of those filings and disciplinary data from

the FinCEN database bulk searches that we do. Models have been developed to combine risk factors

from different sources and risk-rate firms.

That being said, it’s important to note that exam candidate selection is not strictly computer-based.

There is still a lot of human judgment on our part. Modes and analytics help us to narrow the field, come

21

up with ideas and then be able to search for those ideas. But at the end of the day, most of the selection

is still very much human judgment.

On the technical side for what we actually use in exams, the list is growing. We use NEAT, which is our

trade blotter analysis service that supports the SEC exam staff by performing analysis of registrants’

trade blotters. That tool is now part and parcel of most of our exams in which we are looking at trading.

But we have some other tools that we’re starting to use as well. We have an application that’s used to

identify potential disclosure issues in the IARD filings, which allow us to analyze these findings to identify

where expected disclosures are an outlier, which could mean they are lacking contact or possibly are

misleading. The application calculates a variety of metrics around specific word usages and groups of

words to highlight potential risk areas. The OCIE staff may research across disclosure documents using a

“Find Like This” function, and compare documents for changes.

We have a market information and data analytical system that uses commercially available data to

provide SEC staff with the ability to view and analyze many billions of quotes, orders, and trades that

take place each day on equity and equity options.

We’re looking at OFAC, which is the U.S. Treasury’s Office of Foreign Asset Controls. So, we’re trying to

automate the idea of doing searches within that database.

DERA has helped us through some quantitative research looking at some of the performance data.

We are making greater use of asset verification contractors. What came out of 2008 and the financial

crisis was an increased focus on advisers having custody and on us doing asset verification, so there is a

greater use of contractors who essentially allow us to take some of the more mechanical processes of

doing asset verification out of the examiner scans and having contractors work on that.

There is a dedicated team focused on data loading, which is working on taking data that isn’t given to us

in the ideal fashion. For example, PDFs of records that probably would look and work easier if they were

in spreadsheet. We will certainly continue to ask for them in a format that is easiest to analyze, but in

circumstances where that isn’t possible, the data loading team helps us convert it.

Q: What would you attribute to the increase in the 2017 IA examination coverage from 11% to 15% of

RIAs?

Brian: One of the main components is that our staffing increased around 20%, which was due to the

fact that we reallocated resources from our BD exam program into the IA/IC exam program. That

allowed us to focus on a lot more registrants across the country. We had new hires as well. But, in

general terms, over the past couple of years we’ve had a risk-based focus on our examinations. So,

when we go into registrants the goal is to look at the high-risk areas. If code of ethics is low on the risk

area, we wouldn’t necessarily look at that. That has allowed us to speed up our examinations. We have

increased our use of technology.

Q: FinCEN had proposed an AML rule for IA’s. Does the SEC anticipate issuing rules requiring IA AML

programs? What are any existing expectations for IA AML programs?

Mike: The authority to issue AML rules that would apply to IAs rests with FinCEN. They’ve been

delegated that authority by the Department of Treasury. So, it would not be the SEC that’s promulgating

those rules. Of course, we’ve worked with FinCEN in the past and coordinated with them on this issue to

22

the extent that there was an appetite by FinCEN to move forward in this area. I expect that we would

continue to do the same. That said, mutual funds are subject to some AML requirements. We would

expect that advisers to those mutual funds would help oversee the mutual fund’s compliance with those

requirements. Furthermore, advisers themselves in some cases have voluntarily adopted policies and

procedures around AML, whether in response to client demand or as a matter of best practices. We

would expect that advisers, to the extent that they have voluntarily adopted those procedures, would

be following those procedures.

Q: Can you describe any recent AML enforcement matters involving dually registered investment advisers

and broker-dealers?

Barbara: Sure. I’ll also refer to several that involved BDs alone, who all have affiliated investment

advisers. There have been several actions over the last year, and I just wanted to bring it to people’s

attention to the extent that they have an interest in the area. Last year, the Commission filed a litigated

action against Alpine Securities19 alleging that the firm routinely and systematically failed to file SARs for

stock transactions that it had flagged as suspicious; and when it did file SARs, it failed to omit the very

information that was critical in determining that it was suspicious. In an update, on March 30th the court

granted in part the Commission’s motion for summary judgment in that matter and denied the motion

for summary judgment from Alpine Securities, arguing that the Commission did not have the authority

to enforce the rules. More recently, the Commission has filed settled proceedings in November against

Wells Fargo20 advisers for failing to timely file at least 50 SARs, most of which were failing to file

continuing activity SAR reports relating to a branch that focused on international customers. In

December, there was the Merrill Lynch case21 where the firm’s policies and procedures were not

reasonably designed to account for the additional risk associated with the additional services offered by

certain of the firm’s retail brokerage accounts. And most recently, the Aegis Capital Corporation

matter22 involving a dually registered IA/BD. Aegis failed to file SARs on hundreds of transactions that it

knew, suspected, or had reason to suspect, involved the use of a BD to facilitate fraudulent activity or

activity that had no business or apparent lawful purpose. In each of those cases, there were both C-and-

D orders and civil penalties imposed.

19 See https://www.sec.gov/news/press-release/2017-112. 20 See https://www.sec.gov/litigation/admin/2017/34-82054.pdf. 21 See https://www.sec.gov/litigation/admin/2017/34-82382.pdf. 22 See https://www.sec.gov/news/press-release/2018-50.

23

PANEL II. FEES AND EXPENSES IMPACTING RETAIL INVESTORS23 Panelists:

Louis Gracia, Deputy Associate Regional Director, National Exam Program, Chicago Regional Office (Moderator)

Adam Aderton, Assistant Director, Division of Enforcement, Asset Management Unit

Jennifer Porter, Branch Chief, Division of investment Management, Investment Adviser Regulation Office

Nicole Tremblay, Senior Vice President and Chief Compliance Officer, Weston Financial

Introductory Remarks:

Lou: This panel should give you some insights about what risk your fee billing practices may create; what

processes might help in mitigating those risks; and what, if any, revised disclosures your firm should

consider.

Reviewing How the Fiduciary Standard Relates to Fees and Expenses

Lou: What responsibilities does an IA have in disclosing various fees and expenses? OCIE has obviously

made disclosures concerning the costs of investing a focus for FY 18. But in particular, whenever we’re

talking about a fiduciary duty relating to fees and expenses, all roads lead to what disclosures are being

done, which leads to what’s going on with Form ADV Part 2. Jen, maybe you can share some observation

from the IM staff concerning the review of brochures.

Jen: In thinking about adviser disclosures, I always take it back to basics, which starts with the Advisers

Act and having a fiduciary duty for the adviser to the client, and then Form ADV which is our primary

disclosure document. It’s always important to keep in mind full disclosure of all material facts related to

the advisory relationship, and seeking to avoid conflicts, and at a minimum, disclosing them. With Form

ADV, there are requirements that are specific requirements for disclosing fees, expenses and conflicts.

The IM staff did a review in the last year of a set of Form ADV Part 2 brochures. We looked at a broad

range of sizes and types of advisers. Our review included the description of fees and expenses. We looked

at the description of conflicts. We also looked at the summary material changes to see how folks are

implementing that requirement. The theme from our review is that we saw a lot that was consistent with

the policy and spirit of ADV Part 2 requirements, but we also saw areas for improvement. It’s important

to think about the purpose of Part 2 when you’re crafting these disclosures. It’s designed to include clear,

meaningful and current disclosure. The requirements are designed to enable investors to better evaluate

their advisers and also compare different advisers. Item 5 has the requirements for disclosing fees and

expenses. With respect to fees, you have to disclose how you’re compensated and provide a fee schedule,

and then disclose whether fees are negotiable. Here are some things to keep in mind:

- Consider whether your presentation of the fee schedule or calculation is clear for individual clients

to understand what they would pay.

- Convey actual fees

23 Time 2:23:16 of the Webcast.

24

- Consider whether investors can easily compare

- If you use breakpoints, disclosing them in a clear way

- Explain when a fee is charged: quarterly? monthly?

- Disclose specific fees

- Have a schedule format. Some advisers have multiple programs and lots of different fees and

services that they offer. Make sure that your presentation makes clear what fees and expenses

people will pay with respect to what services.

Lou: The exam program has made it a priority to look at adviser’s fees and whether fees and expenses are

calculated and charged in accordance with those disclosures that have been provided to investors, and

where the fee is dependent on the value of the account, to assess the fees charged and determine

whether assets are valued in accordance with investor agreements, disclosures and the firm’s policies and

procedures.

Nicole, can you give insight on what it looks like from your perspective as to your responsibilities of looking

at what kind of disclosures need to be made.

Nicole: I would say that the Form ADV is really a living document for us because we’re required to look at

it at least once a year with our annual update. But beyond that, throughout the year we may be offering

new products and services. So, we’re evaluating, do we have a new fee structure? Is it a combined fee

structure? Is it a standalone that is only going to be applicable to certain clients or certain groups of

clients? As a result of that, we need to go back and carefully review our disclosures and make sure we

have adequately disclosed what the new structure is, when it’s going into effect, whether we’re looking

back at our existing clients and determining whether they should be eligible for this new fee structure. So,

Form ADV is a document that we’re reviewing on an ongoing basis throughout the year. And periodically

through the year I do actually update our disclosures. And a few times a year, if we have to make any

material changes, we’re disclosing that to our clients through our Summary of Material Changes. So, it’s

a very lengthy review process, but it all comes back to our policies and procedures and having a strong

compliance program for identifying the products and services that we’re offering, the different fee

schedules, and most importantly, identifying the conflicts of interest that we have as a result of having

multiple layers of fees. So, it really is a strict process that we follow, not only myself as the CCO, but I

solicit the expertise of our portfolio management teams, new product teams, management, accounting,

investment operations. If we’re launching a new product, for example, we look at how this new fee

schedule going to be actually implemented. As a result, I think we have benefitted from the process and

our disclosures are very clear and we identify what the different conflicts are, especially since we have a

complex legal structure with various entities, and we could refer clients to other products that we offer

or other entities.

Lou: I also want to highlight the new OCIE Risk Alert concerning fees and expenses.24 Concerning fair and

competitive advisory fees, someone asked, is the SEC indirectly saying that advisers must household

accounts for fee billing when house-holding is offered on a discretionary basis, like discounted fees? I

don’t know if there’s so much an expectation that they would be house-holding accounts, but absent a

specific disclosure saying that there is not going to be house-holding, we’re going to be looking at those

facts, and certainly as the disclosures are being made, and whether that leads us to believe that house-

24 See https://www.sec.gov/files/ocie-risk-alert-advisory-fee-expense-compliance.pdf.

25

holding should have occurred, or that there was an expectation that house-holding is going to occur. I

could imagine some facts and circumstances that may lead someone to say no, we’re not going to do

house-holding because maybe the types of services are so divergent within a particular client relationship,

and therefore, being in a separate program with a different fee structure may not lend itself to the idea

of house-holding. But certainly, multiple accounts within the same client relationship in essentially the

same advisory services tends to make someone want to believe that there should be house-holding. When

advisers talk about nature of there being a relationship, it’s a relationship with the client. It’s not just

opening up an account, per se.

Disclosing, Mitigating, and Managing Conflicts of Interest

Lou: We’re looking at what level and what means of disclosure is appropriate for fees and expenses

outside of the advisory fee. I’m going to ask Jen to give us a little bit of insight as to the Form ADV and

about disclosures of those conflicts of interest.

Jen: I’ll start by noting Item 5 requires disclosure of your other fees and expenses; disclosing if you accept

compensation for the sale of securities; disclosing whether you’ve reduced the advisory fee to offset the

commission you charge; also, disclosures about brokerage fees, custody fees, fund fees, etc. Consider

whether or not your disclosures are clear; if you have a non-exclusive list of other fees or a catchall that

you may charge the client other things, make sure it is sufficiently clear and that investors will actually

understand what expenses are being charged.

This leads me to another observation that we made with respect to the use of the word “may,” and this

applies both to describing your expenses, and also when you’re describing your conflicts of interest. With

respect to conflicts, the instructions to ADV say that you have to indicate conflicts that you have, and

specifically says “not may have.” This comes up a lot in enforcement cases and settlements. It also came

up in our staff review. We were really surprised by how often we were seeing the use of “may” in the

brochure in in instances where it appeared that a particular conflict or a particular expense or fee actually

happens. In looking at your brochure, consider, if you’re describing conflicts or fees that you may have,

whether you can use different words that indicate something a little bit different. For example, “can”

means that you are able to. “Could” has a different connotation. But even those words can be ambiguous,

so adding information so that people better understand what’s really going on. For example, referencing

the frequency of the conflict. Or if you’re charging expenses for some accounts and not for others,

explaining that fact. Consider ways to indicate that in a specific way. In one case in 2016 that’s worth

looking at, In the Matter of Jan Gleisner and Keith Pagan,25 where there was disclosure that the adviser

may invest client assets in a registered fund and charge additional fees, and that that may create a conflict.

That was inadequate because the adviser had actually invested those clients’ assets and actually had a

conflict. So it’s important to identify your conflicts. It’s a living document. Make sure that you’re disclosing,

and then also making sure that you’re clear.

The last thing that I’ll mention with respect to conflicts is that some items in ADV specifically require that

you both describe the conflict, but then also how the conflict is addressed. For example, Item 6 for

performance-based fees; Item 10, relationships with related persons; Item 11, etc. We are surprised in

looking at brochures, that particularly for those items where the instructions require saying how it’s

addressed, we didn’t see that happening. Some of the brochures would say, this is our conflict, period.

25 See https://www.sec.gov/litigation/admin/2016/ia-4537.pdf.

26

Keep in mind doing both, and considering, if you have a disclosure, that you have policies and procedures.

Consider if you could explain in a little more detail how you actually address it. From my perspective, I

think that the most understandable disclosures are where investors don’t have to connect the dots. So,

explaining, here’s the practice, here’s the conflict, here’s how it’s addressed.

Lou: Adam, maybe you can build on that. What have been some of those instances in which enforcement

has taken some action?

Adam: From the enforcement perspective, the use of “may” language is something that we look at when

we’re looking at disclosures. I think our view would be, if you say we “may” do something, and this “may”

create a conflict, and you are doing it at that moment, and maybe you are doing it substantially, that is

something that can and has risen to the level of an enforcement action. Indeed, there were some

enforcement actions where there were “may” disclosures just last week relating to receipt of 12b-1 fees

and share class issues. So, I think across the board, when Enforcement looks at your disclosures, we’re not

necessarily looking for the perfect, but if you say you “may” do something, and you are doing it at that

time, that is the kind of thing that could rise to an enforcement action. What you should be thinking about,

and what we’re thinking about when we read your disclosures is: if I was an investor and I read this

disclosure, would I understand how the adviser is getting paid and how the adviser is trying to address the

conflict that they have here.

Lou: Nicole, can you give us a little bit from the industry’s perspective, as you’ve actually had to grapple

with putting those disclosures out there and deciding how to do it?

Nicole: We really try to stay away from the word “may.” Personally, because I think that if we’re actually

doing something in a certain practice or charging a certain fee, then we need to just disclose it. If we have

a conflict, we have to disclose it. At the end of the day, the whole point of the disclosure is for the investor

to make an informed decision on whether or not to engage or retain the adviser. So, if we’re not disclosing

all of our conflicts, we’re not disclosing all of our risks to the client or our various fee structures, then the

client is not making an informed decision on whether or not we are the best-suited adviser for them. I

look at it that as an investment adviser, we’re managing our clients’ personal assets. I would want

somebody who’s managing my money to be taking it very seriously as well and disclosing if you have a

conflict of interest because maybe you’re receiving 12b-1 fees from an affiliated entity. Are you receiving

referral fees, or finder’s fees, or solicitation fees? I’d want to know that, so I think that it’s very important

that if you are actually engaging in a certain practice that you just put it out there and disclose it. I also

think that there’s other ways to disclose your practices, and your services, and your fee structures. It’s not

only in the ADV, but you also need to be looking back to your investment advisory agreements. Are they

clear and concise? That is your legally-binding agreement with the client. Do you have any offering

memorandums for private funds? Do you have a fund’s prospectus and SAI? Is it fully disclosing all of the

various arrangements that you have? So there’s many documents that you have out there that, as

compliance professionals, we’re required to make sure are clear and concise and that they make sense

from an investor’s standpoint.

Lou: I wanted to address from the exam program’s point of view, what have been some of the common

disclosure failures that we’ve noted. First in line is with Form ADV disclosures being inconsistent with the

actual practices. We’ve seen instances in which clients have been charged a fee rate above the maximum

fee rate that’s been disclosed in the ADV. That’s a problem. Another is there’s an agreement to negotiate

a fee rate when the Form ADV states that advisory fees are not negotiable. That might have been fine for

27

the one client, but it obviously seems to be unfair to those other prospective clients who believe that fees

weren’t negotiable.

There has been a failure to disclose certain additional fees or markups received in addition to the advisory

fees. For example, investment advisers or BD affiliates collecting fees from a client for third-party

execution clearing services that exceed the actual fee charged for those services by the outside clearing

broker. And we’ve seen instances in which dually-registered IA/BDs have been adding markups to various

custodial service fees without adequate disclosure or even justification. Those markups relate to such

things as postage fees, confirmation fees, and paper delivery surcharges. It kind of leads you to believe

that best execution wasn’t high on the list of priorities. We’ve found plenty of instances in which there

hasn’t been a whole lot of disclosure. Another common disclosure element we found is not disclosing that

the IA received additional compensation. For example, referral fees on certain investment

recommendations for advisory clients. An advisor recommending a purchase of interest in a private

company that pays an adviser some type of referral or finder fees or maybe even compensates them in

shares or other interest in the underlying company.

Adam, can you talk about some actual cases that have been brought in this space?

Adam: A good point of the dynamic between OCIE and Enforcement to recognize is that some of these

things, to the extent that they create a conflict of interest, when it comes over to Enforcement, some of

the things that we’ll be looking at are the magnitude or duration: is the adviser making a lot of money off

of this over a long period of time? If that’s happening, and it’s undisclosed, that increases your chances

getting an enforcement investigation and a potential action. The why is also important. Did this happen

because somebody made a mistake eight years ago and nobody caught it? That’s one thing. If people were

not even looking, that’s another thing that’s going to increase the chances of getting an enforcement

action. We want to see that you’re continually trying to improve your processes and that you’re taking

the information that you get from OCIE when they’re identifying deficiencies and trying to make your

processes better. When we find out that you’re not doing those things, or when we find out that the

particular conflict that was undisclosed was particularly lucrative and continued for a long period of time,

those are all issues that are going to be likely to lead to an enforcement action.

There are also some courses of conduct that just seem particularly problematic that will lead to

enforcement action. We brought cases recently where an adviser has charged for services that they’re

not providing anymore. There was a case from 2017 where an adviser said they were doing due diligence

on all of these third-party managers, and they weren’t. But they were still taking the fee and weren’t

disclosing that.

We’ve also brought orphaned account cases where the adviser says, we’re managing your account, and

the particular rep leaves, and then nobody’s managing the account, but you’re still taking a fee. That’s the

kind of thing that’s going to get an enforcement action.

We brought cases where the advisers calculated fees in a manner contrary to what was disclosed. That

can happen for a lot of different reasons. That can happen because the processes around fee calculation

aren’t robust and aren’t tested. That can happen because it’s a technical glitch. But if you’re a large

adviser, and you have a technical glitch, and it replicates across thousands of accounts over multiple

quarters, that can end up being a big dollar figure. So, we’ve brought those types of cases as well.

28

We’ve brought cases with more explicit undisclosed conflicts. We recently brought a case, which was

litigated, where an adviser was purchasing securities directly and then selling as a principal to advisory

clients and charging a markup, but not disclosing the markup. That’s the allegation, and if we prove it out,

that seems to be pretty easy money and a problem.

We’ve also continued to bring cases where fees, and in particular, expenses, that seemingly would be

borne by the adviser are instead charged to the advisory client without disclosure.

That ties in with one of the questions that we got: Will the focus on expense cases in the private fund area

continue? We continue to look at private funds, although I think we think we can walk and chew gum and

the same time, and we’re hopeful that we can focus on retail while at the same time bringing private

adviser cases. And I think a lot of those private adviser cases tend to be in the allocation of expenses area.

That all brings me to probably the most frequent place where we see the problem of an undisclosed

conflict that benefits an adviser, which is the share class selection issue. The takeaway from this is that

there’s an initiative that the Asset Management Unit launched to encourage voluntary disclosure from

firms that have share class issues, particularly related to 12b-1 fees. We think this is going to be efficient.

We’re trying in this initiative to use both carrot (no civil penalty) and stick. Hopefully you take advantage

of this if this is an issue, and we don’t find it later either through an exam or some other way. As everybody

said, the deadline on this is June 12, 2018. And the terms of this are laid out in the announcement.26 We

think they’re pretty straightforward and fair, and they go to getting money back to advisory clients as

quickly as possible. Some FAQs are probably going to be coming out on this in the relatively near future.27

A couple things that we anticipate will be questions are things about:

- WKSI [well known seasoned issuer] status. That’s not an enforcement issue, if self reporting and

taking a 2062 charge is going to create a WKSI problem, that’s something you should discuss with

Corp. Fin.

- Similarly, if you’re dually-registered, and you think this may create FINRA issues, that’s something

to discuss with FINRA.

The upshot from this is that we are hopeful that this will be an efficient way to stamp out a problem that

has led to at least a couple cases a year, if not more.

Lou: Nicole, can you give us some insight from your point of view—what are some of the ways to mitigate

some of these conflicts?

Nicole: I think there’s a couple things that you can do. First and foremost, you need to identify all of your

fee schedules that you have in place, all of your ancillary fees, other expenses, etc., and you need to figure

out what are the conflicts of interest that arise as a result of having those different fees and expenses.

Secondly, I think you need to look at those conflicts and then you need to go straight back to your

disclosures and ask, am I adequately disclosing all of these conflicts of interest, and various risks that are

posed to our clients through our Form ADV, through our investment advisory agreements, offering

memorandums, prospectus SAIs. Obviously, you need to have very strong policies and procedures in place

to ensure that you are appropriately identifying and then disclosing those conflicts. At the end of the day,

I think we all want to avoid a violation of rule 206(4)-7. Finally, I think it’s important to have a strong

26 See https://www.sec.gov/enforce/announcement/scsd-initiative. 27 See https://www.sec.gov/enforce/educationhelpguidesfaqs/share-class-selection-disclosure-initiative-faqs.

29

rationale for why you have these multi-layers of fees and expenses, and I think it needs to be well

documented in your firm’s programs so when the SEC does come knocking and asks, why are you offering

these different fee schedules, you’re able to confidently say, this is our approach on it; this is why we

believe that it is reasonable. At the end of the day, we want to make sure that the investor understands

exactly what we’re trying to do.

Adam: When you bring something new on [products, services, relationships], go look at all your

disclosures and make sure that it’s all really well disclosed, I can tell you that, when I have a new fee-type

case come in, that’s the first thing I do. So, you want to be there probably before I’m there.

Operating Business Models that May Create Increased Investor Risks [2:56]

Lou: We’re going to talk about particular practices that a firm may engage in that may raise increased risk

for excessive or inaccurate fees. Some examples:

- A decentralized billing process. Allowing multiple investment adviser reps, different branch offices

or different units to conduct their own billing. These practices may very well be ideal in your firm,

but there’s no doubt that a decentralized billing process could have some issues, especially if there

is supposed to be house-holding or if there there’s a difficulty in getting the data concerning what

has been disclosed, and what have been contractually signed off on, versus what actually we are

going to bill those individuals. Let alone the very mechanical process of sending in those bills into

some type of accounting function or sending them out to be paid directly by custodians, which

the vast majority of advisers do.

- A manual billing process. Someone literally sitting there with pen and paper or with a relatively

simple spreadsheet. Again, something that is delinked from disclosures and from advisory

agreement information can certainly raise the risks.

- Poor client record management. If you have an agreement with an advisory client about the

nature of how advisory fees are supposed to be charged, and let’s say those are dynamic in that

maybe there is different break points or that there are supposed to be certain house-holding and

new accounts are added to the relationship. If you don’t have the client records in good shape

that are readily accessible and understandable by those persons or groups within your firm that

have the responsibility to actually conduct fee billing, then again, you increase the risk for

excessive or inaccurate fee billing.

- Lack of review or oversight of fee billing. Division responsibilities and the fact that there is some

oversight in it certainly is always going to help.

- Lack of review or oversight in setting the advisory fee rates. Who makes that decision, and how’s

that decision being recorded? If there is not a thorough process or a thought-out process you

open yourself up to the possibility of excessive or inaccurate fees.

- Lack of review or oversight of advisory fees agreed upon in new client advisory agreements. As

we bring on new advisory clients, how is that painted towards what our disclosures are in that the

disclosures are now stale in relation to what we’re now negotiating or that we’ve agreed upon

with new advisory clients coming on board.

Nicole: Fee and Expense Issues: If I can add a few more. Pulling from the Risk Alert that was just published

today,28 having your fees billed on inaccurate asset evaluations. For example, if you have illiquid assets in

28 See https://www.sec.gov/files/ocie-risk-alert-advisory-fee-expense-compliance.pdf.

30

your portfolios, and they’re fair valued; or if you have unmanaged assets; or you say in your agreements

that you won’t bill on cash, but you are. I think that that’s a very critical function that you need to review

to make sure that you understand what is the methodologies, what’s the calculations. Also, for example,

if you say in your agreements that you are billing quarterly, but all of a sudden you start billing a client

monthly, and you don’t give them any advance notice. Or if you say you’re going to bill in advance, but

you don’t prorate that first quarterly or monthly fee, and you just take an entire fee. So, I think there’s a

lot of different things that we can do to make sure that you really understand your fees and expenses and

the billing methodologies that are being employed by the firm. So long as you’re appropriately disclosing

them, then I think the client and the SEC would be happy.

Adam: From an enforcement perspective, we do see gradations of this. It’s one thing not to keep good

records because you were transitioning systems and one month was bad, and you fixed it, and you went

back and made sure everything got corrected. It’s quite another thing—we see folks that rely on things

like manual billing or a couple standing file cabinets and that’s the only place where things are being kept

for a decade. Those are things that could end up being an enforcement action. At some point it crosses

the line from something easily remedied, that should’ve been caught through a periodic review, and it

becomes a willful disregard of the need to actually keep required records.

Lou: As highlighted in our 2018 OICE exam priorities, we’re going to be looking at IA personnel that receive

financial incentives to recommend investigators who invest in certain mutual fund share classes, those

with higher sales load. Also, accounts where the investment adviser reps have departed and have not

assigned a new rep to oversee them. Also, IAs that have changed the manner in which fees have been

charged from commission to assets under management.

Jen: Also, making sure that your disclosures are up to date and making sure that your policies and

procedures are catching things. The last piece of our ADV review involves a summary of material changes.

As you’re updating your disclosures, and you’re noticing something’s changing, or you’re bringing on a

new type of service with new fees, it’s also important to keep in mind what you need to do with that piece

of the ADV. You’re required to both identify and discuss the changes since your last annual updating

amendment. It’s supposed to be a summary to inform clients of the substance of the changes. We were

surprised by two things that I think it’s important to note. One is that the instructions say identify and

discuss, and we saw a lot of instances of not discussing the change, and just listing the brochure items

that have changed. Also, the standards of materiality was an interesting piece for us too. We obviously

don’t know the facts and circumstances to know whether or not something really was material, but when

we compared last year’s brochure and this year’s brochure, we would see changes in the fee schedule, or

we would see changes and conflicts that we would’ve thought would be material, and we didn’t see a

summary of material changes. There was an enforcement case, LKL Investment Counsel29, that was

related to the summary of material changes and delivery of the brochure.

Questions and Answers for Panel

Q: It seems that concerns are tied to 1) disclosure, and 2) investment management agreements. Also, it

seems that some private funds have long descriptions of kitchen sinks of fees and expenses charged to

funds. Is that the intent or are certain expenses not appropriate to charge regardless of disclosure?

29 See https://www.sec.gov/litigation/admin/2018/ia-4836-s.pdf.

31

Lou: It is a disclosure based regime. But you do wonder whether there are certain types of fees or expenses

that seem like they can’t be disclosed away. But in theory, yes, they could be disclosed away.

Jen: I think the focus on the fiduciary duty is key to this question. Again, I would reference back to

Instruction 3 in Part 2 of ADV which addresses this too and discusses the fiduciary duty. Full disclosure,

material facts, seek to avoid the conflicts disclosed. And then it also talks about sufficiently specific facts

so you can understand and consent to the conflict. We have not said specifically, this is the highest fee

you can charge, or this type of expense is per se not allowed. But I think the guiding principle is the

fiduciary duty and putting the clients’ interests first.

Paul: Our hope is that, if you make a full and fair disclosure that you’re going to take a fee that’s beyond

the pale, the market will punish that and won’t invest with the adviser that says they’re going to steal all

of your money. We don’t see much of that; it’s much more common that someone doesn’t disclose

something that they’re going to do, than making an egregious disclosure.

Q: Can you speak to how the staff defines underutilization in advisory accounts? Are you just focusing on

the lack of trading, or low turnover? Is underutilization a fee issue?

Lou: Underutilization is ultimately driven towards what really is the suitable investment program or

vehicle that is being recommended to the client. Obviously, the cost, which means in many cases fees, is

a significant factor. The lack of trading and low turnover is part of our focus but it’s not the only focus. On

the idea of lack of trading: just because there are one or two trades in a wrap fee account doesn’t mean

that there isn’t a problem. There other factors as well. It depends on what other services are involved in

the wrap fee program; what disclosures have been given to the client on an on-going basis (for example,

with respect to the level of trading).

Q: What are your expectations on the timing of billing versus valuation, especially when valuations may

change?

Adam: This is a facts and circumstances question. How long has this been going on? How much volatility

is there in the fund? Is what you’re doing reasonable for your investors, and how have you disclosed these

facts to your investors? If you can tick all of those boxes (disclosures and consents), then you may be okay.

But I think this is an issue that you want to think long and hard about how you have made your investors

aware of the issue and how their fees may depart from what ultimately be the value in the fund.

Q: In the Risk Alert, it mentions a case in which an ADV states a maximum fee charged and the adviser

violated its disclosure: If the ADV also had a sentence saying that they adviser can charge more or less as

agreed to with a particular client would this have resolved the issue? How quickly would say that the

adviser in this case should have amended its Form ADV?

Lou: If you set a maximum fee there’s going to be times where you go above that max fee, then you should

illustrate not only the fact that it might happen, but also include what were the factors that caused the

fee to go above the maximum, so the investor can understand what the factors were that played into that.

Be up front with your investors.

Jen: The ADV needs to be amended when there’s a material change. The standard of materiality is based

on the facts and circumstances. That can generally be understood to be when there’s a substantial

likelihood that a reasonable investor would have considered that information to be important.

32

Nicole: It would also go back to the investment adviser agreement and what the four corners of the

document says. If it says you are adding ancillary services, then your agreement should be laying out

exactly what they are, and if it is going to be above what your stated maximum fee, then there needs to

be a stated rationale for it.

Q: What if you are not crediting prepaid advisory fees, and then you learned that you need to do that. If

your previous disclosure stated that you would not do that, how far would you go back and review and

credit? Or can you do so just moving forward?

Nicole: From the adviser’s standpoint, any time that we have identified a billing issue, we will 100 percent

of the time go back and disclose it to the client. It doesn’t matter whether it’s been one quarter or three

years, we’ll still go back.

Lou: In dealing with terminated clients, if you’re charging quarterly in advance for example, and the client

leaves intra-quarter, and they have prepaid in advance, they’re probably deserving of some type of

repayment. Absent disclosure, it’s probably not good enough to say you don’t owe them. In determining

how far back you should go, recently the Supreme Court ruled in the Kokesh case30 for the SEC being

limited to going back five years in practice. But that certainly doesn’t stop any individual firm for taking

on more of a liberal point of view as to how far back in time to look at any practice in which they’ve self-

identified. What you would want to do is go through a process where you’re trying to decide how far back

you want to go and defend it. If there’s a clear rationale, I don’t think we’re going to be nitpicky as to how

far back you went.

Nicole: The other document that you need to be looking at is the investment management agreement,

because all investment management agreements will have termination clauses. It will disclose in a certain

extent that if you decide to leave mid-period we will go back and reimburse you, or there could be

language in there saying that we will bill you on the date that we are notified that you are no longer a

client, and if you continue to hold your assets with the firm after that, we may not go back.

30 See https://www.supremecourt.gov/opinions/16pdf/16-529_i426.pdf.

33

PANEL III. EMERGING TRENDS IN PORTFOLIO MANAGEMENT31 Panelists:

Carolyn O’Brien, Senior Staff Accountant, National Exam Program, National Exam Program Office

(Moderator)

Benjamin Alden, General Counsel, Betterment LLC

Michelle McCarthy Beck, Chief Risk Officer, TIAA-CREF Investment Management Inc

Barbara Gunn, Assistant Director, Division of Enforcement, Asset Management Unit, Fort Worth Regional Office

Timothy Husson, Associate Director, Division of Investment Management, Analytics Office

Robo-Advisers

Benjamin: First, we’ll about direct-to-consumer robo-advisers, which use technology, software, algorithms to provide investment advice and portfolio management direct to consumers over the internet. We also have hybrid systems, which have the digital advice, but also might have a flavor of human advice on top of that. A few things to note about those two things are that no matter whether you’re digital or hybrid, there are humans all over the process. Even anything delivered through an algorithm had to be built, designed, and managed by human advisers. In many ways, all that this is doing is providing scale to the advice a human would give a retail client. On the hybrid side of things, you could see a different type of advice being granted depending on the model. It can be nondiscretionary human advice on top of the digital adviser. It can be discretionary. The method of communication is different, too. Traditionally, it’s in person. It can also be phone advice. Increasingly and in the future, you’ll probably see messaging as well. Within each of these categories there’s also a spectrum of services offered at different levels. Within digital adviser, there’s portfolio management, savings advice, financial planning, and tax management, etc. Within each of those categories, there’s different scales. For portfolio management, it could be a simple model, or it could also be a complicated SMA that you use to manage around peoples held-away accounts. For tax management, it can be tax loss harvesting or asset location, where you manage assets between retirement and non-retirement accounts. It’s the job of the digital adviser to be exceptionally clear with its clients what they’re being offered at any given time. As the advice model changes and the world shifts, it’s the job of a compliance department to manage and meet client expectations of what they’re actually receiving. People historically have walked in and spoke with a human. But there’s not just this new model, but new retail investors entering the market who have never done it before. It’s our job to be clear.

There’s also B2B (business-to-business) models where robo-advisers offer white label offerings to intermediaries like banks or investment advisers. Sometimes wire houses have proprietary offerings. You’ll also see technology offerings that don’t really do much investment, but build the software for those intermediaries.

Carolyn: Robo-advisers have been around for about 20 years now. But it’s really been in the past 10 years that they’ve become very popular. We currently have over a couple of hundred registered with the SEC. Some are registered as traditional adviser would be registered—they have assets under management in excess of 100 million. There are others that rely on an exemption for registration. There are probably a couple hundred billion assets under management at robos currently, and they have

31 Webcast Part II.

34

thousands of retail and institutional clients. From an OCIE standpoint, it’s a priority for us in fiscal year 2017 and 2018. The types of findings that we’re having are really consistent with the guidance that was provided by IM in February 2017.32 Probably the most important takeaways are that not unlike any other adviser, robo-advisers have a fiduciary duty; they need to have an effective compliance program; and they need to make full, accurate, and complete disclosure.

Tim, can you cover the key risks and concerns that were in IM’s February guidance?

Tim: The guidance did a good job of showing the types of issues we’re still seeing going forward. I would add a few high-level points. We still see these firms asking whether their conduct will violate securities law a little late in the process. These firms need to take the additional step and think more about compliance. One issue is what will these new business models do next time there’s a crisis. The next time we have an event where these models might not be calibrated to deal with that sort of event. Additionally, it’s very easy to “don the garb” of a lot of these new innovations. Things like “block-chain” and “smart contracts” may be easy to say, but very difficult to get right. We do see a very broad spectrum of sophistication when it comes to using these words properly. That’s a challenge for us to make sure we’re on our game to understand the new things that are happening as they come out. But it’s also a challenge in terms of getting that information to retail investors in a way that is proper.

Carolyn: Ben and Michelle, from your standpoint from risk and compliance, what is your take on all of this?

Michelle: From a risk point of view, it’s good to piece apart the whole chain of delivery. Any financial models that try and forecast something happening in the future, they usually start with some period of history that is their idea of what can happen, and that’s all we can do. By definition, it will not be the right case for something that happens in the future. It’s important to be aware of that and to know what period of history the forecast of markets in these models have been fit to—what’s in there and what’s not in there. It’s also good to understand there’s some kind of modeling techniques and ideas that are really important in this area. There’s a habit in value-risk models of using something called exponential smoothing that can have the effect of being heavily weighted on just the last 10 days. So, whenever you look at modeling, understand the look back period, any special techniques that are done, how evenly does the model take into account all of the periods of the past. And then there’s the forecast period: how long are you forecasting for; and what are you doing with cash flows that may be needed in the interim. Understanding what if a person needs their money back and how well has that been disclosed, and what could happen between now and the future if you need your money back sooner. Finally, when it comes to people ascertaining the client’s risk tolerance, if it’s phrased differently, it can be quite different than they initially indicate. So, it’s good to make sure to really probe. What would happen if you lost your job? Or what would happen if you had a sudden unexpected medical expense? Are those questions being asked, or are people just blandly being asked, do you think you’re conservative? Or do you think you’re not so conservative? So, good questioning is important to examine when looking at this area. Also, the disclosure need to take people through the entire cycle.

Ben: All that makes great sense. If there’s an innovation in the digital advice space, in many ways it’s the taking of that technology and making it face retail clients so that they can access directly in a user-friendly way. When I read the guidance, I see a really good set of flexible controls. It acknowledged that digital advisers, who are investment advisers are subject to all of the same rules, and pointed out a few specific controls that might be slightly more useful in this newer industry. I think staffing appropriately is really important. One thing that perked our ears up at Betterment was when Peter Driscoll, OCIE

32 See https://www.sec.gov/investment/im-guidance-2017-02.pdf.

35

director, noted in a recent talk that, during their sweep, they’re seeing some risk posed by investment advisers who may not be acquainted with SEC’s compliance rules. In other words, light on the “fin,” heavy on the “tech.” But from an industry participant perspective this is still a new development. We’re building our reputation with our peers, our clients and our regulators. Many who I’ve spoken to at all types of robo-advisers, mature or not, believe that this can be a positive development for retail investors everywhere by scaling sophisticated investment advice, portfolio management techniques, and making that available with asset minimums as much as $0. But for that to come to fruition and to be real, we have to prove it. And that means having a sufficiently staffed resource and paying attention to compliance. A lot of the challenges we face are new, and one is how to take this adviser-facing technology and make it accessible to people who might not be able to tell you what modern portfolio theory is.

Another control that makes a lot of sense is algorithm governance, which is basically how do you know that the software is doing what you think it’s doing? In many ways it’s a dream for a compliance professional, because you don’t have to focus on hundreds of people in branch offices having conversations with clients behind closed doors with a supermarket list of financial products and services. That’s where the testing comes in—making sure the business has really strong processes for designing and testing software both before it’s implemented and after it’s implemented. And from a compliance perspective, testing what the engineers are testing. If the engineers can’t explain in plain English what they’re doing, that’s not good. We need to break down the black box. I think the guidance has helped push us in that direction. When we’re talking about disclosure, it’s not just disclosure—it’s an empathetic understanding with a retail client. How do I get someone to answer these risk questions in a useful way? How do I help this person save? How do I help this person understand their true risk tolerance both today, at onboarding, and over the 30-year life of a retirement goal? If you want to “don the garb,” you have to ask those questions.

Carolyn: One of the questions we got was can you give us a sense as to what IM and OCIE are looking at in the short and medium term in the robo-adviser space?

From the examination perspective, it’s a learning process. There are so many different types of robo-advisers and we’re trying to include in our initiative as many different kinds as we can. We have the ones that are the small shops that are relying on the exemption to be able to be registered with us. We’re looking at larger shops that have assets under management in excess of $100 million. We’re looking at ones that are geared towards retail investors and taxable accounts to ones that are focused specifically on retirement accounts to ones that are in the business-to-business model. We’re looking at some who are actually the model provider and some who have decided to use a third party’s product, or a white-label product. A white-label product is when you have a third party that has created the product and they allow the adviser to put their name on it. So, to the investor, it looks like it is the adviser’s robo, but in fact, it’s actually a third party’s. It’s really incumbent upon that adviser to make sure they understand what that third party’s product does and how it changes. Are there updates that are happening over time? To the extent that there are, do they understand what those changes are? The other part of the initiative is to inform policy. One of our four pillars is to inform policy. So, we take our findings and share them with IM, and perhaps there’s a regulatory change that needs to happen. Maybe a rule needs to be amended. Maybe there are some changes to Form ADV that need to happen. It’s an OCIE-driven process, but it’s also in conjunction with IM as well.

The other question that came up was whether there are any insights that we could give on the ongoing robo-adviser industry sweep exam.

36

It’s really the broad swath of firms that we are looking at. There are a variety of components to that. Certainly, disclosure is a big part, but it’s also the processes that are being used and the questions that are being asked. Are there only five questions being asked? Are there 12 or 15 questions being asked? Ultimately, it doesn’t really matter how many questions, it’s how good are the questions being asked. We’re also looking at advisers who charge very low fees and their business isn’t profitable. What are they doing in that context? Maybe they’re getting venture capital funding, or maybe they’re just struggling. We’re looking at that as well. We’re looking at custody. There are passwords that individuals will give some of these companies. Are they aware that this gives them custody and what are they doing about it? We are also looking at suitability. Is this product really suitable for the retail client?

Barbara, in hearing all of this, from an enforcement standpoint, what are you concerned about?

Barbara: I think it’s clear from the discussion that disclosures are a critical item. Having current and tailored disclosures is really absolutely key. We often see that that’s in fact not the case, particularly with the firms that are perhaps not as sophisticated. If there’s one takeaway from an enforcement standpoint, it’s that you really must be sure that your disclosures fit your business and that they adequately convey any of the limitations of the model, any limitations on the inputs in the model and adequately convey the risks that are involved.

Ben: Regarding disclosure, from an industry perspective what we found interesting is we all obviously have our ADVs and our client agreements, but we found it pretty fruitful to put disclosures built into the client experience. When you hear us say disclosure, I don’t mean just 200 pages of legal text. I mean actually informing the client in real time about what they’re trying to do, what they’re trying to achieve, and what they’re not doing, and what they’re not going to be able to achieve in that situation.

Carolyn: When we’re looking at the websites themselves, is the disclosure obvious, or is it buried all the way on the bottom in a three-point font that you have to click on a link? We would like to see it be obvious for the investor.

Fintech Influence on Wealth Management Practices

Carolyn: From an IM perspective, there have been various technological developments. The cloud has facilitated significant advances IPA (Intelligent Process Automation) in the past few years. We understand what those benefits are; you’re eliminating some routine, redundant tasks; you’re improving efficiency; you’re enhancing effectiveness both at the individual level and at the enterprise level. But based on several questions that we received in advance, the big question that we’re hearing is how are advisers using and managing the use of alternative data? Two of the biggest changes that we’re seeing are the increasing use of automation in portfolio modeling and also the outsourcing of various back office functions.

Tim, what is IM doing in the context of IPA?

Tim: IM is doing a great variety of things. We have built a tool called MAGIC, the Monitoring and Analytics GUI for Investment Companies. It take all the data we can access and puts it right at the disclosure reviewers’ fingertips. They can see the holdings of that investment company, they can look at the performance, flows, etc. We’ve built in cluster analysis, so you can look at the performance of that fund and you can see, for example, whether or not its performance has matched others who you might consider peers, or if it hasn’t, or of it’s unique, or if it’s exhibited any other things that might call for a disclosure review or to ask some intelligent questions. We like to think that all of our processes go

37

towards making all of our interactions with the industry, all of our policy related work, smarter and faster.

Barbara: For enforcement, in the Asset Management Unit, we have a number of industry experts who bring expertise from various areas and a lot of knowledge of the data that’s out there and the tools to analyze it. They’ve been really instrumental in improving our use of data analytics in IPA. They work closely with the staff and with OCIE, IM and DERA and the exam staff, to develop what we’ve called risk analytics initiatives. A couple of the risk analytics initiatives that have been publicly disclosed so far are the Undisclosed Adviser Revenue Initiative, where we’re targeting undisclosed compensation and other arrangements between investment advisers and brokers that reward the adviser for making certain types of investments. Another initiative is the Aberrational Performance Inquiry, which we continue to focus on suspicious performance returns. To date, the Commission has brought nine cases charging a total of 11 individuals, 8 firms, a fund, and a public company, based on a wide variety of different types of conduct.

Carolyn: Michelle and Ben, are your companies using IPA?

Michelle: I think what everyone fears is that people will be putting in place algorithms that will execute trades and nobody will know what’s going on. That’s not the most popular version of these sorts of tools. I’ve seen some experimenting with seeing if natural language processing can cull public information to look for sentiment indicators and see if that adds anything to the process. I’ve seen, more in the back-offices and support functions all the functions that could be automated using any kind of robotics to cut and paste from spreadsheets and remove trailing zeroes and get rid of spaces and put things in a column. I did see some companies out there trying to help with performance commentary. You could drop in a table that would show the fund outperformed by 4% and utilities were outperformed by 2% but a detractor was technology. The question is would that be too robotic? There’s usually color commentary that people would want to add after the fact. Different ways to gain greater consistency, remove drudgework, and to speed up processes, and perhaps to cull the information world for more information to have in front of someone as they look at the world of portfolio management decisions.

Ben: We don’t do direct AI [artificial intelligence] today. Obviously, we automate a lot of things, and the key for us is to make sure there’s human oversight over that. To the extent that the computer is doing anything, we just want to make sure we have visibility into what it’s doing, and handling exceptions appropriately is a matter of course. There do seem to be a lot of companies claiming to do AI and machine learning and blockchain, and it’s kind of unclear if they’re actually doing any of those things. We just try and avoid that.

Carolyn: Ben mentioned human oversight. From a compliance standpoint that is such a key element. One of the questions that came up asked if basically we think that humans are going to be replaced. Personally, I think no. You have to continually test your systems to make sure they work. That’s what we’re looking for from a compliance standpoint: are you testing the system? Are you testing the models? Are you testing the questions? Does everything make sense? Need for retesting if you make a change to your system or model.

In terms of potential violations that could come about, Barbara do you have a take on what types of things might warrant enforcement action?

38

Barabara: Certainly, there are some cases that illustrate what can go wrong, AXA Rosenberg33 being one of the most prominent cases. In that case, there was an error in the coding that wasn’t picked up for a long period, and the violations that were cited related mostly to conduct once they discovered the error in the coding and what they did, and more importantly, what they didn’t do once they had discovered the error. There were very substantial continued losses during the several month period before the error was disclosed to management of the company that resulted in the firm having to pay back $217 million. I would say that the error itself wouldn’t necessarily be a violation, but how you respond is a very critical issue.

Michelle: It’s interesting in modelling, there are some things that are just plain old errors, where the model is specified to take in certain parameters in there is a human input error, but then there are situations, for example, where the model is set up to take in data once a month, so it’ll be stale during that month. And midway through the month, if something happens, the data wouldn’t reflect it. That’s not an error, but it’s not awesome. Another example is a model that’s fit to a period of time in the past. I had the experience of working for a mortgage bank during the financial crisis. It was set to a period of time where the housing market had never gone down in every market at the same time. It wasn’t in the past data set. So, nothing you did with that model would ever include the kind of events that were subsequent. You need to understand the limitations of models, you need to know how often they refresh data. There should be continuous improvement and thinking about how often your models are refreshed.

Questions and Answers from Panel [35:30]

Q: Can you provide some effective best practices and/or policies specific to the robo-adviser space?

Ben: I’d say the first thing is the robo-adviser guidance we’ve been referring to here applies just as equally to human advisers as it does to robo-advisers, and it does so explicitly. So, the policies should be preexisting. The only thing that jumps out at me as particularly new and worth of even more elucidation is algorithm governance as a policy. Having that written, testing that, and doing so in a way you feel comfortable with is critical. But for best practices, one of the greater innovations in what we’re doing in this space is just moving exceptionally fast. We have three lines of businesses. We’ve grown very quickly. In that period sometimes the best practice is to make sure that you’re adequately staffed. We are 220 people. We have eight lawyers spread across legal and compliance, and the best practice is to treat them like engineers. You need a strong compliance program that provides oversight, but our view is that your legal and compliance team add value to the business in helping to guide through these rules, so that you don’t have to trip and fall before you get picked up; so that you can build quicker and safer at the same time. They aren’t there just to ex off risk and be locked in a separate room.

Michelle: It’s easier with a model or algorithm to see that there was an error. So, if somebody has fit their business judgment to the wrong part of history, you can’t find that one quite as easily as you can if it’s been put in a model. If somebody doesn’t have great judgment, that’s not as easy to find an error in as when somebody goes through the trouble of writing it down in a model. So, in a sense, it is the same process as overseeing advisers, but in this case the judgment is written down for everyone to see if they know what to look for.

Ben: The back side of the algorithm governance policy is its software. Just like humans, things make mistakes. Hopefully we’re all familiar with AXA Rosenberg. One of the things that’s really interesting about it is it explicitly calls out the violation that people hid code error and didn’t remediate quick

33 See https://www.sec.gov/litigation/admin/2011/33-9181.pdf.

39

enough as a breach of fiduciary duty. That’s pretty important. That was in 2011-2012, way before we started talking about algorithm governance. The fiduciary duty is tied to your codebase. But more than that, it’s about making your client whole, to quickly remediate and to fix problems. Doing that requires an upfront process of trying to do your damnedest to make sure that nothing goes wrong, but then building and realizing that no model is perfect. In order to obey your fiduciary duty and to do what’s right, you have to be able to quickly remediate and make your client okay.

Q: Can you tell us any more about the 3(a)4 exemption from the Investment Company Act and the guidance you’re contemplating providing the industry based on the robo-adviser sweep exam?

Carolyn: In terms of informing policy, certainly 3(a)4 is one of the things that we are looking at, and we certainly are sharing information from our examinations with the Division of Investment Management for them to take a look at. It may be something that gets modified or it may not be.

Liquidity [40:00]

Carolyn: Tim and Michelle, can you talk about what you’re seeing in the industry regarding liquidity practices? Obviously, we have the liquidity rule that just came into play and there have been some adjustments that have been made there. What are you seeing in terms of how things were and how things potentially are changing?

Tim: From IM’s point of view, what we’ve seen certainly is tremendous engagement on the problem, and not just the liquidity rule but the liquidity issue. We see really interesting conversations happen between advisers and vendors, advisers and sub-advisers, and all the people who are involved in that decision getting very specific about what they’re talking about. In a lot of cases, folks had those conversations but not in such specific terms. We’re seeing sophistication happen really quickly. We’re seeing a lot of people trying to get up to speed. We’re seeing vendors who really want to produce something that addresses their specific portfolio management practices and to have that reflected in anything they report. But also, in how they think about the problem themselves.

Michelle: The conversation has been affected greatly by the rule. I think that a prior assumption would have been from a lot of people on the risk or compliance professions, that it’s the portfolio managers job and that they don’t know anything about it. So, it was absolutely required for people to know about it. I’d say in more fixed-income-rich asset management environments the risk teams did know a lot about it. But the way you phrase the question matters a great deal: Over what period of time? How much are you trying to move, and for what price change? The way you phrase that question can really make the answer differ. And then there’s the question of whether or not you’re doing it during a time when markets are dull or during a time when there’s some kind of crisis going on, when a lot of oxygen is being sucked out of the room in a way that you wouldn’t see from normal times. So, all those dimensions make it hard to do. But I think the conversation between boards, compliance, risk portfolio managers has been a really great thing for everybody to talk about—what is normal and how do we manage liquidity, and which products are edgy from a liquidity point of view and which ones are not?

40

QUESTION & ANSWER SESSION 234 Panelists:

William (Bill) Delmage, Assistant Regional Director, National Exam Program, New York Regional Office (Moderator)

Ahmed Abdul-Jaleel, Assistant Regional Director, National Exam Program, Chicago Regional Office

Adam Aderton, Assistant Director, Division of Enforcement, Asset Management Unit

Diane Blizzard, Associate Director, Division of Investment Management, Rulemaking Office

Mark Dowdell, Assistant Regional Director, National Exam Program, Philadelphia Regional Office

Craig Ellis, Exam Manager, National Exam Program, Denver Regional Office

Douglas Scheidt, Chief Counsel, Division of Investment Management

Kristin Snyder, Co-National Associate Director, National Exam Program, San Francisco Regional Office

Thoughts for a New CCO

Build your Network: Attend conferences, join an industry group or one of the local compliance roundtables. There’s a lot of events out there that people can join in.

Talk to People: Talk to people within your firm and try to understand what their day-to-day role is outside of the compliance department. Compliance shouldn’t just happen in the compliance department. It should happen in the business units as well. To the extent that you can leverage those resources in your day-to-day activities and reviews, it is a great plus.

Plan: People don’t plan to fail, they fail to plan. Develop a compliance calendar; a timetable of when you’re going to be doing the reviews. There’s not an expectation that an annual review takes place all at once, but over the course of the year can be a best use of resources.

Prepare: Prepare as if an exam is coming. There’s a varied number of types of examinations, and we’re trying to reach out to different populations. Eventually an exam will come.

Authority: The CCO is empowered and has authority. They have a seat at the table. Depending on the size of the firm and complexity, if there’s different committees and types of working groups, compliance should be present, whether it’s the CCO or someone from the compliance department. Whether it’s new product development or new business, having a seat at the table gives us the sense that the CCO is someone who has some stature in the firm.

Educate: Sign up for the sec.gov alert. Look at FAQs that we put out. IM, the National Exam Program and others have a lot of information on the website.

Q: FINRA has a coordinator program where a firm is assigned to a contact, a specific person they can call with issues. Does the SEC see a future where a BD or RIA will have a point of contact within the SEC?

34 Time 43:10 on Webcast Part II.

41

Kristin: You do have a contact within the SEC. We probably will not be doing a coordinator program, in terms of the resources. We oversee about 12,000 registrants in the IA space currently. Given our staff we don’t have the resources to devote to a coordinator for each firm. However, you can reach out to a contact on exam team if you have been examined before and we can route you to the right place. If, for instance, you have a policy question, we could try to route you to the right person in one of the policy divisions. If you haven’t been examined before, or it’s been a long period of time, our sec.gov website has contact information for all of the regions and all the regional exam programs. Each of the associate directors are listed by region and with a description. When IM issues guidance updates, which are available on the sec.gov site,35 there is a contact listed on those guidance updates for questions. You can reach out to that individual.

Q: Given the increasingly global nature of financial markets, does the Commission have plans to harmonize the emerging regulatory discrepancies between E.U. and U.S., especially in light of MiFID II and upcoming E.U. general data protection regulations?

Douglas: The Commission hasn’t decided what it’s going to do in this area. But I often use the following example. When MiFID requires European managers to pay hard dollars out of their own pockets or out of their clients’ research payment accounts to broker-dealers for research, that creates a regulatory discrepancy, if you will, for investment managers in the U.S. who want to do business in Europe. It also puts broker-dealers in a difficult situation because to the extent that they receive hard dollars or payments for research, they would be considered to be an investment adviser, because the definition of an adviser goes to anybody in the business providing advice for compensation with respect to securities. Broker-dealers can only get themselves out of that definition if they receive transaction-based compensation and not special compensation. Those hard dollars would be special compensation. In light of the then impending effective date of those rules, the staff of the SEC issued no-action relief allowing brokers a 30-month period in which they could receive those payments without being considered an investment adviser. The period of time is designed to provide entities a period of time to adjust to the implementation of those requirements imposed by MiFID II and to give us time to monitor and assess how firms implement those requirements. The end goal was to avoid disruption in the markets and have sufficient time to engage with the industry with respect to the impact of those requirements. During this 30-month period, the staff engaged in outreach, listened to trade associations, looking at the effect of the requirement on provision of research by broker-dealers, and trying to determine what steps to take next to recommend to the Commission.

As for GDPR, the staff met just last week to look at some of the issues it presents. Just like with MiFID, you never want to be in a position where in order to comply with one regulatory regime, you have to violate another regulatory regime. The European regime would prohibit registered advisers from providing personal information about their clients to the SEC. But then again, the SEC rules require that required records be provided to the SEC. So, how do you address those discrepancies? Those are some of the issues that we’re working through over the next few years.

Q: Are there minimum practices and procedures OCIE staff likes to see from the compliance department in connection with portfolio managers meeting with management of publicly traded issuers?

Mark: Most definitely. If you have portfolio managers meeting public companies, that increases your risk profile and the risk associated with your firm. The compliance officer should be aware of that. Definitely, you need 204(a) procedures for insider trading. If that individual does receive some inside information, you should have a process in place where it is reported to the compliance officer and that particular

35 See https://www.sec.gov/investment/im-guidance-updates.html.

42

portfolio manager is walled-off or that information is walled-off either on the watchlist, gray list, blacklist, or whatever kind of list you want. Also, from a trading perspective, you can review the trading blotters if your portfolio managers meet with individuals and they invest with that particular company. Especially if you see a huge pop or a huge announcement the day after your investment. Sometimes, it raises questions. You may want to talk to the portfolio manager. You may want to review what the portfolio manager has done from an investment process and documentation process. Also, if you have an investment committee, look at the minutes of the investment committee or talk to people on the investment committee concerning that particular security. Also, you have the code of ethics and the reporting mechanism within the code of ethics. If that portfolio manager is making individual trades for the benefit of himself, you can review that and cross-reference it with the review of the insider trading policies and procedures. So, there’s several things you can do. But I think that’s a minimum. But there are other ways to look at this also. So, it’s up to the compliance department to go forward and make sure they monitor that situation.

Q: Will mutual fund platforms be included in the Share Class Review Initiative due to their control over what share classes can be made available for purchase, particularly as it relates to revenue share requirements?

Adam: A couple points to make about the initiative:

1. The initiative is voluntary. No one has to be participating unless they choose to raise their hand and participate.

2. For advisers who have the ability to select the share classes off of a mutual fund platform, did you disclose all the conflicts that arose from the share classes that were available?

3. We’ve been bringing these types of cases on the IA side on a disclosure theory for a number of years now. They’re a big part of what the AMU is doing to help protect retail investors. But they’re sort of a piece of the general idea that anytime an adviser is receiving a benefit that is undisclosed to its clients, that’s going to be something that’s going to pique the interest of Enforcement. And that goes beyond share class, and could include:

a. selecting proprietary funds as opposed to third-party funds b. selecting service providers, if those providers are affiliates c. allocation of expenses that should potentially be borne by the adviser rather than the

client without disclosure In all of those cases, we would expect conflicts to be disclosed.

4. There were several questions in addition to generally asking about where we see share classes going. Must you always choose the lowest fee share class? Do we expect every adviser only to pick clean shares? I can say that I regularly see that a lot of larger advisers do seem to be moving to clean shares or lower cost shares. What I do think really matters to most enforcement lawyers is that where there’s a conflict, you’ve clearly disclosed it. What we’re hoping to accomplish is that investment advisers disclose to their clients exactly what conflicts they have so that their clients can make an informed decision.

Craig: I’ve done a number of these mutual fund share class exams, and I wanted to point out that the benefit to advisers sometimes can be indirect. For these big mutual fund platforms, a lot of times the tradeoff is the clients buy A-shares that pay 12(b)(1) fees, but then they don’t pay ticket charges. That can be a fair trade off to the client. But if it’s in, say, a wrap program, then suddenly it’s the adviser who’s saving ticket charges, not the client, and that’s a totally different view. So maybe the adviser is not getting 12(b)(1) fees, but they’re saving ticket charges and that’s still a conflict.

Q: Is there any priority to visiting firms above a certain AUM?

43

Ahmed: It depends. There’s usually not a specific amount of AUM that would trigger an examination, necessarily. In terms of our efforts to ensure adequate coverage across our registrant population, certainly, one factor that’s considered as part of that process, in addition to examination history and other risk metrics based on analysis of form ADVs, the size of AUM is a consideration point. And it’s an important point in terms of what we call our strategic risk engagement exams that we conduct with our largest registrants where we engage with senior management on issues of governance and tone at the top. Those are some avenues where we will consider the amount of AUM.

Q: When will we see revisions to the Advisers Act Advertising Rule, or when will a potential proposal come out?

Diane: It’s always difficult to predict, but I would note that this is not on the Commission short term agenda. I think the earliest you will see it will be late fall.

Q: Will there be consideration of making changes to the rule on past specific recommendations?

Diane: The testimonial rule which was adopted in 1961-1962 is set up so that there are three prohibitions, and then a catch-all anti-fraud provision. We are going to be looking at all of this. We think it is very outdated. The rule has been kept up to date through the work of the Office of the General Counsel and providing no-action letters on a number of these topics, past specific recommendations being one of them. We are taking a top-to-bottom look at the rule, so it is a rather big undertaking for us. But you can get a sense for what is coming in terms of our rulemaking agenda by looking at the Unified Agenda36 which is required by the Regulatory Flexibility Act.

NEP Focus Areas in the Private Fund Arena [1:05:10]

Craig: I gave some thought to what areas I’d look at if I were a private fund CCO. The one issue that stands out head and shoulders above the rest for me, is to make sure that funds aren’t paying or reimbursing expenses that are really the obligation of the adviser to pay. The governing documents are the fund operating agreements and the fund offering memoranda, but I think a good starting point is to think about a private fund as if it were a separate account for a minute. It’s not uncommon for us to see advisers who are having their private funds pay a part of the adviser’s accounting costs or compliance, or sometimes even some of their salaries or rent or overhead. If you wanted an SMA to pay those expenses, you’d have to send them an invoice and tell them to pay 2% of the rent because you’re 2% of AUM, and I think they’d probably send the invoice right back to you. So, you have to think twice when you’re thinking about billing those overhead expenses to the fund, and sometimes it’s helpful to think about it in terms of a separate account. Although in the end, it’s really the disclosures in the operating agreements that they will need to look at more closely.

As we see more and more private equity funds, real estate funds, oil and gas, alternative credit, etc., it’s sometimes common to see advisers who have funds use affiliated service providers, like an administrator, accountant, real estate manager, well operator, or loan servicer. It pays to look really closely at what fees the funds are paying to affiliated service providers and have a really good basis for how that fee would set since it’s really not an arms-length transaction. I think it’s also helpful to look at whether the straight up management fee is calculated correctly. It can be deceptively simple when you

36 See https://www.reginfo.gov/public/do/eAgendaMain?operation=OPERATION_GET_AGENCY_RULE_LIST&currentPub=true&agencyCode=&showStage=active&agencyCd=3235&Image58.x=56&Image58.y=9&Image58=Submit. The Unified Agenda is published in April and in October and it shows all the rules the SEC is working on, what the next stage is, and what the next step is, and when you might expect it.

44

have fees that could be based on, for example, market value versus capital contributions versus amortized costs. The hurdle rate and high-water mark calculations or other waterfalls can be a little tricky, so I would keep good work papers of those and make sure that you understand how those calculations are done.

One other topic to think about is valuation. Obviously, valuation is a big deal when fees are based on the market value of assets or when you’re letting people add or take out money based on NAV. But even if you are more of a closed fund, valuation can still matter for a couple of reasons. One is that if you’re following the annual financial statement audit approach for complying with the Custody Rule, your financial statements have to be prepared in accordance with GAAP, and cost or amortized cost usually is not GAAP. We also see a trend where portfolio managers, they’re ever the optimists about the stocks and the companies that they pick, and confident things are going to turn around at some point. I think it’s real important to make sure that you’re not misrepresenting, somehow to investors by leaving a security at cost, or at last traded price, when really, something’s happened. For example, a downgrade in its creditworthiness, a trading halt, auditor resignations and things like that that make you think a company’s probably lost some value, but that’s not reflected on the books.

Foreign Domicile Advisers

Q: If OCIE were to conduct an exam of a foreign domiciled adviser registered with the SEC, how would the exam be conducted? Would you go on site or would the exam be conducted remotely? How do you choose advisers to be examined that are based overseas?

Kristin: The short answer is that we have the ability to do both, and we have done both. Practically speaking it’s often easier, especially when it is a foreign domiciled registrant, for us to conduct the exam by correspondence. But again, there are situations that we’ve conducted in the last few years where we have travelled to the foreign location to conduct the exam. Whenever we’re doing a foreign domiciled exam we work very closely with our colleagues in the Office of International Affairs, just to ensure that we’re complying with local laws in the jurisdiction that we’re going into.

Foreign advisers are largely chosen the same way that we choose exams of domestic-based advisers. We sometimes have initiatives. One that I’m thinking of is not actually in the IA space, but in our transfer agent program, we did a paying agent initiative where we examined a number of transfer agents that were based in Canada over the last few years. We look at the risk profiles of the firms. There are complexities that may require some additional thought, but we work with other colleagues, such as the International Affairs Office, and other divisions, potentially. We do assess those firms with the same metrics and factors that we would for a domestic domiciled registrant.

Q: Can you discuss the Unibanco No-action Letter37 and its relationship to the foreign adviser exemption? How do you distinguish between when one or the other is appropriate?

Doug: By way of background, Unibanco reflects the staff’s view that the Advisers Act doesn’t apply to foreign adviser dealing with its foreign clients. If you have a U.S. adviser with foreign affiliates, and personnel from those foreign affiliates provide investment advice to U.S. clients, do those foreign affiliates have to register with the SEC? We took the position in the Unibanco line of letters that provided, among other things, that foreign affiliates make certain records available to the SEC; that

37 See https://www.sec.gov/divisions/investment/noaction/1992/uniaodebancos072892.pdf. See also https://www.sec.gov/investment/im-info-2017-03.pdf.

45

foreign affiliates would not need to register, provided that a U.S. registered adviser is registered with the SEC.

The foreign adviser exemption from registration applies to foreign advisers that advise U.S. clients under $150 million. The Unibanco line of letters relies upon there being a registered adviser who is providing advice to U.S. clients, and the foreign adviser exemption says a foreign adviser that has a certain amount of assets under management for U.S. clients need not register with the SEC. Unibanco relates to registered advisers and the foreign adviser exemption would allow certain foreign advisers not to register.

Q: In regard to a sub-adviser to a mutual fund, can you discuss the annual 15C contract removal process? In our case, we as the sub-adviser provide our information to the primary adviser, and then the primary adviser presents it to the board. The primary adviser is pushing back and wants us to restate some responses and present things in a certain way, and we are concerned because we feel that we must own what we provide. Do you have any comments?

Craig: Your sentiment behind this question is correct. Regardless of whether an adviser has a contract directly with the fund or with the fund’s primary adviser, Section 15C applies the same way. That means the board has an obligation to request and review information about the adviser arrangement, and the adviser, including sub-adviser, has a responsibility to provide it. I’ve certainly seen things work both ways in the industry in practice. Sometimes the board will meet face to face with every sub-adviser and get a separate package of information. Other times, they’ll work through the primary adviser. Either way, the sub-adviser is responsible for the information they provide, and does have responsibilities under 15C. Hopefully, that gives the sub-adviser some leverage when they’re dealing with the adviser.

Cross-trades

Q: What is OCIE’s cross-trade focus?

Mark: Basically, when we do examinations and we see that an investment adviser is conducting cross trades between client accounts, or from a mutual fund perspective between a mutual fund and another mutual fund in a 17A-7 transaction, that’s always a part of examination that we review. We have a program that was developed by our Quant team that analyzes basically your trade blotters, and they immediately identify any potential cross transactions. Why do we look at cross transactions? They’re very risky. Number one, the cross transaction has to benefit both clients. One client cannot be harmed within the context of a cross transaction. If it is, you’ve violated your fiduciary duty. Next, we also look to see if the cross transaction is actually an agency cross transaction where it could be a potential principal transaction. We have to look to see if you follow all the necessary requirements in that regard. If not, it could be an issue. From a mutual fund perspective, we do the same thing. The transaction has to benefit both funds. The transaction must be reviewed by the board of directors, the CCO, etc., and the cross should actually fill the same investment objective as the client is being crossed to, or the fund that it’s being crossed to. So, there’s several elements that we’re looking at when we look at potential cross transactions.

Doug: I also want to remind everybody that the Commission has brought at least three enforcement actions involving entities that were relying on the so-called overnight rule, where the adviser to the fund or the advisory client would sell the securities to a broker-dealer who would agree to hold them overnight, and there was an arrangement, explicit or implicit, that the adviser would buy the security back for another client. So, they were doing indirectly what they can’t do directly. That has been a focus of the exam staff in the cross-trading area, to see if there are indirect violations of the prohibitions on affiliated transactions.

46

Rulemaking

Q: Is there some kind of mandate that you have to do a certain number of rules every year?

Diane: Even though it does look like we get paid by the word, no, not exactly. But there are mandates for new rules, and those are the ones that come from Congress. So, we currently have two projects going right now. One was mentioned by Paul Cellupica this morning, and that’s the FAIR Act Rule for investment fund research reports.38 The other one, which is in the omnibus spending bill is a rule to extend to BDCs certain Securities Act Rules that are extended to operating companies through the ‘05 Offering Reform Rules.39 So those are mandated, and we are working on them. The other rules we call discretionary, and they are rules that basically are that the chairman of the SEC as basically our CEO, are policy initiatives that the chairman identifies through discussions with the commissioners, division directors, and the endless line of people who are waiting to get meetings with him to tell him what we should be doing. And so, Paul was going over, basically, those discretionary rules as well. So, all of our rules go through a rigorous process. There’s a rigorous economic analysis that has to accompany each one of them. There has to be a concurrence by the chief economist. There has to be a review by the general counsel’s office for legal sufficiency under the APA. So that’s why it takes a while for you to see these rules. But I just want to remind you that every rule, even one that takes a rule away, requires a rulemaking, with an APA release and everything that goes with it. In my 18 years with the Commission, I have always seen a coy crowded rule-making agenda, and it doesn’t seem to matter, with changes of leadership or leanings of a particular chairman, you’re always going to see a lot of rules on that Unified Agenda.

Crypto currency

Adam: It seems like a lot of the participants in the crypto craze thought that, of value, was that crypto assets are somehow excluded from the generalized regulatory regime. I think the Commission and federal and state regulators have done a pretty good job of making clear that that was a misimpression. Starting with the DAO Report,40 and through at least nine enforcement actions so far, and more recent statements about platforms for trading digital assets potentially being securities exchanges. I think we’ve made clear that the rules generally do apply. So, what does that mean for us? I think what it means is that if you are thinking about whether to advise with respect to crypto assets, you should probably think hard and treat those assets how you think about securities, and whether a security like this would be something you would want to take into your program. I think it’s a good thought experiment if you just replace the word crypto asset or ICO with security. Could you still meet your custody obligations? Liquidity obligations? Valuation obligations? I think when you do that, the best way to handle a lot of these products becomes clearer.

Real Estate Managers

Q: What compliance issues are you seeing in the examinations of real estate mangers?

Ahmed: Beyond what Craig mentioned earlier, in terms of issues in the private fund space, real estate managers pose some specific risks. Some of the ones that we’ve come across are the vertical integration of affiliates; the use of affiliated property managers, development companies, construction or leasing

38 See https://www.sec.gov/news/press-release/2018-92. 39 See https://www.sec.gov/rules/final/33-8591.pdf. 40 See https://www.sec.gov/litigation/investreport/34-81207.pdf. DAO refers to Decentralized Autonomous Organizations which refers to “virtual” organizations embodied in computer code and executed on a distributed ledger or blockchain.

47

organizations that essentially charge back additional costs to the properties, and those are, in some cases, not disclosed, or to the extent they are disclosed, there is some requirement in the offering documents about a market rate analysis to ensure that with the affiliates, that the funds and the properties are being charged appropriately. We’ve seen, often times, firms are unable to substantiate, having done any sort of market-based analysis with respect to the affiliated service providers. Beyond that, frequent disclosure issues continue to arise in terms of allocation of costs of the adviser, whether salaries and expenses or compliance or other related fees that are ambiguous with respect to the offering documents in terms of disclosure. Lastly, as real estate valuation, which is a complex area, and to the extent that properties are being sold from one fund to another, or one investor to another, what sort of risks that valuation poses.

48

PANEL IV. REGULATORY HOT TOPICS41 Panelists:

Dan Kahl, Chief Counsel, National Exam Program (Moderator)

David Bartels, Senior Special Counsel to the Director, Division of Investment Management

Steven Felsenthal, General Counsel & Chief Compliance Officer, Milburn Ridgefield Corp

Ryan Hinson, Regulatory Counsel, National Exam Program, Los Angeles Regional Office

Corey Schuster, Assistant Director, Division of Enforcement, Asset Management Unit

Marshall Sprung, Managing Director & Head of Global Compliance, Blackstone

David: Custody: From the IM perspective, the topic that people have been talking a lot about lately in

the custody space relates to the guidance update that the staff issued in early 2017.42 That guidance

update primarily was addressed at situations where an adviser becomes aware that a custody

agreement between a client and a custodian gives it broader access to client assets than it would have

under the advisory agreement. The update suggested that in those situations the adviser may want to

seek a written acknowledgement from the custodian and the client that access to those assets would be

limited. The update also contains language that talked about the scope of the exclusion from the

Custody Rule for trading authority, and suggested that the scope of that exclusion may be limited to

securities that settle on a delivery versus payment (DVP) basis. On both points, I think it’s generated a

lot of discussion. A lot of people have come back to us with feedback and questions. I think part of that

feedback has been that folks historically haven’t necessarily viewed those two areas as being subject to

the Custody Rule. We’ve been engaging a lot over the last few months, and trying to understand

particular dimensions of that, and thinking about whether there’s anything more that should be said to

help clarify the guidance. We’re moving at a deliberate pace with that because we want to be careful

and get the answers right. We wouldn’t want to put something out that raises more questions or has

unintended consequences. In particular, when I think about the non-DVP space, obviously there’s

variation there between derivatives and bank loans and private fund interests. We want to be sure we

really understand the dimensions of that. Bigger picture, I’d say, regardless of whether you’re in the

Custody Rule, it is important that you have robust controls to prevent, or designed reasonably to

prevent misappropriation of client assets. So regardless of the specifics, I’m sure you’re all thinking

about what those controls look like and testing them, because guarding against misappropriation is an

important investor protection.

41 Time 1:25:45 Webcast Part II. 42 See https://www.sec.gov/investment/im-guidance-2017-01.pdf.

49

Dan: Custody is a fertile ground for OCIE. It is at times a complicated rule. Not just the inadvertent

custody issues, but lots of other custody issues. Ryan, what is your experience on custody?

Ryan: I think custody is a very important rule. It’s one of the proactive rules that the examiners have in

order to help ensure that customer assets are being protected and safeguarded. So, the examiners do

spend a lot of time focusing on custody to ensure that folks who do have custody of client assets are

actually taking the necessary procedures in order to safeguard them. IM has done a great job of putting

out guidance when they have it available. And yet we still see some recurring themes that come up

during reviews of custody. I think it’s broken down in four groups of violations that come up.

1. Failure to recognize that an adviser has custody of client assets. These come up where, for

example, powers of attorney may not be recognized as having custody of client assets, or having

check-writing authority; situations where, in addition to serving as an investment adviser, may

have some sort of a business function for a client, and may have the ability to write checks for

that client. That could rise to the level of having custody. Also, having password access could, in

some instances, provide the adviser with custody of client assets.

2. Inadequate surprise examination. We see these things come up routinely, and can occur from

a. Not being done in a timely manner

b. All the necessary information is not being provided to the accountant so that they can

conduct a full and complete surprise examination

c. The surprise examinations are not even being done on a surprise basis. We can give

examples of this, where we went out to a firm and they had had not complied with their

custody obligations by getting a surprise exam. We informed them of this, and they

contacted their accountant to conduct a “surprise exam” the following week. They then

filed a form ADV-E the next day. Clearly, that raises a lot of concerns.

d. Inadequacy of the audit. Folks need to recognize that the audit for private funds is

actually not necessarily the compliance with the safekeeping requirement, it’s an

exception to the custody rule. So, what we’re seeing is that sometimes, the audits are

too late. They’re either not being done in a timely manner or they’re not being sent out

to the clients in a timely manner. Some instances, the audits need to be GAAP

compliant, and if they are qualified opinions, then they would not be GAAP compliant.

So, occasionally we see that the audits are qualified opinions.

On the theme of audits of private funds, In Form ADV, there is a section where you’re providing enough

information about your private funds, and there’s usually an indication where you’ll say whether the

audit has been completed or has not yet been completed. Generally, your ADV is due before the timing

of the audits are due to your clients. So often times you’ll see that the firms are filing their ADV with the

indication that the audits have not yet been completed. There’s still an obligation that once the audits

are completed and have been provided to your clients, that you need to update your ADV. We are

seeing that firms are not updating this information in their ADV until their next annual filing or next

interim filing. But there’s an obligation that the firms update their ADV to indicate that the audits have

been completed once it has been completed and been provided to your clients.

Dan: Steven, from your perspective, what are your thoughts regarding the Custody Rule?

Steven: The way I approach the Custody Rule is break it down into component parts. I created a chart

where I break down and try to think of every possible custody relationship, and I list them all. Then, I

50

break down each column as a different aspect of the Custody Rule. The first one being: is this even an

advisory client? The second one being: do we arguably have custody? The third one being: is there an

exemption? And each column addresses, a surprise exam, or whatever it might be for each thing. And

then you address each component part. If you think about the Custody Rule as a holistic exercise, you’re

going to miss things. So, my suggestion is to break it down for each thing, and then you can address each

component part, and make sure, were the financials delivered in time? It also serves well for your

annual review, where you’re reviewing every component part of the Custody Rule, which also ties into

many other things.

You can approach the Custody Rule in many ways. The FAQ43 for the Custody Rule says that there’s no

minimum number of investors you need to have in an investment vehicle in order to be a pooled

vehicle. So, I’m thinking that perhaps even a one-investor vehicle would need to comply with everything

an audited vehicle would need to comply with in order to avail itself of an exemption. So, as many

private fund advisers are structuring even a managed account as a vehicle because of limited liability,

you may be able to avail yourself of that exemption. Proactively discuss your issues with the staff.

Business Continuity Plans [1:45:30]

Dan: David, is there an update on the rule that was proposed44 by the Commission regarding Business

Continuity Plans?

David: Yes, the rule was proposed in mid-2016. The proposal would have added a new Advisers Act Rule

2644. Under the rule there would have been an explicit requirement to adopt a written Business

Continuity Plan that addressed certain identified areas. We’ve had some questions recently about the

status of that rule partly because of the way it was reflected in the most recent Regulatory Flexibility

Agenda where it was not identified as an area of current work. I would say all I would take from the

Regulatory Flexibility Agenda is that we have limited resources. We’ve made a real attempt with that

agenda to make it reflect a realistic list of what we can work on in the allotted time. So, it reflects

prioritization of those resources. I’d also just note that obviously the Commission has spoken on

Business Continuity Plans before. When the Compliance Program Rule was adopted in around 2003,

Business Continuity Plans were identified as an area that compliance policies and procedures may need

to cover if it’s relevant to the adviser. The 2016 proposal also recognized that many advisers were taking

prudent steps as part of normal business practices to address business continuity. Also in 2016, the

Division issued a guidance update that talked about factors that funds and fund advisers may want to

consider when reviewing their Business Continuity Plans. So, I wouldn’t take from the Regulatory

Flexibility Agenda that this isn’t an area that we won’t revisit in the future, but just that it’s not one

that’s a priority at the moment.

In connection with the hurricanes that came through late last summer, one of the things that the

Division and other divisions did to try to be proactive was to issue some relief related to filing and

delivery of disclosure documents.

Dan: Ryan, what is OCIE’s perspective?

43 See https://www.sec.gov/divisions/investment/custody_faq_030510.htm. 44 See https://www.sec.gov/rules/proposed/2016/ia-4439.pdf.

51

Ryan: In the aftermath of Harvey and Katrina, OCIE actually reached out to several firms that had been

impacted by the hurricanes. I think that the interaction that the firms had with the SEC was very

positive. Firms were generally very welcoming of the staff coming in. The exam teams had recognized

that this tragedy actually had profoundly impacted people not just on a professional level but also on a

personal level. So, this was not an attempt to get you on the “aha, got you” moment. It was more that

we were generally concerned, when these types of issues happen it’s always a good thing to take a step

back and to find out what was working, what was not working, and what can we learn going forward?

What we found was very encouraging. In 2012 following Hurricane Sandy, the Commission had put out

some guidance through an NEP Risk Alert in 201345 that had highlighted some of the issues that had

been seen, what the key takeaways were and what folks should be doing going forward. I think that

people had generally taken that information and applied it. The lessons that were learned were actually

implemented and that was a very encouraging thing.

Most of the firms that we saw had off-site offices that were geographically far away that weren’t

impacted by the flooding or the outages of power and things of that nature. Client information

appeared to be protected and accessible to clients, and generally, customer assets appeared to be safe. I

think what some of the key takeaways were that planning for your Business Continuity Plans and testing

them is very important. I think that some people in the industry can attest to that.

Marshall: Picking up on what Ryan said, I really think of this as a business issue and not a compliance

issue. It’s certainly true that there is a component of 206(4)-7 that talks about Business Continuity Plans,

so I’m happy to have this on my plate, among other things. But what I try to do is convince the business

that they should be very concerned about the ability to conduct that business when the situation is dire.

It could be in terms of a cyber-attack, it could be a terrorist attack, but the business will want to keep

running and want to preserve client assets, and want to be able to perform as many of the core

functions as can be done. Given the scope of Blackstone, we have spent a lot of time over the past

couple of years really focusing on this. Some key components, one being a Business Impact Analysis,

which is taking a look at the different components of our business and understanding if there is an

event, a business disruption, what are the core functions that need to be stood up to function even in

that environment? So, we look at our key business lines, all of our key operational functions, and that

helps frame the scope of the overall Business Continuity Plan for the firm, and then we have sub-plans

for each of the business units that are specific to their needs and their operations. Then you look at

what infrastructure needs to be established. We have a Crisis Communications Team; we have a Crisis

Management Plan, thinking about when a crisis occurs, which leaders are going to be tapped to run that

process, and how we are going to communicate with the staff, with our limited partners, and among

leadership to make sure that we have these functions in place to preserve the business.

Another key aspect that Ryan mentioned is testing. Certainly, there are real world events in New York

over the past five years where we’ve had some limited testing in terms of our remote access and ability

for people to continue to work who cannot actually get to our headquarters. But really, it’s tabletop

exercises. We toggle between cyber events and more real-world events, like a terrorist event or fire in

the building. You may get a little pushback from senior leadership. They want to be investing the LP

assets and don’t want to be sitting around a table. But within five minutes I found them to be very

engaged in the exercise because they understand and appreciate the value of dealing with these issues:

45 See https://www.sec.gov/about/offices/ocie/business-continuity-plans-risk-alert.pdf.

52

do we know who to call? Do we know who to notify? How do we manage through a ransom-ware

attack? Putting the business plan through its paces, there have always been great takeaways that we

can then implement. The last piece is making sure somebody owns those takeaways and can shore up

the plan so that if that real-world event happens, you’re as prepared as you can be.

Dan: Steven do you have a perspective from a smaller firm point of view?

Steven: No matter what firm size, it’s the same approach. It also ties in very nicely to cyber security.

First, look and figure out what your key functions are. What can’t you do business without? Make sure

those are the things that are going to continue to operate and that you have a plan to operate those key

functions. I think the proposed rule is worth a read, even though it’s not final because it really spells out

the key steps that you’re expected to have and to be considering, and it’s very good insight and

guidance, and a useful compliance and business function.

Finally, I’m no longer skeptical about tabletop exercises. I think in an emergency situation, you sit down,

nobody remembers what the policy said, and it’s not the time to take it out and start reading it. I can’t

stress that enough. You could do it however you think is effective, but I think sitting down and saying,

“This is what happened. What are we going to do?” and just making an automatic reaction so you know

exactly what to do in that situation.

Ryan: One thing to add from an exam perspective is when you actually do the testing of your Business

Continuity Plans, it’s a good idea to document those tests. Because it’s one thing to actually do them,

but when the examiners come out to your firms and ask you questions about what you’re doing to test

for certain events, without any documentation it’s hard to say what you did.

Initial Coin Offerings and Crypto Currency [1:57:30]

Corey: We’ve seen a lot of growth in the ICO crypto currency space over the last couple of years. With

that growth, we’ve seen advances in technology and benefits and growth associated with that. But

we’ve also had certain risks, some of which are familiar, and there are some uncertainties out there. And

if there was any uncertainty as to whether crypto currencies, digital assets, ICOs, etc., were subject to

the Federal Securities laws, the DAO Report46 resolved that uncertainty. For those not familiar with it,

the DAO report, which is a 21(a) report, was issues by the Commission. A 21(a) report is not a finding of

violations, but it is a publication of information concerning an investigation, here, DAO. DAO was an

entity that was put together by a German corporation and issued initial coin offerings during the May

and June 2016. The commission determined through this 21(a) Report that, based on these facts and

circumstances, the DAO tokens were in fact securities under the law. They used the familiar test when

looking at investment contracts to determine whether these tokens were in fact, securities, commonly

referred to as the Howey test [a reference to W.J. Howey Co., 328 U.S. 293, 301 (1946]. They looked at

whether there was an investment of money in a common enterprise with a reasonable expectation of

profits, and whether those profits were to be derived from the efforts of others. Here, the investment

was capital of a crypto currency; the DAO was the common enterprise; and it was clearly a for-profit

entity—the DAO would be investing in projects that would then hopefully turn out to provide a return

and profits for the token holders. It was basically being run by certain managers who were involved in

the selection of proposals, and the token holders had limited rights and voting rights as far as that goes.

46 See https://www.sec.gov/litigation/investreport/34-81207.pdf.

53

So, the key takeaway is that structuring an offering to involve digital instruments or distribute ledger or

blockchain technology does not remove the security from the purview of the Federal Securities laws.

Since this report, you likely have seen Enforcement active in this area. There have been a number of

cases out there involving offering frauds. For example, there was CTR, a token case, where the

complaint was filed last week,47 there was the PlexCorps case,48 and the REcoin case.49 And it’s not just

been limited to offering fraud. There was the Munchee matter back in December of 2017,50 which

involved a sale of tokens, the Munchee tokens. These were also unregistered securities without a valid

exemption, and so that was a Section 5 violation [of the Securities Act of 1933].

In the asset management space, we’re certainly vigilant as well. With respect to pooled investment

vehicles, raising capital via ICOs, we have concern about offering fraud. Also, not registering these

tokens when they’re being sold, so, fraud and Section 5 violations. In the traditional fund space, in funds

investing in crypto currencies and similar digital assets, we’re concerned about whether the appropriate

disclosures are being made. Those include: disclosing risks, liquidity concerns, valuation, the style of

investments, and changes to investment styles. Those are some of the concerns in Enforcement, and, in

particular, in the Asset Management space, that we have.

Dan: David, let’s switch to the Division of Investment Management, because the Division issued a

letter,51 specifically regarding registered funds, but some of the issues raised are applicable generally to

crypto in the adviser space as well.

David: I’m sure many of you saw on the news last year there were a number of sponsors who were

interested in registering either mutual funds or ETFs that would hold substantial amounts of either

crypto currency or crypto currency related investments. As we looked at those, we realized that there

were some basic questions about how those funds were going to comply with the 1940 Act, and the

rules under the Act. Instead of trying to deal with that sponsor-by-sponsor, through the registration

process, we thought it was a better process to make those questions available broadly in a transparent

way, and really invite everyone who has an interest into a dialogue. So, the letter that Dan mentioned

from January was designed to get those questions out for anybody who had an interest, and Cory

previewed some of these areas. Those questions focused on valuation; liquidity; custody, particularly for

holding physical crypto currency; and arbitrage for ETFs, and the potential for manipulation and fraud in

the underlying assets. So, these are questions that were meant to prompt a dialogue. We’ve started to

get some feedback which is very helpful. We look forward to more.

Some of the considerations in that letter are worth looking at even if you’re not thinking about a fund

that’s going to focus primarily on crypto currency. For instance, for a registered fund that is thinking

about having a smaller part of its assets invested in, for example, a non-registered trust that may be

holding Bitcoin where you’re looking for some amount of crypto currency exposure, you really want to

plan ahead for that, and think about things like valuation. For instance, one thing you may not anticipate

47 See https://www.sec.gov/litigation/complaints/2018/comp-pr2018-53.pdf. 48 See https://www.sec.gov/litigation/complaints/2018/comp24079.pdf. 49 See https://www.sec.gov/litigation/complaints/2017/comp-pr2017-185.pdf. 50 See https://www.sec.gov/litigation/admin/2017/33-10445.pdf. The SEC determined that Mun tokens were securities applying an investment contract analysis and should have been sold pursuant to a registration statement. 51 See https://www.sec.gov/divisions/investment/noaction/2018/cryptocurrency-011818.htm.

54

is what if the underlying crypto currency experiences a fork, and that were to lead to a distribution that

the fund would be entitled to. You would want to think about questions like, when would you recognize

the receivable? How would you value the receivable? So, it’s a plan ahead situation.

Outside of the registered fund space, advisers could still be thinking about some of those issues,

including custody. Custody is an area where I think a lot of people are debating what the controls

around custody and crypto assets should look like, and I don’t know that a clear answer has emerged

yet.

Dan: Steven and Marshall, what are the issues you’re dealing with in crypto in your own shops?

Marshall: Primarily for us, and what I’ve seen our peers struggling with is how to deal with crypto

currency in terms of the Code of Ethics. Rule 204A-1, we’ve seen some guidance from the Commission

that in some instances we are dealing with securities. So, the question becomes how, if at all, you reflect

this in your Code of Ethics? Our sense is that the Commission will want to see some acknowledgement

of that in the Code of Ethics. But to what extent? If we’re dealing with a pure currency, that may not be

something that falls under the definition of security, that needs to be reflected. But if you’re dealing

with a token, it likely does. Then you have reporting, and in the case of ICOs you have pre-clearance

issues. I think firms are really grappling with this and trying to figure out what the Commission’s

expectations are. It really is on a spectrum from some firms saying they won’t deal with it and wait for

guidance, and others saying that if they are securities we are going to deal with them under our Code of

Ethics and either require reporting or all the way to pre-clearance. It’s more acute for those firms that

trade in these instruments of course because then the conflicts are more acute. So, you also have to

asses that for purposes of your own firm, and how critical it is that the Code of Ethics captures digital

currency.

Steven: Aside from all these issues on how we test and whether it’s a security or not, you also want to

be concerned in terms of Code of Ethics in terms of other things, personal trading, and you want to be

aware of conflicts. If your firm is trading these types of things or trading similar things, I wanted to get

more information up front as opposed to waiting and seeing because my approach is from a compliance

perspective. The more I know, the better I can understand what is going on. First thing I did was spoke

to our research group and our other people who might be involved in looking at new things. In terms of

personal trading, I chose, although it may not have been necessary, to treat ICOs like I treat IPOs. So just

like the rule requires pre-approval. As far as crypto currency, it depends how it works, and you have to

understand exactly how it works. Sometimes you buy into these things and there’s an enterprise, and all

the things we mentioned before about the Howey Test. Some crypto currencies may clearly be

securities, and some crypto currencies may be commodities, as the CFTC indicates they might be, and

some just may be a currency, and some may just be frauds. So, I erred on the side of requiring reporting

of transaction in crypto currencies. I’m not sure what exactly I’m doing with it yet, but I want to be

aware of it.

Regarding custody, one thing specifically to think about needing a qualified custodian and how that

works. So, you need to determine how custody works in this case, and that might be rather difficult. The

qualified custodian probably needs to hold the key as well as the wallet. On a practical level, you’re

risking perhaps having a lot of information out there with a third party. So, there are risks in terms of

losing assets; also hacking and things that to consider.

55

On the valuation side, you have to address it in your policy specifically because there are a lot of issues

that are unique to it. Some things to think about are that a lot of crypto currencies may trade on

multiple exchanges. So, where are you going to get a price from and when going to get a price, because

these things can trade at all sorts of hours. So, with things like this, I think the more specific you get in

your valuation policies the better, because you’re not guessing and you’re not going to be subject to all

these side decisions that people are going to make without consulting you on it. So, I think better to

address it up front. The last issue you have to deal with that I was thinking about, is there’s been a lot of

suspensions of trading of these things on the “exchanges” they trade on. So, in your valuation policy,

you have to address with how you’re going to deal with when there’s a suspension. That may be

different than if there’s a suspension in, say, regular stock trading.

Dan: Ryan, what are some perspectives from OCIE?

Ryan: In the fiscal year 2018 priorities that were published earlier this year, it was noted that priorities

were going to include crypto currency, blockchains, initial coin offerings and distributed ledgers. More

and more firms are getting involved in it. OCIE is going to be doing an initiative to look at these assets.

From this perspective, the initiative’s goal is basically to identify how prevalent it is in the industry. So,

don’t be surprised if you’re getting examined, you’re going to get questions about whether you’re

engaged in crypto assets in your trading strategies, or if you have any plans to do so. In terms of the sale

practice of these assets, if they are determined to be securities then they will absolutely be examining

them for regulatory compliance as well.

Whistleblowing [2:14:30]

Corey: The Whistleblower Program was created in response to Dodd-Frank requirements, and it

provides an incentive for individuals to report alleged misconduct to the SEC, and in return, eligible

whistleblowers can receive amounts ranging from 10 to 30 percent of awards if the information they

provided led to, or contributed significantly to a successful enforcement action where the monetary

sanctions exceed $1 million. There’s certain mitigating factors, or negative factors that can decrease or

increase that depending on the type of information provided. This has been a successful program, I

would say. We’ve received tips from across the nation and across the world. To date, the Commission

has ordered sanctions in excess of $1 billion in response to whistleblower complaints. Whistleblowers

themselves have received collectively awards in excess of $260 million, $83 million of which was

awarded just last month.52 It’s certainly a source of information that the Division of Enforcement uses

and that the Commission values. A couple things to note:

Anti-Retaliation Protection: There are anti-retaliation provisions within Dodd-Frank. One of which is

held by the Commission itself that the Division of Enforcement enforces. It brought several anti-

retaliation actions. There also is within Dodd-Frank a private right of action that allows eligible

whistleblowers to seek a private action against anybody who retaliates against them for reporting

misconduct to the SEC.

Supreme Court Decision: Recently, you may be aware of the recent Supreme Court decision53 In Digital

Realty that put some sort of parameters around who is eligible for these anti-retaliation provisions. The

52 See https://www.sec.gov/rules/other/2018/34-82897.pdf. 53 See https://www.supremecourt.gov/opinions/17pdf/16-1276_b0nd.pdf.

56

Supreme Court determined that the whistleblower must actually report the misconduct to the

Commission. There was some ambiguity and a split in the circuits before that. We think a natural impact

of that is that we’ll be receiving whistleblower complaints perhaps before any internal reports are

provided to you if they occur or at the same time. So, firms should be aware that the Supreme Court

decision may have an impact on how information is reported to the Commission and when.

Dan: I think the interaction of the Whistleblower Program and internal compliance raises some

interesting questions. There are also the general legal requirements that the whistleblower rules require

registrants to adhere to. Steven, what is your perspective on whistleblower?

Steven: This whole Digital Realty case I find troubling. I think it’s a little bit of a competition. Firms have

to make clear to their personnel: We sent notices and amended all our agreements and policies, and

spread it around to past employees also. Make sure they know that they can go directly to the SEC. No

matter what you say anywhere else, it’s important to make that 100 percent clear. That’s an important

part of any policy in this area. That said, that doesn’t mean that you can’t also have a great system for

them to report internally. And the better your system, the more likely they are to report it internally,

and then you can deal with it. But you’re a little bit in competition, because the SEC is handing $83

million to three people in March and that’s hard to compete with, and you’re probably not going to pay

that much. So, you want to make it as easy for people to report internally as possible, and you want to

have a way they can report anonymously.

Marshall: I really see two dimensions here. One is that your agreements do not in any way restrict

employees from accessing the SEC. You need to be doing an inventory of all possible places where that

restriction could live. It could live in confidentiality agreements, it could live in severance agreements, it

can live in potentially places where you may not think it can. You want to cast a wide net and look for

places where that kind of language may exist, and then address it. That’s one dimension. The other, to

Steven’s point, is making sure that your program is robust because clearly the incentives are strong, now

with the Supreme Court decision perhaps stronger, for folk to go right to the SEC. But you also have

employees who want to do the right thing, and who hopefully want to see the organization correct

itself. So, if you establish that culture, and if you let people know it’s a safe space in which to report any

possible wrongdoing or issues, you can still have them come to you before they’re reaching to the SEC.

So, it really is those two dimensions, from a compliance perspective, that I think you should focus on.

GDPR [2:20:50]

Dan: In terms of GDPR, Marshall and Steve, what are some highlights of the challenges that firms might

be facing that they may not be suspecting?

Marshall: I think GDPR, which is coming to effect on May 25th, is a massive data privacy regulation. It’s

the most substantial in a generation. It may be easy at first blush to say that it doesn’t have any impact

on you as a U.S. firm. But if you have any touch points with Europe, certainly, if you have any

fundraising, any vendors, and clearly, any employees that happen to be in Europe, this is an issue and it

needs attention. It’s quite sweeping in terms of the requirements for you to be protecting the data of

European individuals; it imposes new requirements about the deletion of that information, as well. We

have spent months scoping this regulation and making sure that we’re prepared as of May 25th to

implement everything from employees to vendors to our LPs, policies and procedures, technology, HR,

etc. It literally is every aspect of our firm.

57

Steven: Even if you don’t have any presence in Europe and you once interviewed for a position that you

were thinking about establishing in Europe and you had those resumes, you’re caught. So, even a

remote connection to the E.U. implicates GDPR, so you really need to think about it, and there’s a lot to

do. There are industry groups that are getting together trying to create some sort of approach that

many will be able to help each other out, especially some of the smaller firms who don’t have the

resources to address some of this. It is also very broad, it counts as confidential or private information

things that we in the U.S. didn’t necessarily think about as private information. Even if you get it from

the internet, it could be private information.

Correcting Custody Violations

Dan: We have time for one question, and that will be for Ryan about custody. If a CCO discovers a

custody violation, and subsequently corrects, would the firm be penalized if it was discovered in a

subsequent exam by the SEC?

Ryan: It depends on the type of violation, and whether this is something that the examiners were forced

to independently identify themselves, or this was something that was disclosed to the staff upon coming

into the firm. I think if the examiners had noted the deficiency themselves, you can expect to see that in

a deficiency letter. Our goal is not to penalize people for having open conversations with the exam staff.

If this is something where the exam staff has come in and you told us about it, you identified it, and you

fixed it, what that tells us is that your compliance program is working. We like to see that you’re

identifying risks and you’re addressing the concerns, and if there’s an issue that has been noted, that

you’re taking the steps to actually fix it. We don’t penalize people for actually doing the right thing. But

if the examiners have to come in and you’re not open and honest with the staff about it, and the staff is

forced to find this issue themselves, then I think you can expect to see that in a deficiency letter.

58

PANEL V. CYBERSECURITY54

Panelists:

David Joire, Senior Special Counsel, Division of Investment Management, Chief Counsel’s Office (Moderator)

Keith Cassidy, Associate Director, National Exam Program, Technology Controls Program (TCP)

Robert Cohen, Chief, Division of Enforcement, Cyber Unit

Shamoil Shipchandler, Regional Director, Fort Worth Regional Office

Steven Yadegari, Chief Operating Officer & General Counsel, Cramer Rosenthal McGlynn LLC

David: In case you didn’t know, the SEC has a Cyber Security Spotlight page,55 and materials that are placed

on that spotlight page are helpful to registrants in case you want to know what the SEC is doing in

connection with the rules and regulations, enforcement actions, and also information for investors.

I’m going to open up with a broad question. What do you think is the biggest cybersecurity challenge that

is impacting registrants today?

Shamoil: I think we can go a lot of different directions on the risks. We can talk about tangible risks, such

as ransom ware, that are faced. I step back from that and I look at it more in terms of as things happen

across the industries, where do I see the most problems coming up? For me, when I look at it from a

regional perspective, the risk that I see is more based on what employees are doing with information and

cybersecurity information within their own places. You can read all the headlines that talk about hackers

from all kinds of different countries that are able to access systems. But I think understated within that,

because it doesn’t draw as much in the way of headlines, are what individuals are doing that have

legitimate access to information, but then through either carelessness or negligence, or just not really

thinking about security, what they do with that with respect to the cybersecurity of a company. You can

see those risks go over and over and build upon themselves, because everybody takes just one risk. You

think about that and analogize that to all the people within your entity, you can see exactly how that risk

can be so significant. We do it all the time with ourselves. We make choices every day that allow us to

prioritize convenience over privacy.

Steven: I think Shamoil explained it very well. Four or five years ago, cybersecurity wasn’t really a topic

we were talking about, certainly not to the same extent and depth that we are today. I find that as CCOs,

as people who are in the compliance area, over the last few years we’ve been spending a lot of time really

learning something a few years ago we did not have that much information. It’s requiring CCOs to really

pick up some technical skills, some know how, some other information that may not be something you

54 Time 2:26:30 Webcast Part II. 55 See https://www.sec.gov/spotlight/cybersecurity.

59

learned, whether you went to law school or in a compliance program. Keeping up with the sheer changes

as we progress and are depending more on technology, we’re seeing a scope of items that we have to

consider and deal with in our day-to-day compliance programs which are increasingly shifting, and our

attention and resources are shifting to this area that probably outpaces any other area in compliance over

the last couple of years.

David: Your relationship inside your firm, what is the dialogue, for instance, between the compliance and

the operations in connection with technology? Does that mean that the CCO needs to be conversant in

technology?

Steven: I think there’s no question that a CCO today needs to have much more knowledge and specific

understanding of technology and the issues that relate to cybersecurity in particular. We’re going to go

through some specific examples during the course of this panel, but when you think about a starting point

as a CCO and how you should be considering how to approach this area, I think one of the first things that

can be effective is to just conduct some sort of inventory of the data that you have. The information, the

vendors you’re working with, and what types of technology information does each one of them touch

with respect to either your business or your clients, and your processes. As a CCO, I think it’s incumbent

upon us to take a leadership role in helping to guide and develop some of these discussions. Even if you

specifically don’t have a lot of the technical expertise yourself, our role is more of being a facilitator

identifying issues, and coming up with a plan for addressing all of them with your colleagues and across

your firm.

Robert: Just by way of analogy, the Commission put out guidance for issuers about making cyber security

disclosure decisions.56 That’s not directly on point here, but I think a principle in that guidance is, which is

that issuers should be focused on cybersecurity as a likely material event for the company, and whatever

disclosure controls the company has in place for material issues like revenue, costs, legal development,

and that those controls should also apply to cybersecurity issues, so that if the issuer has a material event

involving cybersecurity, it gets reported up for a disclosure decision the same way anything else would. I

would suggest the same principle would apply here. Whatever controls and policies and procedures you

have in place on the key aspects of your business, I think you should ask whether events involving

cybersecurity would be captured by those controls. It doesn’t dictate what the answer should be about

how you handle it, or what the cybersecurity control should be, but if you ask yourself will our processes

capture those events if they happen at our firm, and the answer is no, then you probably have a problem.

Again, that’s not saying what level of control you should have for cybersecurity, but it suggests it’s not

getting the attention and the resources that maybe it should.

David: CCOs are generally responsible, or at least the program should be responsible for overseeing the

service providers. What level of oversight do you think is adequate in connection with cybersecurity?

Steven: I think it is CCO who is really facilitating a lot of these discussions, and is ultimately responsible

for the compliance program. I think it starts with development of appropriate policies and procedures,

and recognizes that, like any other area of your business, when you’re thinking about your policies and

procedures, you have to think about exactly what you’re doing as an adviser. So, unfortunately there isn’t

a one size fits all template that works in this area, just like there isn’t one that work in pretty much any

other area of our businesses. If you have, let’s say, a lot of processes that you are running internally at

56 See https://www.sec.gov/rules/interp/2018/33-10459.pdf.

60

your firm: you happen to have your operations function, your reconciliation function, all the data resides

within you servers and within your shop. Your compliance policies and procedures pertaining to cyber

security will look a lot different than an adviser who may be relying upon a third-party service provider to

perform those same types of functions. And your level of review, and, frankly, the type of skill set that’s

really required or the job description changes when you begin to outsource information, or when you

begin to rely on others to do things. That seems to be an increasing trend in our industry where the shift

is as the data begins to move out of our offices, and we’re relying more and increasingly on third parties

to do some of the functions that maybe traditionally were handled in-house. The focus on our oversight

of people like vendors and others who are touching and storing and using this information becomes more

critical. I think there’s a number of things you can do to guard against that and show that you’re continuing

with the appropriate policies and procedures in place.

Shamoil: As we look at it, the policies and procedures are your initial step. But testing those things and

making sure they work and making sure they’re effective, and then consistently having that review process

is equally important. Because then you’ll be able to uncover and determine whether or not what you have

is adequate, whether it’s addressing the potential problems, and then it allows you the basis to have a

conversation and let you develop those policies and procedures more effectively over time.

David: In speaking of policies and procedures, OCIE has issued a fair amount of Risk Alerts which are on

the Spotlight Page,57 and certain firms apparently use that as a baseline or as a minimum. Should it be

regarded as a minimum? Is it just as easy to include in your compliance policies and procedures sort of a

check the box list?

Shamoil: If we as government were to tell you something like, “here’s a list of 12 things that you can do,”

and if you do those 12 things, everything will go perfectly, the problem is that that it doesn’t work very

well like that. Our checklists, anything that we create and anything we demand of an industry to do has

its costs. And those costs tend to flow down to investors, to shareholders, to the people that our mission

requires us to protect. So, we’re very mindful of the collateral consequences of requiring people to do

certain things, so we don’t speak in that way. Instead, what we do is we speak in the form of palliative

options. The orders we put out, the Risk Alerts that we put out, the information that we have on our

website, are all means by which people are engaging cybersecurity protections over a whole variety of

methods. When you look at those things, and you look at all the different ways in which we have said

these are important or interesting or effective, you can make the independent business judgment as to

which ones apply for your particular place with your particular structures, your number of people, and

your systems. But that critical element is applying your business judgment to understanding what the

world is around you. So, it’s okay for you to look around and say, “that part of what the Commission said

doesn’t apply to us.” But the corresponding question is, “why?” and are you applying business judgment

to that, and are you saying this is the appropriate thing for our particular business and we’ve given it this

kind of thought. That having been said, I think Keith has made the point that there are six core areas where

everything falls that are a good place to focus on.

Keith: For background, the Technology Controls Program, TCP, performs three functions within OCIE.

We’re primarily focused on technology and control exams of Regulation Systems Compliance and Integrity

57 See supra footnote 55. OCIE Cybersecurity Risk Alerts can be found under the heading: SEC Resources>Investment Advisers/Investment Companies>Assessing Market Participant Readiness.

61

(SCI) entities, which are sort of the critical infrastructure, exchanges, transfer agents, clearing agencies,

etc. Even for those SCI entities, we have 22 domains that we look at and Regulation SCI has much more

specific requirements for those entities. But even for them, it’s not a checklist. The expectation is that the

entities are tailoring their controls and their policies and procedures to the entity. But when we look at

the Risk Alert, there are six areas:

1. Governance and risk assessment

2. Access rights and controls

3. Data loss prevention

4. Vendor management

5. Training

6. Instrument response

Those are certainly important areas to be thinking about, and as you’re looking at whatever process you

have, if you’re not hitting those, I think it’s definitely worth looking deeper into that.

David: Steven, how have you used the Risk Alerts in your firm?

Steven: I think any guidance that comes from the Commission is really helpful in terms of just

benchmarking your own program and understanding where the Commission feels there are important

issues that need to be addressed. It can be through a Risk Alert, or sometimes we like to take a look at

examination letters as well when they’re in circulation. We ask ourselves how we would respond to those

items. What would we produce if the SEC were to come in and conduct an inspection the next day? How

would we be able to show that we have information or policies and procedures that would meet their

expectations in this particular area? So, I think all of that type of guidance is very useful in that fashion.

But more importantly, when you do adopt policies and procedures, they have to be, not only tailored to

your business, but ones that you can live up to. It’s easy to come up with a policies and procedures that

sound great, and you think will please your clients or regulators, but it’s really important that it’s realistic

that you can abide by and demonstrate compliance with, while also showing that it’s reasonably designed

to prevent the types of violation that cause the policies and procedures to come in place in the first

instance.

The other area, when it comes to cybersecurity specifically where you have to be careful is there’s

increasing use of remote systems and remote access. There are some firms that will have a set of policies

and procedures which they’ve implemented at home or in their offices, but it doesn’t always carry over

into things like their virtual networks, or if you have a remote desktop. The same rules and applications

or protections that you’ve written into your policies for use in the office may not also apply when you’re

accessing the systems elsewhere. So, consistency between office and remote access is important and

could cause some problems if it’s not the same level of sufficiency between the two.

The final thing I would mention, is that the engagement of senior management is really important, so they

have an understanding of these different areas and what the risk points for your particular firm. One thing

we’ve done at our shop that I think has been very effective over the last year is conduct table top exercises,

where we’ll simulate a cyber crisis and come up with a fact pattern and just get the right people in the

room: the senior executives of the firm, IT, marketing, and depending on the fact pattern you might need

people from your operations team or accounting team, and compliance. You should talk through, as the

facts unfold, who is responsible for what item. Where do you report? What are your responsibilities with

62

respect to clients? So that if you ever find yourself in a specific situation, everyone has a sense, at least,

of what to do. Obviously, it’s going to be different when it’s a real emergency, but at least you’ve gone

through a rehearsal of some of the things people need to think about, and it’s very effective in making it

a little more real for senior people around the firm.

Shamoil: There’s a healthy element of common sense with this, also. The danger of using anything coming

from the government as a ceiling instead of a floor is that that’s not really how the plaintiff’s bar thinks.

There’s a continuing standard of care that evolves over time as more and more people get more and more

sophisticated in terms of the controls that they have and how they handle cybersecurity, and that

standard of care changes. So, you have to adapt and change and stay abreast of what’s going on as well.

Regulators always lag a little bit behind on that, because we have to think about how it applies to an

industry at large, but you have the ability to take a look at your competitors, at the people around you,

and decide whether what you’re doing matches the people around you. Because that’s how a creative

plaintiff’s lawyer is going to think about it, in the even that you suffer a cybersecurity incident.

Steven: Two other things I should mention in terms of what you could do specifically at your firms. Two

years ago, we started specific IT and cybersecurity-related training. We’re fortunate enough to have a

chief information security officer at our firm, and I was more than happy to delegate the responsibility for

developing and conducting the training to that individual. He did it in small groups and went through a lot

of the different things that have caused other firms difficulty and trouble, and just help raise awareness.

We supplemented that with penetration testing, where you actually tried to bait your employees to do

something wrong, in terms of maybe click on something they shouldn’t click on. We all get those

messages, or phishing expeditions that could lead to real problems. As Shamoil said, at the outset, your

biggest risk is really internal. It also caused us to look at user access and rights. So, we made some

modifications with respect to what kind of information people can take off of our systems, whether it’s

forwarding it by email to a Gmail account, for example, or loading a lot of information onto a thumbnail

drive. All things that would seem to be appropriate. Then, you take the results of all these different things

and you can make a better assessment as to where your particular vulnerabilities may exist, and to try to

take steps of the course of the next year or so to try to address those particular areas and help increase

awareness around the firm.

David: Would the staff take issue or recommend enforcement to a firm that had a cyber breach, reported

such breach as required by state law, but did not notify the staff?

Robert: When it comes to enforcement decisions on cybersecurity matters, starting with, what are the

rules that apply? For the regulated industry, two of the main rules are the Safeguards Rule, Reg S-P, and

the Identity Theft Control Rule, Reg S-ID. Essentially, those require reasonable policies and procedures to

protect your customer information and to guard against identity theft. When it comes to an enforcement

decision on a cybersecurity breach, certainly, notifying the Commission is a real positive thing to do, and

something that we consider. It doesn’t determine whether or not there’s a violation, but it can affect or

influence how the Commission decides to exercise its discretion. So, our analysis starts with, is there a

violation? So, reporting to the Commission, unless you’re an SCI entity that has a requirement to report,

it’s not necessarily all that determinative as to whether there’s a violation. The violation is more about

whether you had reasonably designed policies and procedures to protect your customer information. If

the answer is no, then you’re in the realm of whether we should recommend enforcement action. That’s

where things like remediation and reporting and handling things the right way are things that really work

63

in your favor. Again, backing up a bit, one of the key things we do when we approach cybersecurity

incidents and decide how to deal with it from day one and whether we open an investigation or not, we

work very closely with the examination staff. Generally, it usually makes sense for the examination staff

to take the lead. It is easier for the Commission, easier for you, for us to get the information we need, to

do that through the examination process. If there’s a potential violation there, having the exam staff go

in first does not in any way limit our ability in enforcement to do what we might need to do. In fact, it

helps it because usually we can get more information on a faster time frame than if we just start the

investigation by sending a document demand. The type of case where we’re more likely to take the lead

in enforcement is if we have an indication that the reason for the intrusions to get non-public information

to use for trading. So there still can be and often is a strong examination interest and the exam team will

still play a role, but if somebody’s stealing that information to go trade, that’s more of a core enforcement

interest, and there’s more stuff for us to do as quickly as we can on that type of case. So, when it comes

to looking at when there is enforcement interest on cybersecurity breaches, its starting with what does

the exam staff see, and importantly, how reasonable were the controls in place, and how responsible was

the company both in how it set up its controls before there was a problem, and then how did they deal

with it after.

Shamoil: We’re mindful about how strange this is. The way we’re set up is that you guys are the front lines

of most of the cyberattacks that are out there. You guys are the ones that see it first. Law enforcement

can find it from different means but you guys are really the conduit of information. So, we’re very mindful

of the fact that we’re trying to encourage communication with you, talk to you, and learn from you at the

same time, and that if we bring our enforcement arm to every single situation out there, that chills that

communication. We don’t want that to happen. So normally, the discretion we exercise region by region

is we’ll open up the cases within our region, we’ll look at those cases, and we’ll investigate those cases.

We take a little bit of a different approach with respect to cyber cases. There’s nobody more thoughtful

at the Commission than Rob. So, what we do is we centralize this at the Commission level. If we’re thinking

about a cyber case in Fort Worth, we’re looking at it through a headquarters lens, we’re providing that

information to headquarters so that headquarters can make an assessment as to whether or not this is

something we need to apply resources to, looking at things from a national level, a perspective that I don’t

necessarily have. So, all of the information we have coming across the country informs our decision as to

whether or not we want to approach this from an examination perspective, or we need to do it from an

enforcement perspective, and we try and do so in a thoughtful manner by making sure that we’re not

simultaneously trying to gather and share information with you, trying to make it to the point that you

don’t want to communicate back with us.

The second piece is on the reporting issue. There are 49 states that have some form of data notification

law in the event of a cyber breach. We’re going to find out about it in some way, shape or form. Because

even if you don’t provide the information to us we have all kinds of different sources of information. We

can do it from media reports; or potential victims will contact us directly. We receive tons of information

from all kinds of different sources. So, throw the element of common sense in there, as well. If you’re

notifying a regulator, then it’s probably a prudent idea to notify us as well, because the information is

going to be public sooner rather than later, and you can probably get ahead of it and have some benefit

inured to you by letting us know rather than trying to maintain it as completely quiet.

Robert: To add to that point, we really do view this through a lens of reasonableness. Cybersecurity control

cases is not a category of cases where we expect to bring dozens and dozens of cases a year, and if you

64

look at what we publicize, it’s not like insider trading or market manipulation, or ICOs. There certainly

have been cases and there probably will be cases if a firm has egregiously poor controls and does not

handle the risk well and does not handle an incident well, of course there’s likely to be an enforcement

case there. Trying to hide the incident or hide what happened is not going to make that better. It’s not

going to change the underlying facts, and as Shamoil says, it’s probably not going to keep us from finding

out about it one day. So, trying to keep bad facts from us probably is not the best strategy long-term.

Along those lines, another point I wanted to mention, is the question of how do you interact with law

enforcement, and how does that implicate your SEC obligations? We hear this a lot. We work very closely

with all the relevant law enforcement entities you would think of. We work very closely with the FBI, the

Department of Justice, National Security Division, CCIPS, which is the division in DOJ that works on

computer and intellectual property crime, we work with the Secret Service, etc. Some of these

relationships are very traditional for the SEC, like working with the FBI. Some of them are not as

traditional, and we’ve been working very hard to build these up. Our ability to work well with the law

enforcement authorities who would handle it if you reported an intrusion is very strong. And, if anything,

we’re trying to make it better. You can trust that we’re used to talking to each other and that we’re

working together on cases and we know the issues. So, when it comes to a decision about reporting—

reporting to a state, reporting to law enforcement, reporting to the SEC—if there’s a concern about talking

to the SEC while you’re talking to another authority, that’s something we handle almost every day. So, it’s

really not something that should inhibit your willingness to report a problem.

Keith: From the TCP perspective, and others can disagree if this is not the case, if you’re experiencing an

ongoing cyber incident, our first priority is going to ensure that we either eliminate or mitigate that

incident. So, before we think about anything else, we’re tied into the Treasury and the financial banking

information infrastructure committees request for technical assistance process. So, if you are

experiencing an ongoing intrusion, that’s going to be our first priority.

Shamoil: The FBI, if you read their public commentary, if you hear them talk about this area, and especially

the agents that are on the ground, they share the same idea, which is that they want to disseminate as

much information out to the public as they can. The FBI has an InfraGard program.58 I think it’s now

nationally centered. That’s their way of pushing out information about ongoing cyber threats. All you need

to do is sign up, and then you’ll get an email that basically talks about different cyber threats that they’re

identifying. So, the FBI essentially serves as a conduit of information. It’s always a good practice to make

contact with your local FBI and local Secret Service and let them know if there’s any information they can

share about threats around the region or what they’re seeing, you’re happy to receive those things.

Steven: This is an area that’s a little bit more of a struggle for people in the industry because we’re in a

position where we’re actually also victims of bad acts, where people try to infiltrate our systems. In the

case of the FBI, sometimes it’s critically important you get in touch with them right away. Particularly if,

let’s say, you’ve sent a wire based on a fraudulent email. You see these emails to chief financial offers all

the time, and they appear to be coming from a CEO, or somebody with authority to give an instruction,

and somebody takes the bait, sends out a very large wire in error, finds out it was a terrible mistake.

Contacting someone like the FBI would be very important at that moment. But I guess the question is

58 See https://www.fbi.gov/about/partnerships/infragard.

65

where you have paid attention to some of the things we’re talking about here on this panel, and

notwithstanding your very good efforts, reasonable efforts, you still find yourself in this type of situation

where data has been stolen; there’s been a breach or infiltration. How does the Commission think about

that, and what can you tell us in the industry with respect to the approach, given the fact that we’re really

looking for some help, too, to try to correct an unfortunate situation?

Robert: That’s a really important point, and it applies to a lot of different areas, not just cybersecurity.

Really any policies and procedures requirement, which is, again, from the enforcement perspective, the

violation is the lack of reasonable policies and procedures. The violation is not the incident. So that can

work in both ways. You can have a horrible incident, but no violation, because you had reasonable policies

and procedures. But the standard is not perfection. So, the fact of there being an incident does not mean

that there’s a violation. It goes the other way, too. You can have a violation and just have gotten lucky

that you haven’t had an incident yet. So, just because you haven’t had an incident is not an excuse to have

weak controls. So, our focus is on what’s the quality of the controls, and I can assure you, we’ve seen

plenty of cases, not just in the cybersecurity area but in lots of other areas, where the requirement is

reasonably designed policies and procedures, where something went wrong, but when either the exam

staff goes and looks or we go and look, we say, “they did a pretty good job, they got unlucky.” The hard

part of communicating that message is you don’t really see those. You only see the cases we bring. You

don’t see the cases we don’t open. You don’t see the cases we stop early in the investigation. You don’t

see the cases we investigate pretty fully and decide to close, unless you’re the firm. That’s not public.

One of the ways we measure if there’s good controls is when something happens and we go into a firm.

The good situations are when the firm says, “Okay, here’s our program. Here’s what we do, here’s who’s

responsible, here’s our game plan for when there’s an incident, and here’s how we followed it.

Unfortunately, something really awful happened. But here’s why it got through our controls, and here’s

how we handled it afterwards.” The more problematic firms are when we go in and ask, “Okay, show me

your controls,” and they say, “We’ll get back to you.” That suggests there’s a problem. We’re very mindful

of who the victim is, and the fact that something happens, does not necessarily prove there’s a weakness.

Obviously, if there’s a problem, it could be an indication that there’s a weakness, but it doesn’t prove it.

Keith: I’d agree with that. I want to point out, not endorsing any standards, but if you look at NIST, they

talk about, “Identify, protect, detect, respond, recover.” Half of those five envision that there’s going to

be some sort of an incident, and what you do after. I think most cyber practitioners out there need to

expect that there’s going to be some intrusion eventually. It’s just about what sort of controls you have in

place to deal with it thereafter.

David: In connection with the cybersecurity event, are there any means for registrants to obtain threat

information? In other words, get the information before a cyber event actually occurs?

Steven: I think there’s a couple ways. There is a government entity, called the National Cyber Awareness

System at US-CERT (United States Computer Emergency Readiness Team).59 It will have an inventory of

different risks and threats that it’s aware of, so that if there is an actual threat there will be a publication.

And many times, they’re publishing multiple alerts during the course of a month that could be very useful

in terms of being aware of the threats that exist out there. So, if you were running certain IT processes

and systems in your own shop, it’s something that IT should be aware of. If you’re relying on vendors in

59 See https://www.us-cert.gov/.

66

any way, shape, or form, it’s something that may be worth asking them about, how they’re looking into

this area. I think a second way is when you work with vendors who have some responsibility around

cybersecurity with your firm. Many of them will push out alerts and should have a system in place so that

they’re implementing patches and other fixes as alerts become known to the industry. This way, you’re

gaining that protection immediately before it could also threaten your firm, as well.

Shamoil: I think that’s a good point on the forensic providers. One of the things that you find when a cyber

incident occurs is that really good places have relationships in place to make sure that their response to

that is very efficient and very quick. So, setting up the relationships with outside counsel and with forensic

providers before you have the occasion to need their services is really important. And a corollary benefit

for that is whenever you do work with a law firm, they’re going to push a whole bunch of information to

you about stuff that’s going on as part of their own client development practices, and forensics providers

do that the same way. So, your benefit is that, one, you have an established relationship. Two, you have

entities that are familiar enough with your systems so that they can come in and act a little more quickly.

Last, they’re giving you information that you can make real-time use of. So, all of these things are ways in

which you can maximize your dollar.

Robert: To me, that really highlights the benefit of the table top exercise. Not saying what’s required or

what isn’t required, but through the table top exercise, you go through the process of, “what would we

do if something happened despite our controls?” And you’ll go through the exercise of, “Okay, do we have

relationships, do we know who to call?” If, in the beginning state of the table top exercise, you spend an

hour thinking about who you should call, that shows room for improvement. The table top exercise shows

you where you have that weakness. And so, you have those relationships in advance, and you have figured

out in advance what you’re going to need to do and who you need to have relationships with.

David: Do any of you have any views on cyber insurance? There’s a lot of discussion on cyber insurance

and whether it’s really useful or whether an adviser should obtain any, and what it can actually cover.

Steven: I think it’s becoming increasingly common for firms to acquire some form of cyber insurance. I can

tell you that in due diligence meetings that I’ve been involved with at our firm, we’re asked the question

about cyber insurance with far more frequency today than as recently as a year or so ago. I can’t say that

there’s necessarily an expectation, but it definitely seems to be trending that way, that clients, as part of

your overall cyber security program, they want to at least see that you’ve thought about it, or that you

can address exactly what you would do in these types of situations. The same caveats that would apply to

any insurance policy would apply here. The scope; any limitations; exclusions; and very importantly,

reporting requirements that may apply to actually getting the benefits of the policy itself must be carefully

reviewed if that’s something you decide would be appropriate for your firm.

Shamoil: Cyber insurance is a hard one because insurance policies are complicated, and cyber insurance

policies, because they deal with a whole host of things that we may never have seen before, are also

enormously complicated. One thing that’s neat about even making contact with an insurance company

about the product is that they will oftentimes look at your systems and identify risks in order to quote you

an appropriate price for your policy. So, it’s almost like free intelligence and diligence as to what your

system looks like before you even have to commit to it. But the other thing to think about is, even as you

exercise a little bit of skepticism with your own insurance policy, and you think about what the risks are

and whether this will cover everything, exercise that same amount of skepticism with third parties who

you do business with as well. Sometimes they’re tell you as a marketing feature that they have cyber

67

insurance, but you’ll also want to understand what that covers in the event that they suffer an incident,

because sometimes it may not cover what you think it will or the stuff that’s going to help make you

whole.

Robert: I think that point brings up knowing your systems and knowing your risks: what does the map of

your system looks like? Where are the risks? And where is the most sensitive vulnerable information

stored? Not that you necessarily need to know that, as long as you know who in your firm knows it. That’s

something that’s come up in matters; the first questions we might ask are to show us the map of your

systems and where your most sensitive information is. When people have trouble answering those

questions, that’s pretty important.

68

PANEL VI. OBSERVATIONS ON WAYS TO IMPROVE COMPLIANCE60

Panelists:

Donna Esau, Associate Regional Director, National Exam Program, Atlanta Regional Office (Moderator)

Marshall Gandy, Associate Regional Director, National Exam Program, Fort Worth Regional Office

Martin Kimel, Senior Special Counsel, Division of Investment Management, Enforcement Liaison Office

Joseph McGill, Chief Compliance Officer, Lord Abbett & Co LLC

Brendan McGlynn, Assistant Director, Division of Enforcement, Asset Management Unit, Philadelphia Regional Office

Observations on Investment Adviser Compliance

Donna: Marshall, do you want to talk about exam findings and some of the observations you’ve had?

Marshall: Sure, I’m going to talk about how as a CCO, to structure a good compliance program. To think about that, you have to look at what the rule tells you. Rule 206(4)-7 requires each adviser to designate a CCO responsible for administrating its compliance policies and procedures. An adviser CCO should be competent and knowledgeable regarding the Advisers Act and empowered with the full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. The CCO should also have a position of sufficient seniority and authority within the organization to compel others, including the officers of the adviser, to adhere to the compliance policies and procedures of the firm. Finally, the CCO should have adequate resources to fully implement the adviser’s compliance policies and procedures.

In 2012, when I had the privilege of coming back to the Commission from FINRA and overseeing the compliance program, I had a speech that I would give to regulated entities. It was called “Staying Out of Trouble with the SEC.” While I felt that was a clever title, I realized that it wasn’t a good message to send to regulated firms. Staying out of trouble should be the floor for a successful compliance program. That’s a threshold that may be sufficient for your firm, but let me suggest, as a regulator, it’s not really where you should be. You should reach for the ceiling in your firm, and that ceiling is not staying out of trouble. That ceiling is bounded in ethical behavior that you as a compliance officer and a compliance program pervades throughout the entirety of your firm. Not to keep you out of trouble with the SEC, FINRA, and state and other regulators, but to help you keep the clients that you have and attract new clients, because your compliance program is bounded in ethical behavior.

Last year, in the Fort Worth regional office, 50 percent of our exams found deficiencies in the area of compliance programs. And these aren’t just foot faults. Sometimes, the most glaring area that we find is that a firm’s policies and procedures are off the shelf, standardized policies and procedures that they have gotten from somewhere else that are not in compliance with the Advisers Act, do not reflect and

60 Time 3:10:00 on Webcast Part II.

69

are not tailored for the business model of the firm. Your compliance policies and procedures should be tailored for the business model of your firm.

If the exam team goes in and asks for your policies and procedures and you have an off the shelf policies manual that says, “these are the polices of blank firm,” and the blank isn’t filled in, guess what, your policies and procedures have not been tailored to the business model of your firm. In OCIE, we talk in terms of red flags: It is a huge red flag that your policies and procedures have not been tailored, because nobody even bothered to fill in the blank. We can argue and discuss and have different opinions on how a firm might reach and structure a compliance program for success. As a regulator, I’m going to have certain views, and as a CCO, you’re going to have certain views that are bound by your business model, by the size of your firm, and by the products that you offer. We can’t tell you, as a regulator, here are the checkboxes for which you could be guaranteed to have a successful compliance program. We can offer you our ideas, and our template for what we think is a successful program, and then you have to design that compliance program along with your business operations to be successful with your own firm. But let me suggest a few things to you that we find often when we go and examine firms. In my opinion:

- Compliance programs need to be able to have complete access to the C-Suite. - A compliance officer needs to report directly to the CEO of the firm. - Compliance programs need to be independent of any other area of the firm. - Compliance programs need to be autonomous. - Compliance officers need to wear that one and only hat. Compliance officers should not also be

general counsel, COO, etc., especially that of a selling adviser. - Compliance programs should have a complete line of sight into all of the business operations of

the firm. That is, a compliance officer should serve on the due diligence committee, the management committee, the compensation committee, and the investment committee, etc.

- A compliance officer ought to have sufficient resources to do his or her job.

Donna: Joseph, can you talk about some of your observations; trends that you’re aware of; and any suggested best practices that you might have for other advisers?

Joseph: In terms of trends and observations, I would refer back to a CCO survey that was conducted in July of 2017. In that survey, they noted that 50 percent of CCO budgets are flat or going to be reduced for the coming year. Taking that into consideration, you also have to balance the fact that you have shareholder requirements, board requirements, and regulatory requirements. So, you’ve got to really do more in an environment that doesn’t really give you the ability to have additional resources. That being said, what I’ve tried to do at our firm, is try to partner with the business to areas with existing resources that are imbedded within the business. So, we’ve worked with the market risk team. We wanted to get additional analysis for attributions, so they’re able to provide us with Sharpe ratios, beta ratios, tracking errors so we could look at the marketing materials and make sure it’s reflective of what we’re doing on a day-to-day basis. I think that was a very good tool for us at Lord Abbett.

Another area that is just leveraging off the business, there are counterparty tools that were available within the market risk teams. So, any time there’s an alert relative to one of our top ten broker dealers or counterparties, we were able to get alerts immediately. So, as a second line of defense it’s a great avenue to have to be able to check what those entities are doing.

On the technology side, we’ve been working with our technology team to look at workflow products from test management. So, we can look at any given moment at all our different filings that have to be made. If they’re not made, we get an alert that goes to the Chief Compliance Officer or the manager,

70

notifying them that this did not occur. We can also separate from the annual reviews, and we can also separate it from CFTC, NFA, broker-dealer, all the different annual review requirements in our day-to-day tasks.

Also, a workflow product for trade errors. Oftentimes when you’re at a busy firm, there’s trade errors that’ll occur, and you don’t want them to slip through the cracks by having a workflow tool that you can automatically assign a number to a particular person who is responsible for that trade error, and then track it, and make sure you get the requisite signatures. Also, making sure that your clients are actually getting paid on time.

We also look for technology for guests and entertainment reporting, political contributions, and also, as a repository for our policies and procedures as a control standpoint.

In addition, they’ve also helped us with some basic macros that help us to look at reports. If we want to look at our top ten brokers; CDS spreads; ratings, if there’s upgrade or downgrade over a forensic period of time, it really helps to have the tools with the technology team.

So, we’re able to do certain things within the business without applying additional costs. If the business is going to grow, compliance has to grow along with the business. We’ve opened up some offices in Europe, and as a result, how do we keep track of foreign ownership limits? How do we keep track of all the marketing in all the different jurisdictions that are responsible for marketing? The business agreed with us that we needed additional tools. We partnered with a law firm and we have exact access at any given moment with the marketing regulations or the foreign ownership limits of different jurisdictions, and that’s been helpful.

Another tool that we’re looking for is insider trading. As the SEC has gotten better tools for examining their unique product, we’ve looked at different vendors for insider trading, and we’re close to pulling the trigger on a vendor, but it’s helpful to keep in mind that not just insider trading, but if a portfolio manager is right 80 percent of the time, you probably have an issue. Looking at probability statistics, that’s a great tool to have. Generally, they’re only right about 55 to 60 percent of the time. So, if you have a number of about 80 to 85 percent, you probably have some type of leakage occurring there.

Lastly, the liquidity rule. We’re involved from the government’s perspective with writing the policy and procedures without counterparties in the legal department. Market Risk is actively involved in it, so they also provide additional tools for us and different service providers. We’re acting as a second line of defense. But there are some additional costs, but generally, we’ve kept our budget in line with the business side as it grows, by looking at internal resources for our compliance program.

Donna: Can you speak about some of the best practices that you’ve instituted as it relates to educating and monitoring staff, and overseeing supervised individuals?

Joseph: One of the areas is training. We’re a fairly decent size; assets close to $160 billion, and we have a little over 800 employees. It’s really hard to do training for every single employee face to face, whether it’s HR, front administration, or operations. So, we’ve incorporated computer-based training to ensure that there’s basic instruction and compliance instructions that are going out to all employees. It’s sort of supplements the culture of compliance within our organization.

Marshall: Joe, do the officers of the firm, are they required to do the compliance training also?

Joe: Yes, and we’ll send them updates when they’re behind. For instance, if someone hasn’t completed their quarterly 17-J1 signoffs, it’ll go to the board, whether it’s the chief executive officer or a low-level employee.

71

Donna: Can you speak to the top three areas of importance, as you see it, for compliance?

Joe: For an active management firm I would say insider trading is one the bigger areas, because you’ve got so many people that interact, whether it’s with your expert networks, or dealing with company management, or dealing with sell-side firms, in order to monitor their activities, I think you need better tools when it comes to insider trading. Just getting a forensic tool from Market Watch or Yahoo Finance to following day is really not good enough in looking at your trading. So I think surveillance and monitoring is very important, especially when it comes to insider trading.

The other area I think that’s critically important is enterprise risk management. Having an engaged CEO who takes responsibility. The tone at the top really does mean something, and not just the CEO, but all of the management team. Making sure that whenever a risk is identified that there’s cross-functional reviews that are involved from other aspects of the business.

Finally, that there’s somebody who takes authority, someone who’s responsible for ensuring that that risk is marginalized on a collective basis.

Martin: I have a question for Marshall. Isn’t it the case that one size doesn’t fit all? I understand what you’re saying about the importance of direct reporting and all that, but it seems to me that different firms can arrange things in different ways, and they can still have effective compliance.

Marshall: I totally agree. The SEC can offer a palate of things that are suggestions that we think might make a successful compliance program, and then each individual firm has to choose from that palate as to what fits their firm and what fits their business model. There is no one size fits all, and there is no template that the SEC, or any regulator that I’m aware of, requires for a successful compliance program.

Donna: I would add to that, I think depending on who you talk to, we’re all on the same page, and I think we do approach it a little differently sometimes. There’s a balance there. But at the end of the day, I take the approach that the firms know their business better than I know their business. I come out there, I have staff that come out there, we talk with you, look at your books and records and try to understand what you’re doing. But in my view, you know your firm. You know where the weaknesses are, you know where the strengths exist, and you are in the best position to decide what needs to happen at your firm. You are in the best position to determine what policies and procedures you need to adopt. In my view, when you don’t fulfil that obligation, that’s when we have a problem. Because one thing we do see a lot, particularly in the Atlanta region, we have a lot of small firms, and they have a lot of challenges in trying to comply with the Advisers Act. It can be onerous for a very small firm. So, there’s a lot of nuances in that process, as I see it.

Recent Enforcement Cases Impacting Firm’s Compliance [3:33:50]

Marshall: Martin, let me read a question that I know you’re going to touch on. What action can a compliance officer take to protect against prosecution, especially when advising the firm on complex issues?

Brendan: It’s a very rare occasion that we will bring a case against the CCO. We take a very measured approach when we evaluate such a charge, and we take it very seriously. We’ll bring those charges, most of the time, when the CCO is actually involved in the conduct. Usually small firms, they wear multiple hats., and usually the conduct is completely unrelated to their compliance function. And other times they’re actively involved in obfuscating or misleading the staff. And then the other one that I guess makes people a little nervous, is the complete breakdown of compliance failures. That’s a pretty

72

rare instance. An example of a case is the Southwind case.61 In that case, the firm was found to have violated numerous provisions of the Advisers Act, including the Custody, Compliance, and Safeguards Rules. Each of these violations had been previously identified to the CCO. Years earlier, Southwind’s compliance consultant had notified them of this issue as well. But, to put some flesh on the bones here, they: failed to have a surprise examinations of client funds in custody, failed to ensure distribution of audit financials, or audits performed by an independent auditor, failed to make and keep electronic communications, did not adopt policies and procedures reasonably designed to prevent violations of the Advisers Act, failed to conduct annual reviews, failed to adopt policies and procedures to safeguard client record and information. On top of that, they misled their compliance consultant, and they also withheld information from OCIE. So, that’s a good example of some of the egregious circumstances when there is CCO liability.

Martin: I can add a couple of thoughts, which is, I think it’s been said in earlier panels, that the SEC is not out to play “gotcha.” So, if a compliance person is acting diligently, if the CCO, or whoever it is, is educating themselves on the various issues and acting in good faith and making a judgment in a complex area of the law, I mean, it’s possible that we on the SEC staff might come to a different conclusion, but I think under those circumstances, at most, it would be more of a deficiency letter item, as opposed to an enforcement case. I really can’t think of any enforcement cases where someone acting in good faith, who took reasonable steps to be educated on whatever the issues were came out with a decision that maybe we didn’t agree with, and we brought an enforcement action as a result.

Donna: I remember one instance where we had an action that actually involved a CCO. But what happened there was a huge misappropriation. There were many, many, many red flags where he had not taken action in the best interest of the clients. Client funds were misappropriated by another individual associated with the firm, there were several private offerings involved, and this gentleman had taken no action, none. He didn’t have any insight as to what they were invested in; he helped facilitate the transfer from client accounts over to this individual. It was pretty egregious, and a lot of people lost a lot of money. And this individual was the one person who really had an opportunity to do something to stop the transactions, and to stop the bad conduct, and he took no action. So, we did take an action against him, and I think he was barred from the industry. But it’s very, very rare. I’ve been with the SEC over 20 years. I think that’s the only instance that I am personally aware of.

Martin: There’s a recent case from last February which involved cherry picking. There, the CEO of the firm was allocating favorable trades from an anonymous account to himself, and the not so favorable trades to the clients, and his brother was the CCO. This is a litigated matter in federal court, and the Commission alleged that CCO acted in an extremely reckless manner. For example, he was required under the firm’s policies and procedures to review and monitor the firm’s trading practices, and he was supposed to make sure that they were fair and equitable, and he just never did the review. The Commission said in the complaint that he essentially did nothing to ensure that the trading policies and procedures were followed other than occasionally spot-checking trade paperwork on his brother’s desk, while repeatedly ignoring numerous red flags. That’s another example of charging a CCO, but again, the language in the complaint is very, very strong and very unusual; it was basically a wholesale abdication of his responsibilities.

Donna: Brendan and Marty, can you speak a little bit more about what you consider areas of importance or some additional enforcement cases?

61 See supra footnote 5.

73

Share Class Enforcement Cases

Brendan: I want to highlight some of the takeaways from the recent share class selection cases that were field last Friday against Securities America Advisers,62 Geneos Wealth Management,63 and PNC Investments,64 and then if I have the time, to talk about some other compliance breakdowns that arose out of some other enforcement actions that we filed recently.

At this point, share class disclosure has been touched upon throughout the day, and I don’t want to beat a dead horse too badly. But I think there’s some good things that come out of these cases that are worth mentioning. In the orders in those cases, they found that the firms failed to explicitly disclose that they had an actual conflict by the virtue of the receipt of additional compensation for investing in 12b-1 shares when a less expensive share class was available from the same fund. And in touching on the same issue that was brought up earlier today is that each of these firms did have the “may” language, in terms of they “may” receive 12b-1 fees, and this was determined to be inaccurate, because they did in fact select 12b-1 shares when lower cost shares were available.

Another wrinkle that came out of two of these cases was failure to disclose additional compensation from third parties to the firms that incentivized the firms to select certain investments over others. In Geneos, for example, the firm entered into revenue-sharing agreements in which the brokers agreed to share fees with Geneos when the firm purchased specified mutual funds covered under the agreement as opposed to any other fund out there.

Similarly, PNC entered into market support agreements with certain fund complexes in which the fund complexes agreed to compensate PNC based on the amount that PNC invested in funds that charged only 12b-1 fees. In both instances, the firms failed to disclose the conflict generated by the economic incentive to invest in higher cost share classes that were either subject to the market support agreements or the revenue sharing agreements.

Orphan Account Enforcement

Another issue that was brought up today that was touched upon and arose out of these cases as well that’s worth mentioning is that PNC had various investment advisory representatives leave the firm over a several year-period, and left numerous accounts without an assigned IAR. They continued to charge advisory fees to these so-called orphan accounts for a significant period. The order found that PNC acted negligently by failing to implement procedures reasonably designed to ensure that accounts would be assigned a new IAR after a new period of time and that they would not be charged advisory fees absent receiving advisory services. I think this was the first time the Commission has ever brought an action under those circumstances.

Failure to Update Form ADV Part 2

The last issue that’s worth highlighting relates to the remedial steps that were taken by Geneos after being notified of its deficient disclosures. It updated its wrap-fee brochures relating to its share class selection practices, including its fees and fee schedules. However, when updating the ADV Part 2, which requires the annual update, it failed to include in its summary of material changes that it had updated its brochures, and that was a problem.

62 See https://www.sec.gov/litigation/admin/2018/ia-4876.pdf. 63 See https://www.sec.gov/litigation/admin/2018/34-83003.pdf. 64 See https://www.sec.gov/litigation/admin/2018/34-83004.pdf.

74

Takeaways

There are key takeaways from these cases. Firms need to identify the conflicts of interest early, eliminate or mitigate the conflict. If not, you need to disclose the conflicts so fiduciaries can evaluate it themselves. The CCO, as was mentioned earlier here, needs to develop policies and procedures to address conflicts and tailor to their business model. As is mentioned here today, you need to ensure that you update your material changes to your ADV as required. Finally, make sure if you promise to provide IARs as part of your advisory services and the IAR leaves, you need to have a mechanism in place to protect against charging advisory fees and to otherwise ensure assets are not at risk.

Additional Enforcement Conduct

Brendan: Some other conduct that arose out of recent enforcement cases that’s worth mentioning.

Failing to monitor advisory accounts for “reverse churning,” where a client is charged a wrap fee or fixed advisory fee that covers all advisory services and trading costs even though the client trades infrequently.

Failing to establish policies and procedures for a wrap fee program to determine commissions that clients were being charged when the supervisors traded away from the firm.

Violating Rule 30A of Regulation S-P, otherwise known as the Safeguards Rule, which requires a registered investment adviser to adopt written policies and procedures reasonably designed to protect customers’ records and information. In a recent matter, a firm was found to have stored sensitive personally identifiable information of clients and other persons on a third-party hosted web server. The firm failed to adopt any written policies and procedures reasonably designed to protect the information from anticipated threats or unauthorized access.

In the registered fund space, an adviser improperly fair-valued securities held by registered funds it managed which in turn led to incorrect asset values for the fund, and then to compound the problem, when the sought to remediate it, they failed to file their NAV error correction procedures, which ended up being a windfall for some of the customers paying distribution-related expenses with fund assets outside of a 12(b)(1) plan.

In the private fund space in a recent case, it was found that the fund was using fund assets to pay advisers for services provided to a portfolio company on an undisclosed basis, failure to offset fees from a portfolio company against management fee, and using fund assets to pay salaries that are adviser employees disguised as consultants.

Martin: The compliance rule 206(4)-7 requires you to adopt and implement policies and procedures reasonably designed to prevent violations of the Advisers Act or the rules under the Advisers Act. The case that I mentioned before, which was the cherry-picking case, was called Strong Investment Management65 it was just filed this past February. That’s a case where the firm did have policies and procedures, but the CCO just disregarded them (that is what the Commission alleged).

Another example of an implementation problem is a case that settled last December, called Brahman.66 That case involved safeguarding confidential information of the firm. There was a senior analyst who was dating, and then subsequently married a woman who was starting her own hedge fund advisory firm. He was emailing her information that included things like investment theses, some position

65 See https://www.sec.gov/litigation/complaints/2018/comp24054.pdf. 66 See https://www.sec.gov/litigation/admin/2017/ia-4819.pdf.

75

information, ideas and analyses. The firm did have policies and procedures, but they really weren’t effectively implemented. About a year after he started this emailing, they discovered what was going on, and they spoke with the analyst, and they asked him not to disclose confidential information to this woman. They decided they were going to monitor his email, which was part of their policies and procedures, but they didn’t do a very good job of it, and they didn’t realize that he was emailing things to his home email account, which was against firm policies, and then subsequently emailing it from his home email account, his personal email account, to this other person. They got married during this course of conduct, and the firm granted an exemption from their personal trading rules which prohibited employees or their spouses from trading individual securities, conditioned on there being a monthly review by a law firm of his spouse’s hedge fund portfolio. And even though the law firm did the reviews and detected that there was a substantial overlap in the positions of the two advisers’ hedge funds, they didn’t really take any action for about a year. So, my takeaway is you have to implement your policies and procedures; when you have red flags, you have to be vigilant. Putting safeguards in place, like the law firm review, but then not paying attention to what they’re reporting, is empty actions.

An example of inadequate policies and procedures are in a case called Train, Babcock67 from last December and that dealt with safeguarding client assets and the Custody Rules. In there, there were two principals of the firm who, over a 12-year period, in two different schemes, misappropriated about $10 million from two clients and the firm’s IAR served as trustees with the ability to affect transactions in certain client accounts, which therefore meant that the adviser had custody over those accounts for purposes of the Custody Rule. Despite this, the firm failed to obtain surprise exams for several years, and they had an off the shelf compliance manual that wasn’t tailored with respect to safeguarding client assets. So, because there was a specific risk here, which is that the IARs having the ability to affect transactions in these trust accounts of clients, and the firm’s policies and procedures did not cover that. There were also repeated failures and implementation problems, and after the problems arose, the firm did not go back and revisit the policies and procedures, which it really should have done once it was on notice that there were problems there. As a result, the adviser was charged with violating the anti-fraud provisions of Sections 206(1) and 206(2) of the Advisers Act, and Rule 10b-5. The firm had to disgorge all of the advisory fees that it had received from the one client it hadn’t already made whole, which was a pretty stiff disgorgement, and they also had to pay a penalty of over $1.3 million. In that case, the CCO was not charged.

Questions for Panel [3:56:15]

Q: If the CEO is not in agreement with the CCO’s concerns, and you don’t contact the SEC but make notes to file, does this cover you at a later date?

Marshall: This is the same question that we addressed a few minutes ago. Is there any template that we can give to completely insulate you from liability? There just really isn’t. But Joe, for example, expressed it as best as you can. Joe is trying to do his job in all good faith. If you are bounded in your compliance program by ethical behavior—your own ethical behavior—then, for all intents and purposes, you’re going to avoid any direct liability. Are there ways to set that up? In a company that has a board of directors, maybe insist that only discipline can be handed out to a CCO by the audit committee, or by members of the board of directors, or if there’s not a board of directors, a manager’s committee, not just one person, if you’re disagreeing with a CEO. But there is no perfect template that we can give you to avoid liability.

67 See https://www.sec.gov/litigation/admin/2017/34-82399.pdf.

76

Donna: I definitely agree. I don’t think we can specifically outline the path to prevent any potential liability you may face. I think that’s part and parcel for the job. But you do the best that you can. Again, I think Joe outlined it eloquently and very well, and that’s basically what you have to do.

Q: There is an increased trend of CCO terminations in the industry. Does the SEC look at and review HR practices as it relates to CCO terminations?

Marshall: That is going to be a red flag. I had a question: does the SEC look at compensation of CCOs? Do we control compensation? Absolutely not, and that’s firm. Do we control discipline that’s taken against a CCO being terminated? We call those red flags.

Donna: To the point of compensation, we recently had an exam, a few months back, where the CCO was promoted from an administrative position, nothing wrong with that, but had no prior experience, no education in compliance and literally was being paid about $13 an hour. To me, that’s a huge red flag. They can do it, but is this someone who is knowledgeable? Who is empowered?

Marshall: We’re certainly going to look at that as an exam team, if there’s an inordinate lack of resources, an inordinate salary, an inordinate experience, or if there’s discipline taken against the CCO that we don’t understand.

Donna: Joe, any thoughts about salary and CCOs?

Joe: My salary is determined by the board, along with management input. So, it’s somewhat disengaged from the management structure, because the board has to approve it. I think that’s an added benefit.

Marshall: I think that shows the autonomy that your firm is willing to give you, and the independence that your firm is willing to give you by making your compensation decided by the board.

Q: How can CCOs become an integral part of the firm’s decision-making process? Second, how do we

convince firms to keep us in the loop?

Joe: Personally, I don’t think that CCOs deserve a seat at the table unless they’re able to provide value.

Value meaning they understand the markets, they understand the product, and then they could really

drive strategy change within the organization. If they can’t I don’t’ see the added value to the CCO. If

you really don’t know the regulations, coupled with the products, and if you don’t know the different

types of derivatives your firm is using, I don’t see how you could be an effective CCO, and you don’t

really deserve a seat at the table.

Q: Marshall doesn’t think CCOs should wear dual-hats. Given that it appears to be an increasing trend,

can you please give best practices for people who are dual-hat CCOs?

Marshall: I don’t ever want the perfect to be the enemy of the good. And there absolutely may be

business reasons why you need to wear two hats. In a perfect world, it’s my opinion, that if you wear

two hats, you may not be doing either job very well. In real respects, I think if you wear the hat of CCO

and GC, as attorneys, we are sworn by our ethical boundaries to protect our client. That is the antithesis

of what a CCO does. A CCO is not protecting its client. A CCO is seeing to it that the rules of the SEC and

other regulators are abided by. So, that conflict between wearing those two hats is a conflict that I think

is very, very difficult at best. A CCO who is grounded in sales, also. That is, a CCO who is also an

investment adviser. What is the conflict there? Are you making decision based on your fiduciary duty,

the best interest of your client, but are you also making decisions based on where your compensation is

77

coming from? So, I think it’s very difficult. It may be necessary, I understand, because of decreasing

margins, that may be a trend in the industry. I’d suggest trying to stay away from that if at all possible.

78

EXHIBIT A – CASE SUMMARIES

Topic: CCO Liability/Compliance Program

In the Matter of Southwind Associates of NJ Inc. Advisers Act Release No. 4834 (Dec. 22, 2017)68

New York based Southwind registered as an investment adviser in 2000, manages $370m and is wholly

owned by a sole owner (the “President”). The CCO worked at the firm from 2000 through 2014.

Southwind was examined by the SEC in 2003, 2006 and 2013 and received deficiency letters as a result

of each of those exams for various violations including of the Custody Rule, the Compliance Rule, the

Safeguards Rule and for various books and records violations including with respect to properly

archiving emails. In addition, Southwind hired a compliance consultant (“Consultant”) in 2011 and

received numerous recommendations which it failed to implement. The SEC emphasized that Southwind

and the CCO had been put on notice by both the Consultant and the SEC of its many compliance

program deficiencies.

SEC vs. Strong Investment Management, Joseph Bronson, John Engebretson (Feb. 20, 2018)69

This is a case about a “cherry picking” scheme (2012-2016) carried out by an investment adviser (Strong

Investment Management (“SIM”)) and its owner, Bronson. Bronson was assisted by his brother,

Engebretson, who served as chief compliance officer (“CCO”). The SEC’s complaint alleges that the CCO

carried out his compliance responsibilities in an “extremely reckless manner.” Bronson conducted trades

for his clients in an “omnibus account,” and would allocate to individual clients (approximately 65

individuals) after he determined which trades did well. Trades that did well were disproportionately

allocated to Bronson’s personal account. The CCO was obligated, pursuant to SIM’s policies and

procedures to ensure allocations were fair and equitable. He did not conduct required monitoring,

testing and he ignored numerous red flags. The CCO conducted superficial “spot checks” and ignored

the fact that certain trades were allocated to only one client. In addition, the CCO ignored the fact that

one broker discontinued doing business with SIM over allocation concerns. SIM’s Form ADV contained

numerous false and misleading statements including the claim that “We do not favor any account over

any other account” and that trades would be allocated “according to computer generated pre-

allocation.”

Topic: Self Reporting Violations to the SEC

In re Calvert Investment Management, Inc., Advisers Act Release No. 4577 (Oct. 18, 2016)70

Between March 18, 2008 and Oct. 18, 2011, Calvert Investment Management, Inc. (“Calvert” or “Respondent”) incorrectly overvalued illiquid securities issued by Toll Road Investors Partnership II, L.P. (the “Toll Road Bonds”). Consequently that mispricing caused certain funds to have the wrong net asset value. Also, because the performance figures were incorrect, Calvert collected inflated fees. Calvert funds acquired Toll Road bonds with a principal amount of $1.2 billion. Calvert relied heavily on a third-party

68 https://www.sec.gov/litigation/admin/2017/34-83297.pdf 69 https://www.sec.gov/litigation/complaints/2018/comp24054.pdf 70 https://www.sec.gov/litigation/admin/2016/ia-4554.pdf

79

analytical tool to value the bonds, but valued some of the securities at a price that was 65 percent higher than the price assigned to the same bonds by a major industry participant on the same day. Although Calvert eventually marked down the bonds in 2011 when it discovered the mistake, many investors had already paid the higher prices. The SEC found Calvert culpable for not following its own NAV error correction method.

In paragraph 32 of the Order entitled “Calvert’s Remedial Efforts” the SEC said: “In determining whether to accept the Offer, the Commission considered remedial acts promptly undertaken by Respondent and cooperation afforded the Commission staff. Calvert enhanced its compliance and fair valuation policies and procedures. Calvert was prompt and responsive in addressing staff inquiries and provided detailed summaries of relevant information.”

Topic: Undisclosed Revenue/Conflicts

In re Voya Financial Advisers, Inc., Advisers Act Release No. 4661 (Mar. 8, 2017)71

Des Moines, Iowa-based Voya Financial Advisers, Inc., a registered investment adviser, failed to disclose to its advisory clients that it received compensation from a third-party broker-dealer (“Clearing Broker”) and the conflicts arising from that compensation. Since at least 2006, Voya participated in a no-transaction fee mutual fund program (“NTF Program”) offered by Clearing Broker whereby Clearing Broker agreed to share with Voya a certain percentage of revenues the Clearing Broker received from mutual funds in the NTF Program. Also, since 2014, Voya had a separate arrangement with Clearing Broker whereby Voya agreed to provide certain administrative services in exchange for Clearing Broker’s agreement to share a certain percentage of service fees it received from mutual funds on the platform. Payments under both arrangements created conflicts of interest because they provided a financial incentive for Voya to favor the mutual funds in the NTF Program over other investments when giving investment advice to its advisory clients. In its Form ADV, Voya failed to disclose (i) that it was receiving compensation from Clearing Broker and (ii) that this compensation created a conflict of interest. These disclosures were also missing from Voya’s advisory contracts. Consequently, Voya violated Sections 206(2), 206(4), and 207 of the Investment Advisers Act of 1940, and Rule 206(4)-7 thereunder. Voya consented to a censure, a cease-and-desist order, and the payment of disgorgement of $2,621,324 plus prejudgment interest of approximately $175,000, and a $300,000 penalty.

In re Advantage Investment Management, LLC, Advisers Act Release no. 4455 (July 18, 2016)72

Advantage Investment Management, LLC (“AIM”), a Cedar Rapids, Iowa-based registered investment adviser, failed to disclose in its Form ADV or otherwise that (i) it had received more than $3 million in compensation in the form of a forgivable loan made in 2012 by a broker-dealer, and (ii) the conflicts of interest arising from the forgivable loan. AIM was recommending that its clients open accounts, use the service of and purchase research from the broker-dealer that made the loan. In August 2012, AIM entered into an agreement with a third-party broker-dealer under which the broker-dealer would become AIM’s new primary broker-dealer, and would provide trade execution, custody, and reporting services for AIM’s clients, as well as sponsor several advisory programs offered by AIM. In connection with the agreement, the broker-dealer issued a loan of just over $3 million, forgivable over a five-year period. AIM violated Sections 206(2) and 207 of the Investment Advisers Act of 1940. AIM consented to the SEC’s cease and desist order, censure, and the payment of a $60,000 penalty.

71 https://www.sec.gov/litigation/admin/2017/34-80177.pdf 72 https://www.sec.gov/litigation/admin/2016/ia-4455.pdf

80

In re Washington Wealth Management, LLC, Advisers Act Release No. 4456 (July 18, 2016)73

Washington Wealth Management, LLC (WWM), a San Diego, California-based registered investment adviser, failed to disclose its receipt of more than $1.8 million in loans it received between October 2012 and March 2013, from WWM’s newly-engaged broker-dealer. In September 2012, WWM entered into an agreement with a broker-dealer to provide trade execution, clearing, custody, and other services for WWM’s clients. In connection with this agreement, WWM received a loan of more than $1 million in October 2012 and another loan of more than $66,000 in December 2012. Each of these loans was potentially forgivable over a five-year term provided that WWM maintain its relationship and certain specified asset levels with the broker-dealer. The broker-dealer also made two additional loans to WWM: $485,000 in November 2012 and $277,000 in March 2013. WWM failed to fully and timely disclose the loans in its Form ADV or otherwise until October 2013, as a result of an SEC exam deficiency. WWM violated Sections 206(2) and 207 of the Advisers Act and consented to the entry of the SEC’s order censuring it, and requiring it to cease and desist from further violations. WWM paid a $50,000 penalty.

In re The Robare Group Ltd., Advisers Act Release No. 4566 (Commission Dec.) (Nov. 7, 2016)74

On appeal by the SEC’s Division of Enforcement from an earlier dismissal by an administrative law judge for failure to find scienter, the Commission found that for many years The Robare Group, Ltd. (“TRG”), a registered investment adviser and its principals, Mark Robare (CEO and COO) (“Robare”), and Jack Jones (Robare’s son-in-law and owner of TRG) (“Jones”), negligently failed to fully and fairly disclose in TRG’s Form ADV the existence of a fee sharing arrangement (the “Arrangement”) with Fidelity Investments (“Fidelity”) or the potential conflicts of interest arising from the Arrangement.

TRG became an independent registered investment adviser in 2003 and used Fidelity as the custodian of its clients’ accounts. TRG also engaged Triad Advisers (“Triad”) as its broker-dealer. Robare and Jones were registered representatives of Triad. Pursuant to the initial Arrangement in 2004, Fidelity paid TRG (through Triad) certain “shareholder servicing fees.” Effective May of 2013, the Arrangement was modified and Fidelity paid TRG directly (no longer through Triad) for “back-office, administrative, custodial support and clerical services.” Between 2005 and 2013, TRG received $400,000 pursuant to the Arrangement (2.5% of TRG’s gross revenues). As a result of the Arrangement, TRG had a financial incentive to recommend certain Fidelity products over others.

While there were many variations of TRG’s disclosure over the years, there was no disclosure of the existence of the Arrangement until late in 2011. Even after disclosing the existence of the Arrangement TRG did not provide details about the nature of the Arrangement or the conflict it presented. For example, in 2005, TRG’s Form ADV indicated that “’certain investment adviser representatives of the Robare Group, when acting as registered representatives of a broker-dealer, may receive selling compensation from such broker-dealer as a result of the facilitation of certain securities transaction on Client’s behalf through such broker-dealer,’ and that these ‘arrangements may create a conflict of interest.’”

Fidelity threatened to withhold payments under the Arrangement in late 2011 because it was not satisfied with TRG’s disclosure about the Arrangement in its Form ADV. Consequently, TRG added the following paragraph to its Form ADV: “Additionally, we may receive additional compensation in the form of custodial support services from Fidelity based on revenue from the sale of funds through Fidelity. Fidelity has agreed to pay us a fee on specified assets, namely no transaction fee mutual fund assets in custody

73 https://www.sec.gov/litigation/admin/2016/ia-4456.pdf 74 https://www.sec.gov/litigation/opinions/2016/ia-4566.pdf

81

with Fidelity. This additional compensation does not represent additional fees from your account with us.”

In June of 2013 TRG added to Item 14 of Part 2A of Form ADV that “the Arrangement may give rise to conflicts of interest, or perceived conflicts of interest, with the Firm’s decision to utilize Fidelity as our Custodian.”

The Commission noted that Item 14 of Form ADV directs advisers to disclose if anyone “who is not a client provides an economic benefit to you for providing investment or other advisory services to your clients. Advisers must “generally describe the arrangement, explain the conflicts of interest, and describe how you address the conflicts of interest.”

The Commission also distilled holdings of several relevant cases and said that: ‘A “fundamental purpose of [the Advisers Act] is to substitute a philosophy of full disclosure for the philosophy of caveat emptor and thus to achieve high standard of business ethics in the securities industry.” Accordingly, Section 206 imposes “federal fiduciary standards” on investment adviser, which means they have “an affirmative duty of ‘utmost good faith, and full and fair disclosure of all material facts.’” Because Section 206 was designed to “eliminate, or at least expose, all conflicts of interest which might incline an investment adviser—consciously or unconsciously—to render advice which was not disinterested,” the [f]ailure by an investment adviser to disclose potential conflicts of interest to its clients constitutes fraud within the meaning of Sections 206(1) and 2.”’

The Commission found that TRG and Robare violated Section 206(2) (acted with negligence) but not 206(1) (which requires a finding of scienter). Jones knew about the failure to disclose the Arrangement and signed the Form ADV and therefore caused the Section 206(2) violation. Consequently, Jones was liable under Section 203(k). The false statements of material fact or material omissions in Form ADV also resulted in the Commission finding that all three Respondents also violated Section 207 of the Advisers Act.

The Commission rejected the Respondents’ many claims that they had exercised reasonable care in relying on compliance consultants, that Triad was somehow responsible and that adequate disclosures were made in several documents independent of Form ADV.

Topic: Overcharging Fees

In re Equinox Fund Management, LLC, Advisers Act Release No. 4315 (Jan. 19, 2016)75

In a recent enforcement action (In the matter of Equinox Fund Management, LLC, Release No. IA 4315, January 19, 2016), the SEC imposed sanctions against a Denver-based registered investment adviser for failing to follow its stated valuation policies (method and frequency) and for overcharging management fees and misleading investors about how it valued certain assets in a registered fund. In order to settle the matter, the adviser agreed to refund investors $5.4 million in excessive management fees plus $600,000 in prejudgment interest. In addition, the adviser agreed to pay to the SEC a $400,000 penalty. The publicly offered series fund managed by the adviser is registered under the Securities Act of 1933, and as such, is filed quarterly and annual disclosure documents on Form 10-Q and 10-K. as These public filings disclosed, among other things, that management fees were based upon the net asset value of each series of the fund. However, the SEC found that the adviser instead used the notional trading value of the assets (i.e., the total amount of assets invested including leverage). That method of calculation resulted

75 https://www.sec.gov/litigation/admin/2016/33-10004.pdf

82

in the adviser overcharging the fund $5.4 million in management fees over a seven year period. In addition, various periodic public reports filed with the SEC and provided to investors continued to disclose during this period that the method for valuating certain assets was checked by third party valuations. However, the third party valuations indicated that the adviser had valued such assets substantially higher than the third party valuations for the same assets. The adviser faced willful violations of the anti-fraud provisions under the Securities Act of 1933 and the Securities Exchange Act of 1934 as a result of overcharging management fees and providing misleading material information to fund investors. In addition to the monetary penalties agreed to by the adviser, the adviser also agreed to be censured.

See https://www.sec.gov/news/pressrelease/2015-52.html and related SEC Order for a recent example of an SEC enforcement action against Patriarch Partners and its principal, Lynn Tilton, for failure to follow stated valuation policies in a CLO context.

In re Morgan Stanley Smith Barney, LLC, Advisers Act Release No. 4607 (Jan. 13, 2017)76

Morgan Stanley Smith Barney (“MSSB”) agreed to pay a $13 million penalty to settle charges that it

overbilled investment advisory clients due to coding and other billing system errors. The firm also

violated the custody rule pertaining to annual surprise examinations. And it also violated the Advisers

Act books and records rule by failing to maintain signed client contracts in an easily accessible place. The

SEC found that MSSB overcharged more than 149,000 advisory clients because it failed to adopt and

implement compliance policies and procedures reasonably designed to ensure that clients were billed

accurately according to the terms of their advisory agreements. MSSB also failed to validate billing rates

contained in the firm’s billing system against client contracts, fee billing histories, and other

documentation. MSSB received more than $16 million in excess fees due to the billing errors that

occurred from 2002 to 2016. MSSB reimbursed this full amount plus interest to affected clients.

Topic: Improper Trade Allocations

In re Welhouse & Associates, Inc., Advisers Act Release No. 4231 (Oct. 16, 2015)77

The SEC Enforcement Division has engaged in a data-driven initiative to identify potentially fraudulent trade allocations known as “cherry-picking,” and this enforcement action is the first arising from that effort. Working with economists in the agency’s Division of Economic and Risk Analysis (“DERA”), enforcement investigators analyze large volumes of investment advisers’ trade allocation data and identify instances where it appears an adviser is disproportionately allocating profitable trades to favored accounts. The SEC Enforcement Division found that Mark P. Welhouse (the Firm’s sole owner) purchased options in an omnibus or master account for Welhouse & Associates Inc. (the “Firm”) and delayed allocation of the purchases to either his or his clients’ accounts until later in the day after he saw whether or not the securities appreciated in value. Welhouse allegedly reaped $442,319 in ill-gotten gains by unfairly allocating options trades in an S&P 500 exchange-traded fund named SPY. His personal trades in these options had an average first-day positive return of 6.28 percent while his clients’ trades in these options had an average first-day loss of 5.05 percent.

The Firm’s Form ADV indicated that it allocated trades among clients on a fair and equitable basis. Its written policies indicated that trades are allocated among clients on a pro rata basis. The Firm’s Form ADV indicated that it did not trade for its own account and that it restricted the trading of employees’ accounts.

76 https://www.sec.gov/litigation/admin/2017/34-79794.pdf 77 https://www.sec.gov/litigation/admin/2015/34-76175.pdf

83

Form ADV failed to disclose that Mr. Welhouse invested in the same securities he recommended to clients; it failed to disclose the conflicts arising from such personal trading and failed to disclose how the Firm addressed those conflicts, as required.

It is interesting to note that the Firm’s broker-dealer complained to Mr. Welhouse on nine separate occasions about his preferential trade allocations to his own account before firing him. Violations cited include Section 10(b) of the Exchange Act and Rule 10b-5 thereunder as well as Sections 206(1) and (2) of the Advisers Act.

In re Tellone Management Group, Inc., Advisers Act Release No. 4701 (May 5, 2017) 78

Tellone Management Group, Inc. (“TMG”), a registered investment adviser, and Dean C. Tellone (“Tellone”) failed to allocate trades among clients in a manner consistent with TMG’s policies and procedures and with disclosures made on TMG’s Form ADV. Form ADV indicated that “…TMG will use a rotational method for allocating block trades to a group of client accounts. The rotation method is used to assure that all accounts have roughly equal access to limited trading opportunities over time.” TMG allocated certain profitable trades to an account identified as the Day Trade Account. As a result, only the Day Trade Account received risk-free and profitable trades that TMG’s other clients did not. TMG and Tellone considered whether allocating only profitable day trades to the Day Trade Account unfairly benefited the Day Trade Account. They concluded that it did not because the account’s annual profits were generally consistent with those of other TMG clients. TMG and Tellone failed to consider that TMG’s other clients bore all the risk on the Day Trade Account’s behalf and that its allocation method in practice was inconsistent with disclosures in its Form ADV. The SEC found that TMG and Tellone violated Sections 206(2) and 207 of the Advisers Act.

Structured Portfolio Management, LLC, Advisers Act Release No. 3906 (Aug. 28, 2014)79

The SEC settled administrative proceedings against Structured Portfolio Management, L.L.C. (“Portfolio Management”) and its affiliated advisers, SPM Jr., L.L.C. (“SPM Jr.”) and SPM IV, L.L.C. (“SPM IV” and together with Portfolio Management and SPM Jr., collectively, “SPM”) for (i) failing to adopt and implement policies and procedures reasonably designed to prevent violations of the Advisers Act concerning trade allocations and (ii) failing to review and update fund PPMs with respect to investment objectives and portfolio construction.

Portfolio Management managed Structured Servicing Holdings Master Fund, L.P. (“SSH). And SPM Jr. managed Parmenides Master Fund, L.P. (“Parmenides”). SSH and Parmenides invested in mortgage related securities that were hedged by U.S. Treasuries. Each fund had its own portfolio manager (“PM”). A third trader (“Hedge Trader”), put on hedges for both funds.

SPM IV was created to manage a new liquid fund, Aqueous Master Fund, L.P. (“Aqueous”) and Hedge Trader was designated as PM (while still maintaining hedging responsibilities for SSH and Parmenides). Aqueous’ investment objective was to provide excess returns by investing primarily in highly liquid U.S. residential and commercial mortgage related securities but could also invest in Treasuries.

The SPM Compliance Manual required trades to be allocated in a fair and equitable manner. Also, trades were to be allocated at the time of trade execution. However, there was no mechanism to ensure that

78 https://www.sec.gov/litigation/admin/2017/ia-4701.pdf 79 https://www.sec.gov/litigation/admin/2014/ia-3906.pdf

84

trades actually were allocated upon trade execution and not at some later time (after the trade’s success or failure for the day could be determined).

SPM recognized and disclosed that it was a potential conflict of interest for Hedge Trader to trade the same Treasuries across all three fund portfolios but did not modify its policies and procedures to address this conflict. Consequently, Aqueous consistently bought Treasuries at a lower price than the other two funds; and it consistently sold them at a higher price.

Also, contrary to its published investment objective, Aqueous stopped trading mortgage related securities and traded Treasuries almost exclusively for nearly a two year period.

The SEC found that SPM violated Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder which require registered investment advisers to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act and related rules. SPM was censured, ordered to engage an independent compliance consultant, ordered to cease and desist, and ordered to pay a civil penalty of $300,000.

Topic: Wrap Fee Account Issues

In re Raymond James & Associates, Inc., Advisers Act Release No. 4525 (Sept. 8, 2016)80

SEC investigations found that St. Petersburg, Fla.-based Raymond James & Associates failed to establish policies and procedures necessary to determine the amount of commissions their clients were being charged when sub-advisers “traded away” with a broker-dealer outside the wrap fee programs. Without this information, the firms’ financial advisers were unable to provide the magnitude of these costs to clients and did not consider these commissions when determining whether the sub-advisers or the wrap fee programs were suitable for clients, leaving certain clients unaware they were paying additional costs beyond the single wrap fee they paid for bundled investment services. For violations of Adviser Act Section 206(4) (fraudulent, deceptive or manipulative practices) and Rule 206(4)-7 (failure to adopt policies and procedures) thereunder, Raymond James agreed to pay a $600,000 penalty to settle the charges.

In re Robert W. Baird & Co., Inc., Advisers Act Release No. 4526 (Sept. 8, 2016)81

SEC investigations found that Milwaukee-based Robert W. Baird & Co. failed to establish policies and procedures necessary to determine the amount of commissions their clients were being charged when sub-advisers "traded away" with a broker-dealer outside the wrap fee programs. Without this information, the firms' financial advisers were unable to provide the magnitude of these costs to clients and did not consider these commissions when determining whether the sub-advisers or the wrap fee programs were suitable for clients, leaving certain clients unaware they were paying additional costs beyond the single wrap fee they paid for bundled investment services. For violations of Adviser Act Section 206(4) (fraudulent, deceptive or manipulative practices) and Rule 206(4)-7 (failure to adopt policies and procedures) thereunder, Baird agreed to pay a $250,000 penalty.

80 https://www.sec.gov/litigation/admin/2016/ia-4525.pdf 81 https://www.sec.gov/litigation/admin/2016/ia-4526.pdf

85

In re Stifel and Nicolaus & Company, Inc., Advisers Act Release No. 4665 (Mar. 13, 2017)82

SEC investigations found that St. Louis-based Stifel, Nicolaus & Company, Incorporated (“Stifel”) failed to establish policies and procedures necessary to determine the amount of commissions their clients were being charged when sub-advisers "traded away" with a broker-dealer outside the wrap fee programs. Without this information, the firms' financial advisers were unable to provide the magnitude of these costs to clients and did not consider these commissions when determining whether the sub-advisers or the wrap fee programs were suitable for clients, leaving certain clients unaware they were paying additional costs beyond the single wrap fee they paid for bundled investment services. For violations of Adviser Act Section 206(4) (fraudulent, deceptive or manipulative practices) and Rule 206(4)-7 (failure to adopt policies and procedures) thereunder, Stifel agreed to pay a $300,000 penalty.

The companion litigation release referred to in the Reference Materials may be found at https://www.sec.gov/litigation/litreleases/2016/lr23700.htm.

Topic: Failure to Provide Promised Due Diligence and Monitoring Re Third Party Managers

In re Barclays Capital, Inc., Advisers Act Release No. 4705 (May 10, 2017) and SEC Press Release83

From September 2010 through December 2015, Barclays Capital, then a dually-registered investment adviser and broker-dealer, improperly charged certain advisory clients of its wealth and investment management business, overcharging them almost $50 million in advisory fees. Barclays Capital violated Section 207 of the Advisers Act by falsely representing in its Form ADV, Part 2A, Appendix 1 wrap fee brochure to advisory clients that it was performing ongoing due diligence and monitoring of certain third-party managers who managed advisory clients’ assets using certain investment strategies, when Barclays Capital was not performing such due diligence. Barclays also violated Section 206(2) of the Advisers Act, Section 206(4) and Rule 206(4)-7 thereunder. Barclays also violated Sections 17(a)(2) and (3) of the Securities Act. Barclays was required to disgorge approximately $50 million and pay prejudgment interest of just under $14 million as well as a penalty of $30 million.

In re Royal Alliance Associates, Inc., Advisers Act Release No. 4351 (Mar. 14, 2016)84

Respondents, three AIG affiliates, failed to disclose in their Forms ADV or otherwise that they had a conflict of interest due to a financial incentive to place non-qualified advisory clients in higher-fee mutual fund share classes. As a result, Respondents breached their fiduciary duties as investment advisers to certain of their advisory clients by investing them in higher-fee mutual fund share classes. Respondents also failed to follow their own compliance policies which required them to monitor advisory accounts quarterly for inactivity or “reverse churning” to ensure that fee-based wrap accounts remained in the best interest of clients that seldom traded. Respondents were required to hire an independent compliance consultant, disgorge approximately $2 million and pay a penalty of $7.5 million.

Topic: Principal Trades in Wrap Accounts without Proper Disclosure or Consent

82 https://www.sec.gov/litigation/admin/2017/ia-4665.pdf 83 https://www.sec.gov/litigation/admin/2017/33-10355.pdf and https://www.sec.gov/news/press-release/2017-98 84 https://www.sec.gov/litigation/admin/2016/34-77362.pdf

86

WFG Advisers, LP, Advisers Act Release No. 4441 (June 28, 2016)85

This matter arises from improper fee and trading practices and related compliance and reporting failures at WFG Advisers, L.P. (“WFGA”), a Dallas based registered investment adviser. WFGA overcharged clients in one of its advisory wrap account programs contrary to its disclosures to these clients. WFGA represented to clients participating in a wrap account program that they would be charged a commission in connection with the purchase of interests in certain alternative investment products, but that the wrap account advisory fee would not be assessed on the value of such interests. Contrary to these disclosures, from at least January 2011 through August 2013, WFGA in certain instances improperly charged its clients both the commission and the advisory fee in connection with these clients’ purchases of interests in alternative investment products. In addition, WFGA falsely stated in its Forms ADV Part 2 and Wrap Fee Program Brochures filed with the Commission that clients participating in its wrap account program would not be charged commissions in connection with transactions in their accounts. WFGA failed to adopt policies and procedures reasonably designed to ensure that its advisory clients’ fees were calculated as represented, and failed to implement its policies regarding appropriate disclosure to and consent from its clients with respect to transactions effected on a principal basis.

Topic: Unlawful Cross-Trades via Pre-Arranged Sales/Buybacks with Intermediary (No “Parking”)

In re Morgan Stanley Investment Management, Inc., Advisers Act Rel. No. 4299 (Dec. 22, 2015)86

Morgan Stanley agreed to pay $8.8 million to settle charges that one of its portfolio managers, Sheila Huang, unlawfully conducted prearranged trading known as “parking” that resulted in the undisclosed favorable treatment of certain clients over others. As part of this scheme, Huang, effected cross trades that violated internal policies as well as several antifraud securities provisions. Morgan Stanley policies prohibited cross trades involving ERISA accounts under any circumstances and required all other cross trades to comply with Rule 17a-7 of the Investment Company Act (regardless of whether the accounts were registered investment companies). To evidence best execution, Morgan Stanley internal policies required two comparable dealer quotes. When Huang did not have these she, along with an accomplice, just made them up and then lied about their source! Policies and procedures were ineffective as was supervision of Huang’s trading activity.

Aviva Investors Americas, LLC, Advisers Act Rel. No. 4534 (Sept. 23, 2016)87

Aviva Investors Americas, LLC (“Aviva”) is a Chicago-based investment adviser and a successor entity to Aviva Investors North America, Inc. (“AINA”) as of 2012. The illicit cross trades that are the subject of this proceeding took place between March of 2010 and December of 2011. About 137 cross trades were effected between AINA’s registered investment company clients (“RICs”) and certain of AINA’s other clients who were affiliated persons of a RIC or affiliated persons of an affiliated person of a RIC, including insurance companies owned by AINA’s parent company, Aviva plc (“AINA Insurance Clients”), and pooled vehicles not owned by AINA or its parent (“Private Fund Clients”).

Because AINA’s parent was a 100% owner of the AINA Insurance Clients, AINA was acting as principal with respect to cross trades between AINA Insurance Clients and Private Fund Clients. Section 206(3) of the

85 https://www.sec.gov/litigation/admin/2016/34-78189.pdf 86 https://www.sec.gov/litigation/admin/2015/33-9998.pdf and https://www.sec.gov/news/pressrelease/2015-287.html 87 https://www.sec.gov/litigation/admin/2016/ia-4534.pdf

87

Advisers Act requires written disclosure to and consent from the clients for principal transactions which was not obtained in this case.

AINA’s written policies with respect to cross trades were consistent with Sections 17(a)(1) and (2) of the Investment Company Act and prohibited transactions involving RICs and affiliated persons of RICs, absent an exemptive order issued by the SEC. Rule 17a-7 under the Investment Company Act provides an exemption for certain trades if the rules governing determining “current market price” are followed. The transactions in question were not suitable for relief under Rule 17a-7 because the affiliations between the parties made them ineligible, the adviser paid a brokerage commission and because the pricing convention required by the rule was not followed.

It is interesting to note that AINA’s policies and procedures required that sale/buyback trades occurring within a three day window be monitored. The underqualified junior compliance person reviewing trades only looked for same day trades and therefore missed the trades done on an overnight basis that were the subject of this proceeding. AVIVA was required to pay a penalty of $250,000.

Topic: Undisclosed Financial Conflicts

In re Voya Investments LLC and Directed Services LLC, Investment Advisers Act Release No. 4868 (Mar.

8, 2018)88

Voya Financial, which offers retirement and insurance products and services to individuals and institutional customers, along with Directed Services LLC, agreed to pay a $3.65 million penalty for willfully failing to disclose the practice of recalling securities on loan from insurance-dedicated mutual funds that were advised by its subsidiary investment adviser, Voya Advisers, prior to the dividend record date. This practice, which took place over the course of 15 years (2003-2017), was for the purpose of allowing Voya Advisers’ insurance affiliates, who were the record shareholder of the funds’ securities, to receive a tax deduction known as a dividend received deduction. However, recalling the portfolio securities simultaneously resulted in the loss of securities lending income to the funds’ investors, thus creating an undisclosed conflict of interest. Voya Advisers, who were aware of the loss of income due to this recall, informed funds’ board of directors of the benefit received from the practice, but did not disclose that it would also result in the loss of income. The SEC determined that this omission rendered the statements to the board (as well as the fund prospectus) materially misleading, and was a willful violation of Advisers Act Sections 206(2), 206(4) and 206(4)-8 thereunder, which, in relevant part, make it unlawful for an investment adviser to a pooled investment vehicle to “omit to state a material fact … to any investor or prospective investor in the pooled vehicle.”

In re J.P. Morgan Chase Bank, N.A., Advisers Act Release No. 4295 (Dec. 18, 2015)89

An SEC investigation found that JPMorgan Chase & Co.’s (the “Firm’s”) investment advisory business J.P. Morgan Securities LLC (“JPMS”) and nationally chartered bank JPMorgan Chase Bank N.A. (“JPMCB”) preferred to invest clients in the firm’s own proprietary investment products without properly disclosing this preference. This preference impacted two fundamental aspects of money management – asset allocation and the selection of fund managers – and deprived JPMorgan’s clients of information they needed to make fully informed investment decisions. “Firms have an obligation to communicate all 88 https://www.sec.gov/litigation/admin/2018/34-82837.pdf 89 https://www.sec.gov/litigation/admin/2016/ia-4534.pdf and https://www.sec.gov/news/pressrelease/2015-283.html

88

conflicts so a client can fairly judge the investment advice they are receiving,” said Andrew J. Ceresney, Director of the SEC Enforcement Division. “These J.P. Morgan subsidiaries failed to disclose that they preferred to invest client money in firm-managed mutual funds and hedge funds, and clients were denied all the facts to determine why investment decisions were being made by their investment advisers.”

Form ADV Part 2A failed to adequately disclose conflicts, including that: JPMS preferred J.P. Morgan managed mutual funds for certain retail accounts (at one point Form ADV indicated they “may” have a preference); JPMS obtained certain services from its affiliates based on the amount of assets invested in the Firm’s proprietary products; and certain less expensive share classes were available (that would generate less revenue for the Firm).

Violations cited by the order include that JPMS willfully violated Section 206(2) of the Advisers Act, which prohibits an investment adviser from engaging in any practice which operates as a fraud or deceit upon any client or prospective client. JPMS willfully violated Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder which requires investment advisers to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act. JPMS willfully violated Section 207 of the Advisers Act which makes it unlawful for any person to willfully (i) make an untrue statement of a material fact in any registration or report filed with the SEC or (ii) omit to state any material fact. JPMCB also violated Sections 17(a)(2) and (3) of the Securities Act of 1933.

Respondents were required to disgorge $127.5 million and pay a penalty of the same amount as well prejudgment interest of just under $12 million. They were also required to pay the CFTC a $40 million penalty in a parallel action.

In re Jan Gleisner and Keith D. Pagan, Advisers Act Release No. 4537 (Sept. 28, 2016)90

Two principals of Belvedere Asset Management, LLC (“Belvedere”) settled charges that they failed to tell clients about material conflicts of interest arising from Belvedere’s investments of client assets into an affiliated mutual fund.

Jan Gleisner, Belvedere’s former president, managing director, and 40% indirect owner, invested client assets in Belvedere Alternative Income Fund (“BAIF”), a mutual fund formed and advised by Belvedere. Belvedere client assets accounted for more than 75% of BAIF’s total investments. Based on an agreement with BAIF, Belvedere had to reimburse BAIF for its expenses exceeding 2.95% of its net asset value. As a result, the Belvedere client investments in BAIF ultimately decreased the amount Belvedere had to reimburse BAIF. In addition, Belvedere’s clients paid double management fees on money invested in BAIF: the management fees clients paid directly to Belvedere and the fees investors paid to BAIF that benefitted Belvedere. Belvedere and Gleisner failed to tell clients about these conflicts of interest. Keith Pagan, Belvedere’s CEO, CCO, and 45% indirect owner, caused these disclosure failures. Pagan was solely responsible for Belvedere’s compliance and operations functions, and was aware that Gleisner had invested client assets in BAIF. A compliance consultant also advised Pagan that he should give Belvedere’s clients a Form ADV to disclose material conflicts, but he did not. Belvedere’s refusal to heed its compliance consultant’s advice in this matter is all the more peculiar because it identified the disclosure of this particular conflict with respect to the mutual fund as a material change to Form ADV. In addition, Pagan failed to implement policies and procedures reasonably designed to prevent violations of the securities

laws.

90 https://www.sec.gov/litigation/admin/2016/ia-4537.pdf and https://www.sec.gov/litigation/admin/2016/ia-4537-s.pdf

89

Between July 2013 and January 2014 Gleisner separately provided some clients a disclosure that Belvedere may invest clients’ assets in affiliated funds and charge additional fees and that this may create a conflict. The SEC made clear that this is inadequate disclosure once an actual conflict exists.

Topic: False and Misleading Advertising

In re Cantella & Co., Advisers Act Release No. 4338 (Feb. 23, 2016)91

An SEC investigation found that Cantella & Co. (“Cantella”) a Boston-based registered investment adviser and broker-dealer negligently relied on the inflated, and hypothetical and back-tested, performance track record provided by F-Squared Investments, Inc. (“F-Squared”). Cantella passed those false performance claims on to Cantella’s own clients without obtaining sufficient documentation that substantiated F-Squared’s advertising claims.

Cantella violated Section 206(4) of the Advisers Act and Rule 206(4)-1(a)(5) thereunder by publishing, circulating and distributing advertisements that contained untrue statements of material fact. Cantella also did not make and keep true, accurate and current records necessary to demonstrate the calculation of the performance that it distributed as required by Section 204(a) of the Advisers Act and Rule 204-2(a)(16) thereunder. Without admitting or denying the findings, Cantella agreed to pay a $100,000 penalty. Incidentally, Cantella was one of thirteen advisers that negligently relied on F-Squared performance numbers.

In re Jeffrey Slocum & Associates, Inc., Advisers Act Release No. 4647 (Feb. 8, 2017)92

The SEC’s order instituting a settled administrative proceeding found that Jeffrey Slocum & Associates, Inc. (“JSA”) disseminated marketing materials containing misleading performance data, misstatements regarding JSA’s acceptance of items of value from investment managers, and misstatements about JSA’s enforcement of its Code of Ethics. The order found that JSA’s majority owner, Jeffrey C. Slocum (“Slocum”) was a cause of the compliance violations and certain misstatements. JSA and Slocum agreed to the issuance of the order without admitting or denying its findings.

JSA’s provided investment consulting services to institutional clients and included recommending investment managers to its clients that JSA had vetted and placed on its “Approved List.” In its marketing materials JSA claimed: “Our firm has never, not once, taken even so much as a nickel from an investment manager, under any guise.” Contrary to the “never, not once” claim, JSA’s Code of Ethics permitted gifts of not more than $100. With preclearance from JSA’s CCO, JSA employees could attend a sporting event if the value of tickets was greater than $100 if it was reasonable and both the giver and the employee were present. In 2012, two JSA employees received preclearance and attended the Masters Golf Tournament as the guests of an investment manager. In 2013, four employees accepted ticket worth greater than $100 with obtaining preclearance from the CCO. The CCO wanted the four to reimburse the manager but Slocum overruled the CCO and the four were not formally disciplined.

The performance data compiled by JSA on managers on the Approved List was not based on actual performance. It was hypothetical and back-tested and JSA did not keep books and records substantiating the performance disseminated. JSA did develop certain footnotes about the nature of the performance

91 https://www.sec.gov/litigation/admin/2016/ia-4338.pdf 92 https://www.sec.gov/litigation/admin/2017/ia-4647.pdf

90

record but these disclosures were not uniformly used. Also, JSA had no written policies and procedures regarding the review of marketing materials or the use of performance data in marketing materials.

Topic: Mutual Fund Disclosure and Compliance Issues

In the Matter of Commonwealth Capital Management, LLC, Investment Company Act Release No.

31678 (Jun. 17, 2017)93

The SEC charged a mutual fund adviser, its principal, and three mutual fund board members with failing to satisfy their statutory obligations (Section 15(c) of the Investment Company Act) in connection with the evaluation and approval of mutual fund advisory contracts. Also violated was the shareholder reporting requirement found in Section 30(e) of the Investment Company Act and Rule 30e-1 thereunder.

Topic: Compliance/Annual Review

In the Matter of LKL Investment Counsel LLC, Advisers Act Release No. 4836 (Jan. 3, 2018)94

These proceedings arise out of a 2016 SEC exam that uncovered “compliance breakdowns” at Arizona based adviser LKL Investment Counsel LLC (“LKL”). LKL is owned by one man band Mark Love (“Love”), LKL’s sole member, president and chief compliance officer. LKL’s Form ADV inflated its AUM by $30m (which reduced AUM from $130m to $101m). Once corrected of this material error, LKL failed to deliver (as required) the amended brochure (Form ADV Part 2A) or a summary to its clients. Form ADV also contained several other misrepresentations concerning Love’s ownership interest in client transactions. Love failed to turn over requested documents to the SEC exam staff. He made errors in calculating management fees and he failed to refund client’s prepaid management fees (paid quarterly in advance) that redeemed mid quarter (contrary to disclosure in Form ADV). Love failed to conduct annual compliance reviews since 2008. Pursuant to Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder, it is unlawful for a registered investment adviser to provide investment advice to clients unless the adviser completes annual reviews of the adequacy of its compliance policies and procedures and the effectiveness of their implementation.

In re Dupree Financial Group, LLC, Advisers Act Release No. 4546 (Oct. 5, 2016)95

These proceedings arise out of the failure of Dupree Financial, a registered investment adviser, to conduct annual compliance reviews over a multi-year period. Pursuant to Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder, it is unlawful for a registered investment adviser to provide investment advice to clients unless the adviser completes annual reviews of the adequacy of its compliance policies and procedures and the effectiveness of their implementation. From the time Dupree Financial registered with the Commission in June 2010 through 2014, it failed to perform annual compliance reviews. Based on these actions, Dupree Financial willfully violated Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder.

93 https://www.sec.gov/litigation/admin/2015/ic-31678.pdf and https://www.sec.gov/news/pressrelease/2015-124.html 94 https://www.sec.gov/litigation/admin/2018/ia-4836.pdf; for a summary see, https://www.sec.gov/litigation/admin/2018/ia-4836-s.pdf 95 https://www.sec.gov/litigation/admin/2016/ia-4546.pdf

91

Topic: Misrepresentations of Credentials in Form ADV

In re Source Financial Advisers, LLC, Advisers Act Release No. 4702 (May 5, 2017)96

These proceedings concern material misrepresentations by Michelle M. Smith (“Smith”) and Source Financial Advisers, LLC (“Source”), the registered investment adviser Smith founded. Source misrepresented on its Form ADV brochure supplement that Smith earned a college degree (she never graduated) and that she had earned a Certified Financial Planner credential; she took courses but did not earn the credential. Smith corrected the statements after being contacted by the SEC in 2016.

Topic: Custody Rule

In re Sands Brothers Asset Management, LLC, Advisers Act Release No. 4273 (Nov. 19, 2015)97

The SEC hammered repeat offender Sands Brothers Asset Management LLC (“SBAM”) for failure to timely deliver audited financial statements to its investors. Audited financial statements were late from 40 days to 8 months because SBAM did not provide valuation information to its auditors supporting SBAM’s valuation of nonperforming loans. SBAM and its principals were required to pay penalty of $1 million and were prevented from raising new capital for one year.

In re Knelman Asset Management Group, LLC, Advisers Act Release No. 3705 (Oct. 28, 2013)98

First, the SEC sanctioned Knelman Asset Management Group, LLC (“KAMG”) and its CCO for failure to arrange for a surprise audit or annual GAAP audit for a private equity fund Rancho Partners I, LLC (“Rancho”). Second, Irving P. Knelman (“Knelman”), KAMG’s CEO and CCO, violated Rancho’s PPM in making certain cash distributions to some of Rancho’s members. Third, KAMG and Kelman failed to conduct annual compliance reviews and by failing to implement controls to safeguard Rancho’s assets. Fourth, KAMG failed to maintain required books and records. Fifth, KAMG filed a false Form ADV that claimed it did not have custody of client assets.

Topic: Accountant/Annual Surprise Exam

In re Rodney A. Smith, Advisers Act Release No. 3738 (Dec. 12, 2013)99

This matter involves improper professional misconduct by Rodney A. Smith, Michael Santicchia, CPA, and Stephen D. Cheaney, CPA (collectively “Respondents”) in not completing surprise exams they were engaged and paid to do pursuant to Section 206(4) of the Advisers Act and Rule 206(4)-2 thereunder (the “Custody Rule”). The Repondents completely dropped the ball over several years and did not do the work they were hired to do, including filing Form ADV-E with the SEC.

Topic: Share Class/Best Execution Cases

96 https://www.sec.gov/litigation/admin/2017/ia-4702.pdf 97 https://www.sec.gov/litigation/admin/2015/ia-4273.pdf and https://www.sec.gov/news/pressrelease/2015-262.html 98 https://www.sec.gov/litigation/admin/2013/ia-3705.pdf and https://www.sec.gov/news/press-release/2013-230 99 https://www.sec.gov/litigation/admin/2013/34-71070.pdf

92

In re Geneos Wealth Management Inc., Investment Advisers Act Release No. 4877 (Apr. 6, 2018)100

Geneos, a dually-registered broker dealer and investment adviser agreed to pay $1.85 million for 12b-1 share class selection disclosure violations and failure to adopt policies and procedures reasonably designed to prevent the occurrence. While Geneos did disclose that it “may” select 12b-1 shares, it did not disclose that it would and in-fact did select 12b-1 shares even though cheaper shares were available. Furthermore, while Geneos did update its Form ADV brochure to include the proper disclosures, it did so after five years of not disclosing the conflict of interest (from 2012 to 2017), and did not indicate in its 2017 annual ADV update that there were any material changes to the brochure. In addition to the share class selection conduct, Geneos also failed to disclose a conflict of interest related to revenue sharing agreements made with its clearing brokers to steer clients towards certain mutual funds. The SEC determined that Geneos’ conduct breached its fiduciary duty by failing to seek best execution, and failing to adopt reasonable policies and procedures, pursuant to Advisers Act Sections 206(2), 206(4), Rule 206(4)-7 thereunder, and 207.

In re PNC LLC, Investment Advisers Act Release No. 4878 (Apr. 6, 2018)101

PNC Investments LLC (“PNCI”) a dually-registered broker dealer and investment adviser agreed to pay upwards of $7 million for, among other conduct, failing to disclose to advisory account clients that, given the option between investing client funds in different share classes of mutual funds, where the only difference between the share classes were the attachment of the 12b-1 fees, it would select the share class with the 12b-1 fees attached. The SEC determined that PNCI violated its fiduciary duty to act for the benefit of their clients by not receiving best execution. Even though PNCI disclosed on its Form ADV that it received 12b-1 fees, it did not disclose that it had a conflict of interest and that it would select 12b-1 fees even when its clients were eligible for lower-cost share classes of the same fund. Furthermore, PNCI also failed to disclose that, pursuant to separate marketing support agreements (“MSAs”) between PNCI and certain mutual fund advisers, that it would receive an additional fee when selecting share classes with 12b-1 fees attached. Finally, PNCI failed to comply with its investment management agreements which stated that in the event a PNCI investment adviser representative (IAR) responsible for a fee-based account left or was terminated, creating an “orphaned account” a new IAR would be assigned to the account within 30 days. As a result, numerous orphaned accounts were charged fees, even though there was no investment advice being received. While PNCI did adopt policies to prevent orphaned accounts, it did not adopt procedures reasonably designed to prevent the occurrence, thereby violating Section 206(4) and Rule 206(4)-7 thereunder.

In re Securities America Advisors, Inc., Investment Advisers Act Release No. 4876 (Apr. 6, 2018)102

This is the third matter in the trio of enforcement actions brought for violative conduct attributed to share class selection practices. Similar to the previous two, from 2012 to 2016, Securities America Advisors, Inc., (“SAA”) failed to adequately disclose its practice of selecting more expensive mutual fund shares (“Class A” shares) when cheaper shares (“Class I” shares) were available and failed to discharge its obligation to seek best execution. SAA agreed to pay $5.8 million for this conduct as well as failing to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers act and rules thereunder in connection with this practice.

100 https://www.sec.gov/litigation/admin/2018/34-83003.pdf 101 https://www.sec.gov/litigation/admin/2018/34-83004.pdf 102 https://www.sec.gov/litigation/admin/2018/ia-4876.pdf

93

In re Everhart Fin. Group, Inc., et al., Investment Advisers Act Release No. 4314 (Jan. 14, 2016)103

Everhart Financial Group (“EFG”), a registered investment adviser, principally invested its clients in the mutual funds offered by a single family of mutual funds (“Mutual Fund Complex”), which offers two share classes to investment advisers with the only meaningful difference being that one share class charges 12b-1 fees and the other does not. Despite significantly higher fees, some adviser reps at EFG “nearly always” invested non-retirement individual advisory accounts in shares that charged a 12b-1 fee, which was paid to EFG’s principal owners, who also were licensed registered broker-dealer reps. Receipt of 12b-1 fees not only created a conflict of interest that was not adequately disclosed to EFG’s clients, but favoring 12b-1 funds over others was inconsistent with EFG’s duty to seek best execution for its clients. In addition, EFG had several compliance failures, including the lack of annual compliance reviews for several years, and also issued insufficient disclosures regarding the receipt of 12b-1 fees. The firm also failed to file and deliver an accurate Form ADV. The SEC has also required the advisory firm to retain an independent compliance consultant, notify all advisory clients of the enforcement order, and pay fines and disgorgement. The agency also found that ESG’s founder, Everhart, did not perform required annual compliance reviews from 2008 through 2011 and in 2013 and 2014.

In the Matter of Credit Suisse Securities (USA) LLC, Adm. Proc. File No. 3-17899 (April 4, 2017)104

Credit Suisse Securities (“Credit Suisse”) and one of its former investment adviser representatives, Michael Katz, agreed to pay almost $8 million to settle charges they improperly invested clients in more expensive “Class A” shares of mutual funds rather than less expensive “institutional” shares for which they were eligible. The respondents breached their fiduciary duties and failed to adequately disclose the conflict of interest created by such investments as they enriched themselves at their clients’ expense. Class A shares are generally more expensive than institutional shares of the same fund because they charge investors marketing and distribution expenses known as 12b-1 fees that are paid out of the assets of the mutual fund. In this case, the 12b-1 fees were paid by the mutual funds to Credit Suisse, which then shared a portion of those fees with Katz. According to the SEC’s orders, Credit Suisse collected approximately $3.2 million in avoidable 12b-1 fees from 2009 to 2014, and approximately $2.5 million of that amount was generated from Katz’s advisory clients. Credit Suisse also failed to implement policies and procedures to prevent these fiduciary breaches.

In re William Blair & Co., Advisers Act Release no. 4695 (May 1, 2017)105

Chicago-based William Blair & Company agreed to pay a $4.5 million penalty for negligently using mutual fund assets to pay for the distribution and marketing of fund shares outside of a written, board-approved Rule 12b-1 plan and that it failed to fully disclose that it would retain a fee for providing shareholder administration services to certain funds. Payments for distribution-related services can only come from fund assets pursuant to a written Rule 12b-1 plan that is approved by a fund’s board. These payments totaled approximately $1.25 million and rendered certain of William Blair Funds’ (“Funds”) disclosures concerning payments for distribution and sub-TA services inaccurate. As a result of this conduct, William Blair violated Section 206(2) of the Advisers Act and Section 34(b) of the Investment Company Act, and caused the Funds to violate Section 12(b) of the Investment Company Act and Rule 12b-1 thereunder.

103 https://www.sec.gov/litigation/admin/2016/34-76897.pdf 104 https://www.sec.gov/news/pressrelease/2016-69.html 105 https://www.sec.gov/litigation/admin/2017/ia-4695.pdf

94

William Blair also failed to fully disclose to the Funds’ Board of Trustees (“Board”) that William Blair (and not a third-party service provider) would retain a fee for providing shareholder administration services to the Funds under a shareholder administration services agreement between certain of the Funds and William Blair.

Topic: Failure to Supervise

In the Matter of Brahman Capital Corp., Investment Advisers Act Release No. 4819 (Dec. 5, 2017)106

Brahman Capital Corp., a New York based registered investment adviser failed to reasonably supervise a research analyst (“Gupta”) that breached Brahman’s internal policies by helping another individual (“Chopra”) set up and operate another asset manager, Ratan Capital Management, LP (“Ratan”) with the same investment strategy. Gupta emailed a confidential offering memorandum, marketing presentations, due diligence questionnaires and even trading ideas. Brahman became aware of Gupta’s violations of its confidentiality policies and even began to monitor his emails but did not take sufficient steps to stop Gupta from breaching its policies. The SEC determined that Brahman failed to implement policies and procedures to safeguard confidential information and to enforce its code of conduct. Consequently, Brahman violated Advisers Act Sections 203(e)(6) and 206(4) as well as Rule 206(4)-7 thereunder.

106 https://www.sec.gov/litigation/admin/2017/ia-4819.pdf