Throughout the year, the Securities and Exchange Commission's ("SEC") Office of Compliance Inspections and Examinations ("OCIE") releases various risk alerts reminding investment advisers of compliance risks and issues associated with specific rules. These risk alerts are typically released as a result of a large number of compliance deficiencies uncovered during regulatory examinations. In addition to risk alerts, the SEC also passed the new Form Customer Relationship Summary ("CRS") requirement in 2019 as well. To help keep you and your firm up-to-date, RIA in a Box releases blog posts summarizing risk alert announcements and rule changes as they occur.
Here's a look at the SEC regulatory developments from the past year:
At the end of 2018, the SEC released its upcoming exam priorities for the 2019 calendar year. For 2019, the SEC primarily focused on six categories: compliance and risk at registrants responsible for critical market infrastructure, matters of importance to retail investors, including seniors and those saving for retirement, Financial Industry Regulatory Authority ("FINRA") and the municipal Securities Rule Making Board ("MSRB"), digital assets, cybersecurity, and anti-money laundering programs.The office indicated that within those priority areas, they would focus on fees and expenses, conflicts of interest, portfolio management and trading, never-before or not-recently examined investment advisers, and cybersecurity.
2. SEC Risk Alert Flags S-P Privacy Notices and Safeguard Policies (April 2019)
On April 16, 2019, the SEC released a risk alert around Regulation S-P privacy notices and safeguard policies. The risk alert reminds advisers to implement effective policies and procedures for safeguarding customer information. OCIE observed that investment advisory firms did not provide proper notices to customers including the right to opt-out, annual privacy notices, and initial privacy notices. In addition, much of the risk alert also focused on common issues discovered during audits related to the requirement to have written policies and procedures to safeguard customer information.
On May 23, 2019, the SEC's OCIE released a risk alert after number of observations of improper use of security features on network storage systems. Compliance issues resulted from misconfigured network storage solutions, inadequate oversight of vendor-provided network storage solutions, and insufficient data classification policies and procedures. This blog post walks through the risk alert in detail and provides examples of effective network storage cybersecurity practices that RIA firms can implement.
On June 5th 2019, the SEC finalized a Form ADV Part 3 requirement, otherwise known as Form CRS, which requires SEC-registered RIA firms to provide a brief, two-page customer relationship summary containing five items to distribute to retail investors. This form is intended to provide customers and prospects with a clear summary of the firm's fees, services, conflicts on interest, disciplinary, and additional information. According to the SEC's general instructions, "if you are already registered or have an application for registration pending with the SEC as an investment adviser before June 30, 2020 you must electronically file, in accordance with Instruction 7.A. above, your initial relationship summary beginning on May 1, 2020 and by no later than June 30, 2020 either as: (1) an other than-annual amendment or (2) part of your initial application or annual updating amendment."
On July 23, 2019 the SEC issued a risk alert addressing the risks associated with hiring staff members with past disciplinary history and designing policies and procedures that will properly address those risks. This risk alert resulted from a series of examinations which resulted in numerous compliance deficiencies of undisclosed conflicts of interest.The risk alert cited specific examples of inadequate disclosure of disciplinary events, conflicts of interest, and improper documentation of the responsibilities of the expectations of the firm's supervised persons.
6. SEC Proposes Significant Changes to Advertising and Solicitation Rules (November 2019)
On November 4, 2019, the SEC announced that it has voted to propose amendments to rules under the Investment Advisers Act of 1940 including Rule 206(4)-1, commonly referred to as the "Advertising Rule" and Rule 206(4)-3, or the "Cash Solicitation Rule." The proposed amendments aim to modernize the rules which have not been updated since 1961 and 1979, respectively, "to reflect changes in technology, the expectations of investors seeking advisory services, and the evolution of industry practices," as stated by the SEC. This blog post breaks down the 500-page proposal and its potential impact to RIA firms. The changes are subject to a 60 day public comment period.