It has been a busy year for the SEC from a compliance perspective. You should think about these compliance events as you conduct your annual review of your firm’s policies and procedures. An adviser’s policies and procedures should reflect the firm’s business model, including its compensation structure, services, client base, and operations. Those policies and procedures should address any current market risks to the extent they apply to the firm.
Examiners will evaluate the effectiveness of firms’ annual review of their policies and procedures. An RIA’s annual review should ensure that its policies and procedures will help the firm and its advisers to fulfill their fiduciary obligations.
The SEC’s enforcement actions, publications, and risk alerts during the past year can provide invaluable information for Registered Investment Advisers (RIAs) and Chief Compliance Officers (CCOs). The following is a brief overview of important compliance-related actions taken by the SEC in 2023.
Compliance with the Marketing Rule is a high priority in 2024
On October 16, 2023, the SEC published its examination priorities for 2024. When the SEC prioritizes certain compliance areas, it is very likely that examiners will be scrutinizing them during upcoming examinations of RIAs. The SEC’s priorities release is available at https://www.sec.gov/files/2024-exam-priorities.pdf.
Not surprisingly, compliance with the Marketing Rule will be a high priority in 2024 and beyond. Examiners are likely to conduct marketing practice assessments to ascertain whether RIAs have:
- Adopted and implemented reasonably designed written policies and procedures to prevent violations of the Marketing Rule, as well as the Investment Advisers Act and its rules;
- Fully disclosed their marketing-related information on Form ADV; and
- Substantiated their processes and retained other required books and records.
Marketing practice reviews will also evaluate whether disseminated advertisements include any untrue statements of a material fact, are materially misleading, or are otherwise deceptive. If applicable, advertisements must comply with the Marketing Rule’s requirements for performance advertising, including hypothetical and predecessor performance. In addition, examiners will be reviewing RIAs’ use of third-party ratings, testimonials, and endorsements.
Even before the SEC’s priorities release, the Commission made it clear that RIAs must adhere to the Marketing Rule. On June 8, 2023, the SEC published a Risk Alert to remind RIAs and CCOs that they must:
- Implement policies and procedures that are reasonably designed to prevent Marketing Rule violations by RIAs and their supervised persons;
- Substantiate material statements of fact in advertisements, which means advisers must have a reasonable basis for believing they will be able to prove them if called upon to do so;
- Fulfill their performance advertising compliance obligations; and
- Maintain books and records related to advertisements RIAs disseminate, including internal working papers, performance-related data, and documentation pertaining to oral advertisements, testimonials, and endorsements.
The Risk Alert also warned RIAs that their Form ADVs must provide additional information regarding their marketing practices. RIAs should disclose whether they are using advertisements containing performance, testimonials, endorsements, and third-party ratings. Examiners will determine whether RIAs accurately answered the questions in their annual Form ADV amendments.
The Division of Examinations’ Risk Alert is available at https://www.sec.gov/files/risk-alert-marketing-rule-announcement-phase-3-060823.pdf.
Examiners are extremely wary of RIA advertisements containing hypothetical performance returns. On August 21, 2023, the SEC announced sanctions against a FinTech investment adviser that advertised the annualized performance returns of its crypto strategy. The RIA claimed those returns were as high as 2,700 percent. While those returns certainly caught the attention of investors, they also put the RIA on the SEC’s radar. That case can be reviewed at SEC.gov | SEC Charges FinTech Investment Adviser Titan for Misrepresenting Hypothetical Performance of Investments and other Violations.
In case RIAs did not get the message, the SEC announced on September 11, 2023, that its sweep into Marketing Rule violations resulted in charges against nine RIAs. The firms advertised hypothetical performance to the general public on their websites without adopting and/or implementing policies and procedures required by the Marketing Rule. RIAs are prohibited from including any hypothetical performance in their advertisements unless they have adopted and implemented policies and procedures that are reasonably designed to ensure that the hypothetical performance is relevant to the likely financial situation and investment objectives of the intended audience for the ad. The enforcement actions can be accessed at SEC.gov | SEC Sweep into Marketing Rule Violations Results in Charges Against Nine Investment Advisers.
Compliance with their fiduciary obligations is always a priority for advisers
Not surprisingly, the SEC’s 2024 priorities release stressed how important it is for investment advisers to adhere to their fiduciary duty. In particular, examiners will be looking at situations where RIAs recommend:
- Complex products, such as derivatives and leveraged exchange-traded funds (ETFs);
- Costly and illiquid products, such as variable annuities and non-traded real estate investment trusts (REITs); and
- Unconventional strategies, such as those that supposedly address rising interest rates.
As is the case every year, examiners will seek to protect older investors and those who are saving for retirement.
Fiduciaries must provide investment advice that is in their clients’ best interest, including their processes for:
- Making initial and ongoing suitability determinations;
- Seeking best execution;
- Evaluating costs and risks; and
- Identifying and addressing conflicts of interest.
These evaluations should address factors such as clients’ investment profiles, as well as their investment goals and account characteristics. Examinations will review how RIAs address conflicts of interest, including their efforts to mitigate them. In some instances, RIAs must go further and eliminate conflicts of interest. In addition, examiners will review how RIAs allocate investments in situations where investors have more than one account, whether it is a wrap fee program or a fee-based account.
Examiners will always scrutinize the economic incentives that an RIA and its financial professionals receive to recommend products, services, or account types. Economic incentives may exist, such as revenue sharing, markups, or other incentivizing revenue arrangements. Examiners will be looking closely at advisers that are dually registered as broker-dealers or use affiliated firms to perform client services. Examiners will be keeping a close watch on firms that employ financial professionals to service both brokerage customers and advisory clients. The SEC has brought numerous enforcement actions when firms recommended certain mutual fund share classes or types of accounts when lower cost options were available. In addition, examiners are wary of investment advice related to proprietary products and affiliated service providers that result in additional or higher fees for investors.
SEC staff bulletin articulates the standard of care owed when giving advice and making recommendations to retail investors
The SEC’s priorities release was just the latest reminder that investment advisers must adhere to their fiduciary standard. On April 20, 2023, the SEC published a staff bulletin that reinforced the standards of conduct owed by broker-dealers and investment advisers when giving investment advice and making recommendations to retail investors. The SEC’s staff bulletin can be found at https://www.sec.gov/tm/standards-conduct-broker-dealers-and-investment-advisers#_ftn1.
The bulletin focused on the Regulation Best Interest (Reg BI) Care Obligation, as well as the duty of care owed pursuant to the Investment Advisers Act, which is referred to as the “IA fiduciary standard.”
These care obligations under Reg BI and the IA fiduciary standard include three components:
- Understanding the potential risks, rewards, and costs arising from a product, investment strategy, account type, or series of transactions;
- Having a reasonable understanding of the retail investor’s investment profile; and
- Based on their understanding of the first two components and after considering reasonably available alternatives, firms and financial professionals must have a reasonable basis to conclude that the recommendation or advice provided is in the retail investor’s best interest.
Firms and their financial professionals must decide if a recommendation made or advice given satisfies their care obligations. They must conduct an objective evaluation that is based upon the facts and circumstances surrounding the specific recommendation or advice, including the investment profile of the retail investor. When adopting and implementing reasonably designed policies and procedures to articulate their care obligations, broker-dealers and RIAs should tailor them to their business models and retail investor relationships.
The SEC followed up on its staff bulletin on May 4, 2023, when it settled charges against an RIA and an Investment Adviser Representative (IAR). The SEC’s complaint alleged that the parties breached their fiduciary duty of care related to leveraged ETFs in discretionary client accounts. Complex products present unique risks. RIAs and IARs must ensure that there is a reasonable basis to recommend these products before purchasing them for clients. IARs need to have a complete understanding of an investment before recommending it, especially one that carries unique risks.
According to the SEC’s order, from at least 2017 through December 2020, the RIA and the IAR invested advisory clients in leveraged ETFs for extended periods of time. In many cases, the RIA and the IAR overinvested clients’ funds in products in significant concentrations that carried unique risks. The RIA and IAR ignored the funds’ prospectuses, which warned that the products:
- Raised unique risks;
- Were designed to be held for no more than a single trading day; and
- Required frequent monitoring.
The SEC alleged that the RIA and the IAR misunderstood these fundamental characteristics of the leveraged ETFs. Therefore, they lacked a reasonable belief that the leveraged ETFs were in their clients’ best interests. Furthermore, the RIA and IAR failed to appropriately monitor the performance of these products. As a result, they did not evaluate whether the leveraged ETFs were in their clients’ best interests throughout the holding period. In addition, the SEC concluded that the RIA failed to adopt and implement policies and procedures that are reasonably designed to prevent violations of the Investment Advisers Act.
Neither the RIA nor the IAR had a reasonable basis for concluding that the leveraged ETFs were suitable for their clients. The RIA and the IAR did not fully appreciate the most important attributes of leveraged ETFs. They did not appear to recognize that leveraged ETFs were designed as short-term trading tools. Furthermore, they apparently failed to realize that there were material risks to holding them in significant amounts for much longer periods than those timeframes recommended by the issuers. As an example, the RIA and the IAR ignored unique risks discussed in the prospectuses. They allegedly used the leveraged ETFs in an unsuitable manner, including concentrating clients’ portfolios in that investment and holding them for extended periods of time.
Although the RIA permitted its IARs to invest in complex products like the leveraged ETFs, the firm’s policies and procedures failed to address due diligence, product-specific disclosures to clients, or suitability evaluations for these investments. Furthermore, the RIA did not implement policies and procedures pertaining to the training required for IARs recommending leveraged ETFs. Moreover, they did not adopt policies and procedures for supervising recommendations or purchases of leveraged ETFs or monitoring these products.
The enforcement action can be reviewed at https://www.sec.gov/litigation/admin/2023/34-97427.pdf.
Full and fair disclosure is an integral component of fiduciary duty
Examiners will look at an RIA’s disclosures made to investors and whether they include all material facts relating to conflicts of interest. Without full disclosure, clients are not capable of giving informed consent to a conflict of interest.
Disclosures must be robust, especially when it comes to conflicts of interest. On September 26, 2023, the SEC announced that an RIA agreed to pay more than $18 million to settle charges related to undisclosed conflicts of interest involving a cash sweep program operated by its affiliated custodian and its receipt of millions of dollars in revenue sharing payments from third-party custodians.
According to the SEC’s order, the RIA failed to provide full and fair disclosure of conflicts of interest arising from its affiliate’s cash sweep program, which swept clients’ uninvested cash into interest-earning bank accounts. The RIA did not advise clients that it helped set the fee that its affiliate custodian received for operating the cash sweep program. The fee reduced amounts of interest paid to those clients. In addition, the SEC found that the RIA received custodial support payments from some third-party custodians based on assets held in certain no-transaction-fee mutual funds. The RIA allegedly failed to disclose to clients that, in some cases, there were lower-fee share classes with lower expense ratios available to clients.
The enforcement action is available at https://www.sec.gov/files/litigation/admin/2023/ia-6434.pdf.
Form 13F
Form ADV is only part of an RIA’s disclosure responsibilities. Form 13F is a report that must be filed with the SEC by institutional investment managers with discretion over specified securities that have an aggregate value of more than $100 million. This filing requirement was put in place by Section 13(f) of the Securities Exchange Act of 1934 (Exchange Act).
When Congress passed Section 13(f), its goal was to create a central depository of historical and current data about the investment activities of institutional investment managers for use by investors and government regulators. The SEC uses the information gathered to analyze the impact that institutional investment managers have on the securities markets. Depending upon its findings, the SEC may decide if changes in public policy are necessary.
On September 13, 2023, the SEC brought an enforcement action against an RIA with investment discretion over more than $100 million of reportable securities. The RIA failed to file quarterly Forms 13F beginning in February, 2017. The firm did not begin to file Forms 13F until April, 2022.
The RIA was found to have willfully violated Section 13(f)(1) of the Exchange Act and Rule 13f-1 thereunder. The firm failed to file Forms 13F from the quarter ending December 3, 2016, to the quarter ending December 31, 2021.
The SEC censured the RIA and ordered the firm to pay a civil money penalty of $150,000. A penalty of that magnitude, along with the likely reputational damage to the RIA, should help investment advisers recognize how important it is for them to fulfill their Form 13F filing obligations.
The enforcement action can be found at https://www.sec.gov/files/litigation/admin/2023/34-98381.pdf.
How RIAs identify compliance lapses
Whatever the SEC’s priorities are, examinations will cover a great deal of ground. Examiners are likely to conduct:
- Compensation arrangement assessments that focus on matters, such as revenue earned on clients’ bank deposit sweep programs and fee breakpoint calculation processes, particularly when fee billing systems are not automated;
- Valuation assessments regarding advisers’ recommendations that clients invest in illiquid or difficult-to-value assets, such as commercial real estate or private placements;
- Safeguarding assessments for RIAs’ controls to protect clients’ material non-public information, particularly when multiple advisers share office locations, have significant turnover of IARs, or use expert networks; and
- Disclosure assessments to review the accuracy and completeness of regulatory filings, including Form CRS, with a particular emphasis on inadequate or misleading disclosures and registration eligibility.
The SEC’s priorities release noted that examiners will be focused on RIAs’ policies and procedures for:
- Selecting and using third-party and affiliated service providers;
- Overseeing branch offices when firms operate from numerous or geographically dispersed offices; and
- Obtaining informed consent from clients when RIAs implement material changes to their advisory agreements.
If advisory contracts are not adhered to, clients are likely to be overcharged.
RIAs may negotiate reduced advisory fees with their clients. It is imperative, however, that they honor those agreements and implement any fee changes that were agreed to by the firm. Fee discrepancies often occur when RIAs acquire other firms. When an RIA’s fees are inaccurately calculated, the firm will pay a steep price.
On August 25, 2023, the SEC accused a dually registered investment adviser/broker-dealer with overcharging thousands of clients. The firm overcharged approximately 10,945 investment advisory accounts by more than $26.8 million in advisory fees. The firm agreed to pay a $35 million civil penalty to settle the SEC’s charges. It also paid affected accountholders around $40 million, including interest, to compensate them for the overcharges. In addition, the firm agreed to be censured and to cease-and-desist from further violations.
The SEC determined that the firm and its predecessors overcharged certain clients who opened accounts prior to 2014 for advisory fees incurred through December 2022. According to the SEC, some financial advisers of the firm and its predecessors agreed to reduce their standard, pre-set advisory fees for certain clients. These predecessor firms used advisory contracts referred to as “shelf” agreements to open new advisory client accounts. These “shelf” agreements were hard copy versions of their standard advisory contracts.
Some of these financial advisers made handwritten or typed changes on the clients’ investment advisory agreements, which reflected the reduced fees charged when their accounts were opened. In certain cases, however, account processing employees failed to input the agreed-upon reduced advisory fee rates into the firms’ billing systems when onboarding clients’ accounts. The SEC discovered that the firm did not conduct any review or periodic testing of clients’ accounts opened by its predecessor entities to confirm that negotiated fee changes to the advisory agreements were implemented.
When the SEC uncovers compliance mistakes like this, the Commission almost always identifies weaknesses in firms’ policies and procedures. The SEC alleged that the firm failed to adopt and implement written compliance policies and procedures that were reasonably designed to ensure that its billing systems contained accurate data. These policies and procedures were not sufficient to prevent overbilling of the clients acquired through its predecessor firms, as well as certain new clients.
The SEC’s press release and order is available at SEC.gov | Wells Fargo Settles with SEC for Charging Excessive Advisory Fees.
Private fund advisers face intense scrutiny
According to the SEC’s priorities release, examiners will continue to focus on advisers to private funds and will prioritize areas such as:
- The portfolio management risks that arise when there is exposure to recent market volatility and higher interest rates, including private funds experiencing poor performance, significant withdrawals and valuation problems, as well as private funds with more leverage and illiquid assets;
- Adherence to contractual requirements regarding limited partnership advisory committees or similar structures, such as advisory boards, including contractual notification and consent processes;
- Accurate calculation and allocation of private fund fees and expenses, including valuation of illiquid assets, calculation of post commitment period management fees, adequacy of disclosures, and potential offsetting of those fees and expenses;
- Due diligence practices to ensure consistency with policies, procedures, and disclosures, such as evaluations of prospective portfolio companies;
- Conflicts, controls, and disclosures regarding private funds managed side-by-side with registered investment companies and the use of affiliated service providers;
- Compliance with the Investment Advisers Act requirements governing custody, including accurate Form ADV reporting, timely completion of private fund audits by a qualified auditor, and the distribution of private fund audited financial statements; and
- Policies and procedures regarding Form PF filings.
On September 5, 2023, the SEC announced charges against five private fund advisers that failed to comply with requirements designed to safeguard clients’ assets. Three of the firms were also charged with failing to update their disclosure of audits of their private fund clients’ financial statements. The five RIAs agreed to settle the SEC’s charges and to pay more than $500,000 in combined penalties.
In these cases, a related person of the RIA served as the managing member or general partner of their private funds during the relevant time periods and had the authority to make decisions for, and act on behalf of, them. Therefore, the RIA had custody of the funds’ assets as defined in the Custody Rule.
The five firms failed to satisfy one or more of the following requirements:
- Have audits performed;
- Deliver audited financials to investors in a timely manner; and/or
- Ensure that a qualified custodian maintained client assets.
According to the SEC’s orders, two of the RIAs failed to promptly file amended Forms ADV to reflect they had received audited financial statements. One of the RIAs failed during multiple years to properly describe the status of its financial statement audits when filing the firm’s Form ADV.
The SEC’s press release, as well as the five enforcement actions, can be reviewed here.
RIAs must watch out for off-channel communications that lead to recordkeeping violations
The SEC has made it clear that compliance with books and records requirements is essential to investor protection and well-functioning marketings. To date, the SEC has brought 30 enforcement actions and ordered over $1.5 billion in penalties to drive home this foundational message. In addition, numerous RIAs have received deficiency letters for failing to meet their books and records obligations.
On August 8, 2023, the SEC charged eleven financial services firms, including a dually registered broker-dealer and RIA, with widespread recordkeeping violations. The SEC alleged that the firms and their employees failed to maintain and preserve electronic communications. Along with other sanctions, the firms were ordered to improve their policies and procedures in order to prevent future violations.
The SEC identified pervasive and longstanding “off-channel” communications at all eleven firms that were charged. Generally, off-channel communications occur when IARs use their personal devices for business purposes. The firms involved in these enforcement actions admitted that their employees often conducted business on their personal devices using various messaging platforms such as iMessage, WhatsApp, and Signal.
According to the SEC’s complaints against them, the firms violated the federal securities laws by failing to maintain or preserve a substantial majority of these off-channel communications. This failure to maintain and preserve required records undermined the SEC’s ability to conduct its examinations. Employees at multiple levels of authority, including supervisors and senior executives, committed the violations.
The SEC ordered all of the firms to pay significant financial penalties. Furthermore, the SEC censured the firms and ordered them to cease and desist from future violations of the relevant recordkeeping provisions. In addition, the firms agreed to hire independent compliance consultants to conduct comprehensive reviews of their policies and procedures pertaining to the retention of electronic communications on personal devices. These consultants would also provide guidance on how to address situations where employees did not comply with the firm’s policies and procedures.
These enforcement actions have serious implications for all RIAs, not just dually registered firms. RIAs are subject to their own books and records rule. Books and records rules allow the SEC to conduct its examinations and enforcement work. Recordkeeping failures undermine the SEC’s ability to exercise effective regulatory oversight, which may result in harm to investors.
The SEC is well aware that many RIAs have committed and may still be committing similar violations. Clearly, the SEC will be on the lookout for these violations during RIA examinations.
A practical solution is for RIAs to adopt robust policies and procedures to ensure that IARs and other advisory personnel do not use personal devices for business-related communications. Members of the RIA should be required to sign an attestation that they will not use off-channel communications for business-related matters. In addition, executives, supervisors, senior leadership, CCOs, and compliance staff must lead by example and should avoid using off-channel communications.
Many electronic communications archiving service providers are able to archive text messages. RIAs that are having difficulty implementing policies prohibiting electronic messaging are encouraged to use those services.
The SEC’s enforcement actions are available here.
The SEC will protect whistleblowers’ rights
The SEC’s enforcement efforts depend in part on whistleblowers. During fiscal year 2023, the SEC took forceful action to protect whistleblowers’ rights and to ensure their ability to report potential securities laws violations to the Commission.
On September 29, 2023, the SEC settled charges against an RIA for raising impediments to whistleblowing by requiring employees to sign agreements prohibiting the disclosure of confidential corporate information to third parties, without an exception for potential SEC whistleblowers, and by requiring departing employees to sign releases affirming that they had not filed any complaints with any government agency for the employees to receive deferred compensation. The case is available at 34-98641.pdf (sec.gov).
In addition, the SEC has charged firms for using employment and separation agreements that violated the whistleblower protection rule by requiring certain employees to waive their rights to financial whistleblower awards or by obligating former employees to notify the company if they receive a request for information from the Commission.
State securities regulators are also serious about enforcement
State securities regulators also conduct vigorous examinations of RIAs. On September 11, 2023, the North American Securities Administrators Association (NASAA) released examination statistics that should serve as a wake-up call for state-registered investment advisers. A series of coordinated examinations of RIAs by state securities examiners identified numerous compliance deficiencies. NASAA’s report demonstrated that even small RIAs are expected to implement robust compliance programs.
Seventy-two percent of the RIAs examined were one-person firms. For 34 percent of the RIAs, this was their first examination. Seven percent of the firms examined conducted other business activities such as insurance.
NASAA reported that examiners found the most deficiencies in the following areas:
- Registration violations were discovered in 23 percent of the examinations, such as Form ADV or Form U4 inaccuracies;
- Books and records violations were found in 17 percent of the examinations, including client suitability information and Form ADV Part 2 amendments and revisions;
- Supervision and compliance violations were uncovered during 16 percent of the examinations, such as insufficient protection of vulnerable clients and inadequate review of the firm’s policies and procedures;
- Contract-related violations were observed in 12 percent of the examinations, including improper execution of agreements, fee miscalculations, and charging performance fees improperly; and
- Fee-related violations were found in 6 percent of the examinations, such as situations where fees did not match advisory contracts or Form ADV.
Among other compliance deficiencies, examiners found there was a lack of evidence that privacy policies were delivered initially or annually. A number of the RIAs had no policies and procedures for uncovering suspected financial exploitation. A significant number of violations were related to client suitability information.
NASAA’s examination report is available here. These findings will also benefit SEC-registered investment advisers who can use them to bolster their compliance programs.
On November 14, 2023, the SEC announced its own enforcement statistics. Those statistics can be found at SEC.gov | SEC Announces Enforcement Results for Fiscal Year 2023.
Takeaways
As RIAs conduct their annual reviews of their policies and procedures, they should take note of mistakes made by other firms. No RIA wants to become an enforcement statistic in 2024.
Just as RIAs protect and grow clients’ assets, investment advisers owe a fiduciary duty to zealously guard their clients’ private information. SEC registrants, including RIAs and broker-dealers, possess an enormous amount of electronic data about entities and individuals such as:
- Personal identifying information;
- Sensitive account information; and
- Other information that might be misused by bad actors.
A cybersecurity incident can quickly undermine an RIA’s reputation and is likely to erode clients’ trust in a matter of days.
About RIA Compliance Group: RIA Compliance Group is an investment adviser compliance consulting firm based in Delray Beach, Florida. The firm’s mission is to provide affordable, timely, practical, and cost-effective compliance advice. We help investment advisers to comply with the myriad of state and SEC regulations and compliance obligations facing their firms. RIA Compliance Group takes pride in giving personal service and real world compliance advice, not theoretical concepts and legalese. The firm interacts on a daily basis with SEC and state securities regulators.
RIA Compliance Group, LLC – 701 SE 6th Ave, Suite 201, Delray Beach, FL 33483 – Tel: 561-600-0564 – sales@ria-compliance.com
Recent Comments