The Commissioners and senior officials of the Securities and Exchange Commission (“SEC” or “Commission”) addressed the public on February 23-24 at the annual “SEC Speaks” conference in Washington, D.C. Throughout the conference, many speakers referred to the new energy that SEC Chairman Jay Clayton had brought to the Commission since his confirmation in May 2017. The speakers also seemed relieved that the SEC was finally operating with a full set of commissioners since the recent additions of Robert J. Jackson, Jr. and Hester M. Peirce. Clayton’s address introduced the main refrain of the conference: that the SEC under his leadership is focused on the long-term interests of Main Street investors. Other oft-repeated themes included the challenges presented by cybersecurity and the fast-paced developments in cryptocurrency and blockchain. To address these shifts in focus, the Enforcement division plans to add more resources to the retail, cybersecurity and cryptocurrency spaces.
Following are the key litigation and enforcement takeaways.
Main Street Investors
Commissioner Kara Stein picked up on Clayton’s Main Street investors focus when she asked whether increasingly complex and esoteric investments, such as product strategies and structures that utilize derivatives, were appropriate for retail investors. She explained that it was not a question whether the financial industry could develop and sell these products, but whether it should. She said it was not clear that financial professionals fully understood the products they were selling, and that even if brokers and advisers made disclosures regarding the potential outcomes and risks to investors, complete disclosures might not even be possible due to the products’ complexity. Both SEC and FINRA Enforcement have brought actions related to the sales practices of inverse and leveraged ETFs, as well as the purchase and sale of complex products. Stein opined that gatekeepers needed to remember the real people behind every account number when they were advising clients on how to handle these types of products.
Steven Peikin, Co-Director of the Division of Enforcement, described the SEC’s Share Class Selection Disclosure Initiative as one way in which Enforcement was trying to help Main Street investors. The Initiative was created to address the problem of investment advisers putting their clients into higher fee share classes when no fee or lower fee classes were available. The SEC is incentivizing advisers to self-report this issue by promising not to impose any penalties, and only requiring them to disgorge their profits to investors. Peikin encouraged investment advisers to take advantage of this opportunity, indicating that if the Commission learned that an adviser had engaged in this conduct and did not self-report, it would be subject to significant penalties. The Chief of the SEC’s Broker-Dealer Task Force shared that AML programs and SAR-filing obligations are also a priority for the Enforcement division and OCIE exams. READ MORE
In a speech at the SIFMA AML Conference last week, FINRA Head of Enforcement Susan Schroeder openly explained the “straightforward framework” that Enforcement uses when making decisions about enforcement actions. The context for Schroeder’s speech was FINRA’s merger of two separate enforcement departments, resulting from FINRA head Robert Cook’s “listening tour” and FINRA’s recent self-evaluation, but Schroeder’s explanation appeared to be more of a response to broader industry complaints about FINRA Enforcement’s lack of consistency and transparency in its charging and sanctions decisions.
If that was Schroeder’s mission, she was successful. She identified the goals of enforcement actions, and justified FINRA’s use of its enforcement tool based upon harms to investors and perceived market risks. Overarching Schroeder’s speech was the principle that firms should know “what to expect from their regulator” so they know “how to shape their behavior in order to comply with the rules.” In this spirit of transparency, Schroeder identified the various principles or factors that FINRA Enforcement considers when evaluating enforcement actions and sanctions. Those principles should provide a vocabulary for firms and their counsel to assess and question FINRA’s enforcement activities.
Here are the principles in Schroeder’s own words:
Is this enforcement action appropriate? According to Schroeder, enforcement actions should be brought to “fix something that is broken or to prevent future misconduct, either by the same respondent or by another individual or firm.” Enforcement is not the only means FINRA has to fix something, and it is not always the “right tool” to use. To determine whether enforcement action is the appropriate regulatory response, FINRA will ask: READ MORE
On February 7, 2018 the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its 2018 National Exam Priorities. The priorities, formulated with input from the Chairman, Commissioners, SEC Staff and fellow regulators, are mostly unchanged from years past (New Year, Similar Priorities: SEC Announces 2017 OCIE Areas of Focus, Orrick.com). However, the publication itself is presented in a more formal wrapper that begins with a lengthy message from OCIE’s leadership team describing the Office’s role and guiding principles, including that they are risk-based, data-driven and transparent, and that they embrace innovation and new technology.
OCIE’s principal 2018 priority, not surprisingly, appears to be the protection of retail investors, including seniors and those saving for retirement. OCIE specifically stated that it will focus on the disclosure of investment fees and other compensation received by financial professionals; electronic investment advisors – sometimes known as “robo-advisors”; wrap fee programs in which investors are charged a single fee for bundled services; and never-before-examined investment advisors. As to the latter, OCIE indicated that in the most recent fiscal year, it examined approximately 15 percent of all investment advisors, up from 8 percent five years before. It remains to be seen whether that increasing trend will continue.
Noting that the cryptocurrency and initial coin offering (ICO) markets “present a number of risks for retail investors,” OCIE included them as a priority for the first time. Examiners will focus on whether financial professionals maintain adequate controls and safeguards over the assets, as well the disclosure of investment risks.
Other 2018 priorities are compliance and risks in critical market infrastructure; cybersecurity protections, which OCIE states are critical to the operation of our markets; and anti-money laundering programs. In addition, OCIE has prioritized its examinations of FINRA and MSRB to ensure that those entities continue to operate effectively as self-regulatory organizations subject to the SEC’s oversight. READ MORE
Cryptocurrencies, including Bitcoin, have been in the news a lot lately, but many people still don’t know what they are—or whether they’re regulated. Here’s a quick rundown.
What Are Cryptocurrencies?
Cryptocurrencies are decentralized digital cash systems. Eschewing centralized control, such as a bank or government, cryptocurrencies instead rely on pseudonymous peer-to-peer networks—think Napster of yore—in which all actors in the network must recognize and reflect a transaction. To illustrate how this works, if Person A has an apple and trades it to Person B for her orange, Person A cannot thereafter trade that apple to Person C because everyone knows from a public ledger that Person A has already traded his one apple.
The security of the public ledger is then of paramount importance—so how do cryptocurrencies ensure ledger security? They rely on people called miners. Miners are basically the bookkeepers of the public ledger, and anyone with the time, energy, and equipment can be a miner. When a transaction occurs, it is not immediately added to the public ledger; instead, a miner must first confirm it. To do so, miners generate a complicated code that: (1) memorializes the data relating to the transaction; (2) refers to the previous confirmed transaction in the system (a sequential timestamp of sorts); and (3) complies with the particular cryptocurrency’s specific requirements. This is a challenging and necessary task that protects the public ledger—a transaction won’t be confirmed if a code can’t be generated that aligns with previous ledger entries. Using the earlier example, once Person A’s apple-orange trade has been confirmed, he can’t trade the apple again because any code generated after that reflects that he has already traded his apple. Without an acceptable code, no new transaction can be confirmed.
On May 3, 2016, the Financial Industry Regulatory Authority announced that MetLife Securities, Inc. agreed to pay $25 million to settle allegations that the company misled its customers in tens of thousands of variable annuity replacement applications. The sanction represents FINRA’s largest fine related to variable annuities.
Variable annuities (“VAs”) are highly complex and highly regulated insurance contracts that guarantee their holders—typically retirees—a minimum payment at the end of an accumulation stage. When a consumer seeks to replace one VA for another, her broker must complete an Annuity Replacement and Transfer Disclosure (ARTD) setting forth the comparative cost and guarantee information about existing and proposed annuity contracts. In New York, brokers must also complete a “Regulation 60 Disclosure,” which contains a hypothetical illustration of death benefits and surrender values for existing and proposed contracts under various hypothetical market growth rates.
In recent months, issues related to internal control systems and reporting have taken on an increased profile and significance. For example, as previously noted by the authors here and here, the SEC has sought to prioritize compliance with internal controls by initiating a growing number of investigations into companies based on allegations of inadequate internal controls.
As noted previously in this blog, the SEC and other regulatory agencies continue to display an increased interest in the issue of internal and supervisory controls. The Financial Industry Regulatory Authority (“FINRA”) has continued this trend, recently bringing charges against a number of member firms related to allegedly inadequate supervisory controls.
On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves and their online accounts. FINRA issued a similar, more extensive “Report on Cybersecurity Practices” on the same day.
The National Exam Program Risk Alert, “Cybersecurity Examination Sweep Summary” summarizes cybersecurity practices and policies of 57 registered broker-dealers, and 49 registered investment advisers based on examinations conducted by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”). These findings should be reviewed by CISOs and CIOs who have responsibility for cybersecurity protection because they highlight best practices and areas ripe for improvement. It is reasonable to assume that both the SEC and FINRA will expect firms to review the findings and tailor their own internal assessments and practices to improve their cybersecurity posture, accordingly. They also underscore that the simplest cyber-related scams (phishing, fraudulent e-mail scams, etc.) are still remarkably successful.
Congress continues to struggle with the issue of proper oversight for investment advisors. Despite catastrophes like the Bernie Madoff scheme, SEC budget constrictions have resulted in only a handful of investment advisors being reviewed by the Commission each year (as compared to over half of all broker-dealers). Various bills have been floated to remedy the situation.
In April, the Investment Adviser Oversight Act of 2012 was introduced in the House. Proposed as an amendment to the 1940 Investment Adviser Oversight Act, the new act seeks to regulate investment advisors by requiring them to join a new self-regulatory organization (SRO) that would be funded by their membership fees. Though not explicitly set forth by the Act, the Financial Industry Regulatory Authority (FINRA) was expected to create and oversee the new governing SRO. READ MORE
On July 11, 2012, the Securities and Exchange Commission (SEC) approved a new rule, which will require the national securities exchanges and self-regulatory organizations like the Financial Industry Regulatory Authority (FINRA) to establish a market-wide consolidated audit trail. The new consolidated audit trail will improve regulators’ ability to monitor and analyze trading activity. With the approval of Rule 613, the exchanges and FINRA must jointly submit to the SEC a comprehensive plan of how they plan to develop, implement, and maintain the consolidated audit trail. Rule 613 also requires that the consolidated audit trail collect and identify every order, cancellation, modification, and trade execution for all exchange-listed equities and equity options in all U.S. markets. READ MORE