Navigating Interactions Between Investment Advisers and Their Portfolio Companies: Risks and Best Practices
Insider trading and the potential misuse of material nonpublic information (MNPI) have long been areas of intense focus of the U.S. Securities and Exchange Commission’s (the SEC) examination and enforcement programs. Recent SEC actions reflect a trend toward increased scrutiny of the potential for investment advisers to receive — and possibly to misuse — MNPI as a result of frequent interactions with the issuers in their investment portfolios, even where there is no evidence of misuse. Even in instances where the SEC does not allege that insider trading actually occurred, these actions reflect that investment advisers may face challenging regulatory examinations, enforcement actions and civil money penalties if the SEC alleges that an investment adviser’s policies and procedures were not adequately and effectively designed, implemented and enforced to address the potential for such misconduct. Accordingly, we suggest best practices with respect to the design and implementation of policies and procedures relating to the treatment of MNPI.
SEC Commissioner Peirce Proposes Blockchain Token Safe Harbor
On February 6, 2020, U.S. Securities and Exchange Commission (SEC or Commission) Commissioner Hester M. Peirce (Commissioner Peirce) gave a speech describing the need for more clarity on application of the securities laws to the offer and sale of blockchain tokens or digital assets. As part of the speech, she proposed a safe harbor (Proposal or Safe Harbor) exempting certain tokens from the registration requirements of the Securities Act of 1933 (Securities Act) and Securities Exchange Act of 1934 (Exchange Act), including an exemption for persons engaging in certain transactions with respect to such tokens from the definitions of “exchange,” “broker” and “dealer” under the Exchange Act. The Proposal is of significance to any existing or future blockchain development team considering the distribution of tokens, as well as any digital asset exchange or over-the-counter desk that facilitates transactions in digital assets, blockchain tokens or virtual currencies.
SEC Publishes Cybersecurity and Resiliency Observations Report
The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a report on Cybersecurity and Resiliency Observations based on practices seen in prior exams. OCIE published the overview of practices to help market participants when considering “how to enhance cybersecurity preparedness and operational resiliency,” while acknowledging that there is not a “one-size fits all” approach. The report links cybersecurity to resiliency and business continuity planning, explicitly merging two concepts on which the OCIE has previously focused into a single topic.
SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers
The U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) recently published their examination priorities (together, the Examination Priorities) for the 2020 calendar year.1 In general, the 2020 Examination Priorities continue recurring themes from recent prior years.
OCIE’s 2020 Examination Priorities for broker-dealers and investment advisers include the protection of retail investors (including compliance with new standard of care requirements and interpretations), cyber and information security risks, anti-money laundering compliance, firms engaging in the digital asset space and the provision of electronic investment advice.
FINRA’s 2020 Examination Priorities for member firms include those generally identified by OCIE for registered broker-dealers, as well as cash management and bank sweep programs, initial public offerings, liquidity management, trading authorizations and order routing and vendor display rule requirements, among others.
This post summarizes selected aspects of the Examination Priorities that may be of particular interest to broker-dealers and investment advisers. As always, firms should use the 2020 Examination Priorities to review their compliance and supervisory procedures carefully and make any necessary revisions. Firms also should be prepared to explain their compliance and supervisory policies in these areas in their upcoming SEC and/or FINRA examinations, as applicable, and provide documentation of relevant reviews.
SEC Warns Investors Regarding Digital Asset Initial Exchange Offerings
On January 14, 2020, the U.S. Securities and Exchange Commission (SEC) Office of Investor Education and Advocacy published an investor alert (Alert) regarding initial exchange offerings (IEOs), a type of digital asset fundraising facilitated by online trading platforms.1 Although the Alert is directed at investors, it provides important information to blockchain companies and trading platforms. The Alert highlights the following:
- an explanation of an IEO
- IEOs that are securities offerings must comply with federal securities laws
- a platform offering an IEO may need to register as a broker-dealer, national securities exchange or operate pursuant to an exemption, such as an alternative trading system (ATS)
- IEOs offered to U.S. investors, even if offered from outside the United States, must comply with federal securities laws
Fund Managers Targeted in Sophisticated Cyberattacks
There has been a spike in 2019 of targeted cyberattacks against Asia-based fund managers, especially those in a startup phase of business. Regulators worldwide, including the Securities and Futures Commission of Hong Kong, have issued guidelines for reducing and mitigating hacking risks. This post summarizes the practical measures that may be adopted to protect your firm against cyberattacks and the keys to successful crisis management in the event that an unauthorized data breach occurs. (more…)
Recent Risk Alerts by SEC OCIE Highlight Privacy and Cybersecurity Issues in Examinations
The SEC’s Office of Compliance Inspections and Examinations (OCIE) released two Risk Alerts, on April 16, 2019 and May 23, 2019, highlighting the importance of privacy and cybersecurity compliance for SEC-registered investment advisors and broker-dealers under Regulation S-P. As previously covered on Data Matters, OCIE has consistently identified cybersecurity as one of its main areas of focus for examinations.
Indeed, cybersecurity was once again identified by OCIE in its 2019 National Exam Program Examination Priorities (2019 Exam Priorities), which placed a particular emphasis on proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security. With the issuance of the April 16 and May 23 Risk Alerts, OCIE has provided additional detail regarding specific issues that SEC-registered entities should focus on to mitigate privacy and cybersecurity risk, as well as to prepare for examinations.
SEC FinHub’s Digital Asset Framework: A Guide for Issuers and Secondary Trading Markets
On April 3, the U.S. Securities and Exchange Commission (SEC)’s Strategic Hub for Innovation and Financial Technology (FinHub or Staff) released its much-anticipated guidance, the Framework for “Investment Contract” Analysis of Digital Assets (Framework), regarding its views on factors to consider in applying the Howey test to digital assets. In conjunction with the Framework, the SEC’s Division of Corporation Finance published its first no-action letter in connection with the sale of digital assets, providing relief to TurnKey Jet, Inc., for its proposed token sale.
FTC Announces Record-Setting $5.7M COPPA Penalty
On February 27, 2019, the Federal Trade Commission (“FTC”) announced a record-setting $5.7 million civil penalty against makers of the popular free video creation and sharing app, Musical.ly (now known as TikTok), for violations of U.S. children’s privacy rules. This is the largest civil penalty the FTC has issued concerning violations of the Children’s Online Privacy Protection Act (“COPPA”).