Ropes & Gray’s Investment Management Update: April – May 2016
The following summarizes recent legal developments of note affecting the mutual fund/investment management industry:
FSOC Publishes Update on Review of Asset Management Products and Activities
On April 18, 2016, the Financial Stability Oversight Council (“FSOC”) published its report, Update on Review of Asset Management Products and Activities (the “Review”). The Review is best understood in historical context.
- In July 2014, FSOC stepped back from its previous, heavily criticized recommendations regarding asset managers, and directed its staff “to undertake a more focused analysis of industry-wide products and activities to assess potential risks associated with the asset management industry.”
- In December 2014, FSOC published a notice (available here) inviting public comment on whether certain asset management products and activities could pose potential risks to the U.S. financial system (the “Notice”). The Notice stated that as part of its ongoing evaluation of industry-wide products and activities associated with the asset management industry, FSOC was seeking comments on risks posed to U.S. financial stability in the following areas: (i) liquidity and redemptions, (ii) leverage, (iii) operational functions, and (iv) resolutions (i.e., failure of an asset manager, investment vehicle or affiliate).
The Review, which encapsulates the Notice and comments in response to the Notice, presents a status report on FSOC’s thoughts on “potential risks to financial stability that may arise from certain asset management products and activities.” Specifically, it provides the status of FSOC’s review of four topics in the Notice plus a new topic: potential risks arising from securities lending.
Liquidity and Redemption Risk. The Review recommends that robust liquidity risk management practices, especially for funds that invest in less-liquid assets, should be considered for mutual funds. The detailed recommendations include: creating clear regulatory guidelines regarding mutual funds’ abilities to hold very illiquid assets, enhancing mutual funds’ reporting and disclosure of their liquidity profiles and liquidity risk management practices, facilitating mutual funds’ use of tools to allocate redemption costs to investors redeeming their shares and requiring additional disclosure of funds’ external sources of financing (such as lines of credit and interfund lending) so that FSOC can assess the extent to which mutual funds could transmit liquidity strains to broader markets.
The Review notes that, in May 2015, the SEC proposed modernized and enhanced disclosure by mutual funds regarding their portfolios and, in September 2015, the SEC proposed rules for mutual funds and ETFs designed to enhance liquidity risk management, provide new disclosures regarding fund liquidity and allow funds to adopt swing pricing to pass on transaction costs to entering and exiting investors. The Review states that FSOC welcomes these SEC initiatives, and that FSOC intends to review and consider whether risks to financial stability remain after the SEC initiatives are implemented.
- Other Risk Topics. In respect of the four other areas of risk to financial stability that FSOC states may arise from asset management products and activities – leverage risk, operational risks, resolution/transition risk and securities lending risk – the Review cites insufficient data and incomplete analyses as the basis for FSOC’s refraining from making any recommendations on these four topics in the Review.
On the same day that FSOC published the Review, SEC Chair White published a statement regarding the Review. She stated that she supports FSOC’s publication of the Review. Chair White also cautioned that the Review “should not be read as indication of the direction that the SEC’s final asset management rules may take.”
Regulatory Priorities Corner
The following brief updates exemplify trends and areas of current focus of relevant regulatory authorities:
SEC Comments Following High-Yield Fund Sweep Exam
An April 14, 2016 article in The Wall Street Journal may ease the concerns of asset managers over the regulatory response to the sudden liquidation of the Third Avenue Focused Credit Fund in December 2015. Following the fund’s collapse, the SEC launched a sweep examination of approximately eighty high-yield bond funds. In connection with the sweep, the SEC requested information on liquidity management, pricing methodology and portfolio holdings, among other matters, with the apparent aim of determining whether it should issue a preemptive risk alert. The article stated that Marc Wyatt, Director of the SEC’s Office of Compliance Inspections and Examinations (“OCIE”), indicated that the examinations had not identified any risks that were systemic or widespread, and that OCIE would not recommend that the SEC issue an industry-wide risk alert. Director Wyatt’s remarks suggest that the SEC is unlikely to impose immediate restrictions on high-yield bond funds in direct response to the Third Avenue Fund collapse. However, as we reported in this IM Update, advisers’ liquidity controls for mutual funds and private funds exposed to potentially illiquid fixed-income securities were identified by OCIE as one of its examination priorities for 2016.
Broker-Dealer Settles Action for Deficient Privacy Policies and Procedures
On April 12, 2016, the SEC published issued a settlement order against a broker-dealer, Craig Scott Capital, LLC, and two of its principals (collectively, “CSC”) involving allegations that CSC had violated Rule 30(a) of Regulation S-P (the “Safeguards Rule”). The Safeguards Rule requires broker-dealers, registered investment companies and registered investment advisers to adopt written policies and procedures concerning safeguards for the protection of customer records and information. These written policies and procedures must be reasonably designed to insure the security and confidentiality of customer records and information.
The order stated that, from 2012 to 2014, CSC used non-firm e-mail addresses to receive over 4,000 faxes from customers and other third parties. These faxes included sensitive customer information, including customer names, addresses, social security numbers, and bank and brokerage account numbers. In addition, during the same period, the SEC alleged that the personal email addresses of CSC principals and certain employees had been used for business-related correspondence. The SEC claimed that CSC did not maintain or preserve these faxes or emails as required by Section 17(a) of the Exchange Act and Rule 17a-4 thereunder, and that the firm’s written procedures were not tailored to protect customer records and information, as required by the Safeguards Rule. In particular, the SEC alleged that CSC’s written policies and procedures failed to designate the responsible supervisor, failed to address how customer records and information transmitted through the fax system were to be handled, contained blanks as to how the firm would comply with the Safeguards Rule, and did not follow CSC’s actual practices.
The SEC did not allege that any of CSC’s clients were harmed as a result of the firm’s violations. Without CSC’s admitting or denying the SEC’s findings, the broker-dealer was censured and ordered to pay a $100,000 civil penalty, and each of the two principals was censured and ordered to pay a $25,000 civil penalty.
Commercial General Liability Insurance Covers Cyber Incident
On April 11, 2016, in an unpublished opinion,1 the U.S. Court of Appeals for the Fourth Circuit affirmed a federal district court ruling that Travelers Indemnity Company of America (“Travelers”) must defend its insured, Portal Healthcare Solutions, LLC (“Portal”), against a putative class action under Portal’s commercial general liability (“CGL”) policies.
Portal specialized in the electronic safekeeping of medical records, and Travelers issued Portal two substantially identical CGL policies in 2012 and 2013 that included an “advertising injury” section covering claims based on injury arising from the “electronic publication of material that . . . gives unreasonable publicity to a person’s private life” or “discloses information about a person’s private life.” The putative class-action complaint alleged that Portal had published the two plaintiffs’ medical records on the Internet, based on the plaintiffs’ finding their own records when they searched for their names on the Internet.
Travelers unsuccessfully argued that its CGL policies did not cover the conduct alleged in the class action complaint, arguing that the records made accessible by online searching did not constitute “publication” nor give “publicity” about a person’s private life (because only the patients viewed their own records).
Increasingly, CGL policies expressly exclude claims based upon data breaches and, in general, CGL policies are not a substitute for specialty cyber-risk and technology E&O policies. Nevertheless, the Fourth Circuit’s opinion highlights that there may be cyber-risk coverage under an existing CGL policy. For an insured to maximize its coverage across its insurance portfolio, it may be worthwhile to consider whether existing CGL coverage and other traditional coverage apply to cyber-risk incidents. The opinion also underscores the importance of understanding any changes to existing CGL policies that may have the effect of eliminating cyber-risk coverage.
Since the last issue of our Investment Management Update, we have also published the following separate Alerts of interest to the investment management industry:
1 Travelers Indemnity Co. v. Portal Healthcare Solutions, LLC, No. 14-1944, − F. App’x − 2016 WL 1399517 (4th Cir. April 11, 2016).