Ropes & Gray’s Investment Management Update December 2022 – January 2023

Alert
February 6, 2023
13 minutes

The following summarizes recent legal developments of note affecting the mutual fund/investment management industry.

SEC Risk Alert Regarding Prevention of Identity Theft under Regulation S-ID

On December 5, 2022, the SEC’s Division of Examinations published a Risk Alert summarizing the Division staff’s most common deficiencies observed in recent examinations of SEC-registered investment advisers (“advisers”) and broker-dealers (together with advisers, “firms”) concerning firms’ compliance with Regulation S-ID, also known as the Identity Theft Red Flags Rules.

  • SEC-regulated entities that are likely subject to Regulation S-ID include most registered broker-dealers and registered funds and some registered investment advisers1 if they offer or maintain accounts that are primarily for personal, family or household purposes.
  • If a firm determines that it has such accounts, it must establish a written program designed to detect, prevent and mitigate identity theft in connection with covered accounts offered or maintained by the firm (a “Program”).

Identification of Covered Accounts

Regulation S-ID requires firms to determine and periodically reassess whether they offer or maintain “covered accounts.”2 The Division staff observed the following deficiencies.

Failure to identify covered accounts. Some firms failed to assess whether any of their accounts were covered accounts and, consequently, did not identify covered accounts at the firm and failed to implement a Program.

Failure to identify new and additional covered accounts. Some firms did initially identify accounts that they offered as covered accounts but either (i) did not conduct periodic reassessments or (ii) did not identify all categories or new types of accounts that were covered accounts.

Failure to conduct risk assessments. While some firms periodically identified covered accounts, the periodic identification failed to include a risk assessment that considered (i) the methods provided to open, maintain and close accounts, (ii) the methods to access different types of covered accounts or (iii) previous experiences with identity theft.

Establishing a Program

A Program must include reasonable policies and procedures to identify, detect and respond to red flags that are relevant to identity theft. The Division staff observed the following problems.

Programs not tailored to the business. Some firms established a generic Program that was not tailored to the firm’s business model. In some instances, the Programs simply restated the requirements of Regulation S-ID and failed to include processes for complying with the requirements.

Program did not cover all required elements of Regulation S-ID. There were firms that represented to the Division staff that other policies and procedures outside of a written Program constituted the firm’s process for detecting, preventing and mitigating identity theft. However, the procedures had not been incorporated into a Program and, in many instances, failed to meet all of the required elements of Regulation S-ID.

Required Elements of the Program

The Division staff observed Programs that lacked required elements.

Identification of Red Flags. There were firms that did not appear to have reasonable policies and procedures to identify relevant red flags – i.e., patterns, practices or specific activities that indicate the possible existence of identity theft:

  • Firms that failed to identify red flags specific to their covered accounts.
  • Firms that only offered online accounts listed red flags related to the physical appearance of a customer.
  • Firms that lacked a process or did not follow existing procedures to evaluate actual experiences with identity theft to determine if additional red flags should be added to their Programs.
  • Firms that did not include in their Programs actual red flags already encountered by the firms. Consequently, the firms’ written Programs were merely policy statements without any actionable procedures to address previously identified red flags.

Detect and Respond to Red Flags. There were firms that did not appear to have reasonable policies and procedures to detect and respond to relevant red flags:

  • Firms that relied on pre-existing policies and procedures (e.g., anti-money laundering procedures) to satisfy this Program requirement, where such procedures were not designed to detect and respond to identity theft red flags.
  • Firms that identified procedures for detecting and responding to specific red flags, when the actual procedures either did not exist or failed to contain a process related to that red flag.

Periodic Program Updates. Regulation S-ID requires that Programs include reasonable policies and procedures to ensure the Program is updated periodically to reflect changes in risks to customers and the firm from identity theft. However, the Division staff observed:

  • Some firms did not update their identified red flags after making significant changes to the ways in which firm customers open and access their accounts.
  • Some firms had gone through business changes or been reorganized but failed either to incorporate their new business lines into their existing Program or to approve a new Program for their new business lines.

Administration of the Program

Regulation S-ID requires firms to provide for the continued administration of their Programs, including: (i) approval of the initial written Program from a board of directors or from a designated senior management employee (if the firm does not have a board), (ii) involving the board or senior management in the oversight and administration of the Program, (iii) training staff as necessary and (iv) exercising appropriate oversight of service providers. The Division staff observed the following deficiencies concerning Programs’ continued administration:

  • Firms that did not provide sufficient information to the board or designated senior management through periodic reports, either by failing to submit any reports or by submitting reports that did not appear to contain sufficient information for the board or senior management to evaluate the effectiveness of the Program.
  • Firms that did not have adequate processes to assess which employees should be trained, and firms whose trainings were insufficient because they were limited to a single sentence telling employees to be aware of identity theft.
  • Firms that relied on service providers to perform activities in connection with covered accounts and firms that failed to evaluate the controls in place at the service provider to monitor for identity theft.

SEC Charges Trader in Fund Front-Running Scheme

On December 14, 2022, the SEC filed a complaint with the U.S. District Court for the Southern District of New York against an equity trader (the “Trader”) employed by a major U.S.-based asset management firm (the “Manager”) and the Trader’s associate (the “Associate”) (together, the Trader and the Associate, the “Defendants”).

The SEC alleged that, for over six years, the Trader had tipped the Associate of large orders being placed by the Manager on behalf of eight registered funds as part of a lucrative front-running scheme. According to the SEC complaint, throughout the period September 2016 until August 2022:

  1. The Trader was subject to the Manager’s code of ethics and owed a duty of trust and confidence to the Manager to maintain the confidentiality of the Manager’s material nonpublic information and to refrain from disclosing such information to third parties.
  2. The Trader communicated the Manager’s plans to purchase or sell large quantities of specific stocks to the Associate. Based on this material nonpublic information, the Associate bought or sold the same stocks in his personal brokerage accounts before the Manager executed trades, or during the time when tranches of large orders were being executed by the Manager and before the trade orders impacted the market price of the specific stock.
  3. The Associate’s transactions in his personal brokerage accounts were intraday roundtrip stock trades that entailed opening a stock position (through either a purchase or short sale) during the trading day and closing that position on the same trading day (each, a “Transaction”). Thus, after the Manager’s trades were executed and the price of the security reacted as expected, the Associate closed out a Transaction, nearly always at a profit.
  4. There were 1,697 unique instances where (i) the fund accounts traded in the same security on the same date and in the same direction and (ii) in the same security, the Associate opened a Transaction before and closed that Transaction after the fund accounts’ trades. In total, the Associate earned profits of at least $47 million from the Transactions.

The SEC’s complaint alleged that the Defendants violated Section 10(b) of the Exchange Act and Rule 10b-5 thereunder and Section 17(a) of Securities Act, and that the Trader had violated Section 17(j) of the 1940 Act. The complaint seeks injunctive relief and disgorgement of profits with interest by the Defendants, as well as the imposition of civil money penalties.

REGULATORY PRIORITIES CORNER

The following brief update exemplifies certain trends and areas of current focus of relevant regulatory authorities.

SEC Announces Annual Regulatory Agenda

The Office of Information and Regulatory Affairs semi-annually publishes the “Unified Agenda of Regulatory and Deregulatory Actions” of the various federal agencies. The Unified Agenda includes the SEC’s Current Agenda, which reflects only the priorities of SEC Chair Gary Gensler and does not necessarily reflect the views and priorities of any other Commissioner.

Published in January 2023, the fall 2022 SEC Current Agenda contained the following items for which action is likely in 2023, as indicated.

Rulemaking

Status

Projected Action

Amendments to the Custody Rules for Investment Advisers

The Division of Investment Management (“DIM”) is considering recommending that the SEC propose amendments to existing rules and/or propose new rules under the Advisers Act to improve and modernize the regulations around the custody of funds or investments of clients by investment advisers.

First quarter 2023

Digital Engagement Practices for Investment Advisers

DIM is considering recommending that the SEC propose rules related to the use of predictive data analytics, differential marketing and behavioral prompts.

First quarter 2023

Fund Fee Disclosure and Reform

DIM is considering recommending that the SEC propose changes to regulatory requirements relating to registered funds’ fees and fee disclosure.

Second or third quarter 2023

Amendments to Form PF – Reporting Requirements for Large Private Equity Advisers and Large Liquidity Fund Advisers

Proposed. Described in a February 2022 Ropes & Gray Alert.

First quarter 2023

Money Market Fund Reforms

Proposed. Described in a January 2022 Ropes & Gray Alert.

First quarter 2023

Fund and Investment Adviser Cybersecurity Risk Governance

Proposed. Described in a February 2022 Ropes & Gray Alert.

First quarter 2023

Private Fund Advisers; Documentation of Registered Investment Adviser Compliance Reviews

Proposed. Described in a February 2022 Ropes & Gray Alert.

First quarter 2023

Enhanced Disclosures by Investment Advisers and Investment Companies about ESG Practices

Proposed. Described in a June 2022 Ropes & Gray Alert.

Second or third quarter 2023

Investment Company Names

Proposed. Described in a June 2022 Ropes & Gray Alert.

Second or third quarter 2023

 
Separately, in June 2022, the SEC published its Request for Comment on Certain Information Providers Acting as Investment Advisers.3 The SEC’s “Long Term Actions,” which accompanied publication of the fall 2022 SEC Current Agenda described above, included this Request for Comment and indicated that SEC rulemaking in the matter is unlikely in 2023.

SEC Advertising Guidance Regarding Net Performance for Single Investments

On January 11, 2023, the SEC Division of Investment Management staff added two FAQs to the staff’s Marketing Compliance Frequently Asked Questions on the Division’s website. The new FAQs and staff responses are as follows:

Gross and Net Performance

Q. When an adviser displays the gross performance of one investment (e.g., a case study) or a group of investments from a private fund, must the adviser show the net performance of the single investment and the group of investments?

A. Yes. The staff believes that displaying the performance of one investment or a group of investments in a private fund is an example of extracted performance under the new marketing rule. Because the extracted performance provision was intended, in part, to address the risk that advisers would present misleadingly selective profitable performance with the benefit of hindsight, the staff believes the provision should be read to apply to a subset of investments (i.e., one or more). Accordingly, an adviser may not show gross performance of one investment or a group of investments without also showing the net performance of that single investment or group of investments, respectively. In addition, the adviser must satisfy the other tailored disclosure requirements as well as the general prohibitions, including the general prohibition against specific investment advice not presented in a fair and balanced manner, when showing extracted performance (footnotes omitted).

Time Period Requirement

Q. The marketing rule prohibits an adviser from displaying performance results in an advertisement, unless certain requirements are satisfied. For example, an advertisement, except for an advertisement that includes private fund performance information, must include performance results for prescribed time periods ending on a date that is no less recent than the most recent calendar year-end. My firm is not able to calculate its one-, five-, and ten-year performance data immediately following a calendar year-end, but anticipates having updated performance figures within one month of the calendar year-end. However, my firm has performance information that is current as of the third quarter of that calendar year (“interim performance information”). May my firm instead use the interim performance information in an advertisement?

A. The staff would not object if you are unable to calculate your one-, five-, and ten-year performance data in accordance with rule 206(4)-1(d)(2) immediately following a calendar year-end and you use performance information that is at least as current as the interim performance information in an advertisement until you can comply with the calendar year-end requirement. The staff believes that a reasonable period of time to calculate performance results based on the most recent calendar year-end generally would not exceed one month. The interim performance information remains subject to the other provisions of the marketing rule, including the general prohibitions.

ADDITIONAL ROPES & GRAY ALERTS AND PODCASTS SINCE OUR OCTOBER – NOVEMBER UPDATE

Some Things You May Not Have Known about the End of LIBOR
January 20, 2023
As the long-anticipated end date of USD LIBOR approaches, an interesting nuance relating to the LIBOR/SOFR transition has newly come into focus. The end of LIBOR began in the summer of 2017 with the FCA’s announcement of its decision to wind down the wearied reference rate, and June 30, 2023 has been cited again and again as USD LIBOR’s final day. As parties have begun to transition credits from LIBOR to SOFR, a question has arisen with respect to LIBOR-based interest periods that were elected by a borrower and set prior to June 30, 2023, but scheduled to end after that date. A careful look at many loan agreements shows that LIBOR replacement provisions often disallow election of a new LIBOR interest period after June 30, 2023, as opposed to disallowing the use of LIBOR itself after that date. The import of this distinction is that a borrower could elect a new interest period (of perhaps six months, for example), just prior to June 30, 2023, and continue to have loans on LIBOR until the expiration of that interest period, which could be much later than June 30, 2023. In that case, the conversion from LIBOR to SOFR would become effective after the latest date that a borrower could reach on the LIBOR interest period in current use as of June 30, 2023. Given the challenges of today’s loan markets, staying on LIBOR for some time beyond June 30, 2023 may be a better option for certain borrowers. Borrowers who wish to consider this option should confirm that it is supported by the provisions of their loan agreements.

US Sanctions Developments in 2022
December 19, 2022
In a piece for BloombergLaw, Ama Adams, Brendan Hanifin, Emerson Siegle, Kurt Fowler and Junsuk Lee provided insight into the scope and complexity of U.S. sanctions in 2022. The article highlighted some of the most significant regulatory and enforcement developments over the past year and offers some hard-learned compliance lessons for multinational businesses.

SEC Staff Publishes Guidance on Disclosure of Crypto-Related Risks
December 14, 2022
On December 8, 2022, the staff of the Division of Corporation Finance of the SEC published a sample comment letter highlighting issues related to crypto assets, markets and exposure that registrants should consider when preparing disclosure in connection with their periodic filings and securities offerings. The sample letter includes one general comment and 15 comments relating to Business Description, Management’s Discussion and Analysis of Financial Condition and Results of Operations and Risk Factors disclosures illustrative, but not exhaustive of the types of comments that may be made by the staff during its typical selective reviews of registrant’s filings and should be taken into consideration as registrants prepare disclosure documents that may not typically be subject to review, such as automatically effective registration statements and prospectus supplements for shelf takedowns.

  1. For example, registered investment advisers that can direct transfers or payments from individual accounts to third parties based on the individual’s instructions or who act as agents on behalf of individuals may have covered accounts.
  2. A “covered account” is (i) an account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions; and (ii) any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or litigation risks. See 17 CFR § 248.201(b)(3).
  3. The SEC’s request for comment is described in a June 2022 Ropes & Gray Alert.