To refresh your memory, it outlines the biggest SEC changes and adjustments funds will need to make going into 2016, including:
- Cybersecurity Risk Alerts, issued throughout 2015, but the Cybersecurity Examination requires more tests, procedures and controls.
- Bipartisan Budget Act of 2015, which became law in November, modifies audit procedures with the IRS.
- Form ADV makes changes in reporting requirements, including social media (May 2015)
- Insider Trading Laws – This actually began in Dec. 2014 with a US Court of Appeals ruling but the change of standards led to dismissals of other high profile cases in 2015.
SEC Regulatory Changes & Highlights From 2015
As 2015 comes to a close, we review our current regulatory climate and highlight compliance obligations for the coming year. The U.S. Securities and Exchange Commission (“SEC”) has bolstered its examination process and clarified expectations for compliance programs. This year’s Annual Compliance Update will cover (i) notable examination topics; (ii) regulatory guidance that has clarified how to fine-tune compliance programs; (iii) discussion points on how filings and the regulatory environment in general have changed; and (iv) regulatory requirements for firms in specific circumstances. We close with a cursory overview of compliance obligations for the first quarter, as well as annual obligations to keep in mind throughout the year.
If you have any questions about this year’s Annual Compliance Update, please do not hesitate to contact your local Blue River representative.
Regulatory Examinations and Enforcement Actions
An Examiner’s Expectation for Chief Compliance Officers
On October 14, 2015, Andrew J. Donohue, Chief of Staff of the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) delivered a speech at the NRS 30th Annual Fall Investment Adviser and Broker-Dealer Compliance Conference. His speech centered on several major themes: (i) the role of a compliance professional within a firm; (ii) the role of the SEC in supporting compliance professionals; and (iii) what a CCO needs in his/her role.
[drizzle]In addressing the group, Mr. Donohue encouraged compliance professionals to be proactive by building comprehensive compliance programs that will keep pace in a constantly evolving marketplace.
Mr. Donohue outlined a list of attributes that, although not exhaustive, he believes are essential for Chief Compliance Officers to fulfill their role within their firms:
- “First-hand knowledge of the various laws and regulations that apply to [the] firm and its activities,” as well as the “interplay of the requirements of the various regulatory regimes”;
- “A deep understanding of the firm, its structure,” and internal operations and “detailed knowledge of the supervisory structure of the firm”;
- “Clear understanding of how the firm identifies” and resolves all of the conflicts of interest that might exist and “how frequently potential conflicts are reviewed”;
- A detailed understanding of who the clients/customers of the firm are and what products and services are being provided to them by the firm;
- “Deep understanding of the compliance and other technology platforms utilized by the firm”;
- “Detailed knowledge of the policies and procedures of the firm”;
- “An understanding of the various markets in which the firm operates”; and
- Sufficient resources devoted to compliance, which include empowering the CCO to foster a culture of compliance.
In addition to the above-enumerated necessities, Mr. Donohue also made it clear that the SEC does not expect CCOs to know everything. In fact, Mr. Donohue stated, “[i]t is very important that, as a CCO, I have an appreciation for what I don’t know or recognize when I am relying on the knowledge or expertise of others.”
Mr. Donohue’s speech echoes the OCIE’s expectations that CCO’s need to take their job seriously by spending time becoming familiar—as well as maintaining familiarity—with their firms’ compliance programs.
To see the full speech, click here.
Cybersecurity Remains a Focus for the SEC in 2015 and beyond
During 2015, the SEC issued several risk alerts and announcements signaling that cybersecurity is a compliance concern that examiners will continue to emphasize moving into 2016.
For instance, in January, given the continued importance of cybersecurity and the positive response from broker-dealers and advisers on the OCIE’s efforts, the OCIE announced a focus on cybersecurity compliance and controls as part of its 2015 Examination Priorities. Then, in February, the OCIE issued a Risk Alert summarizing sweep exams conducted to analyze cybersecurity threats faced by investment advisers and broker-dealers. Subsequently, in late April, the SEC Division of Investment Management released a Guidance Update outlining cybersecurity concerns and advice for registered investment companies and registered investment advisers.
Most recently, in September, the SEC issued another Risk Alert describing the OCIE’s Cybersecurity Examination Initiative, which provides additional information on areas of focus for the OCIE’s second round of cybersecurity examinations, which will involve specific testing to evaluate the effectiveness of a firm’s procedures and controls. The Risk Alert provides a sample list of information that the OCIE may review in conducting examinations of registered entities regarding cybersecurity matters.
These announcements provide guidance on what your firm’s cybersecurity program should look like as we enter 2016.
To read the SEC’s 2015 Examination Priorities, click here.
To read the SEC’s February Cybersecurity Examination Sweep Summary, click here.
To read the SEC’s April Cybersecurity Guidance Update, click here.
To read the SEC’s September Risk Alert describing the Cybersecurity Examination Initiative, click here.
The SEC Focuses on Adviser’s Allocation of Fees and Expenses
The SEC stated in its annual Examination Priorities letter that it was focusing on improper fee and expense practices by private equity firms. This warning quickly manifested, and numerous firms found themselves paying sanctions and undergoing disgorgement of profits. In November 2015, the SEC found that Cherokee Investment Partners, LLC and Cherokee Advisers, LLC (collectively, “Cherokee”) breached its fiduciary duty to its private equity funds (“Funds”) in violation of the Investment Advisers Act of 1940 (“Advisers Act“) and violated other requirements under the Adviser’s Act.
Between July 2011 and March 2015, Cherokee had incurred compliance consulting fees, compliance related costs and legal expenses for: (i) investment adviser registration, (ii) legal obligations arising from registration, (iii) SEC examination preparation, and (iv) addressing an investigation triggered by the myriad of compliance issues discovered during an examination.
Cherokee allocated $455,698 of these compliance costs to the Funds. The Funds’ limited partnership agreements disclosed that the Funds would be charged for expenses that in the good faith judgment of the General Partner arose out of the Funds’ operation and activities, including the legal and consulting expenses of the Funds. Nonetheless, the SEC found that Cherokee breached its fiduciary duties because Cherokee never disclosed that the Funds would also be charged for Cherokee’s legal and consulting expenses, separate and apart from the legal and consulting expenses attributable to the Funds.
Further, in connection with this breach, the SEC found that Cherokee, in direct violation of the Advisers Act: (i) failed to adopt written policies or procedures reasonably designed to prevent violations of the Advisers Act arising from the allocation of expenses to the Funds, and (ii) failed to annually review the adequacy of its policies and procedures to prevent violations of the Advisers Act, the rules thereunder, and the effectiveness of their implementation.
Cherokee was not the only firm subject to penalties due to past fee and expense practices. Kohlberg Kravis Roberts & Co. L.P. (“KKR”) paid approximately $30 million for allegedly failing to properly allocate broken deal expenses among its private funds and co-investors. Blackstone Management Partners LLC, Blackstone Management Partners III LLC, and Blackstone Management Partners IV LLC (collectively, “Blackstone”)