Big data is now embedded into the fabric of the SEC and will likely inform the selection of examination targets for the foreseeable future, based upon comments from Mayeti Gametchu, Assistant Regional Director of the Boston Office of the U.S. Securities and Exchange Commission. Assistant Regional Director Gametchu spoke to an audience of financial services firms at the recent quarterly meeting of the New England Broker Dealer and Investment Adviser Association (NEBDIAA), who were gathered at the Federal Reserve Bank of Boston. Joining her on the panel were Kara Brown and Elizabeth Marino, both counsel with Sidley Austin’s Boston office. Below are a few select takeaways from the wide-ranging panel discussion.
BCP’s and Transition Plans
The SEC is joining other regulators who have already addressed business continuity planning and transition planning to some extent.
In June, the SEC proposed new Rule 206(4)-4 to require investment advisers to adopt written business continuity and transition plans. The proposed rule mandates specific components to address, but appears to give some flexibility in how those items are addressed at a firm. The rule stems from the sweep exam conducted following Hurricane Sandy, during which examiners observed a wide disparity in the business continuity practices of firms. The SEC understands that every firm has different processes and different vendors, and may address BCP risks differently, but recognizes that all advisers should be doing something.
There has been some industry backlash over the fact that the rule is proposed as an anti-fraud rule rather than under the Compliance Programs rule, because if the rule is adopted, advisers who have BCP deficiencies would run the risk of a fraud finding. Assistant Regional Director Gametchu stated that firms should not worry that it is a fraud rule and not get caught up in the specific statutory authority, because essentially it is a policies and procedures rule.
The transition planning component is intended to address the “other” types of disruptions to an adviser’s business, such as bankruptcy, loss of key personnel, and acquisitions that result in an assignment of advisory contracts. The SEC is looking at these issues now, even in advance of the rule being adopted. If they see key personnel who appear close to retirement or similar factors in play, they are going to ask how the firm is prepared.
No surprise here, but the ADV amendments adopted by the SEC are part of the SEC’s big data initiative designed to help effectively deploy the SEC’s limited examination resources more effectively, and to help identify firms to examine for risk-based examinations. The ADV rules are effective in October 2017.
There are more requirements to disclose details for separately managed account positions. The practice of using outsourced CCOs and the use of social media sites controlled by the adviser now have to be disclosed, and these feed into the risk rating for a firm. The fact that an adviser is using an outsourced CCO or works with an outside compliance consultant is not, in and of itself, indicative of a higher risk at the firm or a lower risk at a firm. They are all just factors that will be looked at in identifying which firms to examine because the SEC is resource-strained and is conducting risk-based exams to be more effective.
Other Focus Areas of the SEC
Areas the SEC is trying to get more information on as well as where it is inquiring at firms during exams include:
- Robo-advisers, high-speed trading, algos/quantitative models, and any system where computers are making decisions
- Supervision, particularly for recidivist employees (see the related SEC Risk Alert issued on Sept. 12)
- Dual registrants (there are a lot of issues relating to the recommendation of affiliated products, and that conflicts of interest are not adequately disclosed at firms)
- A continuation of the ReTIRE initiative which began in 2015 and is not going away any time soon, and,
- Subadvisory due diligence; specifically, are subadvisory practices adequately and accurately disclosed?