BCP, ADV and other SEC Targets Discussed at NEBDIAA

Big data is now embedded into the fabric of the SEC and will likely inform the selection of examination targets for the foreseeable future, based upon comments from Mayeti Gametchu, Assistant Regional Director of the Boston Office of the U.S. Securities and Exchange Commission. Assistant Regional Director Gametchu spoke to an audience of financial services firms at the recent quarterly meeting of the New England Broker Dealer and Investment Adviser Association (NEBDIAA), who were gathered at the Federal Reserve Bank of Boston. Joining her on the panel were Kara Brown and Elizabeth Marino, both counsel with Sidley Austin’s Boston office. Below are a few select takeaways from the wide-ranging panel discussion.

BCP’s and Transition Plans

The SEC is joining other regulators who have already addressed business continuity planning and transition planning to some extent.

In June, the SEC proposed new Rule 206(4)-4 to require investment advisers to adopt written business continuity and transition plans. The proposed rule mandates specific components to address, but appears to give some flexibility in how those items are addressed at a firm. The rule stems from the sweep exam conducted following Hurricane Sandy, during which examiners observed a wide disparity in the business continuity practices of firms. The SEC understands that every firm has different processes and different vendors, and may address BCP risks differently, but recognizes that all advisers should be doing something.

There has been some industry backlash over the fact that the rule is proposed as an anti-fraud rule rather than under the Compliance Programs rule, because if the rule is adopted, advisers who have BCP deficiencies would run the risk of a fraud finding. Assistant Regional Director Gametchu stated that firms should not worry that it is a fraud rule and not get caught up in the specific statutory authority, because essentially it is a policies and procedures rule.

The transition planning component is intended to address the “other” types of disruptions to an adviser’s business, such as bankruptcy, loss of key personnel, and acquisitions that result in an assignment of advisory contracts. The SEC is looking at these issues now, even in advance of the rule being adopted. If they see key personnel who appear close to retirement or similar factors in play, they are going to ask how the firm is prepared.

ADV Amendments

No surprise here, but the ADV amendments adopted by the SEC are part of the SEC’s big data initiative designed to help effectively deploy the SEC’s limited examination resources more effectively, and to help identify firms to examine for risk-based examinations. The ADV rules are effective in October 2017.

There are more requirements to disclose details for separately managed account positions. The practice of using outsourced CCOs and the use of social media sites controlled by the adviser now have to be disclosed, and these feed into the risk rating for a firm. The fact that an adviser is using an outsourced CCO or works with an outside compliance consultant is not, in and of itself, indicative of a higher risk at the firm or a lower risk at a firm. They are all just factors that will be looked at in identifying which firms to examine because the SEC is resource-strained and is conducting risk-based exams to be more effective.

Other Focus Areas of the SEC

Areas the SEC is trying to get more information on as well as where it is inquiring at firms during exams include:

  1. Robo-advisers, high-speed trading, algos/quantitative models, and any system where computers are making decisions
  2. Supervision, particularly for recidivist employees (see the related SEC Risk Alert issued on Sept. 12)
  3. Dual registrants (there are a lot of issues relating to the recommendation of affiliated products, and that conflicts of interest are not adequately disclosed at firms)
  4. A continuation of the ReTIRE initiative which began in 2015 and is not going away any time soon, and,
  5. Subadvisory due diligence; specifically, are subadvisory practices adequately and accurately disclosed?

Latest Content

Ascendant’s Jason Morton to Speak on RegTech at Strata Data Conference

Alongside technology experts from American Express, Credit Suisse and CIBC, Ascendant’s Jason Morton will speak on developments in regulatory technology at the ‘Fintech Data Day’ at the annual Strata Data Conference on September 26, 2017 in New York. The Strata Data Conference is an annual conference for technology and business professionals who are seeking innovative … Continued

Hurricane Season: How Does your BCM Program Stack Up?

As Hurricane Harvey touches down on U.S. soil and we hope for the safety of the millions in its path, we encourage all firms, even those outside Harvey’s path of flooding and damaging winds, to consider their BCM readiness for such an event. Business Continuity Plans are designed to ensure firms have conducted sufficient advance preparation so … Continued

Surprise, Surprise: SEC Conducting Unannounced Exams

The Boston Regional Office of the SEC has recently conducted roughly 20 unannounced visits to registered investment advisers in the region. This fact, confirmed during the recent meeting of the New England Broker-Dealer and Investment Adviser Association (NEBDIAA), is in keeping with the SEC’s renewed focus on a more robust examination program. While onsite, the … Continued

One Phish, Two Phish, Red Phish, Blue Phish: How to Detect and Mitigate Social Engineering and Ransomware Techniques

Ransomware attacks like WannaCry and NotPetya are increasing in both frequency and damage, routinely making headline news with their abilities to bring down networks of established companies. Yet these cyberattacks typically start by compromising the weakest point in your security chain – people – through simple or complex phishing techniques before spreading to other parts … Continued

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.