As the new year got underway, U.S. regulators gave the industry a glimpse into their plans for 2016. The Securities and Exchange Commission (“SEC”) released its 2016 investment adviser examination priorities and rule-making priorities, while the Financial Industry Regulatory Authority (“FINRA”) issued its own examination priorities for the year ahead.
Private fund advisers and securities firms should take note of the areas the SEC and FINRA will focus on in their inspections and rule-making efforts so that they can review and/or update their policies and procedures in these areas to address the SEC’s and FINRA’s concerns in this regard.
Many of the areas that face ongoing or additional scrutiny are directly linked to the alternative investment sector. As a result, private fund advisers and securities firms should be aware of which areas will be subject to regulators’ scrutiny so that they may review and/or update their policies and procedures in these areas to address the SEC’s and FINRA’s concerns in this regard.
In its 2016 examination priorities, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) outlined two primary areas of interest that would impact private fund advisers:
• Assessing marketwide risks; and
• Using data analytics to identify potential illegal activity.
As part of the SEC’s mandate to provide fair, orderly and efficient markets, OCIE’s inspections will seek to identify “structural risks and trends that may involve multiple firms or entire industries.” It further specified that its marketwide risks examinations will include the areas of cybersecurity and liquidity controls, among others.
Cybersecurity became one of the SEC’s key compliance issues in 2015, and the regulator has provided notice that its focus on cybersecurity will continue in 2016. OCIE indicated that it will advance an examination of broker-dealers’ and investment advisers’ cybersecurity compliance and controls, previously launched in September 2015, to gather information, assess risks and test implementation at select firms. OCIE is now ready to begin more widespread testing and assessments of firms’ implementation of cybersecurity procedures and controls.
The regulator’s emphasis on liquidity control comes amid recent turmoil in fixed-income markets and a rising interest rate environment. The examinations will focus on investment advisers to, among others, private funds with analysis of their exposure to illiquid securities. Accordingly, registered investment advisers should review their contractual obligations to their investors with respect to liquidity and ensure they are providing adequate disclosure to their investors regarding the risk or liquidity in a portfolio.
With respect to the use of data analytics, OCIE stated that data and intelligence from regulatory filings and examinations alike will be used across all of its examination priorities in order to assist in the identification of higher risk restraints. This will include setting their sights on registrants that employ individuals that OCIE has identified, through their data analytics, as having a track record of misconduct. In addition, OCIE intends to utilize its data-driven analysis to identify firms engaged in excessive or otherwise potentially inappropriate trading, as well as the suitability of promotional practices for new, complex and high-risk products.
Among its “Other Initiatives” for 2016, OCIE noted that it will review private placements to determine whether legal requirements are fulfilled regarding matters related to due diligence, disclosure and suitability under Regulation D of the Securities Act of 1933.
Finally, select never-before-examined registered investment advisers will continue to be the subject of focused, risk-based examinations, while the SEC will continue its focus on private fund advisers’ fees and expense practices, along with the controls and disclosure associated with side-by-side management of performance-based and purely asset-based fee accounts.
The SEC’s rule-making initiatives for 2016 also represent a continuation of its efforts from the previous year. David Grim, director of the SEC’s Division of Investment Management, announced that the SEC is developing recommendations on several issues relevant to registered investment advisers, including requiring transition planning to prepare for a major disruption in their business, stress testing by large investment advisers and a proposal to obligate registered investment advisers to establish a program of third-party compliance reviews.
FINRA’s 2016 regulatory and examination priorities share many of OCIE’s examination areas, such as a focus on cybersecurity and liquidity. However, the 2016 priorities of the self-regulatory group demonstrate a greater focus on culture, conflicts of interest and ethics at securities firms. FINRA stated that, as part of the examination process, it will seek to understand how culture affects firms’ compliance and risk management practices. As such, its assessments will focus on the frameworks used to develop, communicate and evaluate conformance with a firm’s culture.
In 2016, FINRA will focus its supervision, risk-management and controls efforts on four areas related to firms’ business conduct and the integrity of the markets. Two of the areas that are of particular interest are those governing the management of conflicts of interest and cybersecurity.
With respect to conflicts of interest, FINRA will continue to focus on firms’ efforts to “identify, minimize and mitigate information leakage within or outside a firm,” and it stated that firms will be expected to manage such potential activities with targeted controls. In addition, FINRA stated that conflicts may also arise when proprietary traders are permitted to provide valuations for proprietary positions they establish. “This valuation can implicate both a firm’s risk management processes, as well as the trader’s performance assessment and compensation,” FINRA stated. As a result, another area of focus will be assessing firms’ supervision, control and validation of traders’ pricing of illiquid, level 3 assets to ensure that positions are fairly valued.
Finally, FINRA will continue to focus on firms’ cybersecurity preparedness, given the ongoing threat environment and the continued need for firms to improve their defenses. FINRA will review firms’ approaches to cybersecurity risk management, including governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training. Although the areas discussed above will continue be part of the regulatory list of hot-button items for the coming year, regulators will also continue to take a risk-based approach to examinations, and adapt as information and market developments warrant. Accordingly, private fund advisers should stay alert to additional statements from these regulatory bodies as the year progresses.
For more information, please contact: Kevin P. Scanlan | kscanlan[at]kramerlevin.com | 212.715.9374 |
Compliments of Kramer Levin Naftalis & Frankel LLP – a member of the EACCNY