Compliance Corner

During 2015, the Securities and Exchange Commission (“SEC”) has been active both in pur-suing enforcement actions and releasing guidance updates on its various rules and initiatives. The following summary highlights recent updates regarding:

• SEC Focus on Conflicts of Interest;
• Liability for Chief Compliance Officers;
• OCIE’s 2015 Cybersecurity Initiative;
• Enforcement Results for SEC FY 2015;
• Newly Released Private Funds Statistics; and
• Personal Securities Transaction Reports Guidance Update.

SEC Focus on Conflicts of Interest

In a February 2015 address to the IA Watch 17th Annual Compliance Conference, [1] Julie Riewe, Co-Chief of the Asset Management Unit of the Division of Enforcement (the “AMU”), stated that, in nearly every ongoing matter, the AMU seeks to examine, at least in part, whether adviser has discharged its fiduciary obli-gation to identify conflicts of interest and has either (i) eliminated them or (ii) mitigated them and disclosed their existence to boards or investors. The SEC has brought a number of actions under Section 206(4)-7 of the Investment Advisers Act of 1940, as amended (the “Investment Advisers Act”), which requires investment advisers to adopt and implement written policies and procedures and to review them on an annual basis. [2] A number of recent enforcement actions brought by the SEC demonstrate this focus:

• The SEC found that two affiliated private equity fund advisers (the “Affiliates”) improperly allocated to managed funds certain consulting, legal and compliance-related expenses incurred in registering an investment adviser under the Investment Advisers Act, complying with legal obligations arising from registration (including preparing for examination by the SEC) and responding to an investigation of Affiliates’ conduct by SEC staff. Although the funds’ operating agreements disclosed that the funds would be charged for expenses that in the good faith judgment of the general partner arose out of the operation and activities of the funds, including the legal and consulting expenses of the funds, there was no disclosure that the funds would be charged for the Affiliates’ legal and compliance expenses. Furthermore, the SEC found that the Affiliates failed to adopt and adequately review written policies or procedures reasonably designed to prevent violations of the Investment Advisers Act. [3]
• A private equity firm and four of its executives (the “Principals”) agreed to settle SEC charges that they failed to disclose conflicts of interest to a fund client and investors when fund and portfolio company assets were used to make payments to former firm employees and an affiliated entity. The SEC found that the firm and its Principals: (i) failed to inform their fund client that they rerouted portfolio company fees to an affiliate for consulting services without providing the benefits of those fees to the fund client in the form of management fee offsets; (ii) required investors to fund $4 million in respect of a portfolio company investment without disclosing that $1 million of the amount would be used to pay an affiliate for consulting services; and (iii) caused one of the Principals and two former employees to receive $15 million in incentive compensation from the sale of a portfolio company for consulting services provided at a time when they were employees of the firm, and failed to disclose the payments as related party transactions. The firm and its Principals agreed to pay over $10 million to settle the charges. [4]
• The SEC found that three private equity advisers (the “Advisers”) within a large private equity firm failed to adequately disclose the acceleration of monitoring fees paid by fund-owned portfolio companies prior to the companies’ sale or initial public offering. The SEC found that payments to Advisers essentially reduced the value of the portfolio companies prior to sale, to the detriment of the funds and their investors. The SEC investigation also found that fund investors were not informed of a separate fee arrangement with its outside law firm that provided Advisers with a greater discount on services than the discount provided by the law firm to the funds. Furthermore, Advisers failed to adopt and implement written policies and procedures reasonably designed to prevent violations of the Investment Advisers Act. Advisers consented to the entry of the SEC’s order finding that it breached its fiduciary duty to the funds and agreed to pay nearly $39 million to settle charges, $29 million of which will be distributed to affected fund investors. [5]
• In its first case to charge a private equity adviser with the misallocation of broken deal expenses, the SEC charged a private equity firm (the “Firm”) with misallocating more than $17 million in “broken deal” expenses to its private equity funds in breach of its fiduciary duty and failing to implement a written compliance policy governing its fund expense allocation practices. An SEC investigation found that during a six-year period ending in 2011, the Firm incurred $338 million in broken deal or diligence expenses related to unsuccessful buyout opportunities and similar expenses. Although the Firm’s co-investors, including Firm executives, participated in the Firm’s private equity transactions, the Firm did not allocate any portion of these broken deal expenses to the co-investors during this period. The Firm also did not expressly disclose in its offering materials that it did not allocate broken deal expenses to the co-investors or adopt compliance policies governing its fund expense allocation practices. As part of its settlement, the Firm agreed to pay nearly $30 million, including a $10 million penalty. [6]
• The SEC charged an investment manager (the “Manager”) with breaching its fiduciary duty by failing to disclose a conflict of interest created by the outside business activities of a managing director of the Manager (the “Managing Director”). According to the SEC’s order, the Managing Director was managing energy-focused funds and separately managed accounts for the Manager when he founded and personally invested in a family-owned and operated oil and natural gas production company (the “Company”). The Company later formed a joint venture with a publicly-traded coal company that eventually became the largest holding in the Manager’s $1.7 billion energy and resources portfolio, the largest fund managed by the Managing Director. The SEC’s order found that although the Manager knew and approved of the Managing Director’s investment and involvement with the Company as well as the joint venture, it failed to disclose this conflict of interest to either the boards of the Manager’s registered funds or to its advisory clients. The SEC’s order also found that (i) the Manager and its then-CCO caused the funds’ failure to report the Managing Director’s violation of the Manager’s investment policy to their boards of directors in violation of the rule governing compliance practices and procedures under the Investment Company Act of 1940, as amended, [7] and (ii) the Manager failed to adopt and implement policies and procedures for the outside activities of its employees. The Manager agreed to settle the charges and pay a $12 million penalty as well as engage an independent compliance consultant to conduct an internal review. [8]

In light of these recent enforcement actions, it is important for firms to have an evolving compliance program. Investment advisers should reflect on how their businesses have changed and address new regulations, personnel and technologies. The SEC has demonstrated that it expects senior management to play a critical role in establishing and maintaining a strong ethical compliance culture by making compliance a priority for firms.  Recently, the SEC has been focused on allocations of fees of expenses and clear disclosure of fees. Examiners repeatedly request and analyze marketing materials and fund documents, including private placement memoranda, and evaluate whether the allocation of fees and expenses between the fund and its manager and/or general partner has been clearly and accurately disclosed. Examiners will also assess whether the calculation of fees is appropriate and scrutinize portfolio company and third party fees as well.

Liability for Chief Compliance Officers

Following several enforcement actions by the SEC against compliance personnel in the investment adviser space, there has been concern in the compliance community regarding the liability of chief compliance officers (“CCOs”). Over the past few months, SEC personnel have shared their perspectives. In November 2015, Andrew Ceresney, the Director of the Division of Enforcement, acknowledged the concern among the compliance community and sought to clarify certain considerations by the SEC before recommending actions against CCOs. [9] Ceresney noted that the “overwhelming majority” of the cases involve facts that demonstrate CCO’s conduct “crossed a clear line,” and that circumstances under which the SEC brings actions against CCOs generally fall into three categories: (i) CCOs affirmatively involved in misconduct that is unrelated to their compliance function, (ii) CCOs engaged in efforts to obstruct or mislead the SEC staff and (iii) CCOs who exhibited a wholesale failure to carry out their responsibilities. In an October 2015 address, SEC Chief of Staff Andrew “Buddy” Donohue challenged compliance professionals to be more proactive in their roles and stated that an elevated role would not expose compliance professionals to increased personal liability. [10] Aiming to reassure CCOs, Commissioner Mary Jo White also stated that the SEC does not “bring cases based on second guessing compliance officers’ good faith judgments, but rather when their actions or inactions cross a clear line that deserve sanction.” [11] Commissioner Luis Aguilar also denied that the SEC is taking too harsh of an enforcement stance against CCOs, and voiced concern that dialogue on CCO liability had created an “unwarranted fear in the CCO community.” Aguilar claimed that the enforcement actions should not raise undue concerns because the CCOs in these cases demonstrated egregious misconduct, including failure to implement policies and procedures to prevent an employee from misappropriating client accounts and failure to report a conflict of interest. [12]

Other SEC officials have expressed a different view. In June 2015, SEC Commissioner Daniel Gallagher voted against two settled SEC enforcement actions involving alleged violations of Rule 206(4)-7 [13] under the Investment Advisers Act by CCOs. Gallagher stated that these recent actions are part of a trend toward strict liability for CCOs under the rule and proposed that that the SEC re-examine the rule and consider whether amendments, or at a minimum staff or SEC guidance, are needed to clarify the roles and responsibilities of compliance personnel so that CCOs are not improperly held accountable for others’ misconduct. [14]

In light of the recent focus on compliance by the SEC, we encourage CCOs and counsel representing CCOs to engage in the following: [15]

• Work with senior management to emphasize the importance of the “tone at the top” and compliance culture of a firm;
• Stay abreast of the various laws and regulations that apply to the firm and its activities as well as any particular conditions or requirements of exemptive orders or other compliance requirements;
• Maintain a working knowledge of the firm, its structure and internal operations;
• Develop a clear understanding of how the firm identifies all of the conflicts of interest that might exist, how frequently potential conflicts are reviewed and, when conflicts are identified, how they are resolved and by whom;
• Stay informed on Guidance Updates and Risk Alerts published by the SEC to understand the Commission’s thinking on discrete issues regarding investment advisers and investment companies; and
• Review OCIE’s annual examination priorities to stay informed on the areas on which examiners intend to focus.

OCIE’s 2015 Cybersecurity Initiative

Following up on last year’s Cybersecurity Roundtable and cybersecurity sweep examinations, the SEC’s Office ofCompliance Inspections and Examinations (“OCIE”) released a new Risk Alert [16] on September 15, 2015 announcing a second series of cybersecurity examinations, which will involve more testing to assess implementation of firm procedures and controls. The Risk Alert highlighted six primary areas on which OCIE intends to focus:

• Governance and Risk Assessment. Examiners may assess (i) whether firms have appropriate cybersecurity and risk assessment processes tailored to their business in place; (ii) whether firms are periodically evaluating cybersecurity risks; and (iii) the level of communication to, and involvement of, senior management and boards of directors.
• Access Right and Controls. Examiners may review how firms control access to various methods, including a review of controls associated with remote access, customer logins, passwords, firm protocols to address customer login problems, network segmentation and tiered access.
• Data Loss Prevention.  Examiners may assess (i) how firms monitor the volume of content transferred outside the firm by its employees or through third parties, such as by email attachments or uploads; (ii) how firms monitor for potentially unauthorized data transfers; and (iii) how firms verify the authenticity of a customer request to transfer funds.
• Vendor Management. Examiners may focus on firm practices and controls related to vendor management, such as appropriate due diligence with regards to vendor selection, monitoring and oversight of vendors and vendor contract terms.
• Training. Examiners may focus on how training is tailored to specific job functions and how encouraging responsible employee and vendor behavior and procedures for responding to cyber incidents are integrated into regular personnel and vendor training.
• Incident Response. Examiners may assess whether firms have established policies, assigned roles, assessed system vulnerabilities and developed plans to address possible future events, including procedures for determining which firm data, assets and services warrant the most protection to help prevent attacks from causing significant harm.

The Risk Alert also includes a sample request for information and documents as an Appendix.

Enforcement Results for SEC FY 2015

The SEC recently announced that in FY September 2015, the SEC filed 807 enforcement actions covering a wide range of misconduct and obtained orders totaling approximately $4.2 billion in disgorgement and penalties. Of the 807 enforcement actions filed in fiscal year 2015, a record 507 were independent actions for violations of federal securities laws and 300 were either actions against issuers who were delinquent in making required filings with the SEC or administrative proceed-ings seeking bars against individuals based on criminal convictions, civil injunctions or other orders.

The SEC’s enforcement actions included the following topics: [17]

• Combating Financial Fraud and Enhancing Issuer Disclosure. The SEC filed a number of actions involving significant financial fraud and issuer disclosure matters, including actions against companies and executives.
• Holding Gatekeepers Accountable. The SEC held attorneys, accountants and other gatekeepers accountable for failing to comply with professional standards and sanctioned firms for such matters as issuing false and misleading unqualified audit opinions, violating independence rules, aiding perpetrators of microcap fraud and failing in broker-dealer gatekeeping functions.
• Ensuring Exchanges, Traders and Other Market Participants Operate Fairly. The SEC sanctioned firms for such matters as violating the market access rule (which requires firms to have adequate risk controls in place before providing customers with access to the market), operating a secret trading desk and misusing con-fidential trading information of dark pool subscribers, violating disclosure and other securities laws relating to the operation and marketing of a dark pool, high frequency trading manipu-lation and using inaccurate data in ex-ecuting short sale orders.
• Rooting Out Insider and Abusive Trading Schemes through Innovative Uses of Data and Analytics. The SEC used data and analytical tools to charge parties with such matters as trading on the basis of inside information and profiting from hacked nonpublic information about corporate earnings announcements.
• Uncovering Misconduct by Investment Advisers and Investment Companies. The SEC filed actions charging advisers with such matters as misallocating “broken deal” expenses, failing to disclose conflicts of interest, improperly using fund assets to pay for distribution-related services, defrauding investors through false performance advertising and overvaluing assets in collateralized loan obligations.
• Fighting Market Manipulation and Microcap Fraud. The SEC used trade suspensions to neutralize threats to investors and brought microcap and market manipulation actions against firms and individuals.
• Standing Up for Whistleblowers. The program awarded eight whistleblowers with total awards of approximately $38 million in FY 2015. The SEC also brought a first-ever action for violating Exchange Act Rule 21F-17, which prohibits the use of confidentiality agreements to impede a whistleblower from communicating with the SEC.

SEC Staff Publishes Private Funds Statistics Report

The SEC’s Division of Investment Management’s Risk and Examinations Office recently published a report that provides private fund industry statistics and trends, reflecting aggregated data reported by private fund advisers on Form ADV and Form PF from the first calendar quarter of 2013 through the fourth calen-dar quarter of 2014. [18] Most of the data is being made public for the first time.

The report includes statistics about the distribution of borrowings, an analysis of hedge fund gross notional exposure to net asset value and a comparison of average hedge fund investor and hedge fund portfolio liquidity. Some statistics as of December 2014 include:

• Aggregate Private Fund NAV: $6.7 trillion
• Hedge Fund NAV: $3.4 trillion
• Private Equity Fund NAV: $1.7 trillion

The SEC intends to update the private funds statistics report periodically.

Personal Securities Transactions Reports Guidance Update

In June 2015, the SEC Investment Management Division issued a Guidance Update on personal securities transactions reports by registered investment advisers, [19] focusing on Codes of Ethics for registered investment advisers and their employees, which are required by Rule 204A-1. [20] As investment advisers conduct their annual reviews pursuant to Rule 206(4)-7, they should consider the guidelines in the Guidance Update. The Guidance Update pertains to Rule 204A-1 exceptions [21] for directors, officers and partners, and supervised persons (collectively, “access persons”) where an access person’s securities are held in accounts over which he or she has no direct or indirect influence or control (e.g., due to the establishment of a blind trust [22]) and notes the following:

• The fact that an access person provides a trustee with management authority over a trust for which he or she is grantor or beneficiary, or provides a third-party manager discretionary investment over his or her personal account, by itself, is insufficient for an adviser to reasonably believe that the access person qualifies for the reporting exception.
• The fact that a trustee or third-party manager summarizes, describes or explains account activity to an access person, without receiving directions or suggestions from the access person, would not implicate influence or control by the access person over that account.

Advisers may be able to implement additional policies and procedures to determine whether the access person actually had direct or indirect influence or control over the trust or account, rather than whether the third-party manager had discretionary or non-discretionary investment authority. Advisers may consider, for example:

• Obtaining information about a trustee or third-party manager’s relationship to the access person (e.g., an independent professional versus a friend or relative; an unaffiliated versus an affiliated firm).
• Obtaining periodic certifications by access persons and their trustees or discretionary third-party managers regarding the access persons’ influence or control over trusts and accounts.
• On a sample basis, requesting reports on holdings and/or transactions made in the trust or discretionary account to identify transactions that would have been prohibited pursuant to the adviser’s code of ethics, absent a reliance on the reporting exception.

[1] Transcript of Julie M. Riewe, Conflicts, Conflicts Everywhere – Remarks to the IA Watch 17th Annual IA Compliance Conference: The Full 360 View (Feb. 26, 2015).

[2] The SEC has also charged investment advisers under the anti-fraud provisions in the Investment Advisers Act of 1940 and the Investment Company Act of 1940.

[3] See In the Matter of Cherokee Investment Partners, LLC and Cherokee Advisers, LLC, Investment Advisers Act of 1940, Release No. 4258 (Nov. 5, 2015).

[4] See In the Matter of Fenway Partners, LLC, Peter Lamm, William Gregory Smart, Timothy Mayhew, Jr., and Walter Wiacek, CPA, Investment Advisers Act of 1940, Release No. 4253 (Nov. 3, 2015).

[5] See In the Matter of Blackstone Management Partners L.L.C., Blackstone Management Partners III, L.L.C., and Blackstone Management Partners IV L.L.C., Investment Advisers Act of 1940, Release No. 4219 (Oct. 7, 2015).

[6] See In the Matter of Kohlberg Kravis Roberts & Co., L.P., Investment Advisers Act of 1940, Release No. 4131 (June 29, 2015).

[7] 7 17 CFR 270.38a-1 (2004), Compliance procedures and practices.

[8] See In the Matter of BlackRock Advisors, LLC and Bartholomew A. Battista, Investment Advisers Act of 1940, Release No. 4065 (April 20, 2015).

[9] Transcript of Andrew Ceresney, 2015 National Society of Compliance Professionals, National Conference: Keynote Address (Nov. 4, 2015).

[10] Transcript of Andrew J. Donohue, Remarks at NRS 30th Annual Fall Investment Adviser and Broker-Dealer Compliance Conference (Oct. 14, 2015).

[11] Transcript of Mary Jo White, Opening Remarks at the Compliance Outreach Program for Broker-Dealers (July 15, 2015).

[12] Transcript of Luis A. Aguilar, The Role of Chief Compliance Officers Must be Supported (June 29, 2015).

[13] 17 CFR 275.206(4)-7 (2004), Compliance procedures and practices.

[14] Transcript of Daniel M. Gallagher, Statement on Recent SEC Settlements Charging Chief Compliance Officers With Violations of Investment Advisers Act Rule 206(4)-7 (June 18, 2015).

[15] For information on investment advisers who outsource compliance activities, please refer to OCIE, NEP Risk Alert, Examinations of Advisers and Funds That Outsource Their Chief Compliance Officers (Nov. 9, 2015).

[16] See OCIE, NEP Risk Alert, OCIE’s 2015 Cybersecurity Initiative (Sept. 15, 2015).

[17] For additional detail, please see SEC Announces Enforcement Results for FY 2015 (October 22, 2015).

[18] See Securities and Exchange Commission, Division of Investment Management, Risk and Examinations Office, Private Funds Statistics (October 16, 2015).

[19] See IM Guidance Update, SEC, June 2015.

[20] 174 CFR 275.204A-1.

[21] See Id. Rule 204A-1 requires that an adviser’s Code of Ethics must include requirements that certain advisory personnel report personal securities trading to provide a mechanism for the adviser and examiners to identify improper trades or patterns of trading.

[22] A blind trust is a legal arrangement in which a trustee manages funds for the benefit of someone (e.g., an access person) who has no knowledge of the specific management actions taken by the trustee and no right to intervene in the trustee’s management.