Investment Management Regulatory Update - April 2023
In this issue, we discuss Risk Alerts issued by the SEC Examinations Division regarding examinations of newly-registered advisers and the safeguarding of customer information at branch offices, and recent litigation regarding non-compete provisions in partnership agreements under Delaware law.
SEC Examinations Division issues risk alert on examinations of newly registered advisers
On March 27, 2023, the SEC’s Examinations Division issued a Risk Alert to highlight typical areas it focuses on during examinations of newly-registered advisers. The Risk Alert noted that newly-registered advisers face unique compliance risks and issues, and that examinations of newly-registered advisers have been a priority of the Division since 2013. According to the Risk Alert, the Examinations Division assesses an adviser’s risks by reviewing, among other things, the adviser’s conflicts of interests, and how the adviser mitigates and manages risks through its compliance programs. The Risk Alert highlighted that examinations of newly-registered advisers often focus on whether the advisers have: (i) identified and addressed conflicts of interest, (ii) provided clients with full and fair disclosure such that clients can provide informed consent and (iii) adopted effective compliance programs.
Examinations Division staff highlighted that examinations typically involve document requests and interviews with advisory personnel to address the adviser’s: (i) business and investment activities, (ii) organizational affiliations, (iii) compliance policies and procedures, and (iv) disclosures to clients. Examinations Division staff review such information to assess whether the adviser’s disclosures to clients and in SEC filings are consistent with the adviser’s actual practices. The Risk Alert stated that Examination Division staff typically request and review:
- General information to provide the staff with an understanding of the adviser’s business and operations, e.g.: organizational charts; documentation to support eligibility for SEC registration; information about ownership and control of the adviser and its affiliates; information about current and former advisory personnel, such as reasons for departure, if available; roles, responsibilities and physical location of current personnel; financial information, including balance sheet, trial balance and income statement; and information about threatened, pending or settled litigation or arbitration.
- Demographic and other information regarding client accounts, e.g.: advisory services provided; client account types; advisory authority to trade in the account (e.g., discretionary); advisory personnel servicing and overseeing the account; assets under management; third-party service providers (e.g., custodians, administrators, auditors); investment strategies; and relevant documentation.
- Information on adviser’s compliance program, risk management practices and framework, and internal controls, e.g.: written compliance policies and procedures, code of ethics.
- Information to facilitate testing for regulatory compliance in certain areas, including portfolio management and trading activities, e.g.: records of client securities holdings and transactions.
- Adviser’s communications to inform or solicit new and existing clients, e.g.: disclosure documents and advertising, such as pamphlets, social media, mass mailings, websites, blogs.
Observations by Examinations Division staff
In recent examinations of newly-registered advisers, Examinations Division staff identified issues in the following areas:
- Compliance policies and procedures. Examinations Division staff observed policies and procedures that: “(1) did not adequately address certain risk areas applicable to the firm, such as portfolio management and fee billing; (2) omitted procedures to enforce stated policies, such as stating the advisers’ policy is to seek best execution, but not having any procedures to evaluate periodically and systematically the execution quality of the broker-dealers executing their clients’ transactions; and/or (3) were not followed by advisory personnel, typically because the personnel were not aware of the policies or procedures or the policies or procedures were not consistent with their businesses or operations.”
In addition, Examinations Division staff observed that some firms’ annual compliance reviews did not address the adequacy of the firm’s policies and procedures, or the effectiveness of their implementation. For example, the staff observed that some advisers:
- Used off-the-shelf compliance manuals that were not tailored for the adviser’s business;
- May not have dedicated sufficient resources to comply with regulatory requirements and the adviser’s own policies and procedures (e.g., assigned additional unrelated responsibilities to the adviser’s chief compliance officer);
- Had undisclosed conflicts of interest that were not mitigated;
- Outsourced certain business and compliance functions without reviewing how such outsourced functions were being performed and whether they were consistent with the adviser’s compliance policies and procedures;
- Did not provide for adequate business continuity planning, including succession plans.
- Disclosure documents and filings. Examinations Division staff observed that some advisers’ disclosure documents were not filed in a timely manner and/or contained omissions or inaccuracies relating to: (i) fees and compensation, (ii) business or operations (e.g., affiliates, other relationships, number of clients, assets under management), (iii) services offered to clients (e.g., descriptions of the advisers’ investment strategies, including use of models, aggregate trading, account reviews), (iv) disciplinary information, (v) websites and social media accounts and (vi) conflicts of interest.
- Marketing. Examinations Division staff observed that some advisers were not able to substantiate certain factual claims made in marketing materials, and that certain marketing materials appeared to contain false or misleading information, e.g., inaccurate descriptions of professional experience or credentials of advisory personnel, third-party rankings, and performance.
The Risk Alert highlighted that the Examinations Division would continue to focus on examinations of newly-registered advisers, and encouraged advisers to review their compliance policies and procedures, disclosures and marketing practices for the issues discussed above.
SEC Examinations Division issues risk alert on safeguarding customer records and information at branch offices
On April 26, 2023, the SEC’s Examinations Division issued a Risk Alert to highlight the importance of establishing written policies and procedures to address the safeguarding of customer records and information that are accessible at branch offices. The Risk Alert noted that some broker-dealers and investment advisers may be exposed to cybersecurity and data breach risks because they have not implemented written policies and procedures to address safeguarding at their branch offices. Examinations Division staff highlighted common issues raised while assessing firms’ compliance with Regulation S-P, which requires firms to adopt written policies and procedures reasonably designed to, among other things, ensure the security and confidentiality of customer information, and protect against unauthorized access to customer information that could result in substantial harm or inconvenience to any customer. Common issues observed by Examinations Division staff included:
- Vendor management: Some firms failed to ensure proper due diligence and oversight of vendors used by branch offices to provide services such as cybersecurity, technology operations and business applications. The Risk Alert noted that misconfigured security settings and applications at these firms could result in unauthorized access to customer records or information.
- Email configuration: Some firms failed to provide guidance to branch offices regarding email services from vendors and technical requirements needed to secure branch office email systems. The Risk Alert noted that in some cases, weak email configuration at branch offices resulted in account takeover, business email compromise, and an inability to perform adequate incident responses.
- Data classification: Examinations Division staff observed firms failing to apply data classification policies at their branch offices to identify where customer records and information were stored electronically. The Risk Alert noted that such failures resulted in failures to identify and control customer records and information at branch offices.
- Access management: The Risk Alert noted that some firms required password complexity and multi-factor authentication for remote access at their main offices, but did not require such controls at their branch offices. As a result, such branch offices experienced breaches which could have been prevented if such controls were in place.
- Technology risk: The Risk Alert noted that some branch offices were not subject to their main office’s policies and procedures regarding technology risk, e.g., patch management and vulnerability management. Examinations Division staff observed that multiple branch offices were prone to compromises because they were running “end of life” operating systems that were no longer supported by the manufacturer with respect to patching and correcting new bugs or security weaknesses.
The Risk Alert encouraged firms to consider their entire organizations, including branch offices, when implementing their policies and procedures to address safeguarding of customer records and information and compliance with Regulation S-P.
SEC Commissioner Uyeda issues remarks at the Investment Company Institute 2023 Investment Management Conference
On March 20, 2023, SEC Commissioner Uyeda delivered remarks at the Investment Company Institute 2023 Investment Management Conference, discussing his concerns and suggestions regarding the current approach to regulating asset managers.
Rush to rulemaking
Commissioner Uyeda remarked that the Commission has adopted numerous final rules and issued even more proposals for rules that affect asset managers, despite not having a Congressional directive mandating such actions. Commissioner Uyeda commented that the increased costs and burdens of compliance in the face of these new rules are likely to disproportionately hurt small fund complexes and their advisers, and that increased expenses in operating registered investment companies could also incentivize asset managers to choose less regulated vehicles that may also be cheaper. Commissioner Uyeda then laid out his specific concerns surrounding the Commission’s current direction of rulemaking.
The perils of regulation by theory and hypothesis
Commissioner Uyeda explained his concern that the Commission has been focused on “rulemaking based on unrealistic expectations of how the world functions and how it ought to be,” such as looking to precedents from Europe and academic papers that address financial systems that are entirely different from the U.S. system, or not considering the cumulative impact of multiple overlapping rules introduced simultaneously. Commissioner Uyeda is concerned that such burdens and costs would likely impact smaller fund managers, who may be forced out of the market, thus reducing diversity in the industry.
Open-end fund liquidity
Commissioner Uyeda then expressed his skepticism surrounding the “liquidity mismatch” basis for recent policy proposals in the United States, such as proposed new liquidity requirements for open-end funds. As he explains, it is widely believed that open-end funds create a liquidity mismatch as the daily redemption ability of investors does not match the funds’ illiquid assets, and that during market downturns, investors would rush to exit, which could cause instability for the fund and other market participants. However, Commissioner Uyeda pointed out that, despite the broad acceptance of the “liquidity mismatch” concept, there is in fact rather limited data supporting the theory. Commissioner Uyeda thus proposed that the SEC review and analyze all the data it collects from funds, and get a clearer sense of the realities of open-end funds, in order to better tailor its proposed regulations to the needs of the market.
In addition to referencing his overall concerns regarding the practice of ESG investing, which he had commented on previously, Commissioner Uyeda spoke about the impracticalities surrounding the implementation of the proposed rules for ESG investing. He commented that the Commission should take the EU’s experience with its sustainability finance regime as a cautionary tale for what is likely to come if the proposed rules are adopted. The EU had taken a sprawling approach to sustainable finance, including increased disclosures and mandates for sustainability reporting. However, when it came to implementing the ambitious regulatory framework, the EU encountered significant implementation challenges, such as conflicting standards and interdependencies, and a large drag on the economy. Commissioner Uyeda stated that these difficulties would likely arise in the U.S. context were the Commission to adopt the proposed ESG rules, and failure to consider such implications could potentially implicate the arbitrary and capricious standard required by the Administrative Procedure Act.
Commissioner Uyeda also discussed the current fund name rule that requires that funds with certain names adopt a policy to invest 80% of their assets in the investments suggested by that name. A set of proposals introduced in May 2022 would look to expand the scope of fund names that would be subject to this rule to names that imply investments that have “particular characteristics” such as “value,” “growth,” “ESG,” etc. Commissioner Uyeda expressed his concern that the cost of implementing this expansion (which the Commission has estimated to be up to $5 billion or $500,000 per fund) would be passed on to investors, that the burden on Commission staff resources to process the paperwork that would be a necessary result of such proposed rules will be significant, and that the benefits of the proposed rules, which are designed to protect investors, would in fact not have as much of a positive impact as hoped, particularly as it provides no benefit to the vast majority of investors who rely on an investment adviser or broker to select their funds for them.
Practical areas for improvement
In Commissioner Uyeda’s view, it would be practical and beneficial for investors if the Commission were to focus on:
- Projects that provide tangible improvements for investors, and do not cripple firms with new regulatory burdens that can increase costs and/or cause firms to exit.
- A review of the current rulebook to see what is not working, and engage in robust conversations with the public rather than proceeding immediately to rulemaking.
- Improving fund disclosures for investors, supported by data indicating the use and benefits to investors, such as revamping and streamlining the Form N-14 and Form N-2 to make the forms more accessible.
In conclusion, Commissioner Uyeda stated that he strongly believes that the current regulatory approach to mutual funds, closed-end funds, and ETFs is not broken, but is concerned with the Commission’s current rushed regulatory path. He suggested that all such rulemaking should be supported by research and data, accompanied by published guidance for public review, and grounded in practical, real world cost and benefit analyses.
Delaware court cracks down on overly broad restrictive covenants in partnership agreement
On the heels of a proposed rule earlier this year from the Federal Trade Commission that would impose a sweeping ban on virtually all employment-related non-competes, the Delaware Chancery Court recently delivered an opinion that put more chill on non-competes and other restrictive covenants in the context of an employee co-owned company attempting to enforce such covenants against a group of departed employees.
The decision involved a lawsuit brought by six former partners of a financial services company (organized as a Delaware limited partnership) who voluntarily terminated their employment with the company and withdrew from the partnership. The applicable partnership agreement, to which these partners were bound at the time they left the company, included several interlocking provisions designed to prevent former partners from competing with the company. Among them were restrictive covenants, enforceable by injunction, that prohibited competition for one year and solicitation of the company’s clients or employees for two years. A partner will breach a restrictive covenant only when the company makes the good faith determination that the partner has done so. Additionally, the company pursuant to a forfeiture clause may withhold payments otherwise owed from a former partner’s capital account and certain earned but deferred compensation if the former partner (i) breached the stand-alone restrictive covenants described above or (ii) engaged in “competitive activity” (which was defined separately from the one-year non-compete described above) within four years following departure, even if the competition did not otherwise breach the stand-alone restrictive covenants.
When the company withheld payments from the six former partners who were determined by the company to have engaged in competitive activity, the former partners sued the company seeking the payments and challenging the enforceability of the forfeiture clause and the restrictive covenants on which it is based. The court ruled in favor of the former partners, and its holding and analysis provided good insight on how non-competes and related forfeiture provisions are viewed by Delaware courts in the current environment.
The court first explained that forfeiture clauses like the one in the company’s partnership agreement are permitted under Delaware law, but they are enforceable only to the extent that the underlying promise—here, adherence to the restrictive covenants—is itself enforceable. After examining the terms of the stand-alone restrictive covenants and how they were drafted, the court concluded that they were unreasonable and therefore unenforceable. In particular, the court took issue with the restrictive covenants’ lack of geographical limitation, protection extending to not only the company itself but any affiliated entity and use of vague language in defining the prohibited activities, as well as the company’s discretion in determining whether a restrictive covenant has been breached, all of which, according to the court, resulted in the restrictive covenants being “facially overbroad and void against public policy.”
The court then went on to examine the second trigger of the forfeiture clause—i.e., the four-year non-compete that was separate from the stand-alone restrictive covenants that included the one-year non-compete. Here, the court noted that while this non-compete has a narrower scope of prohibited activities and does not delegate the determination of whether it has been breached to the company, its longer duration was troubling and did not advance any legitimate interest of the company, and, as a result, ruled that this second trigger of the forfeiture clause is also unenforceable as an unreasonable restraint of trade.
Notably, in both this case and another recent case from last fall that involved restrictive covenants in the context of a sale of a business, the Delaware Chancery Court, after finding that the restrictive covenants at issue were unreasonable, refused to “blue pencil” them to a reasonable level and instead struck them in their entirety.
In light of these developments and hesitation by the Delaware courts to blue pencil, companies (including investment firms and fund managers) should exercise care in crafting restrictive covenants and related forfeiture provisions in partnership and other agreements that are governed by Delaware law and make sure that such provisions are reasonable in scope and duration and are supported by legitimate business interests of the employer.