2022 Update for Investment Advisers: Important Annual Requirements, Recent Proposed Rulemaking, and Recent SEC Enforcement Initiatives

Investment advisers registered with the U.S. Securities and Exchange Commission (SEC or Commission) (each, an RIA) are subject to certain annual requirements under the Investment Advisers Act of 1940 (Advisers Act); some of these requirements also either apply to exempt reporting advisers (each an ERA) or warrant consideration as best practices for ERAs. This Sidley Update reminds investment advisers of the annual and other periodic regulatory and compliance reporting cycles, including a number of significant 2022 reporting or filing deadlines.

This Sidley Update also reminds advisers that are registered as commodity pool operators (CPOs) or commodity trading advisers (CTAs) with the Commodity Futures Trading Commission (CFTC) and members of the National Futures Association (NFA) of certain CFTC and NFA reporting requirements.

This Sidley Update provides important information regarding

• Compliance Program Review and Testing
• Other Annual Reminders for RIAs and ERAs
• SEC Examination Priorities for 2022
• Preparing for an SEC Exam
• Regulatory Developments and Guidance
• SEC Rule Developments
• SEC Focus on Digital Assets and ICOs
• Recent SEC Enforcement Initiatives and Proceedings
• Form PF Reporting Requirements
• CFTC and NFA Reporting Requirements for Certain Investment Advisers

This Update does not purport to be a comprehensive summary of all of the compliance obligations to which advisers are subject; please contact your Sidley lawyer to discuss these and other requirements under the Advisers Act, the Commodity Exchange Act, and other regulations that may apply to RIAs, CPOs, and/or CTAs, as well as applicable non-U.S. regulatory developments.

Annual Compliance Program Review

Rule 206(4)-7 under the Advisers Act (Compliance Rule) requires an RIA to designate a chief compliance officer (CCO) and adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act and the rules thereunder by the adviser and its supervised persons. The Compliance Rule does not enumerate specific elements that must be included in the compliance policies and procedures.¹ Rather, the SEC has indicated that it expects an RIA’s policies and procedures to be based on an assessment of the regulatory and compliance risks present in the adviser’s business that may result in violations of the Advisers Act and a determination of controls needed to manage or mitigate these risks.

Common Deficiencies in Compliance Programs

A Risk Alert² issued by the SEC Division of Examinations (Division) described examples of deficiencies or weaknesses in connection with the Compliance Rule frequently identified in the Division’s examinations. Examples:

• Compliance manuals are not reasonably tailored to the adviser’s business practices. The SEC noted that certain compliance programs did not take into account important individualized business practices, such as the adviser’s particular investment strategies, types of clients, trading practices, valuation procedures, and advisory fees.
• Annual review was not performed or did not address the adequacy of the adviser’s policies and procedures. The SEC also observed that some advisers did not address or correct problems identified in their annual reviews.
• Adviser does not follow its compliance policies and procedures.
• Compliance manuals are not current. The SEC noted that certain compliance manuals contained information or policies that are no longer current.

The SEC has noted³ specific examples of certain deficiency types, including these:

• Policies and procedures that are incomplete or inaccurate. The SEC cited, as an example, valuation policies that did not reflect certain practices followed by an adviser in connection with fair valuation, highlighting the need for the adviser’s compliance staff (Compliance) to know what the business and back office staff are doing in practice, not just on paper.
• Policies and procedures that are not modified in light of new business practices, products, or clients. The SEC stated that Compliance should be involved at the beginning of discussions about new business lines or products, as these proposals may require changes not only to policies and procedures but also to staffing levels or expertise, compliance monitoring or testing, Form ADV, and other disclosure documents and the annual compliance review.
• Policies and procedures that are not adequately documented. The SEC offered the example of an adviser using quantitative models for investment decisions but failing to establish written policies and procedures surrounding the review and approval of those models to ensure that the models were operating effectively and as intended.

Periodic and Annual Review

The Compliance Rule also requires an RIA to review at least annually the adequacy of its policies and procedures and the effectiveness of their implementation. The required annual review may be conducted in stages throughout the year or all at once, depending on what works best for the adviser. The SEC staff has stated that an RIA’s compliance program should continue to evolve in conjunction with an ongoing risk assessment (and re-evaluation) process.

• results of any SEC examinations of the adviser
• review of material compliance matters that arose
• changes in the adviser’s business activities or operations (e.g., entering a new line of business)
• recent enforcement actions
• changes to applicable laws, rules, regulations, and/or SEC staff guidance

The review process should incorporate reasonable trend analysis and “macro” analysis as well as “transactional” (i.e., spot) tests to detect gaps in the compliance program or instances in which the adviser’s policies and procedures may have been circumvented or are not operating effectively. The Division recommends that the adviser document the content, timing, and results of the testing, which can expedite the SEC’s review of the adviser’s compliance program when the adviser is examined.⁴ Any issues identified in the testing process should be accompanied by a strategy for remediation and the results of any remediation efforts.

The adviser should document the annual review as well as steps taken to revise or enhance the compliance program to reflect the results of the review. Upon examination, the SEC will require the adviser to produce documentation of the required annual review. Underscoring the importance of documenting the annual review, the proposed amendment to the Compliance Rule (discussed below) would formally establish an annual review written documentation requirement applicable to all advisers. An RIA’s failure to conduct a timely annual review is an often-cited violation in addition to other charges brought by the SEC’s Division of Enforcement.

Report to Management

As a best practice, an RIA’s senior management should convene a special meeting at least annually to review the effectiveness of the adviser’s compliance policies and procedures. A formal written report summarizing the conclusions of senior management should be filed in the adviser’s compliance records together with a memorandum summarizing the responses, if any, made to perceived deficiencies or inadequacies as well as evaluating the approach taken to any specific compliance problems during the year. Senior management should be engaged as frequently as necessary during the year to assist in establishing and maintaining a culture of compliance within an adviser’s organization.

Training and Annual Certification

The SEC staff emphasize the importance of advisers’ educating their supervised persons concerning the general principles as well as the specific requirements of the adviser’s compliance program. Pertinent training should take place at least annually and more frequently as convenient or necessary, such as when an employee joins the firm or when the testing of policies and procedures demonstrates a lack of understanding of the policies and procedures.

An RIA’s compliance policies and procedures should be documented in a compliance manual distributed to all supervised persons. All supervised persons should be required to execute and deliver, at least annually, a certificate stating that they have read (or reread) and understand the provisions in the compliance manual (including any revisions or updates), including the code of ethics and the adviser’s policies and procedures designed to detect and prevent insider trading. Many firms also use an annual certification to remind supervised persons of their specific disclosure obligations, such as the obligation to disclose outside business activities.

ERAs

An ERA, as an unregistered adviser, is not required to adopt a comprehensive compliance program pursuant to the Compliance Rule or to comply with most other rules under the Advisers Act. Unregistered advisers, however, are still subject to the Advisers Act’s antifraud provisions. An ERA, therefore, should adopt reasonable compliance policies, procedures, and oversight to avoid even the appearance of a violation of the antifraud provisions or the ERA’s fiduciary duty to clients. Like an RIA, an ERA is subject to Advisers Act Rule 206(4)-5 (the Pay-to-Play Rule) as well as the Advisers Act requirement that an adviser adopt policies and procedures reasonably designed to prevent insider trading. As a best practice, an ERA should review at least annually the adequacy of its policies and procedures and make any needed revisions.

Form ADV Annual Updating Amendment for RIAs; Brochure Delivery to Clients

Annual Updating Amendment

Each RIA must file an annual updating amendment to its Form ADV within 90 days of its fiscal year end. Accordingly, an RIA with a December 31 fiscal year end is required to file its annual amendment by March 31 of each year (March 30 of each leap year). Part 1A and Part 2A (the adviser’s “brochure”) are filed electronically with the SEC via the Investment Adviser Registration Depository (IARD) and are publicly available. Part 2B, the brochure supplement, is not required to be filed with the SEC but must be preserved by the adviser and made available, if requested, to the SEC for examination. 

An RIA must update its Form ADV Part 1A more frequently if required, as specified in General Instruction 4 to Form ADV⁵ by filing an other-than-annual amendment. The RIA also must update (and file) its Part 2A brochure promptly when any information in the brochure becomes materially inaccurate.

New Part 1A, Subsection 5.L

Beginning in 2022, RIAs saw a new series of questions added to Part 1A, Item 5 of Form ADV. These new questions relate to the RIA’s marketing activities and were added in conjunction with the new marketing rule.⁶ Only RIAs that have adopted the new marketing rule in advance of the compliance date (November 4, 2022) are required to respond to these questions. All RIAs will be required to respond to Item 5.L in the annual update following the compliance date, which for most RIAs with a December 31 fiscal year end means these questions will be required in their March 2023 annual updating amendment. 

Annual Delivery of Brochure to Clients

Within 120 days of its fiscal year end, an RIA must deliver to each client for which delivery is required either

• its updated Part 2A brochure and a summary of material changes to the brochure, if any, or
• a summary of material changes, if any, accompanied by an offer to provide the updated brochure, which, if requested, must be mailed within seven days or delivered electronically in accordance with SEC guidelines.

The brochure is required to be delivered to “clients,” which the SEC has acknowledged does not include fund investors. However, many fund advisers voluntarily deliver the brochure to fund investors. An RIA with a December 31 fiscal year end must deliver its updated brochure to clients by April 30 of each year (April 29 of each leap year).⁷

Form CRS

Advisers Act Rule 204-5 requires an RIA to provide “retail investor” clients with information about the nature of their relationship. This relationship information is provided in prescriptive manner on Form CRS. RIAs as well as broker-dealers must deliver, to new and existing retail customers, a summary of the relationship between the customer and the firm. 

Shortly after firms were first required to deliver Form CRS to existing customers, the Division began conducting examinations of firms for compliance.⁸ On July 26, 2021, the SEC charged 21 RIAs for failure to timely file or deliver the Form CRS or post it to the website. The Division had twice reminded these RIAs of the missed deadline.⁹ These actions serve as a reminder to RIAs with retail investor clients of their Form CRS obligations and a general warning to all RIAs of the SEC’s willingness to bring charges for technical violations of the securities laws without evidence of customer harm.

Importance of Accurate and Complete Form ADV Disclosure

Inaccurate, misleading, or omitted Form ADV disclosure is a frequently cited deficiency in SEC examinations and has been the basis of a number of enforcement proceedings. More technically, Form ADV and Form PF are linked electronically, and inconsistencies in disclosure in the two forms can raise red flags in connection with an SEC examination and prevent an adviser from successfully filing Form PF.

Disclosure points of particular importance include these:

• An adviser must accurately calculate its regulatory assets under management (RAUM). RAUM must be calculated on a gross basis, including proceeds of leverage and uncalled capital commitments and without deduction of any outstanding indebtedness or other accrued but unpaid liabilities, according to specific instructions provided in Instruction 5.b of Form ADV: Instructions for Part 1A (Part 1A Instructions).
• An adviser to private funds (i.e., funds that rely on the exclusion from the definition of investment company provided by Section 3(c)(1) or 3(c)(7) of the Investment Company Act of 1940) must provide specific information regarding those funds on Form ADV. Correct classification of the funds advised, according to the specific definitions provided in Instruction 6 of the Part 1A Instructions, is necessary to determine an adviser’s Form PF filing category (see Form PF Reporting Requirements — Determining an Adviser’s Filing Category below).
• An adviser that has added a new private fund as a client since its last Form ADV annual updating (or other) amendment may need to amend Form ADV to add the new fund before information regarding the new fund can be reported on Form PF. An adviser in this situation may need to file its annual Form ADV amendment early or file an other-than-annual amendment in order to timely file Form PF.¹¹

Form ADV Annual Updating Amendment for ERAs

Advisers relying on the “private fund adviser” exemption or the “venture capital fund adviser” exemption from SEC registration are ERAs and are required to file reports on Form ADV Part 1A with the SEC through IARD. An ERA, like an RIA, must amend its Form ADV at least annually, within 90 days of its fiscal year end, and more frequently if required, as specified in General Instruction 4 to Form ADV. Hence, an ERA with a December 31 fiscal year end is required to file its annual updating amendment by March 31 each year (March 30 of each leap year).

An ERA relying on the private fund adviser exemption must calculate annually the private fund RAUM that it manages and report the amount in its annual Form ADV amendment. If a U.S.-based ERA reports in its annual amendment that it has US$150 million or more of private fund RAUM or has accepted a client that is not a private fund, the adviser is no longer eligible for the private fund adviser exemption.¹² A private fund adviser that has complied with all ERA reporting requirements but is no longer eligible for the private fund adviser exemption because its RAUM meets or exceeds US$150 million must apply for registration with the SEC within 90 days after filing the annual amendment and may continue advising private fund clients during this period. This transition period is not available to an adviser that otherwise would not qualify for the private fund adviser exemption, such as an adviser that accepts a separately managed account. An adviser relying on the private fund adviser exemption must be registered with the SEC (or, if pertinent, with one or more states) prior to accepting a non-private-fund client. The transition period also is not available to advisers relying on the venture capital fund adviser exemption; such an adviser (whether based in or outside of the United States) must register under the Advisers Act before accepting a client that is not a venture capital fund unless the adviser is eligible for another exemption from registration.

Form PF Reporting Requirements

Most RIAs that advise private funds are required to file Form PF either quarterly or annually; advisers exempt from SEC registration, including ERAs, are not required to file Form PF. Form PF, which is a joint form between the SEC and the CFTC with respect to Sections 1 and 2 of the form, is filed with the SEC via the Private Fund Reporting Depository (PFRD) electronic filing system and is not publicly available.

Given the volume and complexity of the work involved, many private fund RIAs face a number of challenges in preparing Form PF, including making decisions regarding (and documenting) assumptions and methodologies, due to the ambiguous or subjective nature of a number of Form PF’s instructions, definitions, and questions. The SEC staff has provided assistance with respect to these issues and other Form PF questions, both directly in response to private inquiries¹³ and in FAQs posted (and periodically updated) on the SEC’s website.¹⁴ According to a December 2021 SEC staff report, the staff regularly contacts individual filers when staff members identify anomalous and possibly erroneous data as well as possibly delinquent or missing filings and works with these individual filers to determine steps for improving timeliness and accuracy of filings.¹⁵

When delinquencies persist, the staff has taken further steps to ensure that information is appropriately filed. In June 2018, the SEC announced settlement orders with 13 RIAs that repeatedly failed to file Form PF.¹⁶ Each adviser was charged a $75,000 penalty. During the course of the SEC investigation, the RIAs remediated their failures by making the necessary filings.

Who Must File

An RIA is required to file Form PF if it (i) advises one or more private funds and (ii) collectively, with related persons (other than related persons that are separately operated), had RAUM of $150 million or more (calculated in accordance with Form PF aggregation requirements) attributable to private funds as of the end of its most recently completed fiscal year.

CFTC-registered CPOs that are dually registered with the SEC and are required to file Form PF must submit information with respect to each advised commodity pool that also is a private fund. Because commodity pools are considered hedge funds for purposes of Form PF, the filing adviser must complete the sections of the form applicable to hedge funds for each commodity pool reported on Form PF. Dual registrants may no longer file Form PF to satisfy CFTC Form CPO-PQR reporting requirements.

To avoid duplicative reporting, Form PF information regarding subadvised funds should be reported by only one adviser. The adviser that completes information in Form ADV Schedule D Section 7.B.1 with respect to any private fund is also required to report that fund on Form PF. If, however, the adviser reporting the private fund on Form ADV in Section 7.B.1 is not required to file Form PF (i.e., because it is an ERA), then another adviser, if any, to the fund, if required to file Form PF, must report the fund on Form PF.

Determining an Adviser’s Filing Category

The scope of required Form PF disclosure, the frequency of reporting, and filing deadlines differ based on the RAUM of the adviser attributable to different types of private funds (in particular, hedge funds, liquidity funds, and private equity funds). Accurately determining an adviser’s filing category is a critical first step. Specific definitions of fund types are provided in the Form ADV Part 1A Instructions and the Form PF: Glossary of Terms.

The RAUM thresholds applicable to different categories of Form PF filers are summarized in the chart below. An adviser meeting only the minimum $150 million private fund RAUM reporting threshold, as well as a large private equity fund adviser, must file Form PF annually within 120 days of its fiscal year end. A large liquidity fund adviser or large hedge fund adviser must file quarterly, within 15 days (for large liquidity fund advisers) or 60 days (for large hedge fund advisers) of its fiscal quarter end.

Advisers are required to follow certain aggregation instructions for purposes of determining whether they meet the de minimis $150 million private fund asset threshold for reporting on Form PF as well as the pertinent large private fund adviser thresholds. Aggregation also is required for large hedge fund advisers to determine whether any hedge fund is a “qualifying hedge fund” subject to additional reporting requirements. The aggregation instructions (and, conversely, certain netting instructions for fund-of-funds advisers and others whose funds invest in other private funds) may raise challenging interpretive issues for many advisers.

Frequency of Reporting and Filing Deadlines

The reporting frequency and upcoming filing deadlines for different categories of Form PF reporting advisers are summarized below. The filing deadlines set forth in the following table are for advisers with a December 31 fiscal year end.

How the SEC Staff Use Form PF Data

While the primary aim of Form PF was to create a source of data for the Financial Stability Oversight Council’s assessment of systemic risk, the SEC is also using the data to support its own regulatory programs, including examinations, investigations, and investor protection efforts. As noted, the Division staff generally review an adviser’s Form PF filing as a part of their pre-exam evaluation and review information contained in the filing for inconsistencies with other information obtained during an exam, such as due diligence reports, pitch books, offering documents, operating agreements, and books and records. In addition, the Division staff typically look for discrepancies between an adviser’s Form PF filing and any publicly available documents related to the adviser, including the adviser’s Form ADV Part 1A and its Part 2A brochure.

The most recent SEC annual Form PF staff report¹⁷ describes a number of ways the staff use Form PF data to identify and monitor private fund industry trends, identify emerging compliance risk areas, inform policymaking, and prioritize the use of exam and enforcement resources.¹⁸ As described in the report, the SEC staff have developed various analytical tools to enhance the staff’s ability to assess large volumes of data, streamline analysis of the data by automating certain analytic processes, and evaluate Form PF data in conjunction with other relevant datasets. For example, these tools have enhanced the staff’s ability to

• identify “outliers” among private funds and private fund advisers using factors such as performance, investment exposures, and liquidity
• identify private funds based on one or more areas of policy interest, such as type of strategy, types of investments, use of derivatives, and extent of leverage
• empirically test claims made in the financial press or other public sources regarding private funds and the private fund industry
• observe trends in hedge fund exposures to leveraged loans and collateralized loan obligations

The SEC staff also obtain and review Form PF information to focus their enforcement investigations, including investigations of private fund advisers. For example, the staff used Form PF data together with other information to identify hedge fund advisers whose reported data ― such as returns, exposures, and liquidity ― appear inconsistent with the funds’ investment strategies or other benchmarks. These reviews have, in certain cases, led to examinations and enforcement investigations.

As discussed below, Form PF data has also been used to inform SEC rulemaking, including the proposed amendments to Form PF.

Reporting Requirements for Certain Investment Advisers on CFTC and NFA Form CPO-PQR and/or Form CTA-PR

Many advisers to privately offered funds and regulated investment companies (RICs) are required to register as CPOs and/or CTAs with the CFTC with respect to certain commodity pools that they advise and to become members of the NFA. CFTC-registered CPOs and CTAs must report certain information on CFTC and NFA Form CPO-PQR (also referred to herein as CFTC Form PQR and NFA Form PQR, as applicable) and Form CTA-PR and NFA PR, respectively. The forms must be filed electronically using the NFA’s EasyFile System.

CFTC and NFA Reporting Requirements on Form CPO-PQR

CFTC-registered CPOs must report quarterly on either CFTC Form CPO-PQR or NFA Form PQR. CPOs may satisfy the CFTC filing requirement by filing NFA Form PQR in lieu of CFTC Form CPO-PQR. Quarterly reports are due within 60 days of the end of the quarters ending March, June, and September, and an annual report is due within 90 days of the end of December. NFA imposes a fee of $200 per business day for late filings. The NFA will deem failure to pay late fees within 30 days of the due date as a request by the CPO to withdraw from NFA membership.

The CFTC’s Market Participants Division has posted FAQs regarding Form CPO-PQR, while the NFA has posted FAQs regarding Form PQR.¹⁹

Advisers that are dually registered with the SEC and the CFTC can no longer satisfy certain CFTC Form PQR filing requirements by filing Form PF.²⁰

If a pool is operated by co-CPOs and one of the CPOs is also an RIA that files Form PF, the non-investment-adviser CPO must nevertheless file the applicable sections of CFTC Form PQR.

Form CTA-PR

Each registered CTA is required to file an annual Form CTA-PR with the CFTC within 45 days of the calendar year end and a quarterly NFA Form CTA-PR within 45 days of the calendar quarter end.²¹ The same form is used for both the CFTC and the NFA filings. All Form CTA-PR filings are made through the NFA’s EasyFile System. The CFTC and the NFA have posted FAQs regarding Form CTA-PR.²²

Advisers Registered as CPOs and/or CTAs — NFA Self-Examination and Attestation

NFA believes that all NFA members should regularly review the adequacy of their supervisory procedures. To satisfy their continuing supervisory responsibilities, NFA members must review their operations yearly using NFA’s Self-Examination Questionnaire, which includes a general questionnaire that all NFA members must complete and supplemental questionnaires (i.e., CPO and CTA) that must be completed as applicable.

After reviewing the annual questionnaires, an appropriate supervisory person must sign and date a written attestation stating that they have reviewed the NFA member’s operations in light of the matters covered by the questionnaire. A separate attestation must be made for each branch office, and if the branch office reviews its own operations, the main office must receive a copy of the questionnaire’s signed attestation. A branch office is an office of the NFA member other than the main office, not a separate entity affiliated with the NFA member. These attestations should be readily available for the most recent two years and retained for the most recent five years.

Other Annual Reminders

Other annual obligations, as pertinent, include the following (nonexclusive list):

Review of Disclosure and Offering Documents. An adviser should review all disclosure documents (including fund offering materials) at least annually to ensure that content and disclosure are accurate, up to date, and consistent across documents (including filings with the SEC and other regulators) and with the adviser’s compliance policies and procedures. Advertising materials, pitch books, standard due diligence questionnaire responses, and the adviser’s website should also be reviewed.

Annual Personal Securities Holdings Report. On an annual basis, an RIA must collect from each “access person” (by a date specified by the adviser) an annual personal securities holding report containing certain required information regarding securities holdings and all securities accounts. The information must be current as of a date no more than 45 days prior to the date the report is submitted.

Annual Delivery of Privacy Notice. An adviser must provide clients and fund investors who are natural persons with a privacy notice disclosing the adviser’s practices for maintaining privacy of nonpublic personal information, both at or before the establishment of the customer relationship and annually thereafter. This privacy notice should provide clients and fund investors with the right to opt out from the sharing of nonpublic personal information with unaffiliated third parties, if applicable. An adviser is not required to make an annual distribution of its privacy notice if the adviser (a) provides only nonpublic personal information to unaffiliated third parties for limited, non-marketing-related purposes and (b) has not changed its policies and practices from those disclosed in the adviser’s most recent privacy notice provided to clients and fund investors.

Annual “Bad Actor” Recertification. Private funds and other issuers are not permitted to rely on the exemption from Securities Act of 1933 (Securities Act) registration provided by Rule 506 of Regulation D if the pertinent offering involves certain “bad actors.” For continuous or other offerings of long duration, an adviser must update, with reasonable care, its factual inquiries (i.e., by email or questionnaire) to determine whether any covered persons have “disqualifying events,” which may also require disclosure in Form ADV.

Annual Eligibility for “New Issues.” An adviser should verify annually the eligibility of clients and fund investors to participate in new issues of publicly offered securities (i.e., initial public offerings) to make sure “restricted persons” are properly identified and their participation is appropriately restricted.

Form D and “Blue Sky” Filings. Form D filings for private funds with ongoing offerings lasting longer than one year must be amended annually, on or before the first anniversary of the initial Form D filing. On an annual basis, an adviser also should review blue sky filings for each state to ensure that any renewal requirements are met. The staff of the SEC’s New York regional office indicated in 2018 that examiners had noticed an increase in the number of Form D deficiencies, such as missing or late filings, forms not completed according to the instructions, and inconsistencies between Form D and Form ADV.²³

Distribution of Audited Financials to Private Fund Investors. An adviser relying on the “audit provision” of Advisers Act Rule 206(4)-2 (Custody Rule) with respect to its private fund clients must deliver audited financial statements of each pertinent private fund to fund investors within 120 days of the fund’s fiscal year end (typically April 30, if the fiscal year ends on December 31) or within 180 days of the private fund’s fiscal year end, if the private fund is a fund of funds (by typically June 29, if the fiscal year ends on December 31).

Section 13F Filings. An institutional investment manager that exercises investment discretion over accounts with $100 million or more in “Section 13(f) Securities” is subject to the requirements of Section 13(f) and Rule 13f-1 under the Exchange Act, requiring the adviser to file quarterly reports (due within 45 days after the last day of each calendar quarter) on Form 13F with the SEC. An adviser subject to these requirements must report on Form 13F its aggregate holdings of “Section 13(f) securities,” which generally include exchange-traded equity securities, options, warrants, and certain convertible debt securities, and are reflected on the SEC’s Official List of Section 13(f) Securities published each quarter.²⁴

Annual Affirmation of CFTC Exemptions. Advisers claiming an exemption from registration under CFTC Rule 4.13(a)(1), 4.13(a)(2), 4.13(a)(3), or 4.13(a)(5) or exclusion from the definition of CPO under Regulation 4.5, and CTAs claiming an exemption from CTA registration under Regulation 4.14(a)(8), must affirm the applicable notice of exemption or exclusion within 60 days of each calendar year end — typically March 1 — or be deemed to have requested a withdrawal of the applicable exemption or exclusion.

Confirming Affirmation of Investors/Clients Claiming Exemptions Under CFTC Rules. Persons claiming an exemption from CPO registration under CFTC Rule 4.13(a), an exclusion from CPO registration under CFTC Rule 4.5, or an exemption from CTA registration under CFTC Rule 4.14(a)(8) have until March 1 of each year (February 29 in a leap year) to file their annual affirmation of the exemption, and therefore it may be difficult for an NFA member to determine whether a CPO or CTA that previously claimed an exemption continues to be eligible for the exemption. Accordingly, NFA has indicated that a registered CPO or CTA that takes reasonable steps to determine the registration and membership status of investors/clients claiming an exemption or exclusion under these CFTC rules will not be in violation of NFA Bylaw 1101 or Compliance Rule 2-36(d) if between January 1 and April 1 of a given year it transacts customer business with a previously exempt person that fails to (a) become registered and a member of NFA, (b) file a notice affirming its exemption from CPO/CTA registration, or (c) provide a written representation as to why the person is not required to register or file the notice affirming the exemption.²⁵ It is worth noting that CFTC Rules 4.7, 4.12, and 4.23(c) do not require annual affirmations.

BEA and TIC Reporting Requirements for Cross-Border Investments. RIAs and other financial institutions may be required to file reports with the Bureau of Economic Analysis (BEA) for surveys of cross-border “direct investments” (generally, voting interests of 10% or more) by or in U.S. entities, among other things,²⁶ and with the Treasury Department, for Treasury International Capital (TIC) surveys of cross-border “portfolio investments” (generally, nonvoting interests and voting interests of less than 10%).²⁷

Firms should routinely review the reporting requirements and applicable thresholds and exemptions to determine whether and when they must proactively file reports or claims for exemption with the BEA or the Treasury Department. In addition, firms may be required to submit reports for certain surveys, even if filing thresholds have not been met or exceeded, if contacted by the BEA or the Treasury Department.

SEC Examination Priorities for 2022

On March 30, 2022, the Division issued its annual examination priorities. Consistent with its recent rulemaking activity, in its accompanying release, the SEC highlighted private funds; environmental, social and governance (ESG) investing; retail; cyber; and digital assets as key examination priorities. This article provides a concise summary of upcoming examination priorities and perennial issues registrants can anticipate in the following year’s examinations.

Importance of Compliance Programs

The Division highlighted the importance of registrants’ improving and promoting compliance at the firms, including compliance engagement across business lines; knowledgeable chief compliance officers; commitment to compliance by firms’ principals; and resiliency of compliance programs to withstand changes in market conditions, investor demand, key personnel, services, and lines of business.

Private Fund, ESG Investing, Retail Investors, Cybersecurity, Fintech, and Digital Assets

The Division highlighted these topics as top priorities and indicated that examinations on these topics will focus on the following issues.

• Private Funds: Priorities echo many of the areas of focus in the SEC’s recent proposal relating to private funds²⁹ as well as the recent comprehensive proposal with respect to special purpose acquisition companies (SPACs).³⁰ Priorities include advisers’ exercise of their fiduciary duty; calculation and allocation of fees and expenses, including the calculation of postcommitment period management fees and the impact of valuation practices; custody and fund audits; valuation; conflicts of interest; controls around material nonpublic information (MNPI); preferential treatment of certain investors around liquidity; disclosure and compliance around cross-trades, principal transactions, or distressed sales; conflicts around liquidity, including fund-adviser-led restructurings and stapled secondary transactions; investments in SPACs; risk management and trading for private funds with indicia of systemic importance; and conflicts and disclosures related to private fund investment in SPACs and advisers acting as SPAC sponsors
• ESG Investing: registered funds, private offerings, and RIAs’ ESG disclosures concerning ESG investing approaches; adoption and implementation of policies, procedures, and practices in connection with such disclosures; voting client securities in accordance with proxy voting policies and procedures; and greenwashing
• Retail Investors: how registrants are satisfying their obligations under Regulation Best Interest (Regulation BI) and the Advisers Act fiduciary standard to act in the best interests of retail investors; assessments of practices regarding consideration of investment alternatives, and management of conflicts of interest, trading, disclosures, account selection, and account conversions and rollovers; broker-dealer examinations will review firms’ recommendations related to SPACs, structured and other enumerated products; RIA examinations will focus on revenue sharing arrangements, share class selection, and recommendations of wrap fee accounts and proprietary products
• Information Security and Operational Resiliency: whether firms have taken appropriate measures to safeguard customer accounts and prevent account intrusions, oversee vendors and service providers, address malicious email activities, respond to incidents, identify and detect red flags related to identity theft, manage operational risk as a result of a dispersed workforce; and registrants’ business continuity and disaster recovery plans, including with respect to the impact of climate risk and substantial disruptions to normal business operations
• Emerging Technologies and Cryptoassets: priorities consistent with the Division’s recent focus on roboadvisers³¹ and cryptoassets³²; priorities include risks associated with firms’ use of emerging financial technologies and whether their compliance programs consider and address those risks; firms offerings new products and services or employing new practices (e.g., fractional shares, “influencers,” or digital engagement practices); and whether operations and controls in place are consistent with disclosures made and advice and recommendations are consistent with investors’ investment strategies; custody arrangements for cryptoassets; and the offer, sale, recommendation, advice, and trading of cryptoassets

Investment Advisers and Investment Companies

The Division’s focus in this space is largely on perennial issues. RIA examinations will focus on marketing practices; custody; valuation; advisory fee calculations; portfolio management; brokerage and execution; conflicts of interest and related disclosures; whether compliance programs focus on investment advice and the standard of conduct, oversight of service providers, and compliance resources; whether compliance programs have addressed heightened risks, including employing individuals with disciplinary history; shift from broker-dealer business model to advised accounts; and operating from multiple branch offices.

Examinations of registered funds will focus on disclosures, accuracy of reporting to the SEC, compliance with the new rules and exemptive orders, liquidity risk certain fund practices, including advisory fee waivers and trading practice of portfolio managers that may be designed to inflate fund performance. The Division will prioritize certain types of registered funds including exchange-traded funds, money market funds, and business development companies. The Division’s focus also will include mutual funds that invest in private funds, advisory fee waivers, and trading activities of portfolio managers that may be designed to inflate fund performance.

Preparing for an SEC Examination

It is critically important that advisers be prepared for the possibility of an exam, including possibly on short notice.

The Division’s Pre-Examination Evaluation

While the Division generally follows a risk-based examination strategy, an adviser may be selected for examination for any number of reasons including, but not limited to, the adviser’s risk profile; a tip, complaint, or referral; or the Division’s review of a particular compliance risk area. Certain advisers also are selected randomly. Examiners typically will not share with the adviser the reason that the entity has been selected for examination.³³

According to a December 2019 SEC staff report,³⁴ before a private fund adviser examination begins, the staff generally reviews the adviser’s Form ADV and Form PF filings as part of a routine evaluation. This review, in combination with other data sources, provides SEC staff with an understanding of the adviser’s current business, operations, and investment strategy as well as an analysis of how this strategy has evolved or changed over different reporting periods. The staff has developed automated analyses and risk metrics that summarize and combine Form ADV data with key Form PF data about an adviser’s private funds and advisory business. These reports are designed to help staff identify potential reporting errors, compliance issues, or other issues of interest for the examination team to consider.

The Division Continues to Leverage Technology to Enhance Exam Capabilities

The Division uses quantitative and predictive analytics to facilitate its risk process, enabling the Division to direct its resources more efficiently and effectively.³⁵ For example, the Division’s National Exam Analytics Tool (NEAT) enables examiners to access and systematically analyze years of trading data much more efficiently than in the past and has been expanded to support blotter data validations and options. Examiners can use NEAT to identify indicia of possible insider trading, front running, improper cross and principal trades, window dressing, improper allocations of investment opportunities, and other kinds of misconduct. In most exams, the adviser will be asked to promptly provide a trade blotter, initial position report, employee trade blotter, and a restricted list. The adviser will be provided with a template requesting that fields such as dates and times be formatted in a particular way. Trade blotters that cannot be quickly produced, are incomplete, or contain errors may raise questions about the reliability of the registrant’s data and the adequacy of the compliance program and portfolio management controls.³⁶

An Exam Can Occur at Any Time — Be Prepared!

Certain proactive steps should be taken to prepare for the contingency of an examination. For example, an adviser should

• obtain and review sample SEC document request lists to anticipate likely staff requests
• make sure its compliance program has been updated to reflect any new products, business lines, or clients
• ensure that its disclosure documents (including filings with the SEC and other regulators), compliance policies and procedures, and actual business and compliance practices are all consistent with one another
• make sure all of its books and records are up to date and readily accessible
• review results from periodic and annual compliance reviews to make sure that findings have been addressed
• review previous SEC examination findings (if any) to make sure that past deficiencies have been remedied
• consider conducting a mock examination or gap analysis
• as recommended by the Division, consider how best to present the adviser’s business, key personnel, and key risks to the examination staff and have a “first day” presentation ready to go³⁷

Exam Process

The books and records of all RIAs, including the records of any private funds to which the adviser provides investment advice, are subject to examination. Generally, an adviser being examined is required to provide the SEC with access to all books and records related to its advisory business, whether or not they are required to be kept. As noted above, while ERAs are subject to SEC examination, the SEC has noted that it does not expect to examine ERAs on a routine basis.

While exams may be announced or unannounced, they usually are announced. In the case of an announced exam, the staff typically calls the CCO to inform them that the adviser will be examined. At that point, the staff may either send the initial request list identifying certain information and documents that will be reviewed or schedule a call with the adviser to learn more about the business before sending the initial request list. In many cases, the staff will visit the firm; however, certain exams are conducted primarily by document submission and review and telephone interviews, sometimes followed by an on-site visit. During the COVID-19 pandemic, the Division has moved to conducting examinations off-site through correspondence unless the staff deems it absolutely necessary to be on-site. The Division recognizes that registrants have taken similar steps regarding in-office and remote working arrangements and are devoting substantial time and attention to maintaining normal operations under current conditions. When the exam is unannounced, the staff may provide the adviser with a document request list upon arrival and may conduct an initial interview. Initial document request lists vary depending on the nature and focus of the examination and may be followed by one or more subsequent request lists. The scope of recent exams has varied greatly. In some cases, the scope is relatively narrow, with an emphasis on several higher-risk areas.

The staff will review the information and documents provided and may request interviews with relevant personnel. The staff also may request relevant information and documents held by third-party service providers and may contact the firm’s clients to gather additional information or to verify information provided. The length of the exam depends on a number of variables, including the scope of the exam, the complexity of the business, whether information is complete and provided in timely response to the exam team’s requests and the accessibility of firm personnel for requested meetings and interviews. Following review of the adviser’s initial response, the staff, in many cases, will perform additional analyses of the information obtained and may contact the adviser to ask clarifying questions or request additional information or documents. Typically, the staff will conduct an exit interview at the end of the exam to discuss, among other things, issues identified and give the adviser an opportunity to ask questions and provide additional information.

Most advisers that are examined receive an “exam findings” or “deficiency” letter outlining technical and/or more serious compliance weaknesses or violations. The examined entity will be asked to respond in writing to any issues identified in the deficiency letter, including any steps it has taken or will take to address the issues and to prevent their reoccurrence. The entity’s response will generally be due within 30 days of the date of the letter. It is critically important that the adviser address all deficiencies, including revisions (as needed) to its compliance program and/or disclosure documents. SEC staff may consider even minor deficiencies, if not corrected, as serious when the next exam occurs, and the staff may take administrative or other enforcement action against such “recidivist” behavior.

If the exam staff identifies serious issues during an examination, in addition to sending the entity a deficiency letter, the staff may refer the issues to the SEC’s Division of Enforcement for possible action.

Regulatory Developments and Guidance That May Affect an Adviser’s Compliance Program

The following regulatory developments may affect the compliance programs of certain advisers. Advisers should review these and other changes in applicable laws, rules, regulations, and/or SEC staff guidance to determine whether compliance policies and procedures need to be added or revised.

Observations From Private Fund Adviser Examinations: Practical Tips and Best Practices

On January 27, 2022, the Division released a follow-up alert to a June 23, 2020, risk alert³⁸ intended to assist RIAs to private funds in reviewing and enhancing their compliance programs and to provide investors with information regarding private fund adviser deficiencies. The alert focused on (1) fiduciary duty, (2) 206(4)-8, and (3) the Compliance Rule.

Notably, unlike with other recent risk alerts, the staff included a section on legal background that sets forth a description of an adviser’s fiduciary duty, the antifraud rules, and the Compliance Rule. Framing the observations in general principles underscores the need for all investment advisers to review the principles and deficiencies noted in the risk alert and consider whether their disclosures, advertising, compliance programs, and policies and procedures merit review. This risk alert takes a focused and direct look at issues that are important to private fund advisers, particularly private equity and other closed-end fund advisers.

(1) Fiduciary Duty

The staff reminded advisers of the SEC’s position on an adviser’s federal fiduciary duty under the Advisers Act. The staff noted that while that duty requires an adviser to serve the best interest of its clients and an adviser cannot place its own interests ahead of the interests of its clients, that fiduciary duty must be viewed in the context of the agreed-on scope of the relationship between the adviser and the client.

Hedge clauses. Previewing the SEC’s Private Fund rulemaking efforts, the risk alert also reiterated the staff’s view with respect to hedge clauses, specifically that contractual limitations on an adviser’s liability (a hedge clause) may be misleading and violate Section 206(1) or (2) of the Advisers Act (the antifraud provisions) depending on the facts and circumstances.

(2) No Untrue or Misleading Statements

The staff reminded advisers that Advisers Act Rule 206(4)-8 prohibits investment advisers to pooled investment vehicles from making material misstatements or omitting material facts necessary to make a statement true (whether written or oral) and otherwise engaging in fraudulent, deceptive, or manipulative facts, practices, or courses of business with respect to investors or prospective investors in pooled investment vehicles.

(3) Compliance Rule

The staff reminded advisers that under the Compliance Rule, investment advisers are expected to identify matters that create risk exposure for the adviser and its clients in light of the firm’s particular business and operations, to reasonably design compliance policies and procedures to address those risks, and to review those policies and procedures for effectiveness at least annually.

The June 23, 2020, alert covered three compliance areas: (1) conflicts of interest, (2) fees and expenses, and (3) MNPI and related code of ethics procedures and controls.³⁹

(1) Conflicts of Interest

The alert identifies several situations where disclosure is insufficient. Full and fair disclosure should “be sufficiently specific so that a client is able to understand the material fact or conflict of interest and make an informed decision whether to provide consent.”⁴⁰ Issues concerning conflicts of interest may need to be addressed on a case-by-case basis. RIAs should assess the adequacy of disclosures and ensure that disclosures contain details sufficient for the RIA’s unique situation, such as avoiding overusing “may” language to describe actual practices or present conflicts. RIAs should also review procedures relating to identifying, interpreting, and disclosing conflicts and governance procedures for addressing identified conflicts as well as verify and document the execution of existing procedures.

Allocation of Investments. Conflict-of-interest issues were often found when RIAs inadequately disclosed the allocation process or failed to execute the process disclosed to investors. Advisers should provide appropriate disclosures to clients when providing preferential treatment or excluding eligible clients from participating in specific opportunities. This is particularly important in regard to new clients, higher-fee-paying clients, and proprietary accounts or proprietary-controlled clients.

Specific Portfolio Transactions. Conflicts also arise when investments by multiple clients are made in the same portfolio company (such as one client owning debt and another owning equity in a single portfolio company) and during purchases and sales between clients (such as disclosures of transaction details like pricing methods and anticipated limitations among clients participating in such cross-transactions).⁴¹ The SEC’s active engagement on these issues and their concerns are outlined in a number of enforcement proceedings.⁴²

Fund Structures and Investment Rights. Conflicts are also found with regard to fund structure and access to investment opportunities and investor rights. The Division focused on particular instances where private fund RIAs failed to completely or adequately disclose preferential liquidity rights for funds or side-by-side vehicles, adequately disclose investment allocation practices, follow disclosed processes, or provide sufficiently detailed disclosure of pricing terms, valuation practices, or investor options for restructurings. These same issues were found in prior enforcement proceedings.⁴³

Advisers’ Economic Interests. The Division noted deficiencies when RIAs (i) failed to disclose preexisting ownership interests or other financial interests held by principals or employees; (ii) inadequately disclosed economic relationships between the adviser or fund and select investors or clients; (iii) failed to disclose financial incentives for the adviser or conflicts where portfolio companies controlled by private funds entered into service agreements with the RIA, its affiliates, or other portfolio companies; and (iv) failed to follow disclosed practices regarding these types of conflicts or adopting procedures reasonably designed to address conflicts arising from interest in client investments.

To avoid issues with conflicts regarding an adviser’s economic interests, RIAs should (i) review financial relationships with private funds and portfolio companies as well as policies to identify new relationships or arrangements that require new or amended disclosure; (ii) assess ownership and economic interests in fund portfolio companies to ensure that those interests are consistent with the adviser’s fiduciary duties to the fund; (iii) review and memorialize any analysis with respect to the use of affiliated service providers to ensure that the nature and quality of the services are at least as good as, and costs are comparable to or less than, services available from third parties; and (iv) raise awareness among employees of the need for timely reporting and identification of financial conflicts through reminders and retraining.

(2) Fees and Expenses

The Division identified four types of deficiencies related to fees and expenses, such as (i) failing to sufficiently disclose practices for different types of fees and expenses; (ii) failing to adhere to disclosed practices; (iii) lacking appropriately tailored policies based on the types of fees and expenses or the adviser’s specific combination of clients; and (iv) failing to follow and/or document existing policies.

Allocation for Fees and Expenses. Deficiencies regarding RIAs’ handling of fee and expense allocations may occur when RIAs fail to (i) sufficiently disclose specific allocations; (ii) properly review specific allocations to confirm appropriate allocations and policy compliance; (iii) review allocation methodologies used to allocate fees and expenses among private fund clients; (iv) properly allocate expenses that were permitted by the relevant fund operating agreements (such as salaries of adviser personnel, compliance expenses, regulatory filing fees, and office expenses); (v) follow contractual limits on expenses that could be charged to investors; and (vi) follow their own travel and entertainment expense policies. Advisers should be aware that the Division over the past several years continues to place a particular focus on allocations of fees and expenses.⁴⁴

Advisers may alleviate deficiencies by (i) reviewing expense practices, including adviser expenses shared with clients and for what basis; (ii) confirming authorization for all shared expenses under organizational documents and the specific disclosure of both the expenses and the allocation practices; (iii) confirming the details and execution of procedures used to identify and monitor contractual obligations for expenses limitations or policy-based exclusions; and (iv) confirming the details and execution of controls to identify new types or categories of expenses and procedures for identifying the proper allocation.

Operating Partners. Division staff noted that many private fund RIAs used “operating partners,” often an employee or affiliate of the adviser, for services used by the private funds or their portfolio companies. In such arrangements, RIAs often failed to use sufficiently specific disclosure with regard to their relationship with the operating partner, the operating partner’s role, or the operating partner’s compensation.⁴⁵ To avoid such conflicts, RIAs are recommended to review arrangements and related disclosures regarding support services to portfolio companies or funds and sufficiently disclose the services provided and compensation or other benefits received by the adviser and expenses borne by the client.

Valuation. Division staff frequently included valuation among examination priorities for private fund managers, and the SEC has brought multiple enforcement actions addressing these issues.⁴⁶ Advisers can address such deficiencies by (i) reviewing disclosures regarding valuation procedures and the use of fair value practices; (ii) confirming the accuracy and sufficiency of prior disclosures regarding valuation and fair value practices; (iii) confirming that policies and procedures address valuation issues in sufficient detail; (iv) confirming consistent execution and documentation of disclosed valuation procedures and standards; and (v) monitoring and tracking changes to valuation practices and reviewing and updating policies, procedures, and disclosures accordingly.

Monitoring/Board/Deal Fees and Fee Offsets. Staff noticed that some private fund RIAs (1) failed to apply or calculate management fee offsets; (2) allocated portfolio company fees across clients incorrectly; (3) made payments to affiliates without applying the adviser’s policy to offset such fees against management fees; (4) did not have adequate policies and procedures to detect payments that required disclosure, allocation, or offsets; and (5) failed to adequately disclose long-term monitoring agreements with portfolio companies and related fees received by the adviser that were accelerated upon the sale of the portfolio company. Some of the SEC’s suggestions include that RIAs review disclosures regarding additional revenues received by the adviser through arrangements between the adviser or its affiliates and portfolio companies as well as to confirm the adequacy of the firm’s disclosures and policies addressing such arrangements. 

(3) MNPI

The Division observed that some private fund RIAs lacked policies reasonably designed to deal with risks or to prevent misuse of potential MNPI exposure from interactions with (i) insiders of publicly traded companies, (ii) outside consultants arranged by “expert network firms,” or (iii) value-added investors. Advisers were also found to lack controls to address risks posed by employees obtaining MNPI through access to office space or systems or though transaction-based access to information about public issuers (such as through pursuing private investments in public equity). 

The Division suggests that an RIA should (i) confirm that the implementation and enforcement of policies are tailored to address MNPI risks specific to its business, (ii) ensure substantive and consistent documentation of steps taken to confirm that it is not in possession of MNPI, (iii) review the sufficiency of information barriers in light of the nature and structure of the adviser’s business, and (iv) independently review the status of information received and not rely exclusively on assurances from an issuer that the adviser has not received MNPI.

The Division also noted deficiencies in RIAs implementing their own code of ethics, such as the failure to (i) establish, maintain, or enforce provisions of their code of ethics intended to prevent the misuse of MNPI; (ii) enforce trading restrictions on securities placed on their restricted lists; (iii) address procedural weaknesses for adding to or removing securities from their restricted lists; (iv) enforce requirements in their code of ethics relating to employees’ receipt of gifts and entertainment; and (v) administer timely transactions and holdings reporting requirements or preclearance requirements under their policies or the code of ethics rule.

Fee Calculation Risk Alert

The staff observed deficiencies with respect to adviser’s fee calculations, disclosures, policies and procedures, and financial statements. Division staff encouraged advisers to revisit their written policies and procedures, fee billing processes, established resources and tools, and recording processes for compliance with relevant rules and regulations regarding advisory expenses and fees addressed to and from clients.

SEC Rule Developments

New Investment Adviser Marketing Rule – Compliance Date Approaches

On December 22, 2020, the SEC unanimously adopted certain amendments to the Advisers Act relating to RIA advertisements and compensation to solicitors (the Marketing Rule).⁴⁷ The Marketing Rule applies to all RIAs but does not apply to the marketing of registered investment companies or business development companies, which is and continues to be regulated separately. The Marketing Rule is in effect, but RIAs have until November 4, 2022, to comply with the new rule. RIAs are strongly encouraged to start reviewing their marketing materials, solicitation arrangements, and policies and procedures to prepare for the fast-approaching compliance date.

The amendments created a single rule, Rule 206(4), which supersedes an array of SEC staff guidance and applies to both direct and indirect communications. Among other things, the Marketing Rule expands the definition of an “advertisement” to encompass advertisement to investors in a private fund advised by the RIA. The Marketing Rule formally excludes from the definition of an advertisement certain activities, for example, information contained in a statutory or regulatory notice or filing and any communication that includes hypothetical performance provided in response either to an unsolicited request or to a prospective or current investor in a private fund in a one-on-one communication. The adopting release also establishes de facto exclusions, such as account statements, statements about an advisory firm’s culture or community activity, and certain information included in a fund’s private placement memorandum.

The Marketing Rule sets forth prohibited statements, such as untrue material statements and omissions, unsubstantiated material statements of fact, untrue or misleading implications or inferences, advertisements that are otherwise materially misleading, and “cherry-picking” in connection with (i) references to specific investment advice where such investment advice is not presented in a fair and balanced manner or (ii) the inclusion or exclusion of performance results, or presentation of performance time periods, in a manner that is not fair and balanced. Unlike the existing rule, the Marketing Rule permits the use of testimonials, endorsements, and third-party ratings under certain conditions.

Replacing the current cash solicitation rule, the new rule covers solicitation activity under the definitions of testimonials and endorsements and expands its application to cover private fund investors and noncash compensation as well. The Marketing Rule also enumerates certain disclosure requirements for the use of testimonials and endorsements as well as prohibition against advisers compensating disqualified persons for testimonials or endorsements (subject to specified partial exemptions, including for de minimis payments, for example).

Other provisions of the Marketing Rule provide for amendments to the Form ADV and the books and records rule (Rule 204-2) and rescission of certain SEC staff no-action letters.

SEC Proposes Amendments to Form PF Reporting

On January 26, 2022, the SEC proposed amendments to Form PF.⁴⁸ The proposed amendments would change the reporting obligations of large hedge fund advisers, private equity fund advisers, and large liquidity fund advisers. The amendments would impose new expedited “current reporting” requirements for qualifying hedge funds by large hedge fund advisers and all private equity funds by private equity fund advisers. The proposed changes would increase the number of advisers subject to the “large private equity adviser” reporting requirements by decreasing the threshold of private equity assets under management for that designation from US$2 billion to US$1.5 billion. Finally, the proposed amendments would expand the scope of information required to be reported for private equity funds by large private equity fund advisers and expand the scope of information required to be reported for liquidity funds by large liquidity fund advisers.

Please see the January 31, 2022 Sidley Client Alert for a detailed summary of the proposed amendments, with particular focus on the events that would trigger one-business-day reporting if the amendments are adopted as proposed.

SEC Proposes Significant Changes for Advisers and Private Funds

On February 9, 2022, the SEC proposed sweeping changes to allowable practices, reporting, and disclosure aimed primarily at advisers to private funds (i.e., funds relying on the exclusions in Section 3(c)(1) or (7) of the Investment Company Act of 1940).⁴⁹

If adopted, the proposed rules would affect investment advisers differently depending on their registration status and the type of client the manager advises. Notably, as proposed

(i) Various prohibitions on business practices and on “preferential treatment” would apply to all advisers to private funds, not just advisers registered or required to be registered (including both U.S. and non-U.S. ERAs and others).

(ii) Amendments requiring annual compliance reviews to be documented in writing also would apply to all RIAs, not just registered advisers to private funds.

(iii) Requirements for quarterly statements, annual audits, and fairness opinions for adviser-led secondaries, however, would apply only to registered private fund advisers and not to ERAs or others.

Advisers should take steps to assess the effect these rules, if adopted as proposed, will have on their business, fund documents, and compliance infrastructure.

Please see the February 16, 2022 Sidley Client Alert for a more detailed discussion of the proposed rules, including a summary chart.

Newly Proposed SEC Cybersecurity Risk Management Rules and Amendments for Registered Investment Advisers and Funds

On February 9, 2022, the SEC proposed sweeping rules that would require registered advisers and funds to implement written policies and procedures designed to address cybersecurity risks, report significant cybersecurity incidents to the SEC using a proposed form, and keep enumerated cybersecurity-related books and records.

Key takeaways:

Cybersecurity Risk Management Rules: The proposed rules would require registered advisers and funds (including SEC-registered business development companies) to implement and maintain policies and procedures to address cybersecurity risks, including risk assessments; controls designed to minimize user-related risks and prevent unauthorized access to information and systems; periodic assessments of information systems and the information stored on such systems; threat and vulnerability management; incident response and recovery; annual review and required written reports; and recordkeeping.

Reporting of Significant Cybersecurity Incidents: The proposed rules would require registered advisers promptly to report significant cybersecurity incidents under new Rule 304-6 by submitting new Form ADV-C. Specifically, advisers would file a report “48 hours after having a reasonable basis to conclude that a significant adviser cybersecurity incident or a significant fund cybersecurity incident occurred or is occurring.”

Disclosure of Cybersecurity Risks and Incidents: The SEC’s amendments would require registered advisers and funds to disclose cybersecurity matters in Form ADV Part 2A for advisers and Forms N-1A, N-2, N-3, N-4, N-6, N-8B-2, and S-6 for funds.

Fund Boards: Registered fund boards would have specific duties under the Proposed Rule for funds. Following a required initial approval of a fund’s cybersecurity policies and procedures, fund directors over time would review reports on cyberincidents and material changes to policies and procedures.

Please see the March 4, 2022 Sidley Client Alert for a detailed summary of the proposed amendments.

Proposed Rules for ESG Disclosures for Investment Advisers

On May 25, 2022, the SEC proposed amendments to require specific disclosure of investment advisers’ use of ESG factors as part of their investment decisions and strategies (the Proposal). The Proposal applies at least in part to both registered and exempt reporting investment advisers. 

The Proposal would amend various disclosure forms, including Form ADV Part 1A (for both registered and exempt reporting advisers), Part 2A (for RIAs), and advisers’ wrap fee program brochure (Part 2A Appendix 1). The new required disclosures would vary based on the extent to which an ESG strategy is followed (an integration strategy, ESG-focused strategy, or impact strategy), how the ESG strategy is pursued (e.g., indexes, screens, proxy voting, or other engagement), and the status of the adviser (i.e., adviser to private funds, adviser to separately managed accounts (SMAs)).

The Proposal represents a significant departure from the Commission’s existing disclosure framework for the use of any particular investment strategy or approach because it prescribes specific disclosures relating to ESG. Various approaches to ESG investing have been part of the investment landscape for some time, with some viewing ESG as a strategy or focus and others viewing E, S, and/or G as factors to consider in many investment decisions. The Commission recognized that there is an active state of innovation and evolution in ESG and noted that Commission staff sought draft rules to “promote consistent, comparable, and reliable information for investors concerning funds’ and advisers’ incorporation of ESG factors.” However, the proposed rules, by being very prescriptive and detailed in their requirements, could hamper efforts by advisers and their investors to adjust in response to the active innovation and evolution in ESG investing. Commissioner Hester Peirce’s critical dissent observes that “markets are dynamic and equipped in ways we can never duplicate when it comes to the efficient dissemination of information. This proposal would displace the market’s efficient signaling mechanisms with value-laden regulatory nudges.” Her point is, in part, that the level of prescriptive disclosure here almost ensures ill-fitting application from the start and rapidly dated look and feel for the future.

The absence of a definition for E, S, and G in the context of detailed requirements creates ambiguity and a significant risk of subjective judgments and hindsight, although we agree that definitions would not be feasible or appropriate. Advisers will face significant compliance challenges in addressing the detailed requirements, whereas regulatory tools to prevent “greenwashing” and to ensure compliance with ESG policies identified or promoted by advisers already exist. We encourage clients to pay particular attention to the compliance suggestions throughout the release (and outlined below), which are not implemented by the proposed rules but reflect the Commission’s expectations of registrants and will likely be a focus in examinations and enforcement matters, including by the SEC Climate and ESG Task Force, which has begun bringing actions relating to ESG.

Compliance Policies and Procedures

The Commission’s Proposal release describes factors advisers can consider in connection with ESG compliance policies and procedures. It states that policies and procedures should address the accuracy of ESG disclosures made to clients, investors, and regulators and portfolio management processes to help ensure portfolios are managed consistently with the ESG-related investment objectives disclosed by the adviser. Examples:

• For integration strategies, have policies and procedures reasonably designed to ensure that the adviser manages the portfolios consistently with how the strategy was described to investors.
• For advisers that use screens, have controls to maintain, monitor, implement, and update those screens.
• For advisers that have agreed to implement client’s ESG-related investing guidelines, mandates, or restrictions, policies and procedures should be designed to ensure that those guidelines/mandates/restrictions are followed.
• For advisers that disclose that proxy proposals will be independently evaluated on a case-by-case basis, have policies and procedures for conducting and documenting such evaluation, and if they state that clients will have an opportunity to votes separately on ESG-related proposals, provide those opportunities and maintain policies and procedures accordingly.

The Proposal outlines disclosures the Commission suggests would “promote consistent, comparable, and reliable information for investors concerning [investment companies’] and advisers’ incorporation of ESG factors.” However, any disclosures would need to reflect the adviser’s reasonably designed policies and procedures to (a) develop metrics or other protocols addressing the adequacy and accuracy of the disclosures, (b) implement supervision and monitoring of those protocols, and (c) test those protocols. While the Proposal would change disclosure requirements related to the incorporation of ESG factors in an adviser’s investment strategy, the Division has already identified ESG practices as an examination priority and shared common examination deficiencies observed by the EXAMS staff. Advisers should anticipate a similar focus on policies and procedures by the EXAMS staff related to the disclosures in the Proposal.

Please see the June 2, 2022 Sidley Client Alert for a detailed summary of the proposed amendments.

SEC Focus on Digital Assets and ICOs

As of February 14, 2022, the market capitalization for digital assets was approximately US$1.9 trillion across over 5,000 digital assets.⁵⁰ The number of digital-asset-focused funds continues to grow with 72 new funds launched in 2021. Assets under management have also continued to grow, from approximately US$25 billion in October 2020 to approximately US$59 billion in October 2021.⁵¹ The majority of digital-asset-focused funds are venture capital funds, though a large number are hedge funds or hybrid funds, according to research firm Crypto Fund Research.⁵²

Regulators have also continued their steady focus on digital assets. After launching the Strategic Hub for Innovation and Financial Technology (FinHub) in October 2018, the SEC has continued to issue guidance and actively enforce the federal securities laws with respect to digital assets. Similarly, the CFTC maintains jurisdiction over digital asset commodities and has released a variety of educational resources outlining its approach to blockchain technology and virtual currencies.⁵³ In its 2019 Annual Report, the Division of Enforcement noted that its activities in the digital asset space have “matured and expanded.”⁵⁴ In discussing considerations for advisers and their digital asset investments, the Division of Examinations noted in its 2021 priorities that advisers should address “(1) whether investments are in the best interests of investors; (2) portfolio management and trading practices; (3) safety of client funds and assets; (4) pricing and valuation; (5) effectiveness of compliance programs and controls; and (6) supervision of employee outside business activities.”⁵⁵ The Division continues to include digital assets among its 2022 examination priorities.

Although the infrastructure supporting digital assets continues to develop, digital assets remain a topic of interest for regulators and investors alike into 2022.

Recent Enforcement Initiatives and Proceedings

The following is a summary of several recent enforcement actions and trends of relevance to RIAs.

Implications of SEC’s Recent Insider Trading Enforcement Action in SEC v. Matthew Panuwat

On August 17, 2021, the SEC filed a litigated complaint against a former employee of a biopharmaceutical company for trading in a peer company’s stock in advance of an announced acquisition of his employer. The SEC’s complaint alleges that — minutes after learning that his company would be imminently acquired and days before the news was publicly announced — the employee purchased short-term, out-of-the-money stock options of the peer company (sometimes referred to as an “economically linked” company) whose value he anticipated would materially increase upon the announcement. The SEC alleges that the employee traded based on MNPI he learned in the course of his employment and in breach of a duty of confidentiality to his employer. 

This action serves as a reminder that the SEC is willing to apply theories of insider trading and the element of materiality to novel fact patterns. Here, that means bringing charges where an insider trades in securities of a company that is neither the entity to which the duty of trust and confidence was owed nor a company potentially involved with that entity (such as a merger target) but a company that is somehow economically linked, such as a peer or competitor company. Below are some items to consider in the wake of this most recent action:

(i) assessing the adequacy of procedures to address whether confidential information learned about an issuer is material and subject to nondisclosure or confidentiality agreements with the source of the information

(ii) determining whether MNPI an employee has received provides insight into economically linked companies and the risks that may create for other trades

(iii) assessing the adequacy of policies and procedures for addressing MNPI risk based on the nature of your business, including sufficiency and review of any information barriers, restricted lists, and documentation of the rationale for certain trades

(iv) periodically testing your policies and procedures for accuracy and effectiveness

(v) conducting renewed MNPI training for all employees with a focus on trading on the basis of MNPI in the stock of companies other than the information source

SEC Fines Alternative Data Provider for Securities Fraud

On September 14, 2021, the SEC settled an enforcement action against App Annie Inc., an alternative data provider for the mobile app industry, and its former CEO Bertrand Schmitt. The SEC charged App Annie and Schmitt with securities fraud, under Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5, for engaging in deceptive practices and materially misrepresenting how App Annie derived its alternative data, thereby inducing trading firms to become subscribers to use App Annie’s data in their decisions to buy and sell securities.

This first-of-its-kind enforcement action shows that the SEC is taking an aggressive approach with respect to alternative data.

The SEC’s Enforcement Action

The SEC describes App Annie as one of the largest sellers of market data for how apps on mobile devices are performing (e.g., how many times an app is downloaded, how much revenue is being generated through the app). App Annie provides an analytics product to companies with mobile apps that allows them to visualize and track how their app is performing. Through this product, App Annie would collect confidential data from these companies.

According to the SEC’s findings, which the respondents neither admitted nor denied, App Annie and Schmitt promised companies that shared their information with App Annie that their company-specific data would not be disclosed to third parties.

Although App Annie and Schmitt understood the companies’ expectations regarding the use of their data, the SEC found that from late 2014 to mid-2018, App Annie manually altered their estimates for certain apps by using nonaggregated and nonanonymized data in order to make them more attractive and valuable to trading firms.

The SEC ultimately found that App Annie and Schmitt violated the Exchange Act’s antifraud provisions, Section 10(b) and Rule 10b-5, by making material misrepresentations about the confidential nature of their data estimates to trading firm customers that App Annie knew were relying on the data to make investment decisions.

App Annie and Schmitt consented to the entry of a cease-and-desist requiring App Annie to pay a $10 million civil penalty and Schmitt a $300,000 civil penalty. The order also bars Schmitt from serving as an officer or director of a public company for three years.

Takeaways

While the SEC’s focus on alternative data is not new and has been the subject of examinations of registered investment advisers for a number of years now, this is the first enforcement action involving an alternative data vendor. This enforcement action indicates that the SEC will not hesitate to take an aggressive approach against companies that are providing alternative data in connection with trading, even if the company itself is not engaging in trading.

The SEC’s willingness to charge an entity and individual with fraud even though they did not trade in securities, broker securities trades, or even participate in the securities industry raises questions under the “in connection with” element of Section 10(b) and Rule 10b-5.3.

Data providers should consider the following when providing data for sale to trading firms that rely on it in their investment decisions:

1. Data providers should implement, maintain, and amend as necessary policies and procedures surrounding the use of MNPI. These controls should take into full account any consent or confidentiality agreements with companies that are providing their data for these purposes.
2. When selling nonpublic data to securities firms, data providers should confirm that the data is aggregated and anonymized according to documented policies and that the company is in full compliance with all relevant securities laws.
3. Investment advisers and broker-dealers contracting with alternative data providers should develop and maintain policies and procedures sufficient to prevent the misuse of MNPI in connection with those arrangements. No one size fits all. But those procedures should focus on obtaining adequate representations that the data being provided is pursuant to consent, conducting due diligence when onboarding those data providers, and engaging in ongoing monitoring of those relationships.

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.⁵⁶ Without admitting or denying the SEC’s findings, First American agreed to a cease-and-desist order and to pay a $487,616 penalty (Order). This resolution highlights the SEC’s continued focus on cybersecurity. The SEC has proposed enhancing its disclosure rules concerning cybersecurity risk governance. (See “Newly Proposed SEC Cybersecurity Risk Management Rules and Amendments for Registered Investment Advisers and Funds,” above).

In September 2017, then-SEC Chairman Jay Clayton issued a public statement that provided an overview of the SEC’s approach to cybersecurity and underscored it as a priority for the SEC.⁵⁷ The SEC and its staff followed the September 2017 statement with various cybersecurity-related initiatives and guidance, including January 27, 2020, cybersecurity guidance and observations published by the SEC Division of Examinations (formerly OCIE).⁵⁸

The Order provides helpful guidance for how the SEC Enforcement Division’s Cyber Unit may enforce the SEC’s interpretative guidance on cybersecurity disclosure requirements and additional lessons about the SEC’s evolving views of cybersecurity disclosures and risk management The SEC’s Order provides critical insight for public companies’ disclosure regimes. Specifically, publicly traded companies should consider the following issues as they work to improve their cybersecurity disclosure controls and programs in compliance with the SEC’s guidance and to address the issues addressed in the SEC’s First American Order. Some of the lessons learned from the SEC’s Order:

(i) Companies’ internal procedures should ensure that important and material information flows to appropriate disclosure personnel in a timely manner. Additionally, companies should ensure that disclosure committees have representation from all relevant parts of the organization.

(ii) Companies should consider implementing training processes to ensure that information security personnel understand cybersecurity disclosure requirements, especially as stated in the guidance.

(iii) Companies should regularly assess compliance with current policies and procedures to confirm the effectiveness of the controls.

Enforcement Action Trends

On November 18, 2021, the SEC Enforcement Division (Enforcement) released its annual report, which detailed the agency’s enforcement efforts during fiscal year 2021 (October 1, 2020 – September 30, 2021).

Enforcement reported that it brought a total of 434 standalone enforcement actions, up from 405 in the previous year. However, despite the lessening of COVID-19 restrictions, total enforcement actions decreased, from 715 in 2020 to 697 in the current year — the lowest number since 2014.

Despite the overall decline in enforcement actions, Enforcement obtained judgments and orders for more than $1.4 billion in penalties, the highest total since 2016. However, disgorgement — the forfeiture of ill-gotten gains — was just under $2.4 billion, the lowest amount since 2016. Moreover, Enforcement distributed only $521 million to harmed investors, less than half the amount of 2019 and the lowest since 2017. The substantial increase in penalties and decrease in disgorgement may be a result of recent judicial decisions and legislation.

Enforcement touted a number of “novel” actions, some of which are consistent with priorities articulated in speeches, including charges involving securities using decentralized finance technology; Regulation Crowdfunding; securities fraud by an alternative data provider; violations related to Form CRS; and enforcement of a key rule on the duties of municipal advisers.

Enforcement also reported a substantial increase in the number of whistleblower tips received in 2021, which will likely lead to an increase in enforcement actions in 2022 and beyond.

In sum, Enforcement’s report illustrates that there is a substantial amount of continuity in the SEC’s enforcement program over time. The COVID-19 pandemic may have affected the number of enforcement actions that Enforcement brought, but still, Enforcement obtained the highest penalties in five years. Perhaps the biggest takeaway is the increase in whistleblower tips, which are taking an ever-increasing portion of the Enforcement’s resources. This data, and the increase in whistleblowers who went directly to the Commission, shows it is incumbent upon firms regulated by the SEC to revise internal reporting structures to encourage employees to take full advantage of internal reporting prior to contacting the Commission.

¹In the adopting release for Rule 206(4)-7, “Compliance Programs of Investment Companies and Investment Advisers,” IA-2204 (Dec. 17, 2003), the SEC staff stated that an adviser’s policies and procedures, at a minimum, should address the following issues to the extent they are relevant: portfolio management processes, trading practices, proprietary and personal trading, accuracy of disclosures, safeguarding of client assets, recordkeeping, marketing advisory services, valuation, privacy, and business continuity plans.

²SEC National Exam Program Risk Alert, “The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers” (Feb. 7, 2017), https://www.sec.gov/ocie/Article/risk-alert-5-most-frequent-ia-compliance-topics.pdf.

³See Note 2 above.

⁴See Note 2 above.

⁵Form ADV: General Instructions, http://www.sec.gov/about/forms/formadv-instructions.pdf.

⁶Investment Advisers Act Release No. 5653 (Dec. 22, 2020) 86 FR 13024 (Mar. 5, 2021), click here to review the section above

⁷In a two-part netcast on September 12, 2018, the SEC staff noted that certain advisers have claimed to deliver their brochures to clients by posting a link on their websites without taking any further steps to ensure delivery. This practice, the staff reminded advisers, is not sufficient for purposes of complying with Rule 204-3 (the “brochure delivery rule”).

⁸SEC Division of Examinations, “Examinations that Focus on Compliance with Form CRS,” April 7, 2020, https://www.sec.gov/files/Risk%20Alert%20-%20Form%20CRS%20Exams.pdf.

⁹SEC Charges 27 Registered Investment Advisers and Broker-Dealers With Form CRS Failures, Sidley Update (July 27, 2021). https://www.sidley.com/en/insights/newsupdates/2021/07/sec-charges-27-registered-investment-advisers

¹⁰Form ADV: Instructions for Part 1A, https://www.sec.gov/about/forms/formadv-instructions.pdf.

¹¹See Form PF: General Instructions, https://www.sec.gov/files/formpf.pdf. A private fund must have an identification number for both Form ADV and Form PF reporting. The instructions state, “If you need to obtain a private fund identification number [obtained by filing Form ADV] and you are required to file a quarterly update of Form PF prior to your next annual update of Form ADV, then you must acquire the identification number by filing an other-than-annual amendment to your Form ADV…. [and] must complete and file all of Form ADV Section 7.B.1 for the new private fund.”