FIRMA National Risk Management Training Conference New Orleans, LA April 29, 2009 Overview of Key Rules and Regulatory Developments affecting Broker Dealers, Investment Advisers etc. Sean Gray Senior Vice President Director of Wealth Management Compliance PNC Bank All statements and opinions contained herein are the sole opinion of the speaker – not PNC – and subject to change without notice. Agenda • Refresher/Overview of NASD Rules 3012, 3013, NYSE Rule 342 etc. (i.e., new FINRA Rule 3130) • FINRA 2009 Exam Priorities and Enforcement Guidelines • Other FINRA and B-D Regulatory Developments • Annual Review Tips for RIA’s • SEC Compliance “Hot Spots” — 4 Key Areas to Focus – Lori Richards — Custody Sweeps etc. — New SEC Exam Letters and Approaches • Other RIA “Hot Topics” 2 Regulatory Scheme Annual Compliance and Supervision Certification NYSE 342.30 & NASD 3013 NEW CEO Certification NEW Supervisory Control System NYSE 342.23 & NASD 3012 Key Requirements: Establish, maintain, enforce a system of supervisory control Procedures in place to review and supervise customer activity and Branch/Sales/Regional/District Managers Independent day-to-day supervision of producing managers Supervisory Procedures NYSE 342 & NASD 3010 Key Requirements: Written supervisory P&Ps Internal inspections Supervision of RRs • Ensures process “owned” by CEO, senior leadership • Assures robust reporting between senior leadership and compliance leader • Mandates annual reviews that drive continuous process improvement, adjustment for regulatory, business changes • Trend spotting, early warning capability clear advantages Processes for Testing, Verification, Enforcement and Reporting Processes for Monitoring Supervisory Procedures (Surveillance, Corporate Audit Reviews, Branch Inspections, Internal Reviews) Written Supervisory Policies and Procedures Various impacted business areas Note: FINRA Rule 3130 (Annual Certification of Compliance and Supervisory Processes) replaces NASD Rule 3013 and the corresponding provisions in Incorporated NYSE Rule 342.30 and related NYSE Rule Interpretations (effective December 15, 2008) 3 • NASD Rule 3013: Annual Certification of Compliance and Supervisory Processes Rule 3013 requires: Designation of a CCO on Schedule A of Form BD CEO certification that the Member firm has in place processes to: (a) establish, maintain and review policies and procedures reasonably designed to achieve compliance with NASD and MSRB rules and applicable federal securities laws and regulation (b) modify these policies and procedures as business, regulatory and legislative changes and events dictate (c) test the effectiveness of such policies and procedures on a periodic basis, the timing and extent of which is reasonably designed to ensure continuing compliance with applicable rules, laws and regulations At least one annual meeting between CEO and CCO to discuss prescribed compliance matters Member’s processes must be evidenced by a report reviewed by the CEO, and Chief Compliance Officer (and such others as the Member deems necessary) and submitted to the Member’s Board of Directors and Audit Committee The CEO certification is a process certification and does not require performance or completion of any compliance testing or verification 4 NASD Rule 3012: Supervisory Control System — “Supervisory control policies and procedures” include procedures reasonably designed to review and supervise customer account activity, branch office managers, sales managers, regional and district sales managers and any other person performing a similar supervisory function — Rule 3012(a) requires designation of one or more Principals tasked to establish, maintain and enforce a system of supervisory control policies and procedures and continually improve such procedures as required after reviews or testing or in response to business or regulatory changes — Rule 3012 also requires procedures for senior or otherwise “independent” day-to-day supervision of “Producing Managers” account activity and “heightened supervision” of producing managers with 20% or more revenues generated from units supervised by the producing manager’s supervisor — Requires annual testing and verification of WSP’s by January 31st of each year to demonstrate that they are reasonably designed with respect to the member’s activities (and those of its RR’s and Assoc Persons) to achieve compliance with NASD rules and applicable securities laws and regulations, and the creation of additional policies and procedures where the need is identified by such testing and verification 5 NASD Rule 3012: Supervisory Control System — COMMON EXAM FINDINGS – Rule 3012 • Failure to recognize that Supervisory Control Procedures (SCP’s) differ from WSP’s Need WSP’s plus control process for insuring such procedures are adequate and current, i.e., fundamental purpose of 3012 A firm that does not have SCP’s, frequently fails to: o Designate the Principal(s) responsible for establishing, maintaining and enforcing the firm’s system of supv control pol & proc; o Annually test and verify supv procedures and amend them, when needed; o Adequately supervise customer account activity of “producing managers”; o Adequately supervise “producing managers” subject to HS; and o Review, monitor and confirm transmittal of funds/securities from customers to 3rd parties, changes of address and changes of inv obj’s 6 NASD Rule 3012: Supervisory Control System — COMMON EXAM FINDINGS – Rule 3012 • Testing and Verification FINRA has noted that some firms failed to test and verify on annual basis that supv procedures are sufficient and reasonably designed with respect to activities of the member firm and its RR’s and Assoc Persons o Each firm must have written testing and verification procedures that detail steps to be taken by firm to conduct testing and verification to identify any gaps in supv process o Procedures must also detail steps to be taken by firm for drafting and approving new procedures, including identification of responsible Principal and implementation process. • Failure to prepare and timely submit the Rule 3012 annual report to firm’s senior management. • Limited Size and Resource Exception One of most common 3012 finds is inaccurate understanding and application of this exception. It only provides alternative method for who may perform a producing manager’s review • Failure to supervise Producing Managers Must correctly identify any and all “producing managers” 7 NASD Rule 3012: Supervisory Control System — COMMON EXAM FINDINGS – Rule 3012 • Failure to confirm, verify or follow-up with customers in the event of a: change of address; transmittal of funds; or transmittal of customer funds or securities. 8 Responsibility Matrix Employees All employees must understand: • -their job responsibilities • -the rules and regulations, and the related policies and procedures, applicable to their duties All employees are responsible for: • - carrying out control activities • - communicating identified control weaknesses, deviations from established standards, and violations of policy or law Management and Supervisors Managers are responsible for establishing and maintaining effective control systems by: -maintaining a control environment that encourages control activities. Setting the “tone”. • -identifying risks, and establishing objectives, goals, and standards in accordance with risk assessments • - ensuring through information & communication and monitoring procedures, that internal controls are established and functioning effectively to achieve objectives Compliance Compliance: - Works with Legal in interpreting rules and regulations - Provides consultation and advice on compliance controls - Independently Reviews/Tests the adequacy of internal controls and reports the results to Management - Makes recommendations on how to mitigate risks and remediate weaknesses identified 9 Rule Comparison Chart Comparison of NASD Rules 3013, 3012 and NYSE Rule 342 Rule NASD 3013 (New) / NYSE 342.30 (New) NASD 3012 (New) NYSE 342 (Expanded) Timing 4/1/2006 and annually thereafter 4/1/2006 and annually thereafter Annually by 4/1 Requirements 1) CEO certification that member firm has “processes in place” to establish, maintain, review, modify and test the effectiveness of policies and procedures reasonably designed to achieve compliance with NASD, MSRB rules and applicable federal securities laws and regulations; 2) At least one annual meeting between CEO and CCO to discuss prescribed compliance matters 1) Designation by member firms of a principal to establish, maintain and enforce a supervisory control system and test and verify that the supervisory procedures are reasonably designed to comply with applicable rules; 2) Heightened supervision of producing managers Establishment and maintenance of a compliance and supervisory framework, including supervision of registered representatives, foreign branch offices, supervisor qualification, supervision of producing managers, information requests, trade review and investigations and internal controls Deliverables Report reviewed by CEO, CCO documenting the processes in place to comply with Rule 3012 and submitted to the member firms board of directors and Audit Committee Annual report to senior management describing the supervisory controls system, test results and resulting changes implemented • Annual report to senior management on the member’s supervision and compliance efforts • Annual report to be filed with the Exchange Comments • No testing or verification required for certification; NASD expecting member firms to begin “work plans” to comply with Rule 3012 • CEO is certifying to processes not substantive compliance • Certification intended to raise stature of CCOs to compare with CFOs and get senior leadership actively engaged in compliance dialogue • Dual NASD/NYSE member firms can elect to comply with NASD Rule 3012 or NYSE Rule 342 • Dual NASD/NYSE members can use either the NASD or NYSE standard for defining who is a producing manager (either standard acceptable to both NASD & NYSE) • NYSE member firms must comply with NYSE Rule 342 10 FINRA 2009 Exam Priorities • 3 General Categories – Sales Practice Issues, Enterprise Control Functions, and Financial/Operational Controls • Sales Practice Issues: — Cash Alternatives Focus is result of ARS Issues, i.e., representing certain securities as cash alt’s or equiv.'s 1 - Need to have reasonable basis for characterizing inv as cash alternative 2 – Need to have Proc’s in place to monitor developments to ensure inv retains characterization as cash alternative 3 – Need to perform “suitability” analysis before recommending same to customer — Bank Sweeps Increase in recent use of bank deposit programs as sweep vehicles for free credit balances Focus on disclosures re: terms and conditions Differentiation of SIPC vs. FDIC coverage Methodology for calculating interest on sweep balances Disclosure of comp earned by B-D’s and banks operating sweep programs as well as RR’s who offer these programs Add’l exam focus on reconciliation issues relating to the bank where account is held. 11 FINRA 2009 Exam Priorities • Enterprise Control Functions: — AML E-Trade enforcement action Focus broadly on suspicious activities related to securities transactions vs. solely on money movements One size does not fit all relative to AML Program! Each firm needs to tailor program to own business model, risk profile, volume of transactions etc. — FCPA Recent & significant ($$) SEC settlements Add’l recent focus by NYSBD Reminder to members of obligation to comply, maintain accurate books and records, implement internal controls etc. — Protection of Customer Info and IT Security Several recent SEC enforcement actions arising from online account intrusions e.g., LPL Financial – alleged failure to implement safeguards despite awareness that it had insufficient controls to protect customer info Members offering online customer access need to assess internal surveillance and implement measures for dealing with account “intrusions” 12 FINRA 2009 Exam Priorities — Protection of Customer Info and IT Security (Cont’d) Need to regularly monitor account activity to monitor for any note of suspicious activity FINRA reminding firms to develop and implement written ID Theft Program pursuant to FTC’s Red Flag Rules which the FTC will begin to enforce May 1st – See FINRA Reg Notice 08-69 — Outsourcing NTM 05-48 states that BD’s may outsource certain functions, but may not outsource supervision and oversight. FINRA provides suggestions on how members can satisfy supervision/due diligence on vendors by: o Requiring vendors to meet measurable performance standards o Meeting frequently with vendor personnel; and o Assigning qualified personnel to monitor review and supervise the service provider’s activities Need to assess risk of vendors operating in foreign jurisdictions and business continuity issues related therewith FINRA will be looking for Written Proc’s in all of this space! 13 FINRA 2009 Exam Priorities — Information Barriers Ongoing FINRA enforcement sweep relative to the control of the flow of nonpublic material info within member firms. Firms need to have info barrier Proc’s tailored to business activities and org structures, and Proc’s to address use of restricted/watch lists, monitoring systems, supervision, review of proprietary and empee trading, review of questionable activities and recordkeeping requirements — Rumors SEC and FINRA sweeps re: “Circulation of Rumors” Recent SEC Sweep Letter to B-D’s asking about controls relating to prevention of rumors, e.g., monitoring elec commun such as empee internet access, chat rooms and other websites. Refer to FINRA Proposed New Rule on this topic – Regulatory Notice 08-68 – questions re: distinguishing “rumors” from mkt commentary 14 FINRA 2009 Exam Priorities • Financial and Operational Controls: — Customer Protection Rule The Failure and/or Merger of several large firms in ’08 reinforces significance of CP Rule – 15c3-3 Reminder to properly compute reserve formula – numerous recommendations provided Reminder to reduce customer fully paid and excess margin securities to possession or control — Excess SIPC Protection In light of recent financial events, FINRA will review disclosures provided to customers regarding excess SIPC insurance. Firms that have not replaced excess SIP surety bond coverage offered thru CAPCO are expected to notify customers of reduction of coverage. Also, if “new” arrangement have been made regarding excess SIPC coverage, they should be clearly disclosed to customers – including dollar amount of protection available to each customer. — Other Financial and Operation Control areas of focus – Inventory and Collateral Valuations, Funding and Liquidity, Counterparty Credit Risk, and Intercompany& Suspense Account Reconciliations 15 Other FINRA and B-D Regulatory Developments • FINRA Guidance on its Enforcement Process — Regulatory Notice – 09-17 • Intended to assist firms and assoc persons with understanding how investigative process works and to highlight procedure safeguards in this process, including: Enforcement Procedures and Managerial Oversight Conducting of Investigations Sufficiency of Evidence Reviews Wells Process Disciplinary Advisory Committee Review Indep Office of Disciplinary Affairs Indep Office of Hearing Officers 16 Other FINRA and B-D Regulatory Developments • FINRA's proposed new rule - FINRA Rule 3210, Personal Securities Transactions for or by Associated Persons - is out for comment. See Regulatory Notice 09-22, April 21, 2009 - Response is requested by 6/5 • It addresses oversight for personal trading activities of associated persons. FINRA used NASD Rule 3050 and Incorp'd NYSE Rule 407, and adopted additional requirements. • Here, in a nutshell, are the primary requirements: — prior written consent to open or establish, at another financial institution, an account in which securities transactions can be effected, and in which the associated person has a personal interest. dupe confirms and account statements to the employer firm is required. — written notification to firm that associated person intends to open and, a specific sentence to the effect that "he/she has a personal financial interest in the account." [ New requirement] — executing member must not execute any securities transactions in that account unless it has been notified that associated person obtained employer's written consent and he/she has personal financial interest in the account. — dupe confirms and account statements from executing firm must be started ASAP - i.e., "promptly." — employer must revoke consent if it does not receive in timely manner the confirms and statements. Employer will notify executing member, and must receive promptly notification that the account was closed. [New requirement] — for pre-existing accounts, associated person has 15 business days to obtain employer member's consent to maintain the account, and to notify executing member of his/her new employer's name. Dupe confirms, statements must also be arranged. 17 Other FINRA and B-D Regulatory Developments – Cont’d • New “Office of Whistleblower” — During March FINRA announced establishment of new office to expedite review of “high risk tips” by Senior Staff and ensure rapid response to those believed to have merit. • New Toll Free Number established • Dedicated Web Page/E-mail Address for reporting • Not intended to replace normal complaint process • New Proposal to Tighten Misconduct Reporting — Proposed U-4 and U-5 Rule Amendments (could be rolled out in May) • Change would requre B-D’s to disclose when a reg rep is in an active arbitration or civil complaint, even if not named as “party” • Change would also raise threshold for reporting misconduct described in settled customer complaints $10,000 to $15,000 increase 18 Other FINRA and B-D Regulatory Developments – Cont’d • Variable Annuities — Cont’d FINRA focus on VA’s — Fifth Third Securities fined $1.75 mill by FINRA(4-14-09 News Release) • Regarding 250 “unsuitable” VA exchanges or transactions • 197 Customers and 42 individual brokers • Used lists provided by bank of customers with maturing CD’s and referrals from bank employees – some elderly and/or unsophisticated with conservative investment objectives • One Broker – 74 customers with 118 “unsuitable” exchanges shortly after joining FTS Switched customers from “old” firm into VA’s issued by same insurance co’s with same riders Ignored differences in customers’ ages, incomes, inv objec’s, sophistication etc. $260k+ in surrender charges also paid • N.B. – NTM 07-06 – Special Considerations when Supervising Recommendations of Newly Associated Registered Representatives to Replace Mutual Funds and Variable Products • Delivery of Official Statements to Customers in Muni Bond Sales — Edwards Jones fined $900k by FINRA for failure to deliver official statements to customers who purchased new-issue munies and related supervisory/recordkeeping failures — MSRB Rules require BD’s – selling new-issue munies (sold during initial distribution of bonds to public) – to deliver copy of official statement to customer on or before settlement date — Edward Jones Internal Communications referenced that it was not timely delivering official statements • …but failed to take corrective action! 19 Other FINRA and B-D Regulatory Developments – Cont’d • FINRA Consolidated Rule Proposals to Address Supervisory Rules — Most significant changes as follows: • Proposed Rule 3110 – Supervision – would consolidate NASD/NYSE Rules relating to supervision, and is based on NASD Rule 3010 and NYSE Rule 342, as well as NASD Rules 3012 and 3040 • Proposed Rule 3110(a)2) would require firm to have appropriately registered principal to supervise each business activity which it engages, regardless of whether B-D registration is required for that activity. N.B. - existing NASD Rule 3110(2) only requires such principal supervision for activities for which registration as B-D is required Uncertainty at present as to what sort of principal registration/supervision would be required for “activities not requiring registration”. • Proposed Rule 3110(b)(3)(B) – address supervision of “dual employees” of banks and B-D’s. Due to adoption of Reg R – which permits bank employees to engage in certain securities activities – there has been call for FINRA to clarify application of NASD Rule 3040 to such employees. Proposed Rule would exclude from supervision requirement any bank-related securities activities of dual employees when such activities are included within exemptions from registration Bank will be required to: o Provide for comprehensive review of dual employees' securities activities o Employ Pol & Proc reasonably designed to achieve compliance with the antifraud provisions of federal securities laws; and o Give prompt notice to B-D of any dual employee’s violation of Pol & Proc. 20 Other FINRA and B-D Regulatory Developments – Cont’d • Top Five (5) FINRA Violation Types – March 2009: — FINRA announced sanctions against 46 individuals. • (i) Forgeries; • (ii) Failure to Respond to Requests for Information; • (iii) Failure to Update Form U-4; • (iv) Suitability; • (v) 3-Way Tie: Misappropriations; Unauthorized Discretion; Insurance Sales and Exchanges. • Supervise Your Supervisors! • During March 2009, (13) of the 46 disciplined individuals, or 28%, were Registered Principals • Last month it was 20%. • Important - Maintain checks and balances over supervisory personnel after all, they could be your firm's worst offenders! 21 Other FINRA and B-D Regulatory Developments – Cont’d • SEC to prohibit Brokers from voting Proxies — SEC to eliminate NYSE rule allowing brokerage firms to vote proxies of investor clients — Shareholder Activists long pushed to end this practice! • Occurs when clients don’t vote • Argument is that Brokerage Firms typically vote the way management suggests • Under current rule, brokers can vote client proxies on “routine” votes, e.g., uncontested director elections etc. • Rule change effective 12/31/09 • FINRA to Propose Expanding BrokerCheck to Permanently Disclose Disciplinary Histories of Former Brokers • FINRA proposing a major expansion of its BrokerCheck service — to make records of final regulatory actions against brokers permanently available to the public, regardless of whether they continue to be employed in the securities industry. • Under current rules, a broker's record generally becomes unavailable to the public two years after he or she leaves the securities industry and is therefore no longer under FINRA's jurisdiction. • FINRA estimates there are more than 15,000 individuals who have left the securities industry after being the subject of a final regulatory action and whose disciplinary history is not currently available on BrokerCheck. • FINRA filed its rule proposal to expand BrokerCheck with the SEC late last week. The SEC will publish the proposal in the Federal Register and solicit public comment in the near future. 22 Movement towards consistent “Fiduciary” Standard • SIFMA recommendation to “Harmonize” IA and BD Regulation — 2007 Rand Corp Study (SEC commissioned) that Financial Service providers duties or standards of care – e.g., “fiduciary”, “suitability” etc. contributed to investor confusion — Also, ERISA and IRC (for IRA’s) have different definitions of fiduciaries and prohibitions on conduct that differ from IA Act and state fiduciary law concepts — SIFMA recommends “Universal Standard of Care” – fundamentals of fair dealing investors can expect from all Financial Service providers – whether financial planner, investment adviser, brokerdealer, bank, insurance agency or any other type of financial services provider. 23 Movement towards consistent “Fiduciary” Standard – Cont’d • State Farm “CFP” Approach — During 2008 Certified Financial Planner Board of Standards, Inc. added a “fiduciary” standard to its Code of Ethics — Reported that State Farm (which sells annuities, mutual funds, financial advice and slate of insurance products) instructed approx. 270 Agents who are CFP’s to abandon the designation — Other Insurance Companies reportedly exploring same approach — State Farm has asked CFP Board to exempt insurance sales from definition of “financial planning” — Concerns primarily revolves around the imposition of “fiduciary” standard when selling insurance and legal risk related therewith • FINRA & SEC - “Consistency in Investor Protections” — Primary issue regarding investor protection differences between IA and BD channels is difference between IA “fiduciary” standards and BD’s rule requirements, e.g., suitability — Need to explore “whether fiduciary standard can effectively be applied to broker-dealer selling activities and, if there are problems - make a strong effort to resolve those problems.“ — IA’s believe Fiduciary Standard is more customer-protective that “suitability” standard of B-D’s — B-D’s maintain that “suitability” standard is sufficiently rigorous and that IA’s are more lightly regulated than brokers — In any event, IA’s should look forward to more audits; population of RIA’s increased 30+% since ‘05 24 RIA Annual Review Requirements • Rule 206(4)-7 - “Compliance Rule” requires RIA to adopt and implement written policies and procedures reasonably deigned to prevent a violation of the feral securities • “Compliance Rule” also requires Annual Review of Pol & Proc to consider any compliance matters that arose during prior year, any changes in the business activities of the adviser of affiliates, and any changes in the Advisers Act or applicable regs • Top 10 List for IA Annual Reviews; — — — — — — — — — — 1. Review any and all past Deficiency Letter & ensure all deficiencies noted were 2. Perform Gap Analysis of existing controls, e.g., list of client complaints over last 12 months, branch/compliance exam deficiencies, Internal Audit findings and other “red flags” noted on exception reports 3. Evaluate any changes in business products or services over last year 4. Determine if any new Rule Promulgations, Guidance Statements or No-Action Letters could impact your Pol, Proc or processes – update, if needed. s 5. Consider “Mock” SEC exam to provide assessment of “tone at the top”, strength of Pol & Proc and adequacy of compliance testing 6. Define Roles and Responsibilities of all associated persons • How will you meet requirements? • Who is responsible for same? • What methods will be followed? 7. Develop and deploy appropriate Training 8. DISCLOSE, DISCLOSE, DISCLOSE! • Fiduciary duty to disclose all material info to clients • Review ADV, contracts and other sales/mkt material 9. Develop Annual Review Committee and Compliance Calendar 10. Compliance is “Everyone’s Responsibility” • Interview personnel to test knowledge of Pol & Proc, sales practices etc. • Conduct periodic testing to test controls and culture • Enhance Annual Review where appropriate 25 RIA Annual Review Requirements – Cont’d • Some Add’l Ideas for “tweaking” Annual Review: — Revise process for documenting relationships w/ counterparties, e.g., failure of Lehman Bros. — Scan recent SEC enforcement efforts over last year which could spotlight areas of concern — Re-visit your process for identifying new law and regs, e.g., Regulatory Update Tracking Report • May want to implement quarterly vs. annual process in this regard, i.e., in light of volume of recent changes 26 Review your Compliance Program! SEC Staff Speech – Lori Richards, March 2009 • Need to maintain “Evergreen" Compliance Program — State of constant improvement; — Identify and address new issues and compliance risks; — Incorporate new forensic tests and new technology; and — Reasonably deigned to prevent a violation of the federal securities • RIA should take a fresh look at: — DISCLOSURE • Inadequate disclosure amongst Top 5 most common deficiencies that SEC Examiners found in exams last year and consistently a “most frequent” exam finding • Need to review DISCLOSED vs. ACTUAL practices Conflicts created by bus. arrangements/affiliations Compensation arrangements w/ solicitors, finders or other providers Fees paid by clients to IA or affiliates Use of client commissions to pay for products/services • Are you delivering disclosure docs to clients as required and making approp. filings w/ SEC • This is an area Examiners will look at! 27 Review your Compliance Program! SEC Staff Speech – Lori Richards, March 2009 –Cont’d RIA should take a fresh look at – cont’d: — CUSTODY • “Custody Rule” Reminder – client assets must be held by “qualified custodian” and such custodian must provide advisory client with at least quarterly statement If assets held by RIA itself – annual indep. “Surprise Audit” required, e.g., verification of client holdings • In light of recent Ponzi schemes and other frauds, SEC will focus on controls over custody. According, key steps to take: Compliance Staff should obtain (sample or otherwise) client statements sent out by Custodians Compliance Staff should compare client statements with Advisory records Compliance Staff should review Advisor’s reconciliation process Compliance Staff should take add’l steps to confirm assets when custody is with the adviser or affiliate Compliance Staff should review client account statements sent by Adviser to ensure consistency w/ reports of custodian 28 Review your Compliance Program! SEC Staff Speech – Lori Richards, March 2009 –Cont’d RIA should take a fresh look at – con’d: — PERFORMANCE CLAIMS • Performance claims must be accurate Conflicts exist – advisory fees may be pegged on performance, marketing significance of performance claims and natural inclination to deliver bad news. • Accordingly, this area will continue to be focus of CCO’s and SEC Examiners • Recent SEC Exam Findings: Overstating firm’s performance returns, AUM, or length of operation Not including disclosures necessary to prevent performance claims from being misleading, e.g., whether results reflect dividends, differences w/ index used to compare adviser’s performance etc.) Inappropriately incl/excl info or data in composites, e.g., advertising past specific recommendations • “Best Practices”: Retain outside firm to verify performance claims Conduct special tests to ensure complete records re: marketing/performance advertisements Periodic review of marketing materials to ensure info is truthful and not misleading 29 Review your Compliance Program! SEC Staff Speech – Lori Richards, March 2009 –Cont’d RIA should take a fresh look at – con’d: — RESOURCES • Under “Compliance Rule” , Compliance Pol & Proc should be designed to prevent violations from occurring, to detect violations that have occurred, and to correct promptly any such violations. Accordingly, SEC has cautioned against making resource reductions to Compliance Programs • When conducting Annual Review of Pol & Proc adequacy, CCO should consider adequacy of resources and SEC Examiners If lack of resources undercuts CCO’s ability to perform effective review or undercuts ability to implement, CCO should include this in CCO Annual Report or other indication of Annual Review. When conducting Annual Review of Pol & Proc adequacy, CCO should consider adequacy of resources and SEC Examiners • Other considerations: Leverage work by other Functional Groups, e.g., Internal Audit and/or Risk Management Leverage and/or invest in technology to provide “front-end” compliance monitoring 30 Increased Focus on Custody • March 9, 2009 SEC OCIE Letter to IA Assoc. and Managed Funds Assoc requesting that they inform membership of recent IA Exam focus which requires “independent confirmation of investor assets”. — Letters state: • SEC May contact various 3rd parties – Including custodians, administrators, auditors, hedge fund investors and advisory client TO CONFIRM CLIENT ASSET LEVELS. • New SEC Exam Letters — Two Sweeps – unusual to have 2 sweeps going on at same time! • Custody Generally, similar to past Custody Letters, but also asks for extensive info relative to all services providers (not just custody service providers) May want to ask the SEC for clarification in this regard • Rumors Started last fall — New Exam Document Request Letter • Shorter than past Letters (7 Pages) • Similar to past exam requests • Will seek to speak with Compliance Officer, plus staff responsible for risk management, port mgt, trade execution, research, back office/admin, IT, AML and marketing. 31 Other RIA “Hot Topics” - Potpourri • 2008 RIA Exam Stats — SEC Examined 1,521 IA Firms in 2008; 15% of total number of RIA’s and 30% of all AUM — Increase of 140 over 2007 — Includes 400 “quick hit” exams of new RIA’s — 68% = Deficiency Letters — 4% = Enforcement Referrals — 28% (approx.)= No further action • This number spiked likely due to 400 “quick” visits — TOP 5 DEFICIENCIES NOTED (relatively consistent year – to- year): • Disclosures and Filings • Compliance Rule • Personal Trading • Performance Advertising and Marketing (i.e., related to Disclosure) • Portfolio Management • New approaches to IA Exams and Enforcement — Exploring ways to “leverage” 3rd parties in oversight of IA’s, i.e., without SEC abdication of responsibility — 400 SEC Staff to examine approx. 11,000 RIA’s — RIA numbers – 50% increase since 2001 — Note – Madoff’s brokerage operations reviewed regulatory, but IA Business never reviewed after 2006 registration 32 Other RIA “Hot Topics” - Potpourri • “No Excuses” Attitude from Examiners — “Clear Expectation” that firms should be prepared to be examined — Examiners will be “less tolerant” of delays in document production — Delays could result in enforcement • New RAVE Exams — Surprise SEC Exam whereby examiners show up in the morning and request to speak with several people at the firm and leave within a few hours — RAVE – Amounts to short, focused SEC exam of a new Adviser that takes a day or less • “Outsourcing” Compliance — Remember – you need to indentify CCO on form ADV! • Recent IA Week Investigation reflected approx. 40 firms who failed to identify CCO on ADV (potential SEC Violation) • CCO needs to be “an Individual” who is a “supervised person” • Outsourcing Compliance is generally acceptable to SEC 33 Other RIA “Hot Topics” – Potpourri – Cont’d • Code of Ethics – Interns, Temps, Consultants etc. — Generally agreed that temps, interns and consultants are not “required” (by SEC) to be subject to Firm’s Personal Trading Rules — Best Practice – include anyone “who has access to material, nonpublic info that could be misused for insider trading — Caveat – once covered by Polices, be sure to monitor them! • Getting dup trade confirms from temps can be a challenge — Alternative – do not place them under your Policy but reinforce (training etc.) the need to be careful with proprietary info etc. — Be careful of “temps” that are around for months and months………. — Possibilities: • Have temps sign confidentiality agreement warranting not to trade on any material NPI they come across; • Have them agree to “black-out period” on trading that is in sync with your firm’s Policy; or • Have agreement with flat out prohibition against buying or selling securities /derivatives while supporting your Firm NB – FINRA rules on BD side are clearer in this regard so if your Firm is Dually Registered, you should subject temp staff to all your Pol & Proc. 34 Other RIA “Hot Topics” – Potpourri – Cont’d • Recent SEC “Rumors” Sweep — 2nd Sweep of late – in addition to Custody focus — Began last Fall, around time of short-selling concerns — Generally, give IA’s 2 weeks to send in plethora of docs covering August 08 – end of 08 — SEC is requesting: • Whether Firm “initiated, conducted or concluded any reviews” or investigations into “the malicious creation, spread, or use of false or misleading rumors” related to securities • Types of training material offered to staff about “rumor mongering” • Changes Firm has undertaken in how it monitors use of “Internal chat rooms, message boards and/or websites” — Should develop “Rumor” Policy • Look to FINRA’s Proposed Rule on “Rumors” for guidance • Should remind staff that it is rumor mongering is illegal an can result in allegations of market manipulation • Staff should be cautioned against spreading info outside the Firm unless based on public releases by an issuer or reliable source • Staff should be instructed to contact CCO or Supvr if they may have received false info from outside the Firm • Risk Based Policy – e.g., smaller advisers trading in Mutual Funds may require abbreviated or no Policy at all 35 Other RIA “Hot Topics” – Potpourri – Cont’d • ADV “Recordkeeping” Enforcement Case — Merrill Lynch gave clients a Disclosure Statement considered an “Alternative to its Form ADV, Part II” • 204-3 allows for a Copy of Part II or “ a written document containing at least the information then so required by Part II of Form ADV” • However, there was no recordation of dates when clients received such Statements • Violation of Rule 204-2 Demands “record of the dates that each written statement, and each amendment………………was given, or offered to be given, to any client or prospective client who subsequently becomes a client”. — Expensive Lesson - $1 Million Fine imposed! 36 Other RIA “Hot Topics” – Potpourri – Cont’d • Penalties for Adviser Act Violations to Increase — CMP’s hiked for 1st time in 4 Years — e.g., Insider Trading penalty increased to $1.42 million • Hedge Fund Registration — Bill Introduced in Congress – Hedge Fund Transparency Act of 2009 — Will close loophole previously used by hedge funds to escape definition of “investment company” under ’40 Act — New Legislation will mandate that hedge funds: • Register with SEC; • Maintain books and records that the SEC may require; • Cooperate with any request by the SEC for information or examination; and • File information form with the SEC electronically, at least once a year. • N.B. – Bill would also mandate AML Programs for Investment Companies 37 Other RIA “Hot Topics” – Potpourri – Cont’d • Potential Books and Records Changes — Rule 204-2 created in early ’60’s — Potential changes: • Require IA’s to maintain some Only an option today! • May have to create and produce “searchable and sortable electronic records” of trading data for managed accounts, client lists, code of ethic breach logs etc. • Update proposed communications retention requirements • Keep more categories of correspondence Re: “clients, advice, performance, compliance, commission”, as well as audits, regulatory etc . • SEC “Imposters” — Reports of bogus Examiners — Attempt to trick IA’s and others into “revealing private information” — Using tricks such a purporting to be conducting an “emergency exam” or the like — Make sure your IA personnel do not share info with “suspicious” callers — Validate with SEC’s personnel locator 202 551-6000 38 Other RIA “Hot Topics” – Potpourri – Cont’d • Reg S-P – Recent Enforcement Actions — S-P requires that firms implement reasonably adequate policies and procedures to safeguard customer information. — LPL alleged failed to safeguard customer information • PI of 10,000 customers vulnerable to identity theft, "following a series of hacking incidents involving LPL's online trading platform." • LPL settled the SEC's charges without admitting or denying anything, and agreed to pay a fine of $275,000. • The SEC noted that the firm conducted an internal audit in mid2006. That audit identified inadequate controls relating to guarding customer information and noted, according to the SEC, that there was a risk of hacking. The hacking incidents began around July 2007, and, at that time, the SEC alleges that LPL had not implemented increased security measures despite actual awareness of the risks.” 39 Other RIA “Hot Topics” – Potpourri – Cont’d • Reg S-P – Recent Enforcement Actions- Cont’d Recruiting Issues — Woodbury Financial - allegedly misused clients’ personal info related to the firm’s recruitment of RR’s and Advisers • Woodbury allegedly allowed recruits to provide client NPPI (e.g., SS #’s, account numbers, DOB’s) before becoming associates with Woodbury so that Woodbury (on recruit’s behalf) could pre-populate account transfer and new account forms with certain client info. — Next Financial Group - $125k Penalty (June 2008) re: Reg S-P and “recruiting”-type infractions 40 Other RIA “Hot Topics” – Potpourri – Cont’d • Enforcer Role for CFP Board? — Proposal to make CFP Board the Rule Setter and Enforcer for nations hundreds of thousands of “unregulated” planners • Attempt to reverse growing impetus of FINRA to expand domain to planners and advisers. • FPA, NAPFA etc. argue FINRA not suited to regulate services (often fee-based) that financial planners provide — CFP Board employs approx. 55 people vs. 3,000 at FINRA — CFP Board – limited powers, e.g., decertify a certificate holder vs. FINRA’s power to impose penalties, suspensions, expulsions etc. 41 THE END! Sean Gray Senior Vice President and Director of Wealth Management Compliance PNC Bank Sean.Gray@pnc.com (215) 585-5545 42