Tag Archives: Regulation S-ID

Investment Management Law Weekly Overview – Week Ending November 22

Please see below our notes on the past week. If you have questions on any of these items, please feel free to contact us.

****

Regulation S-ID Identity Theft Red Flag Rules went into Effect

On Wednesday the new Red Flag rules went into effect for many SEC and CFTC registered managers. In general, certain managers are now required to have identity theft programs in place which will include: staff training for appearance of red flags, procedures for dealing with red flags, certification of procedures from administrators and/or custodians dealing with investor/customer accounts. Managers who have not yet discussed program implementation with their outside counsel or compliance firm should reach out with respect to this issue. For more information, please see our post on Regulation S-ID Identity Theft Rules.

IARD Renewal – Fees Due by December 13, 2013 

SEC and state registered investment advisers will have until December 13th of this year to pay their renewal fees for 2014. To begin, managers will need to retrieve their preliminary statement to find out the amount they owe. Managers will then need to use the IARD’s new E-Bill system (which replaces the old E-Pay system) to pay the total amount due by December 13, 2013, the renewal payment deadline. Firms should submit their electronic renewal payments no later than December 10 in order for payment to post to the renewal accounts by the deadline. For more information, please see the IARD Renewal Checklist.

MF Global Ordered to Fully Reimburse Customers; Subject to $100 Million Fine

It now appears as if all of the futures customers at MF Global will be fully reimbursed. A federal court in New York recently ordered MF Global to pay over $1 billion in restitution to customers. The court also imposed a $100 million civil penalty on the company. For more information, please see the CFTC press release.

Manager Fined $250,000 for Numerous Compliance Violations Including Misstatements in PPM

It is vitally important that fund managers accurately describe their operating procedures in their fund offering documents. This includes such matters as valuation on fund assets. Additionally, managers need to be vigilant in making sure that statements made in the offering documents continue to be accurate. The SEC recently announced the issueance of an order that found, among other items, that the management company failed to adopt and implement written compliance policies and procedures reasonably designed to prevent violations applicable laws and regulations concerning three important areas of private fund management: (i) valuation of fund assets, (ii) the accuracy of disclosures to fund investors about the valuation practice, and (iii) cross trades between clients. In addition to the monetary penalty, the manager was censured and is now required to provide a copy of the SEC order to certain of its clients and investors. The full complaint can be found here.

Enforcement Actions

SEC

• There were a number of enforcement actions at the SEC level for run-of-the-mill financial crimes such as preying on elderly investors and receiving fraudulent kick-backs (note: interestingly, the SEC also charged the firm with aiding and abetting another firm with violation of the SEC’s custody rule).  Additionally, the SEC charged another tipper in the Galleon insider-trading scandal.

CFTC

Forex Pool Fraud – November 19, 2013. Specifically, the Order finds that, from at least June 2010 through April 2013, Prescott fraudulently solicited individuals to invest in Cambridge’s off-exchange forex pool and misappropriated $455,098 of pool participants’ monies, using some of those funds for air travel, hotel accommodations, and gambling. According to the Order, Prescott defrauded pool participants and prospective pool participants by misrepresenting the risks involved in forex trading and executing demand promissory notes in their favor that promised the repayment of the note amount and monthly interest payments, knowing or recklessly disregarding that he could not make those payments by his forex trading. Press release can be found here.

****

Cole-Frieman & Mallon LLP is a premier boutique investment management law firm, providing top-tier, responsive, and cost-effective legal solutions for financial services matters. Bart Mallon can be reached directly at 415-868-5345.

Regulation S-ID Identity Theft Rules

Identity Theft Red Flag Rules Effective November 20, 2013

Pursuant to new SEC and CFTC rules, many registered managers, including private fund managers are now required to have identity theft programs in place.  Such managers will need to have robust policies in place in order to be compliant with the new rules.  Such policies will include: staff training for appearance of red flags, procedures for dealing with red flags, certification of procedures from administrators and/or custodians dealing with investor/customer accounts.

Below we have reprinted an article from the Compliance Focus blog maintained by Sansome Strategies LLC, a regulatory and compliance consulting company described in greater depth below.  The article reprinted below can be found here.

****

Identity Theft Issues for Investment Advisers and Futures Participants
Jennifer Dickinson, Sansome Strategies

A little-known provision of the Dodd-Frank Act shifted responsibility over existing identity theft rules from the Federal Trade Commission to the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”). The rules became effective May 20, 2013 and certain entities regulated by the SEC and CFTC will need to comply by November 20, 2013.

Overview

SEC and CFTC registrants that are “financial institutions” or “creditors” and that offer or maintain “covered accounts” for their clients will need to comply with the identity theft rules:

  • Financial institution: a bank, credit union or other person who holds a transaction account belonging to a consumer (a transaction account is one that permits withdrawals, payment orders, transfers or similar means for making payments to third parties);
  • Creditor: any person that regularly extends, renews or continues credit to others.
  • Covered account: any account that a financial institution or creditor offers or maintains:
    1. Primarily for personal, family or household purposes that involves or is designed to permit multiple payments or transactions; and
    2. There is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or litigation risks. Examples include: for the SEC, brokerage or mutual fund accounts that permit wire transfers or other payments to third parties; for the CFTC, margin accounts.

Who will be affected, and how?

On the SEC side, broker-dealers, investment companies and investment advisers are considered financial institutions. On the CFTC side, commodity pool operators and commodity trading advisers will be considered creditors if they:

  • Regularly extend, renew or continue credit or arrange for the extension, renewal or continuation of credit; or
  • Acting as an assignee of an original creditor, participate in the decision to extend, renew or continue credit.

Firms that meet these definitions are required to implement reasonable policies and procedures that:

  • Identify “red flags” to prevent identity theft in the covered accounts they manage, and document them in the compliance program. Red flags can exist in the types of accounts the firm manages, the manner in which accounts are opened or accessed, and the firm’s previous experiences (if any) with identity theft;
  • Provide for monitoring accounts on an ongoing basis to detect red flags;
  • Respond appropriately to red flags;
  • Is periodically updated to reflect any changes in risks; and
  • Describe the various appropriate responses to red flags.

Whether a firm will meet the definitions will depend significantly on its client base and account structures. Traditional RIAs and other firms that manage accounts for individuals or family offices should look closely at those accounts to determine the types of activities that will be processed in them. A firm that handles bills or other third-party payments on behalf of its clients will need to undertake the most review and implement the most rigorous compliance program contemplated by the rules.

At first blush, fund managers may assume that these rules will not apply to them; however, care should be taken to ensure that investors’ accounts are set up to receive and hold investment amounts, and the only transfers permitted will be for management fees, performance allocations to the manager/general partner as applicable, and withdrawals by (and most importantly, back to) the investor to minimize identity theft risks. Even so, additional procedures around investor intake and withdrawal may need to be implemented.

CPOs and CTAs may undertake a similar evaluation and should also look at their investment strategies to determine the extent to which they meet the creditor definition.

Finally, even if a firm is not registered with the SEC or CFTC, identity theft can be a significant reputational and litigation risk for if they handle third-party payments on behalf of clients or investors. Accordingly state registrants and exempt firms should consider implementation as a best practice.

Compliance Strategies

The rules identify five specific categories that every compliance program should address:

  • Alerts, notifications or other warnings received from consumer reporting agencies or other service providers;
  • Presentation of suspicious documents;
  • Presentation of suspicious personal information (e.g., an unexpected or unusual address change);
  • Unusual usage of a particular account; and
  • Notices from customers, victims of identity theft, law enforcement agencies or others regarding possible identity theft in an account.

Employees should be trained to identify the above and any other red flags that are specific to the firm’s business.

Appropriate responses to a red flag incident will vary significantly depending on the circumstances. The rules mention:

  • Monitoring an account for evidence of identity theft;
  • Contacting the customer;
  • Changing passwords, security codes or other devices that permit access to an account;
  • Reopening accounts with new numbers;
  • Refusing to open an account;
  • Closing an existing account;
  • Refraining from collection activities on an account;
  • Notifying law enforcement; and

Determining that a response is warranted in a particular instance.

Other, proactive safeguards can include standardizing the forms and processes used to effect transactions in client accounts, designating a person or team of people to handle those transactions under supervision (and training them to detect identity theft), preparing and reviewing a daily transaction blotter, requiring additional approvals and documentations for higher risk transactions and implementing PINs or security questions and client call-backs, to name a few.

To the extent that safeguards are client or investor-facing (such as call-backs, PINs or other identity verification tools), these should be standardized and clients/investors notified of the procedures so they know what to expect. Obtaining client’s acknowledgment of these processes via the investment advisory or subscription agreement is a good way to handle this clearly and consistently.

To ensure compliance by November 20, 2013, we encourage all firms to reach out to their compliance consultant or legal counsel as soon as possible. Rolling out the program early will afford plenty of time to refine it by the deadline.

****

About Cole-Frieman & Mallon LLP

Cole-Frieman & Mallon LLP provides legal services to the investment management community.  Please reach out to us through our contact form or call Bart Mallon directly at 415-868-5345 if you have questions on implementation. 

About Sansome Strategies LLC

Sansome Strategies is a compliance consulting firm specializing in high-touch, outsourced compliance services for businesses in the investment management industry. Clients include investment advisers, futures managers, broker-dealers, hedge funds, and private equity firms. Sansome Strategies provides tailored compliance management solutions to the unique needs of each client and is focused on helping clients build and enhance their business by simplifying the compliance and regulatory process.  Sansome Strategies is wholly owned by Karl Cole-Frieman and Bart Mallon.  For more information, please contact Sansome Strategies here.