April 20, 2023
Clients, Friends, and Associates:
As we end the first quarter and enter the spring season, we would like to highlight some of the recent industry updates and occurrences we found to be both interesting and impactful. While we try to keep these topics at a higher level, please feel free to explore the links included and reach out to us if you have any related questions.
****
CFM Items
We are pleased to announce the addition of John T. Araneo to our firm as Partner to lead our Cybersecurity Law practice. We’d also like to highlight the promotion of Frank J. Martin to Partner and Firm General Counsel. Additionally, we have hired Marcia Delgadillo as Director of Marketing & Business Development to manage our firm’s marketing and business development activities. Please join us in welcoming them all to our firm.
Cole-Frieman & Mallon is hosting a panel discussion on “Navigating the SEC Marketing Rule: Practical Considerations for Fund Managers,” on May 4th in San Francisco. CFM Partner David Rothschild and Senior Associate Malhar Oza will be joined by Managing Director Michael Fitzgerald of TD Cowen and Chief Executive Officer Fizza Khan of Silver Regulatory Associates LLC for a lively discussion. For details, contact [email protected].
****
SEC Matters
SEC Charges Staking-as-a-Service Provider. On February 9, 2023, the Security and Exchange Commission (“SEC”) charged Payward Ventures, Inc. and Payward Trading Ltd. (“Kraken”) with failing to register the offer and sale of their crypto asset staking-as-a-service program. In operation since 2019, Kraken’s program allowed public investors to transfer crypto related assets to Kraken for staking in exchange for annual investment returns advertised by Kraken to be as high as 21%. Kraken’s model depended on pooling the assets transferred by investors and staking them on behalf of those investors. The SEC’s complaint alleges that the program produced benefits derived from Kraken’s effort on behalf of investors and that the program should be considered an investment contract subject to registration, disclosure, and safeguard protections required by securities laws. As a result of the charge, Kraken has agreed to cease offering or selling securities through crypto asset staking services and pay $30 million in settlement fees. Although the SEC’s complaint did not allege that staking necessarily always constitutes a security offering, it was determined that this service offered by Kraken did meet the 4-prong test to be considered an investment contract. This signals that the SEC may be increasingly more aggressive at regulating crypto under existing rules and regulations, and managers should consider whether staking services offered by third parties would fit into the Kraken fact pattern.
The SEC’s New Proposed Rule Regarding Safeguarding Advisory Client Assets. In February, the SEC announced a proposed rule to amend the existing “custody rule” applicable to SEC registered investment advisers (“RIAs”) that have custody of client assets. The proposed rule, redesignated as the “safeguarding rule,” imposes potentially significant new requirements on RIAs, including RIAs operating in the digital asset space.
The Existing Custody Rule. As background, the existing custody rule requires any RIA that has custody of client assets to keep “client funds and securities” with a “qualified custodian” at all times. To-date practitioners have debated the extent to which digital assets are captured in the definition of “client funds and securities” and thus whether these requirements apply to RIAs with custody of clients’ digital assets. A qualified custodian generally is a federal or state-chartered bank or savings association, certain trust companies, a registered broker-dealer, a registered futures commission merchant, or certain foreign financial institutions.
Key Elements of the Proposed Safeguarding Rule. The proposed safeguarding rule would make several important changes to the custody rule. Most importantly to digital asset managers, it would expand the existing custody requirements to cover all “client assets” over which an RIA has custody, explicitly including digital assets. It would also require RIAs to enter into written agreements with qualified custodians to ensure basic custodial protections are in place, including requiring a qualified custodian to obtain written internal control reports that include an opinion of an independent public accountant regarding the adequacy of the qualified custodian’s controls. The proposed safeguarding rule would provide a transition period of one year for large advisers and 18 months for smaller advisers to comply with the new rule.
Potential Implications for Crypto RIAs. If implemented as drafted, the proposed safeguarding rule would require RIAs who operate in the digital asset space to custody their digital assets with qualified custodians at all times – no exceptions. While qualified custodians exist today that can custody certain digital assets, there are no qualified custodians that can custody all digital assets. Moreover, when a crypto RIA wants to trade digital assets on an exchange, the crypto RIA would have to move digital assets out of a qualified custodian and on to the crypto exchange. There are currently no crypto exchanges that are qualified custodians, so it may be impossible for crypto RIAs to comply with the proposed safeguarding rule at all times. If adopted as proposed, RIAs could find it much harder to operate in the digital asset space.
Next Steps. We encourage our clients to review the proposed rule and consider submitting comments to the SEC highlighting potential issues and ways to improve the proposed rule. Comments should be received on or before May 8, 2023. Electronic comments may be submitted via the SEC’s internet comment form or by sending an email to [email protected]. Commenters should include File Number S7-04-23 on the subject line if submitting by email. After the May 8, 2023, comment deadline, the staff of the SEC will review the comments and potentially revise the proposed rule. The proposed rule, and any revisions to it, would only become effective after the SEC commissioners vote to approve it as a final rule.
The SEC’s Proposed Cyber Risk Management Rule for Investment Advisers. Last February, the SEC released a proposed rule that portends to create an entirely new cybersecurity compliance regime for investment advisers and certain funds. This new set of cybersecurity risk management rules (the “Cyber Risk Management Rule”) will be codified by amendments to both the Investment Advisers Act and the Investment Company Act. As drafted, the Cyber Risk Management Rule has four (4) cornerstone components: (i) policies and procedures; (ii) a new regulatory reporting regime (including a 48-hour notification period for alerting the SEC of a cybersecurity breach); (iii) cybersecurity disclosure obligations; and (iv) recordkeeping requirements. The Cyber Risk Management Rule was set for a final vote this month, however on March 15, 2023 the SEC unexpectedly reopened its comment period for an additional sixty (60) days, while simultaneously issuing three (3) additional cybersecurity related rule proposals, each with some connective tissue with the Cyber Risk Management Rule.
Cybersecurity continues to be a top priority at the SEC and it has made clear that a new, more mature and comprehensive cybersecurity compliance regime is imminent. Advisers and funds who may mistakenly kick the cybersecurity can down the road in 2023 will likely do so at their peril, primarily for two reasons. First, the SEC still requires registrants to comply with its current cybersecurity requirements, to wit, conducting annual assessments and implementing reasonable policies, procedures, and controls across the core seven (7) elements that constitute a model cybersecurity program (governance and periodic assessments; access rights and controls; data loss prevention; mobile security; incident response; vendor management; and training and awareness (collectively, the “Cyber 7”)). Second, the new regime, via proposed rule 206(4)-9 of the Investment Advisers Act, will actually make it unlawful for a registered adviser to provide investment advice to clients if it fails to adopt and implement these policies and procedures and conduct these periodic assessments. This rule alone is a clear, direct statutory line in the sand that adds one more arrow in the quiver of the SEC’s ample Cyber Unit, which continues to actively pursue penalties against those registrants that fail to meet these threshold requirements.
Fortunately, since the new Cyber Risk Management Rule takes a cumulative approach in setting these new cyber standards, virtually all the advancements asset managers have made in complying with the current Cyber 7 since 2015 will be relevant and accretive to the new requirements. Cybersecurity is indeed a process, as opposed to a project. Demonstrating continued engagement and reasonable progress is the key to cracking the code on cybersecurity compliance, at least in terms of meeting regulatory requirements and the ODD expectations of institutional investors. And thus, advisers need to act now in either creating or sufficiently maintaining an appropriately scaled model cybersecurity set of policies, procedures and controls (a “Cybersecurity Program”). The Firm’s Cybersecurity Law Practice Group is available to assist our clients with any questions or concerns regarding virtually any aspect of cybersecurity compliance.
SEC and NYDFS Commence Actions Against Paxos. The New York Department of Financial Services (“NYDFS”) recently ordered Paxos Trust Company (“Paxos”) to cease minting Paxos-issued BUSD, a fiat-backed stablecoin issued by Binance and Paxos. Each BUSD token is backed 1:1 with US dollars held in reserve. On February 13, 2023, Paxos notified customers of its intent to end its relationship with Binance as a result of the order.
In conjunction with the order from the NYDFS, Paxos reports that it received a Wells notice from the SEC on February 3, 2023. According to a press release from Paxos, the Wells notice states the SEC is considering enforcement action against Paxos alleging that BUSD is an unregistered security. The actions by the NYDFS and SEC could have important implications for stablecoins since it appears that regulators are taking the stance that fiat-backed stablecoins could be securities even though they are intended to function as currency and there would not be an expectation of profit simply by owning them. Moreover, the NYDFS order and SEC Wells notice only appear to target BUSD, while Paxos separately issues a second fiat-backed stablecoin called USDP. It is unclear why USDP appears to be spared so we await further action by regulators and will monitor this situation.
SEC Files Wells Notice Against Coinbase. Coinbase Global Inc. (“Coinbase”) also recently received a Wells notice from the SEC, targeting Coinbase’s staking service Coinbase Earn, Coinbase Prime, and Coinbase Wallet. The Wells notice stems from an SEC investigation conducted into Coinbase in the summer of 2022. Our firm will continue to closely monitor the situation with Coinbase for new developments.
SEC Releases a “Frequently Asked Questions” Page for the Marketing Rule. In January, the SEC released a FAQ page for questions stemming from its recently enacted rule 206(4)-1 under the Investment Advisers Act of 1940 (the “Marketing Rule.”) The page currently provides responses to three commonly asked questions—most notably regarding its gross and net performance rules—clarifying that when an RIA displays the gross performance of one investment or a group of investments from a private fund, the RIA must show the net performance of the single investment and/or the group of investments, respectively. The SEC noted that they will be updating this page periodically to respond to questions related to the Marketing Rule, and clients should reach out with any specific questions relating to the new Marketing Rule. Our firm will be hosting an event on May 4th to be a discussion of the practical considerations for fund managers under the recently reviewed marking rule, and hope that you all will join us.
Judge Rules that Emojis in a Tweet may Constitute “Financial Advice.” A United States District Court judge recently ruled that the use of emojis can be construed in certain circumstances to meet a factor in the legal test to determine whether an individual is providing financial advice. Specifically, the judge denied the defendant’s Motion to Dismiss, finding that the defendant-company’s use of a rocket ship, stock chart, and money bag emojis in a recent tweet “objectively meant one thing: a financial return on investment.” The emojis were displayed alongside statements touting recent NFT purchase prices on the company’s website, presumably indicating future gains on such NFTs. While the decision specifically rules on the three emojis mentioned above, we advise our clients to use caution in their use of any emojis, whether that be in public or private communications regarding fund matters. In any event, any communications should not be misleading and in accordance with the advisers act and the new marketing rule (if applicable).
****
Digital Asset Matters
Liability Issues and Third-Party Engagement in DAOs. As the formation of and investment in Decentralized Autonomous Organizations (“DAOs”) continue to garner attention within the investment community, it is important for DAO participants to continue to analyze how they participate. First, as noted in our July 2022 Quarterly Update, managers should consider only participating or investing in DAOs that are wrapped in a liability blocking entity in order to reduce the risk of personal liability. Second, as an added measure of liability protection, managers should consider participating or investing through special purpose vehicles specific to such activity (e.g., a fund making two DAO investments could segregate each investment through separate, wholly-owned subsidiaries). Third, managers should consider only participating or investing in DAOs that have engaged reputable third-party service providers such as administrators, accountants, tax counsel and, in the case of foreign foundations, independent directors. The use of such independent third-party service providers may help ensure proper functioning and allocation of resources of the DAO, thereby helping to protect its participants.
****
Other Items
The Ninth Circuit Blocks California’s Ban on Mandatory Arbitration Agreements. On February 15, 2023, a three-judge panel for the Ninth Circuit Court of Appeals struck down a California bill which would have prevented employers from requiring employees to sign arbitration agreements as a condition of employment. The court held that California Assembly Bill 51 is preempted by the Federal Arbitration Act, which “embodies a national policy favoring arbitration.” After years of uncertainty surrounding the issue, the decision solidifies that employers in California can continue to include mandatory arbitration provisions in their employment agreements.
****
Compliance Calendar
As you plan your regulatory compliance timeline for the coming months, please keep the following dates in mind:
April 7, 2023
- Form N-MFP Filing for Monthly Schedule of Portfolio Holdings of Money Market Funds, if applicable.
April 10, 2023
- Form 13H Quarterly Filing for Changes. Filing is for calendar quarter that ended March 31, 2023 and should be submitted within 10 days of quarter end.
- Form 13G Monthly Filing for Applicable Reporting Persons. Filing is for month end of March 31, 2023, and should be submitted within 10 days of month end.
April 15, 2023
- Form PF Quarterly Filing for Large Liquidity Fund Advisers. Filing is for calendar quarter that ended March 31, 2023.
April 30, 2023
- Form ADV Part 2A Delivery to Existing Clients.
- Audited Financials Distribution to Private Fund Investors (excluding Fund of Funds).
- Form PF Annual Filing. Filing is for fiscal year end December 31, 2022 and should be submitted within 120 days of fiscal year end.
May 10, 2023
- Form 13G Monthly Filing for Applicable Reporting Persons. Filing is for month end of April 31, 2023, and should be submitted within 10 days of month end.
May 15, 2023
- Form 13F Quarterly Filing for Changes. Filing is for Calendar Quarter that ended March 31, 2023 and should generally be submitted within 45 days of quarter end.
- Form CTA-PR Filing with the NFA, which can be filed through NFA’s EasyFile.
May 30, 2023
- Form CPO-PQR Filing with the NFA, which can be filed through NFA’s EasyFile.
- Form PF Quarterly Filing for Large Hedge Fund Traders and Large Liquidity Fund Advisers, if applicable.
- Form N-PORT Filing Monthly Schedule of Portfolio Holdings of Funds other than Money Markey Funds and SBICs, if applicable.
June 7, 2023
- Form N-MFP Filing for Monthly Schedule of Portfolio Holdings of Money Market Funds, if applicable.
June 10, 2023
- Form 13G Monthly Filing for Applicable Reporting Persons. Filing is for month end of May 31, 2023, and should be submitted within 10 days of month end.
- Audited Financials Distribution to Fund of Funds Investors.
Periodic
- Fund Managers should perform “Bad Actor” certifications annually.
- Form D and Blue Sky Filings should be current.
- CPO/CTA Annual Questionnaires must be submitted annually, and promptly upon material information changes, through NFA Annual Questionnaire system.
Consult our complete Compliance Calendar for all 2023 critical dates as you plan your regulatory compliance timeline for the year.
Please contact us with any questions or assistance regarding compliance, registration, or planning issues on any of the above topics.
Sincerely,
Karl Cole-Frieman, Bart Mallon, Lilly Palmer, David Rothschild, Scott Kitchens, Tony Wise, Alex Yastremski, Garret Filler, Frank J. Martin, and John T. Araneo
Cole-Frieman & Mallon LLP is a leading investment management law firm known for providing top-tier, innovative, and collaborative legal solutions for complex financial services matters. Headquartered in San Francisco, Cole-Frieman & Mallon LLP services both start-up investment managers and multibillion-dollar funds. The firm provides a full suite of legal services to the investment management community, including fund formation (hedge, VC, PE, real estate), investment adviser and CPO registration, counterparty documentation (digital and traditional prime brokerage, ISDA, repo, and vendor agreements), SEC, CFTC, NFA and FINRA matters (inquiries, exams, and compliance issues), seed deals, cybersecurity regulatory matters, full-service intellectual property counsel, manager due diligence, employment and compensation matters, and routine business matters. The firm also publishes the prominent Hedge Fund Law Blog. For more information, please add us on LinkedIn, follow us on Twitter, and visit us at colefrieman.com.