All posts by karen

IA’s: 2019 Rule 206(4)-7 Annual Review Due NOW

SEC Rule 206(4)-7 requires advisers to conduct an Annual Review to determine whether the firm’s policies & procedures are reasonably designed and implemented to prevent violation of federal securities laws (adequacy testing) and are effectively operating to prevent compliance problems, identify problems that occur and promptly correct those issues – achieving the goals as intended (effectiveness testing).

There are several advantages to engaging Compliance Advisers to conduct your Annual Review–

  • Capitalize on Our Many Years of Experience Conducting Annual Reviews
  • Achieve Maximum Objectivity to ensure that Deficiencies are Fully Identified and Corrected
  • Obtain Broader Insights into the Effectiveness of your Policies and Procedures
  • Preserve precious time and resources for other compliance matters
  • Cost Effective Means to Meeting this Regulatory Requirement

Contact us or Request a Customized Quote today  to conduct your firm’s 206(4)-7 Annual Review.

Time to Schedule your 1Q19 Rule 3120 Annual Review & 3130 Certification

FINRA Rule 3120 testing and the certification required by FINRA Rule 3130 are each required to be completed once each calendar year. FINRA members must submit a report no less than annually to the firm’s senior management containing details of its system of supervisory controls and the results of the testing and verification of those controls.  Furthermore, the Rule 3130 Certification must also be completed annually but not later than the anniversary date of the previous year’s certification.

Contact us today to schedule your 1Q19 Rule 3120 Testing/Rule 3130 Certification. Click here.

Preparing for the New Form ADV Amendments

By Karen A Steighner, MBA 

Compliance Advisers, Inc. 

October 2017 – In August 2016, the SEC adopted amendments to Form ADV that became effective on October 1, 2017. This means that most investment advisers will likely need to address the requirements of these amendments for the first time when they file their annual updating amendment in 1Q 2018. However, registered investment advisory firms are encouraged to consider how these amendments impact their specific business well in advance of the filing deadline.

The Amendments are intended to improve the depth and quality of information that clients receive about their investment advisory firm by modifying Part 1A of Form ADV in three areas: 1) revisions to fill certain data gaps and to enhance current reporting requirements; 2) amendments to incorporate “umbrella registration” for private fund advisers; and, 3) clarifying, technical and other amendments to existing items and instructions.   Let’s be clear though—the new information required by these amendments will also benefit the SEC by filling data gaps and facilitating their risk monitoring initiatives. Here is a summary of the new amendments:

Separately Managed Accounts. While detailed information about pooled investment vehicles has historically been collected on Form ADV Part IA, specific information regarding separately managed Continue reading Preparing for the New Form ADV Amendments

SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Policies and Procedures Prior To Breach

SEC Charges IA with Failing to Adopt Proper Cybersecurity Policies and Procedures Prior To Breach

FOR IMMEDIATE RELEASE
2015-202

Washington D.C., Sept. 22, 2015—

The Securities and Exchange Commission today announced that a St. Louis-based investment adviser has agreed to settle charges that it failed to establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients.

The federal securities laws require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information.  An SEC investigation found that R.T. Jones Capital Equities Management violated this “safeguards rule” during a nearly four-year period when it failed to adopt any written policies and procedures to ensure the security and confidentiality of PII and protect it from anticipated threats or unauthorized access.

According to the SEC’s order instituting a settled administrative proceeding:

  • R.T. Jones stored sensitive PII of clients and others on its third party-hosted web server from September 2009 to July 2013.
  • The firm’s web server was attacked in July 2013 by an unknown hacker who gained access and copy rights to the data on the server, rendering the PII of more than 100,000 individuals, including thousands of R.T. Jones’s clients, vulnerable to theft.
  • The firm failed entirely to adopt written policies and procedures reasonably designed to safeguard customer information.  For example, R.T. Jones failed to conduct periodic risk assessments, implement a firewall, encrypt PII stored on its server, or maintain a response plan for cybersecurity incidents.
  • After R.T. Jones discovered the breach, the firm promptly retained more than one cybersecurity consulting firm to confirm the attack, which was traced to China, and determine the scope.
  • Shortly after the incident, R.T. Jones provided notice of the breach to every individual whose PII may have been compromised and offered free identity theft monitoring through a third-party provider.
  • To date, the firm has not received any indications of a client suffering financial harm as a result of the cyber attack.

“As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients,” said Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit.  “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”

The SEC’s order finds that R.T. Jones violated Rule 30(a) of Regulation S-P under the Securities Act of 1933.  Without admitting or denying the findings, R.T. Jones agreed to cease and desist from committing or causing any future violations of Rule 30(a) of Regulation S-P.  R.T. Jones also agreed to be censured and pay a $75,000 penalty.

Also today, the SEC’s Office of Investor Education and Advocacy published a new Investor Alert, “Identity Theft, Data Breaches, and Your Investment Accounts.”  The alert, also available on Investor.gov, the SEC’s website for individual investors, offers steps for investors to take regarding their investment accounts if they become victims of identity theft or a data breach.

The SEC’s investigation was conducted by Thu Ta and supervised by Paul Montoya of the Chicago Regional Office and the Asset Management Unit.  The examination that led to the investigation was conducted by Patrick Elgrably, Sarah Kuhn, Bradley Kartholl, Stacey Gohl, and Thomas Kirk of the Chicago office’s investment adviser/investment company examination program.

Continue reading SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Policies and Procedures Prior To Breach

Financial and Operational Rules for Capital Access Brokers (“CAB”)

Karen A. Steighner, MBA, Financial & Operations Principal

On January 3, 2017, The Securities and Exchange Commission (SEC) approved FINRA’s rule set for firms that meet the definition of “capital acquisition broker”  (CAB) and that elect to be governed under this rule set. CAB’s are firms that engage in a limited range of activities, essentially advising companies and private equity funds on capital raising and corporate restructuring, and acting as placement agents for sales of unregistered securities to institutional investors under limited conditions1. More specifically, this set of rules applies to firms engaged in capital raising through private placements; certain additional private placements to institutional investors; private equity fund portfolio transactions; and advice to companies regarding mergers and acquisitions (M&A) as well as corporate restructuring transactions. These Rules provide the basis for a regulatory system that parallels, but is simpler than, the standard FINRA rules for non-CAB broker-dealers.

The 400 Series of the CAB Rules became effective April 14 2017 and relate to the financial and operations obligations of CABs including capital compliance, audit, books and records, and Continue reading Financial and Operational Rules for Capital Access Brokers (“CAB”)

Schedule Your 2016 Annual Reviews Now!

Broker Dealer Rule 3120 Annual Reviews

FINRA Rule 3120 testing and verification and the certification required by FINRA Rule 3130 are each required to be completed once each calendar year. FINRA members must submit a report no less than annually to the firm’s senior management containing details of its system of supervisory controls and the results of the testing and verification of those controls.  Furthermore, the Rule 3130 Certification must also be completed annually but not later than the anniversary date of the previous year’s certification. New FINRA members are required to conduct the first Rule 3120 testing and  Rule 3130 certification within 12 months of becoming a member.

Investment Adviser Rule 206(4)-7 Annual Reviews

SEC Rule 206(4)-7 requires advisers to conduct an Annual Review to determine whether the firm’s policies & procedures are reasonably designed and implemented to prevent violation of federal securities laws (adequacy testing) and are effectively operating to prevent compliance problems, identify problems that occur and promptly correct those issues – achieving the goals as intended (effectiveness testing).

We’re Hiring Independent Compliance Consultants – STRATEGIANCE™

STRATEGIANCE™

…Compliance Advisers’ Blue Ocean Strategy for Providing Regulatory Compliance Consulting Services in the Future


Experience the independence of running your own securities compliance consulting firm with access to the support, resources and expertise of a highly successful brand – Compliance Advisers, Inc.

Currently, we are launching a new initiative – Strategiance™ to grow and enhance our long history of providing customized compliance solutions to the securities industry.  A valuable component of this initiative involves expanding our network of executive compliance consultants with securities industry experience who are looking to build their own successful compliance consulting practice. We offer expert guidance, support and the necessary tools designed to help independent contractor consultants achieve success and a rewarding career. As an independent consultant, you will have the opportunity to work  for high-payout, commission-based compensation using our successful Compliance Advisers brand and proven platform, bonus and stock option programs, and other benefits.

For more information about how to become part of our Strategiance™ initiative, click here.

Cyber Security—“Trouble Times Two” for Securities Industry Firms

By Karen A. Steighner, MBA

In spite of the seemingly never-ending stream of new regulation in the financial services industry, failure to be aware of heightened regulatory concern and not developing an effective Cyber Security program is particularly problematic for broker dealers, advisers and other securities market participants. The consequences of not doing so not only leave the firm particularly vulnerable to the devastating effects of a cyber attack, but also to a regulatory violation—twice the trouble. Dealing with the expansive and expensive damage resulting from a cyber attack is two-fold and substantially more onerous than actually developing and implementing an effective plan.

Continue reading Cyber Security—“Trouble Times Two” for Securities Industry Firms

Customized Compliance Solutions™