As part of its “Fiscal Year 2016 Agency Financial Report,” the Securities and Exchange Commission (SEC) discussed enforcement cases for its fiscal year of 2016 (which concluded on September 30th). According to the report, the SEC once again set a new record for the number of enforcement actions filed in a fiscal year. With the resignation of Mary Jo White as Chair of the SEC, many are questioning whether President Trump’s nomination will continue the Commission’s focus on enforcement actions. Regardless of what the future holds, investors should take note of previous years’ enforcement actions.

Notable Enforcement Actions of 2016

The enforcement actions in 2016 were spread out over a broad spectrum of misconduct. The following is a sampling of some of the more notable enforcement matters during the SEC’s past fiscal year. (For more, see: How to Create a Robust Compliance Program.)

1. Failure to Conduct Due Diligence – Making False Performance Claims

In the Matter of Cantella & Co., IA Rel. No. 4338 (Feb. 23, 2016). In this matter, the SEC alleged that Cantella, a registered investment advisor, took insufficient steps to confirm the accuracy of F-Squared Investments, Inc.’s (“F-Squared”) historical data and other information contained in advertising materials distributed by Cantella.

Following the Cantella matter, the SEC sanctioned 13 additional advisors in a series of SEC Orders who had also relied upon F-Squared for marketing purposes without properly performing due diligence on F-Squared, its calculation methodologies and/or obtaining proper documentation to verify such calculations. As stated by Andrew J. Ceresney, Director of the SEC Enforcement Division, “When an investment advisor echoes another firm’s performance claims in its own advertisements, it must verify the information first rather than merely accept it as fact.”

Risk Management Tip: These matters, as well as the message sent by Ceresney, clearly illustrate the SEC’s position that due diligence of third parties is the responsibility of the advisor. Firms who do not have policies and procedures in place to perform due diligence on critical third-party providers should generate such policies to reasonably ensure that violations of regulations do not occur.

2. Violations of Rule 21F-17 – Whistleblower Regulations

In the Matter of Merrill Lynch, Pierce, Fenner & Smith Incorporated et al, Release No 78141, (June 23, 2016). The SEC alleged, among other things, that Merrill Lynch, Pierce, Fenner & Smith Incorporated (“Merrill Lynch”) violated rules pertaining to customer protection rules embodied in Exchange Act Rule 15c3-3. As part of this violation, the SEC noted that Merrill Lynch compounded the problem by having overly restrictive agreements that disallowed individuals from bringing such violations to the SEC’s attention as part of its whistleblower regulations. (For more, see: Top Compliance Headaches for Financial Advisors.)

The SEC brought similar actions against other firms in 2015 and 2016 as well. The SEC viewed this as being such an issue within the industry that it issued a “National Exam Program Risk Alert” in October of 2016 that discussed the use of over-inclusive confidentiality language that impede employees and/or former employees communicating with the SEC concerning possible securities law violations.

Risk Management Tip: Firms are strongly encouraged to review the above referenced documents and provide a specific “carve out” to their confidentiality language permitting the voluntary disclosure of such information for the limited purpose of reporting wrongdoing to regulatory bodies.

3. Failure to Safeguard Customer Data

In the Matter of Morgan Stanley Smith Barney LLC, IA Rel. No. 4415 (June 08, 2016). The SEC alleged, amongst other things, that Morgan Stanley Smith Barney (“MSSB”) failed to adopt written policies and procedures reasonably designed to protect customer records and information, violating Regulation S-P (17 C.F.R. § 248.30(a). The SEC stated that this failure allowed an employee of MSSB to transfer sensitive client information from MSSB servers to the employee’s personal server, which was ultimately hacked by third parties. The SEC’s order stated that MSSB’s policies and procedures were not reasonable in light of known risks.

This matter exemplifies the SEC’s position that policies and procedures must be “reasonable” in light of the specific risks associated with a business, especially when it comes to cyber security matters. As stated by Andrew Ceresney, former director of the SEC's Enforcement Division, “given the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection. We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information.”

Risk Management Tip: Having a robust cyber security program to protect customer information is a duty owed by the financial industry to its consumers. Review internal controls and engage appropriate professionals, when needed, to test the adequacy of your customer data safeguards. (For more, see: SEC Enforces Record Number of Cases As Fines Stay Flat.)

4. Over Billing and Failure to Properly Disclose

In the Matter of Marco Investment Management, LLC and Steven S. Marco, IA Rel. No. 4348 (Mar. 02, 2016). The SEC alleged Marco Investment Management, LLC (“MIM”), and Steven Marco (“Mr. Marco”), the firm’s CCO, overbilled clients, charging asset management fees on total asset balances that did not deduct the proceeds of securities sales from margin balances.

This matter serves as an important reminder about the significance of business practices and disclosures relating to fees assessed to investors. Billing of fees is a critical area that is heavily scrutinized by the SEC. JLG expects this will continue to be an area of focus moving forward.

Risk Management Tip: Firms are encouraged to review their current client agreements and other disclosure documents (including Form ADV) for prominent disclosure and perform testing to ensure that such fees are accurately assessed and clearly explained to clients. Be sure that an oversight system of checks and balances is in place and track the billing amount, methods and timing stipulated in client agreements.

Conclusion

These cases highlight the ever increasing purview of the SEC. Matters such as due diligence and marketing still are receiving significant attention from regulators. Other matters, such as cyber security and whistleblower protections, are gaining increasing attention. With the new political regime now in office, it is unknown what future regulations lie ahead. However, we believe that the SEC will continue to have a robust examination program to protect all investors. (For more, see: (For more, see: SEC to Require More Disclosure on Advisor Performance Claims.)

Author: Robert Boeche, Esq., Attorney; Editor: Michelle L. Jacko, Esq., Managing Partner, Jacko Law Group, PC. JLG works extensively with investment advisers, broker-dealers, investment companies, hedge funds, banks and corporate clients on securities and corporate counsel matters.

This article is for information purposes and does not contain or convey legal advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer.

Want to learn how to invest?

Get a free 10 week email series that will teach you how to start investing.

Delivered twice a week, straight to your inbox.