Understanding the Enhanced Regulation S-P Requirements

On May 16, 2024, the Securities and Exchange Commission adopted amendments to Regulation S-P, the regulation that governs the treatment of nonpublic personal information about consumers by certain financial institutions. The amendments apply to broker-dealers, investment companies, and registered investment advisers (collectively, “covered institutions”) and are designed to modernize and enhance the protection of consumer financial information. Regulation S-P continues to require covered institutions to implement written polices and procedures to safeguard customer records and information (the “safeguards rule”), properly dispose of consumer information to protect against unauthorized use (the “disposal rule”), and implementation of a privacy policy notice containing an opt out option. Registered investment advisers with over $1.5 billion in assets under management will have until November 16, 2025 (18 months) to comply, those entities with less will have until May 16, 2026 (24 months) to comply.

Incident Response Program

Covered institutions will have to implement an Incident Response Program (the “Program”) to their written policies and procedures if they have not already done so. The Program must be designed to detect, respond to, and recover customer information from unauthorized third parties. The nature and scope of the incident must be documented with further steps taken to prevent additional unauthorized use. Covered institutions will also be responsible for adopting procedures regarding the oversight of third-party service providers that are receiving, maintaining, processing, or accessing their client’s data. The safeguard rule and disposal rule require that nonpublic personal information received from a third-party about their customers should be treated the same as if it were your own client.

Customer Notification Requirement

The amendments require covered institutions to notify affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization. The amendments require a covered institution to provide the notice as soon as practicable, but not later than 30 days, after becoming aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred. The notices must include details about the incident, the breached data, and how affected individuals can respond to the breach to protect themselves. A covered institution is not required to provide the notification if it determines that the sensitive customer information has not been, and is not reasonably likely to be, used in a manner that would result in substantial harm or inconvenience. To the extent a covered institution will have a notification obligation under both the final amendments and a similar state law, a covered institution may be able to provide one notice to satisfy notification obligations under both the final amendments and the state law, provided that the notice includes all information required under both the final amendments and the state law, which may reduce the number of notices an individual receives.

Recordkeeping

Covered institutions will have to make and maintain the following in their books and records:

  • Written policies and procedures required to be adopted and implemented pursuant to the Safeguards Rule, including the incident response program;
  • Written documentation of any detected unauthorized access to or use of customer information, as well as any response to and recovery from such unauthorized access to or use of customer information required by the incident response program;
  • Written documentation of any investigation and determination made regarding whether notification to customers is required, including the basis for any determination made and any written documentation from the United States Attorney General related to a delay in notice, as well as a copy of any notice transmitted following such determination;
  • Written policies and procedures required as part of service provider oversight;
  • Written documentation of any contract entered into pursuant to the service provider oversight requirements; and
  • Written policies and procedures required to be adopted and implemented for the Disposal Rule.

Registered investment advisers will be required to preserve these records for five years, the first two in an easily accessible place.

Please contact the attorneys at Stark & Stark for assistance.

The post Understanding the Enhanced Regulation S-P Requirements appeared first on Stark & Stark, PC.

Ensuring Compliance: The 2023 DOL Retrospective Review

The Department of Labor (“DOL”) continues to require the completion of a Retrospective Review. The Retrospective Review (the “Review”) requirement of Prohibited Transaction Exemption 2020-02 (the “PTE”) is designed to assist in detecting and preventing violations of, and achieving compliance with, the Impartial Conduct Standards and the policies and procedures adopted for compliance with the PTE. Compliance with the standards of the PTE is achieved by:

  1. providing investment advice that is in the retirement investor’s best interest,
  2. charging reasonable compensation,
  3. avoiding materially misleading statements about the recommended investment transaction and other relevant matters,
  4. seeking to obtain the best execution of the investment transaction reasonably available under the circumstances, as required by the federal securities laws, and
  5. self-correcting any violation within 90 days and furnishing notification to the DOL within thirty days of the correction.

The retrospective review, report and certification must be completed at least annually and no later than six months following the end of the period covered by the review. A review covering calendar year 2023 must be completed by or before July 1, 2024. The investment adviser must retain the report, certification and supporting data for six years.

Remember that the methodology and results of the retrospective review must be reduced to a written report. The written report must:

  • describe the policies and procedures in place at the investment adviser which ensure compliance with the requirements of the Impartial Conduct Standards, violations of the investment adviser’s compliance policies and procedures during the review period;
  • describe violations of the investment adviser’s compliance policies and procedures during the review period, including a description of the issue, how the issue was detected, and how the issue was remediated;
  • whether any self-corrections were required; and
  • how the policies and procedures were modified, if at all.

The written report should be provided to one of the investment adviser’s Senior Executive Officers, who must then make certain certifications related to their review of the report.

Violations of the PTE’s conditions can be self-corrected when conducting the retrospective review.

The post Ensuring Compliance: The 2023 DOL Retrospective Review appeared first on Stark & Stark, PC.

The New Retirement Security Rule: Updated Fiduciary Definition under ERISA

New Retirement Security Rule: Updated Fiduciary Definition under ERISAOn April 23, 2024, the U.S. Department of Labor (the “DOL”) promulgated a final rule, titled the “Retirement Security Rule” (the “Final Rule”), updating the definition of an “investment advice fiduciary” under the Employee Retirement Income Security Act of 1974, as amended (“ERISA”). In addition, the DOL issued final amendments to several prohibited transaction class exemptions (“PTEs”) available to investment advice fiduciaries, which together with the Final Rule seek to effectuate the DOL’s goal of requiring honest investment advice from investment advice fiduciaries to retirement investors. The updated fiduciary definition under the Final Rule and the amended PTEs will become effective on September 23, 2024, with a one-year phase-in period for certain conditions of the amended PTEs.

Fiduciary Definition

The framework for determining whether a person is an investment advice fiduciary has historically required that investment advice be provided to a retirement investor on a regular basis and pursuant to a mutual agreement, arrangement, or understanding that such advice will serve as a primary basis for investment decisions.

Under the Final Rule, a person will be an investment advice fiduciary for purposes of ERISA if (1) they make a recommendation of any securities transaction or other investment transaction or any investment strategy to a retirement investor for a fee or other compensation (direct or indirect), and (2) such recommendation arises in either one of the following contexts:

  • The person either directly or indirectly (e.g., through or together with any affiliate) makes professional investment recommendations to investors on a regular basis as part of their business, and the recommendation is made under circumstances that would indicate to a reasonable investor in like circumstances that the recommendation:
    • is based on review of the retirement investor’s particular needs or individual circumstances,
    • reflects the application of professional or expert judgment to the retirement investor’s particular needs or individual circumstances, and
    • may be relied on by the retirement investor as intended to advance the retirement investor’s best interest; or
  • the person represents or acknowledges that they are acting as a fiduciary under ERISA with respect to the recommendation.

For purposes of the Final Rule, a “retirement investor” is defined as a plan, plan fiduciary, plan participant or beneficiary, IRA, IRA owner or beneficiary, or IRA fiduciary. “Recommendations” means recommendations as to:

  • the advisability of acquiring, holding, disposing of, or exchanging securities or other investment property, investment strategy, or how securities or other investment property should be invested following a rollover, transfer, or distribution from a plan or IRA;
  • the management of securities or other investment property, including, among other things, recommendations on investment policies or strategies, portfolio composition, selection of other persons to provide investment advice or investment management services, selection of investment account arrangements, or voting of proxies appurtenant to securities; or
  • rollovers, transfers, or distributions of assets from a plan or IRA, including recommendations as to whether to engage in the transaction, the amount, the form and the destination of such a rollover, transfer or distribution.

Significant Changes

The investment advice fiduciary standard in the Final Rule has become narrower than initially anticipated:

  • The DOL clarified that with respect to a person who becomes an investment advice fiduciary due to their representing or acknowledging that they are acting as a fiduciary under ERISA with respect to a recommendation, fiduciary status would apply only with respect to that recommendation and not with respect to every future interaction with the same retirement investor regardless of the circumstances.
  • The Final Rule includes a paragraph specifically confirming that sales pitches and investment education can be provided without triggering ERISA fiduciary status. A key component of this consideration is whether a sales pitch is individualized to a retirement investor’s particular needs and circumstances.

Amendment to Exemption for Transactions Involving Investment Advice (PTE 2020-02)

PTE 2020-02 generally permits parties providing fiduciary investment advice to retirement investors to receive reasonable compensation in exchange for their services, which would otherwise be prohibited in the absence of an exemption. The final amendment to PTE 2020-02 broadens the exemption to cover additional transactions and revises certain conditions, including conditions relating to disclosure, recordkeeping, and ineligibility.

The amended PTE 2020-02 applies to covered transactions on or after September 23, 2024; however, there is a one-year phase-in period beginning on September 23, 2024. During this phase-in period, investment professionals may receive reasonable compensation if they comply with the Impartial Conduct Standards and the fiduciary acknowledgement requirement.

Required Disclosure and Fiduciary Acknowledgement

The amended PTE 2020-02 requires investment advisers to provide a written acknowledgement that the institution and the investment professional are providing fiduciary advice and are fiduciaries under ERISA. Furthermore, the amended PTE 2020-02 requires investment advisers to make certain additional disclosures regarding fees, scope of services, and conflicts of interest.

Impartial Conduct Standard

The amended PTE 2020-02 replaces the “best interest standard” for determining impartial conduct with the “Care Obligation” and the “Loyalty Obligation,” which, according to the DOL, are more consistent with the Securities and Exchange Commission’s Regulation Best Interest. Under the Care Obligation, advice must reflect the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent person acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims, based on the investment objectives, risk tolerance, financial circumstances, and needs of the retirement investor. Under the Loyalty Obligation, the investment professional must not place the financial or other interests of the professional, their affiliate or related entity, or other party ahead of the interests of the retirement investor or subordinate the retirement investor’s interests to those of the professional, their affiliate, or related entity.

Policies and Procedures

Each investment adviser must establish, maintain, and enforce written policies and procedures prudently designed to ensure that the investment adviser and its investment professionals comply with the Impartial Conduct Standards and other exemption conditions. The policies must mitigate conflict of interests.

Specifically, investment advisers may not use quotas, appraisals, bonuses, special awards, differential compensation, or other similar actions in a manner that is intended, or that a reasonable person would conclude are likely, to result in recommendations that do not meet the Care Obligation or Loyalty Obligation. The investment adviser must provide their complete policies and procedures to the DOL within 30 days of a request.

Additionally, the investment adviser must continue to conduct a retrospective review at least annually that is reasonably designed to detect and prevent violations of and achieve compliance with the conditions of this exemption. The investment adviser must maintain records demonstrating compliance with PTE 2020-02 for a period of six years after the covered transaction.

Penalties

The amended PTE 2020-02 broadens the disqualification provisions to include convictions of certain affiliated entities and foreign convictions. Previously, an investment adviser or an investment professional was ineligible only upon a conviction for “crimes arising out of such person’s provision of investment advice” to retirement investors. Under the amended PTE 2020-02, however, a relevant conviction or final judgment that occurs on or after September 23, 2024, with respect to an entity in the same controlled group as an investment adviser would result in such investment adviser’s becoming ineligible to rely on PTE 2020-02 for a 10-year period.

The DOL’s Retirement Security Rule has broad implications for financial institutions, including investment advisers. Stark & Stark remains available to answer any questions and help financial institutions prepare for the Retirement Security Rule’s implementation.

The post The New Retirement Security Rule: Updated Fiduciary Definition under ERISA appeared first on Stark & Stark, PC.

SEC Adopts Amendments to Modernize Internet Investment Adviser Registration Exemption

Background

On March 27, 2024, the Securities and Exchange Commission adopted amendments to modernize the rule for internet investment advisers relying on the exemption that qualifies them for SEC registration as smaller investment advisers. Investment advisers generally need to meet the assets under management threshold, advise a registered investment company, or qualify for an exemption to be registered with the SEC. Previously, Rule 203A-2(f) under the Advisers Act permitted SEC registration for advisers that provided investment advice to all their clients exclusively through a website. The rule also provided an exemption for internet-based advisers that served fewer than 15 non-internet clients within the previous 12 months. With these amendments, internet investment advisers will have to meet new requirements to register with the SEC.

Requirements for Exemption

The amendments will require an investment adviser relying on the internet adviser exemption to always have an operational interactive website through which the adviser provides digital investment advisory services on an ongoing basis to more than one client. The amendments will also eliminate the current rule’s de minimis exception by requiring an internet investment adviser to provide advice to all its clients exclusively through an operational interactive website and to make certain corresponding changes to Form ADV.

Compliance Date

These amendments will become effective on June 25, 2024. Firm’s currently relying on the internet adviser exemption will have to be in compliance by this date. Internet advisers will need to update their Form ADV to reflect a representation that the adviser is relying on the exemption by the March 31, 2025 annual amendment date.

The post SEC Adopts Amendments to Modernize Internet Investment Adviser Registration Exemption appeared first on Stark & Stark, PC.