Legislative and Judicial Actions

Art by Daniel Shaffer

The SEC Returns to Cybersecurity Enforcement Pledge

In March, the U.S. Securities and Exchange Commission (SEC) published its 2021 examination priorities list. One of the top items was to make sure firms are complying with Regulation Best Interest (Reg BI) and the related Department of Labor (DOL) fiduciary rule. A newer development was the division’s enhanced focus on climate change and issues pertaining to cybersecurity.

The priorities list advised that the SEC’s enforcement division “will continue to evaluate whether [regulated] entities have established, maintained and enforced written [cybersecurity] policies and procedures as required.” The list indicates that areas of focus will include “IT [information technology] governance, IT asset management, cyber threat management/incident response, business continuity planning [BCP] and third-party vendor management, including utilization of cloud services.”

Several months later, the SEC had announced a series of sanctions against eight registered advisory firms for failures in their cybersecurity policies and procedures that resulted in what the agency describes as “email account takeovers”; these exposed the personal information of thousands of customers and clients of each firm.

The SEC says the eight firms, some of which operate collectively, have agreed to settle the charges. The firms are the Cetera Advisor Networks LLC; Cetera Investment Services LLC; Cetera Financial Specialists LLC; Cetera Advisors LLC; Cetera Investment Advisers LLC; Cambridge Investment Research Inc.; Cambridge Investment Research Advisors Inc.; and KMS Financial Services Inc. All of these entities were SEC-registered as broker/dealers (B/Ds), investment advisory firms or both.

Technically, the SEC’s orders against each of the firms finds that they violated Rule 30(a) of Regulation S-P, aka the Safeguards Rule, which is designed to protect confidential customer information. The SEC’s order against the Cetera entities also finds that Cetera Advisors and Cetera Investment Advisers violated Section 206(4) and Rule 206(4)-7 of the Advisers Act in connection with their breach notifications to clients.

Without admitting or denying the SEC’s findings, each of the firms agreed to cease and desist from future violations of the charged provisions, to be censured and in addition, to pay a penalty. The Cetera entities will pay a $300,000 penalty; Cambridge will pay a $250,000 penalty; and KMS will pay a $200,000 penalty.

Form 5500 Revisions

The Department of Labor (DOL), via its Employee Benefits Security Administration (EBSA), has joined the IRS and the Pension Benefit Guaranty Corporation (PBGC) in requesting public comments on proposed revisions to the Form 5500 annual return/report. At the same time, EBSA is publishing a notice of proposed changes to its implementing regulations under Title I of the Employee Retirement Income Security Act (ERISA). The proposed changes also include a limited number of other improvements to the annual return/report forms and instructions, says Acting Assistant Secretary for Employee Benefits Security Ali Khawar.

The key proposed revisions and changes to the department’s implementing regulations would do the following:

• Modify the Form 5500 annual return/report and the department’s regulations to implement the SECURE [Setting Every Community Up for Retirement Enhancement] Act requirement for the DOL and the Department of the Treasury to develop a consolidated annual report for groups of defined contribution (DC) retirement plans. Specifically, the proposal would establish a new type of direct filing entity called a defined-contribution-group (DCG) reporting arrangement and add a new Schedule DCG (Individual Plan Information) that such reporting groups must file, in addition to meeting more generally applicable Form 5500 requirements for large pension plans, where pertinent.

• Modify the Form 5500 annual return/report to reflect pooled employer plans (PEPs) as a new type of retirement plan. Also it would implement SECURE Act changes as to how participating employers report information about their multiple employer retirement plan (MEP), by establishing a new Schedule MEP (Multiple Employer Retirement Plan Information). Additionally, for multiple employer welfare plans that provide medical benefits, the proposal would move the questions regarding participating employers that are currently part of the Form 5500 Annual Return/Report to Form M-1 and apply that reporting requirement to non-plan entities that file Form M-1.

• Improve financial reporting for retirement plans in general, including PEPs, other MEPs and the new DCG reporting arrangements. The proposed improvements would add new fee and expense reporting requirements and enhance the format and content of the existing schedules of assets held for investment.

• Expand the number of DC pension plans that would be eligible for small-plan simplified reporting options, including the conditional waiver of the independent qualified public accountant annual audit.

• Add questions to improve financial and funding reporting by PBGC-covered defined benefit (DB) pension plans and to improve oversight and compliance of tax-qualified retirement plans.

The publication of the proposals starts a 45-day comment period. The DOL says it will treat public comments submitted in response to this Notice of Proposed Forms Revisions as public comments on the Notice of Proposed Rulemaking—and vice versa.

Revenue-Sharing Disclosure Failures Result in SEC Action

The Securities and Exchange Commission (SEC) filed an order in mid-September to commence administrative and cease-and-desist proceedings against MML Investors Services LLC (MMLIS), pursuant to Section 15(b) of the Securities Exchange Act of 1934 and Sections 203(e) and 203(k) of the Investment Advisers Act of 1940.

Importantly, the order contains final findings and imposes remedial sanctions and cease-and-desist requirements on the firm, which the SEC accuses of several fiduciary breaches related to the use of revenue sharing. It also presents a learning opportunity for financial services professionals and their clients who use revenue sharing within fiduciary investment accounts and relationships.

As summarized in the order, the proceedings arise out of breaches of fiduciary duties by MMLIS, a dually registered investment adviser (RIA) and broker/dealer (B/D), and MSI Financial Services Inc. (MSI), a former RIA and B/D that was integrated with MMLIS in March 2017. The order says these breaches came about as a result of third-party compensation that MMLIS and MSI received based on their advisory clients’ investments “without fully and fairly disclosing their conflicts of interest.”

“In particular, during certain periods since at least March 2015, MMLIS and MSI invested clients in certain share classes of mutual funds that resulted in the firms receiving revenue-sharing payments pursuant to agreements with their unaffiliated clearing broker,” the order states. “In spite of these financial arrangements, MMLIS and MSI provided no disclosure or inadequate disclosure of the conflicts of interest arising from this compensation.”

According to the SEC, MMLIS and MSI also breached their duty to seek best execution by causing certain advisory clients to invest in share classes of mutual funds that paid revenue sharing when share classes of the same funds were available that presented a more favorable value for the clients, under the circumstances at the time of the transactions.

“Furthermore, MMLIS and MSI failed to adopt and implement written compliance policies and procedures reasonably designed to prevent violations of the Advisers Act and the rules thereunder in connection with its mutual fund share class selection practices and disclosure of conflicts of interest arising out of its revenue-sharing practices,” the order states. “As a result of the conduct described above, MMLIS willfully violated Sections 206(2) and 206(4) of the Advisers Act and Rule 206(4)-7 thereunder.”

The firm provided the following statement: “MML Investors Services takes this matter very seriously and cooperated fully with the SEC. Similar to other industry participants, we have reimbursed impacted accounts and are pleased to have resolved this matter.”

The L Brands Inc. ERISA Lawsuit May Proceed

The U.S. District Court for the Southern District of Ohio, Eastern Division, has ruled in an Employee Retirement Income Security Act (ERISA) lawsuit filed against L Brands Inc., an entity best known as the former parent company of Bath & Body Works and Victoria’s Secret.

The ruling strikes down two related dismissal motions filed by the defendants, one motion alleging the court lacks subject matter jurisdiction and the other suggesting the complaint fails to adequately state a claim for relief. This outcome, though far from the end of the matter, opens the door for discovery and potential settlement—or a trial.

A former participant in the L Brands 401(k) Savings and Retirement Plan sued the plan sponsor late last November, alleging various plan fiduciaries breached their duties under ERISA by allowing excessive fees for recordkeeping and investments. The complaint says the “401(k) Averages Book” shows that the average cost for recordkeeping and administration in 2017 for plans that were much smaller than L Brands’ plan was $35 per participant. It says participants in L Brands’ plan were paying $56 per participant throughout the period the lawsuit covers.

The defendants are also accused of failing to monitor the average expense ratios charged to similar-size plans for investment management fees, which, together with the plan’s allegedly high recordkeeping and administrative costs, renders the plan’s total plan cost “significantly above the market average for similarly sized and situated defined contribution [DC] plans,” according to the complaint. The lawsuit also accuses plan fiduciaries of failing to use the least expensive share classes for mutual funds on the 401(k) plan’s investment menu.

In its new ruling, the District Court considers both dismissal motions in turn, noting that, when a defendant seeks dismissal for both lack of subject matter jurisdiction under Federal Rule of Civil Procedure 12 part (b)(1) and failure to state a claim under part (b)(6), a court must consider the “12(b)(1) motion” first, because the “12(b)(6) motion” will become moot if subject matter jurisdiction is lacking. After doing this, the court says, the plaintiffs’ complaint clears both hurdles as required.

Judge Finds Most Allegations Sufficient in Lawsuit Over CITs

A federal judge has denied motions to dismiss a lawsuit alleging that fiduciaries of the Centerra Group 401(k) plan violated the Employee Retirement Income Security Act (ERISA) by selecting poorly performing collective investment trusts (CITs) for the plan and allowing for excessive recordkeeping fees. According to the decision by the U.S. District Court for the District of South Carolina, Aon Hewitt Investment Consulting (now known as Aon Investments USA) was hired by Centerra’s benefits committee in January 2016 as the plan’s discretionary investment manager. That year, Aon Hewitt replaced 11 actively managed equity, fixed-income and target-date funds (TDFs) with five CITs, called the Aon Trusts, that were managed by Aon Trust Co., a banking affiliate of Aon Hewitt. When the plan merged with another plan in January 2019, the new sponsor replaced the five Aon Trusts.

The lawsuit, filed a year ago December, alleges that the Centerra defendants and Aon Hewitt breached their ERISA fiduciary duties when the plan invested in the Aon Trusts and that they engaged in transactions that ERISA prohibits. The plaintiffs also allege that the Centerra defendants breached their fiduciary duties by causing the plan to pay unreasonable recordkeeping fees. The Centerra defendants and Aon Hewitt filed separate motions to dismiss the claims related to them.

Aon Hewitt argued that the plaintiffs failed to plausibly allege that it breached its duty of prudence under ERISA when selecting the Aon Trusts as investments for the plan. The firm says the plaintiffs rely on a hindsight-driven view of the poor performance of the investment selections instead of an allegation that Aon Hewitt’s process in selecting the investments was deficient.

However, the court noted that the plaintiffs also allege that Aon Hewitt benefited directly and indirectly when it chose to invest the plan in its affiliated Aon Trusts, creating a significant conflict of interest. The plaintiffs also say that, despite the conflict of interest, Aon Hewitt failed to undertake an independent investigation of investment options available in the market before deciding to use its own products; that Aon Hewitt hired an inexperienced manager without a meaningful track record; and that the Aon Trusts were newly created with insufficient performance history.