SEC Investor and Cyber Initiatives

The priorities of two new programs
Reported by David Kaleda
Art by Tim Bower

Art by Tim Bower

On September 25, the Division of Enforcement at the Securities and Exchange Commission (SEC) announced the creation of two new groups: the Retail Strategy Task Force and a cyber unit. On October 26, the co-director of the Division of Enforcement, Stephanie Avakian, discussed the respective missions of the two groups during her keynote speech at the Securities Enforcement Forum in Washington, D.C.

The focus of the task force will be on interactions within the retail market, which the SEC broadly views as the “intersection of investment professionals and retail investors.”

In the retail space, the SEC continues to have concerns about certain practices that it views as contributing to two broad areas of misconduct: charging fees that are inadequately disclosed and recommending or trading in products and strategies that are plainly inappropriate under the circumstances. The task force will focus on practices in these areas including:

  • Steering investors to share classes with higher fees when lower-fee share classes are available;
  • Abusive practices in wrap-fee accounts such as failing to disclose the costs of trading through unaffiliated brokers and purchasing investment products that generate additional fees;
  • Recommending that an investor buy and hold products in his account, including in a retirement account, that are clearly inappropriate for a long-term, buy-and-hold strategy, e.g., inverse exchange-traded funds (ETFs);
  • Selling structured products without adequately disclosing fees and markups, which reduce returns; and
  • Abusive practices such as churning that generate large commissions.

Notably, these compliance areas are not new territory for the SEC. In fact, the agency has repeatedly brought enforcement actions against advisers for engaging in such practices. As a result of the task force’s efforts—which will include the use of data analytics and other resources—the SEC is poised to greatly enhance and expand its investigative and enforcement activities, and to extend even greater scrutiny to advisers and other regulated parties.

The SEC’s other new initiative is the creation of the cyber unit, which is tasked with addressing concerns raised by the increasing use of technology by investors and advisers, as well as the growing risk of market manipulation and other investor harm. The cyber unit will comprise SEC staff with expertise and experience in cyber issues.

Clearly, the creation of the dedicated unit signals that the SEC has a growing appreciation of the potential risks associated with cyber issues. Its concerns include the following:

  • The use of technology to gain an unlawful market advantage, e.g., hacking to access material, nonpublic information, hacking of accounts in order to conduct manipulative trading, and disseminating false information through electronic publication;
  • The failure by registrants to adequately secure customer data and ensure system integrity; and
  • The failure by a public company to disclose, or adequately disclose, cybersecurity incidents that occur at the company.

Notably, the SEC has also articulated concerns with respect to the use of blockchain technology, which is the bedrock technology for virtual currencies and for transactions involving such currencies—e.g., initial coin offerings. At the moment, the regulatory implications with respect to blockchain technology and virtual currencies are generally unclear. However, with the assistance of the cyber unit, it is likely that additional clarity—at least on the part of the SEC—is forthcoming.

With the creation of the cyber unit, advisers should expect additional regulatory and enforcement activity as the SEC renews its focus in this area.

There are open questions as to how the new initiatives will affect the SEC’s existing efforts, including its collaboration with other regulators. For example, it is working on the creation of a uniform fiduciary standard, reportedly in consultation with the Department of Labor (DOL). While this joint effort is still in the works, the DOL has signaled that it will move forward with its investment advice regulation and related exemptions. In this regard, it is becoming increasingly likely that the DOL’s rulemaking, when it eventually becomes fully applicable, will be significantly different than as originally drafted and could perhaps also be influenced by its interactions with the SEC.

While the regulatory framework is a work in progress, many plan sponsors and their advisers, to their credit, are beginning to consider the importance of protecting Employee Retirement Income Security Act (ERISA) plan participant data.

David Kaleda is a principal in the fiduciary responsibility practice group at Groom Law Group, Chartered, in Washington, D.C. He has an extensive background in the financial services sector. His range of experience includes handling fiduciary matters affecting investment managers, advisers, broker/dealers, insurers, banks and service providers. He served on the Department of Labor’s ERISA Advisory Council from 2012 through 2014.

Tags
cybersecurity, Securities and Exchange Commission,
Reprints
To place your order, please e-mail Industry Intel.