Curated for compliance officers of mutual funds and investment advisers, please find summaries and links to headlining compliance and regulatory topics from the first quarter of 2022.

Despite operating without a full complement of Commissioners following Elad Roisman’s departure (and Allison Lee’s impending departure; President Biden has nominated two new Commissioners), SEC Chairman Gensler has charged ahead with rulemaking at a torrid pace. So much so that the Investment Company Institute and 24 other trade associations sent a letter to the Chairman urging him to slow down to allow reasonable time for comment on the bevy of proposals. Nevermind that funds and advisers are facing down the speeding train of new rules (derivatives and valuation) that require implementation in just a few months. There’s barely time to register the market tumult, especially in Russia. Attention now shifts to cybersecurity rulemaking, amendments to the Advisers Act compliance rule (206(4)-7), and shortening the standard settlement cycle to T+1 (to say nothing of the proposed climate-related disclosures rule for operating companies). Couple that with the Division of Examinations’ release of its annual exam priorities, a risk alert to private fund advisers, and a Staff Bulleting addressing standards of conduct, and you have the makings of a run on antacids! Which is to say that FINRA’s timing was auspicious to issue a reminder of potential liability for CCOs. Fun times ahead? Your mileage may vary.

Below are highlights of the recent activity and related commentary addressing how these matters may impact advisers and funds.

Cybersecurity Risk Management

This proposal would directly impact both funds and advisers to funds with, respectively, new Rules 206(4)-9 and 38a-2. The basic proposal should be hardly controversial in this day and age: Advisers and funds would have to adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks, and advisers would have to report significant cybersecurity incidents affecting the adviser or its clients to the Commission on a new confidential form. “Prompt” reporting of breaches to clients would be required. Advisers and funds also would have to publicly disclose cybersecurity risks and significant cybersecurity incidents that occurred in the last two fiscal years, and the rule would impose recordkeeping requirements.

As they say, the devil is in the details. From a compliance standpoint, most funds and advisers already have relevant policies and procedures, but the proposal has some prescriptive elements that may impose new burdens and challenges. In particular, the rule would require risk assessments that reach service providers – a potential enormous responsibility and perhaps unworkable task. (Does the SEC imagine legions of adviser and fund CCOs will descend upon service providers demanding access to their IT infrastructure? Do funds and advisers have sufficient expertise to evaluate the cybersecurity systems of their service providers? Would the SEC deem it sufficient to rely on a certification or controls report?) One may reasonably ask why the SEC does not simply directly regulate the service providers (at least distributors and transfer agents are registrants subject to examination). The reporting requirements would be new, though probably not remarkable. We expect there will be discussion with the SEC about ensuring business sensitive information is shielded from public disclosure. The proposed rule also includes updates to Form ADV brochures as well as specific requirements for registration statements. If adopted, the rule could expose all registrants to substantial risk of litigation or enforcement actions based on cyber breaches. Like other rule proposals in recent memory, this one may extend beyond guiding principles and could create regulatory traps for the unwary.

Comments on this proposal were due 60 days following publication of the proposing release on the SEC’s website or 30 days following publication of the proposing release in the Federal Register, whichever period is longer, which resulted in a due date of April 11, 2022. For more information about this proposal, please visit the SEC’s website at the link below:

Proposed Rule: Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies

Shortening the Settlement Cycle to T+1

This proposal, if adopted, would shorten the standard settlement cycle for most broker-dealer transactions to one business day after trade date (T+1) instead of the current T+2. The SEC believes this will reduce risks in the clearance and settlement process. This rule generally has significant industry support and was a reasonable step short of T+0 settlements, which may be preferable in some respects, but would impose operational challenges that the industry is not ready to implement. The Commission views this rule as a pathway to eventual T+0 settlements. The proposal has many complex elements that generally do not affect our fund clients and advisers, except that there is a provision that would require advisers to maintain certain records of trade confirmation and allocation information. While we expect general support for the proposal, we anticipate there will be fine-tuning needed to address the need for potentially longer settlement periods for security-based swaps and ETFs that have foreign holdings.

As with cybersecurity, comments on this rule were due by April 11, 2022. For more information about this proposal, please visit the SEC’s website at the link below:

Proposed Rule: Shortening the Securities Transaction Settlement Cycle

Private Fund Adviser Regulation and Compliance

Hitting the trifecta of rule proposals released on the same day, this proposal was designed to improve investor protection for those investing in private funds. The proposed new rules and amendments would impose some new requirements to improve transparency and prohibit certain practices that the SEC believes are prone to conflicts of interest and excess investor risk. It would require registered advisers to private funds to obtain annual audits and provide investors with quarterly statements that disclose specific information about fund fees, expenses, and performance. These core requirements are, broadly speaking, familiar under the Custody Rule or already incorporated into best practices. But the proposal has some key differences from the Custody Rule, such as requiring advisers to take “all reasonable steps” to cause funds advised but not controlled by the adviser (i.e., sub-advised funds) to prepare audited financial statements. The prompt delivery requirement also differs from the Custody Rule’s existing requirement that audited financial statements be delivered within 120 days of the fund’s fiscal year-end.

The proposed changes also would prohibit all private fund advisers (registered or not) from giving preferential treatment to certain investors unless the terms are disclosed to all current and prospective investors. This would effectively bar the practice of privately negotiated side letters. Finally, the proposal includes specific prohibitions on certain fee practices and disclaimers or limitations of liability (i.e., the use of “hedge clauses”). We expect there will be resistance to these new limits. After all, conceptually private fund investors are supposed to be sophisticated and able to fend for themselves.

The SEC also shoehorned into this proposal another provision that would require all advisers to document in writing the annual review of their compliance program. This appears to apply to all registered advisers (even for registered funds), which effectively would close an odd loophole in Rule 206(4)-7 that had not technically required a written report (as is required under the analogous rule 38a-1). Most advisers already prepare written reports as a matter of best practice, so this should not effect a significant change for most.

As with the other new proposals, the SEC imposed a short comment period, but with a later publication in the Federal Register, the comment period for this proposal closes on April 25, 2022. For more information about this proposal, please visit the SEC’s website at the following link:

Proposed Rule: Private Fund Advisers; Documentation of Registered Investment Adviser Compliance Reviews

Climate-Related Disclosures

The SEC has proposed rules that would require public companies to make certain climate-related disclosures in their registration statements and periodic reports. The proposal would not directly impact funds (except for BDCs) or investment advisers (except for those that are public companies). Nevertheless, it may have an indirect impact (particularly for funds that are ESG-focused), and it could be a harbinger of possible future regulations for registered funds as it dovetails with planned rulemaking for funds related to ESG disclosures.

The proposal, which is based in part on the Task Force on Climate-Related Financial Disclosures and the Greenhouse Gas Protocol, would require disclosures about exposure to climate-related risks and its impact on the environment, focusing primarily on emission of greenhouse gases. Disclosures would have to address governance of climate-related risks; how these risks materially impact the registrant’s business and financial statements; how climate-related risks impact the registrant’s strategy, business model, or outlook; risk management; emission metrics; and climate-related targets or goals. Disclosure, which could extend beyond the registrant’s own operations to its suppliers and distributors, would not depend on materiality.

This rule is nothing if not controversial. Some surely consider this proposal welcome and long overdue; others consider it an attempt to regulate climate change exceeding the SEC’s statutory authority. Even by the SEC’s own estimate, compliance will be expensive and burdensome. Whatever the final form of the rule, we anticipate a vigorous court challenge, but investor demand for some climate-related disclosure is probably here to stay.

Comments on the proposal are due May 20, 2022. For more information about this proposal, please visit the SEC’s website at the following link:

Proposed Rule: The Enhancement and Standardization of Climate-Related Disclosures for Investors

SEC Examinations Priorities for 2022

The SEC’s Division of Examinations (DOE) has issued the latest installment of annual exam priorities (better late than never). Many of these are perennial topics, with a few new features that serve as precursors to rulemakings and likely presage areas of enforcement. Unsurprisingly, the staff’s primary focus areas include private funds, ESG (environmental, social, and governance) investments, retail investor protection, information security, and digital assets. The report also identifies broad areas of interest for both registered advisers and funds, and there is a nod to the transition away from LIBOR. The report provides several interesting statistics, including an increase in the number of examinations last year to pre-pandemic levels (more than 3,000 in 2021), with approximately 69% of those exams resulting in deficiency letters (which seems lower than historical norms).

Each of the primary focus areas has broad general application to all segments of the market. That is true even for the focus on private funds, which the SEC sees as having retail reach through either registered fund investments or pension plans that allocate assets to private vehicles. Each of the primary focus areas (with the possible exception of digital assets, which is among the Chairman’s considerable interests) also has a companion rulemaking or risk alert. Thus, it should not be lost on anyone that the SEC is laser-focused on these areas. Key considerations for our adviser and fund clients include the following:

Private Funds. DOE will focus on evergreen topics such as compliance programs, valuation, conflicts of interests, disclosures, and MNPI controls. DOE has a laundry list of other focus areas, including the calculation and allocation of fees (continuing a theme in recent risk alerts), preferential treatment of private funds experiencing liquidity issues, custody, cross-trade and principal transaction disclosures, and investments in SPACs. More generally, the staff will be assessing portfolio strategies, risk management, and allocations, particularly with respect to conflicts and related disclosures.

ESG Investing. The SEC professes not to want to regulate ESG (or climate), but the Commission wants to be sure advisers and funds are doing what they say they are doing and not just “greenwashing” their offerings. In short, DOE is focused on ESG-related disclosure. As with last year’s priorities, the staff will consider whether proxy voting aligns with ESG disclosures and mandates. Observing a “lack of standardization” in ESG investing terminology, DOE seems to hint at the thrust of rulemakings that would allow investors to make informed decisions based on comparative data.

Standards of Conduct – Retail Investors. Following rulemaking and various guidance, DOE will assess how advisers and broker-dealers are satisfying Reg BI and adviser fiduciary duties. This generally includes sales practices, conflicts, and disclosures. The staff also will focus on revenue sharing and share class selection, which are familiar enforcement themes. As if on trend, DOE notes it will look at sales practices related to SPACs among other products that may be unsuitable for certain retail investors, such as leveraged or inverse products, REITs, private placements, annuities, and microcap securities.

Information Security and Operational Resiliency. Following our experience with recent examinations and a companion to the cybersecurity rulemaking, DOE is focusing on safeguarding customer information, cybersecurity, incident response and disaster recovery (including climate-related risks), and business continuity. Registrants also are reminded to oversee vendors, address malicious email (phishing), and manage the risks of a dispersed workforce in a work-from-home environment. In short, police the waterfront and keep the lights on.

Emerging Technologies and Crypto-Assets. This is the one focus area that does not (yet) have a corresponding rulemaking, but the SEC is clearly projecting its concerns. DOE will focus on new products and practices, such as fractional shares and digital engagement, seeking to ensure that proper operational controls are in place to address unique risks. The staff will assess whether market participants engaged with digital assets have proper custody arrangements and are mindful of standards of conduct when recommending products. They also will assess whether compliance practices have been enhanced and risk disclosures are updated to address the unique features of these products. And registered funds with exposure to crypto-assets will be assessed for compliance, liquidity, and operational controls surrounding such investments.

DOE’s report identifies several priorities specific to registered funds and advisers, and DOE will prioritize exams of registrants that have never been examined. The exam topics are consistent with our experience over the past several years. For funds (including mutual funds and ETFs), DOE will focus on compliance programs, disclosures, and compliance with new rules and exemptive orders. This will reach ETF compliance such as non-transparent management and the use of custom baskets. The staff also will review liquidity risk management and oversight of third-party services providers. Money market funds and BDCs are invited to the exam party, with a focus on money market requirements like stress testing and BDC valuation practices. DOE also will focus on mutual funds that invest in private funds with an eye toward risk disclosure and valuation.

For advisers, DOE typically will review marketing practices, custody, valuation, conflicts, and disclosures. Further focus areas will include assessing whether compliance programs address client best interest, oversight of service providers, and whether resources are sufficient to discharge the compliance responsibilities. Not surprisingly, they will review whether there are sufficient controls in place for handling material non-public information and whether the adviser has proper oversight of heightened risks, such as employing persons with disciplinary histories. Fee disclosures and calculations also remain front of mind, in case anyone missed the several risk alerts and enforcement actions in this area in recent years.

The exam priorities also include brief discussions about other registrants, including transfer agents and broker-dealers. The staff also will assess AML compliance and exposure to LIBOR and preparedness for transitioning to a new reference rate. The priorities cover many other topics, ranging from clearance and settlement to FINRA oversight. For more information, we encourage you to consult DOE’s publication available on the SEC’s website:

Examination Priorities, Division of Examinations

Risk Alert: Private Fund Advisers

The SEC’s Division of Examinations issued a risk alert concerning private fund advisers. This is a follow-up to a 2020 risk alert (which had followed a 2017 alert) addressing the same topic. While not directly applicable to registered funds, the concepts also more generally could apply in other contexts. The staff issues risk alerts to share observations from the field, highlighting good and bad practices so that advisers can better design compliance programs. This new alert focuses on four principal areas:

While not the most illuminating risk alert, advisers should review their compliance programs to ensure they do not offend any of these same issues using the alert as a road map for future examinations. For more information, please visit the SEC’s website at the following link:

Observations from Examinations of Private Fund Advisers

Standards of Conduct for Broker Dealers and Investment Advisers

At the close of the quarter, the SEC staff issued a bulletin providing guidance that builds on prior SEC guidance regarding Regulation Best Interest (Reg BI) and investment recommendations to retail investors. This guidance document suggests that the distinction between adviser fiduciary standards and broker-dealer conduct standards is being reduced to the vanishing point: “Although the specific application of Reg BI and the IA fiduciary standard may differ in some respects and be triggered at different times, in the staff’s view, they generally yield substantially similar results in terms of the ultimate responsibilities owed to retail investors.” In short, the SEC staff believes both standards require registrants to manage conflicts so that the investor’s interests are placed ahead of the financial professional’s interests.

The Bulletin presents several FAQs and articulates factors that registrants should consider before making account recommendations. Firms should disclose the capacity in which they are acting, and they should decline to make account recommendations unless they have sufficient information about a retail investor to judge the investor’s best interest. They also must consider costs, reasonable alternatives, and investor preferences. The Bulletin also discusses account rollover recommendations and the need to document the basis for account recommendations. For more information, please visit the SEC’s website:

Staff Bulletin: Standards of Conduct for Broker Dealers and Investment Advisers Account Recommendations for Retail Investors

FINRA Reminder Regarding Potential Liability for CCOs

FINRA published a regulatory notice reminding member firms about the scope of broker-dealer chief compliance officer (CCO) supervisory liability under FINRA rules. FINRA states that it brings an action for failure to supervise only when (a) the firm has conferred on the CCO supervisory responsibilities, and (b) the CCO fails to discharge those responsibilities in a reasonable manner. FINRA acknowledges that CCOs typically have an advisory, not supervisory, role unless the written procedures assign the CCO responsibility for maintaining or enforcing written supervisory procedures, or if the president or business manager designated the CCO to have supervisory responsibility. Furthermore, charging decisions would be made after weighing aggravating and mitigating factors.

For more information, please visit FINRA’s website at the link below:

Regulatory Notice 22-10: FINRA Reminds Member Firms of the Scope of FINRA Rule 3110 as it Pertains to the Potential Liability of Chief Compliance Officers for Failure to Discharge Designated Supervisory Responsibilities

Executive Order: U.S. Sanctions Imposed on Russia Related to Invasion of Ukraine

In response to Russia’s recent invasion of Ukraine, and expanding on sanctions issued in the wake of Russia’s invasion of Crimea in 2014, President Biden has issued a series of Executive Orders imposing new financial sanctions on Russia. On February 21, 2022, expanding prior Executive Orders 13660, 13661, 13662, 13685, and 13849, the President imposed new restrictions on investing in (or importing goods or services from) the so-called Donetsk and Luhansk regions of Ukraine. The next day, the President imposed the “first tranche” of new sanctions blocking all transactions and freezing assets of numerous Russian entities and individuals added to the SDN (specially designated nationals) list maintained by the Department of the Treasury’s Office of Foreign Assets Control (OFAC). OFAC also issued Russia-related Directive 1A under Executive Order 14042 prohibiting U.S. persons from any dealings (whether in the primary or secondary markets) related to new Russian sovereign debt issued after March 1.

In a series of directives issued on February 24, 2022, the Treasury announced additional sanctions against Russia, including sanctions against Russia’s two largest banks (Sberbank and VTB Bank) and certain subsidiaries, requiring all U.S. financial institutions to close Sberbank correspondent and payable-through accounts within 30 days, and fully blocking VTB Bank and several other major Russian financial institutions. OFAC also expanded debt and equity prohibitions against major Russian state-owned and private entities. Corresponding General Licenses permit U.S. persons to divest their holdings to non-U.S. persons until May 25, 2022; U.S. persons may not increase their holdings during the interim, after which those holdings will be prohibited. Other General Licenses permit certain other transactions.

On March 11, 2022, the White House announced expansive prohibitions on various imports from and exports to Russia, as well as a broad prohibition on new investment in any sector of the Russian Federation economy. Two weeks later, the White House announced additional sanctions targeting more than 400 Russian politicians, elites, and defense companies. Adding them to the SDN list has resulted in freezing their assets in the U.S. and blocking transactions. The Department of Commerce later announced the addition of 120 Russian and Belarusan entities to the BIS Entity List, thus imposing licensing requirements and other controls on their activities.

The sanctions against the Russian Federation and related entities and persons is constantly evolving and ever-expanding. The sanctions have resulted in severe liquidity constraints on Russian assets and investments, even those trading in Western markets, and in some cases investments are being written down to zero. Thus, not only must advisers avoid prohibited transactions, but they should evaluate the liquidity and valuation of existing Russia-related holdings, even if permissible. We urge advisers with exposure to Russian investments to consult OFAC’s “Ukraine-/ Russian-related Sanctions” webpage (linked below) for the latest information on this sanctions program.

Executive Order on Blocking Property of Certain Persons and Prohibiting Certain Transactions With Respect to Continued Russian Efforts to Undermine the Sovereignty and Territorial Integrity of Ukraine

Russia-related Directive 1A under Executive Order 14042

U.S. Treasury Announces Unprecedented & Expansive Sanctions Against Russia

Executive Order on Prohibiting Certain Imports, Exports, and New Investment with Respect to Continued

Russian Federation Aggression

FACT SHEET: United States and Allies and Partners Impose Additional Costs on Russia

OFAC Ukraine-/ Russia-related Sanctions

Mandatory Reporting of Foreign Securities

Every five years, the Department of the Treasury conducts a survey requiring reporting on holdings of foreign securities by certain U.S. residents as of December 31, 2021. (This is similar to, but is distinct from, the Department of Commerce’s Bureau of Economic Analysis (BEA) survey that is collected on Form BE-180, which was last conducted in 2020 based on 2019 data.) This applies to registered investment funds as well as private funds.

Registrants should heed the definition of foreign securities, which includes securities trading in the U.S. but that were issued by foreign issuers (e.g., ADRs). It includes foreign equities, short-term debt securities (including selected money market instruments), and long-term debt securities. Asset-backed securities are separately reported. There are other securities that are explicitly exempt from reporting such as letters of credit, derivative contracts, loans and loan participation certificates, non-negotiable certificates of deposit, bank deposits and direct investments. Also excluded are direct investments, including investments in real estate and general partner ownership interests. Designation as a “foreign” security is based on the domicile of the issuer; it does not matter where the securities are traded or in what currency.

Filing should have been completed by March 31, 2022, on Form SHC, which is a mandatory report for any U.S.-resident, custodian, or “U.S.-resident end-investor” that (i) has been contacted by the Federal Reserve Bank of New York, or (ii) met the reporting threshold for TIC Form SHC Schedule 2 or Schedule 3 as of December 31, 2021. A “U.S. resident end-investor” includes pooled investment vehicles, including private funds and registered funds (e.g., mutual funds). For either Schedule 2 or 3, the reporting threshold is $200 million. Schedule 2 is based on the total fair value of all foreign securities owned or managed by the SHC Reporter and not held with a U.S.-resident custodian; Schedule 3 is based on total fair value of foreign securities held with anyone unaffiliated U.S.-resident custodian that is not a central securities depository. The thresholds operate independently; you may be required to report on Schedule 2 but not on Schedule 3, or vice versa.

For more information, please review the Treasury’s notice or the Federal Reserve’s filing instructions found at the following links:

Survey of U.S. Ownership of Foreign Securities as of December 31, 2021

The Federal Reserve Bank of New York Report of U.S. Ownership of Foreign Securities