A compendium of regulatory matters for Q1 2023

Shortening the Securities Transaction Settlement Cycle

On February 15, 2023, the U.S. Securities and Exchange Commission (the “SEC”) adopted rule amendments to shorten the standard settlement cycle for most broker-dealer transactions from two business days after the trade date (“T+2”) to one business day after the trade date (“T+1”). In addition, the SEC adopted new rules related to the processing of institutional trades by broker-dealers and certain clearing agencies. The SEC also amended certain recordkeeping requirements applicable to registered investment advisers.

The rule amendments and new rules will:

• Shorten the standard settlement cycle for most securities transactions from two business days after trade date (T+2) to one (T+1);
• Shorten the separate standard settlement cycle for firm commitment offerings priced after 4:30 p.m. from four business days after trade date (T+4) to T+2;
• Improve the processing of institutional trades through new requirements for broker-dealers and registered investment advisers related to same-day affirmations; and
• Facilitate straight-through processing through new requirements applicable to clearing agencies that are central matching service providers (CMSPs).

The final rules will become effective on May 5, 2023. The compliance date for each of the final rules is May 28, 2024.

https://www.sec.gov/rules/final/2023/34-96930.pdf

Comment Period Reopened for Proposed Cybersecurity Risk Management Rules

The SEC reopened the comment period on proposed rules and amendments related to cybersecurity risk management and cybersecurity-related disclosure for registered investment advisers, registered investment companies, and business development companies. The proposed rules are designed to improve the availability of cybersecurity-related information and help facilitate the SEC’s inspection and enforcement capabilities.

The proposed rules would require that “market entities” establish, maintain, and enforce written policies and procedures that are designed to address their cybersecurity risks that could harm advisory clients and fund investors. Market entities would also need to, at least annually, review and assess the design and effectiveness of these policies and procedures. The proposed rules would also require advisers and funds to publicly disclose cybersecurity risks and significant cybersecurity incidents and provide the SEC immediate written electronic notice of such incidents.

The reopened comment period is open through May 22, 2023.

https://www.sec.gov/news/press-release/2023-54

The SEC’s Privacy Act Regulations

On February 14, 2023, the SEC proposed amendments to its regulations under the Privacy Act of 1974, as amended (the “Privacy Act”). The Privacy Act is the principal law governing the handling of personal information in the federal government and the SEC last updated its Privacy Act rules in 2011. The current rules provide procedures for making Privacy Act requests, including requests for access to and amendment of records pertaining to the individual making the request. The proposed amendments would revise the SEC’s regulations under the Privacy Act to clarify, update, and streamline the language of several procedural provisions. The proposed revisions would codify current practices for processing requests made by the public under the Privacy Act, which would provide greater clarity regarding the SEC’s process for how individuals can access information pertaining to themselves. The proposed rule would also allow for electronic methods to verify one’s identity and to submit Privacy Act requests. Due to the scope of the revisions, the proposed rule would replace the SEC’s current Privacy Act regulations in their entirety.

https://www.sec.gov/rules/proposed/2022/34-96906.pdf

Safeguarding Advisory Client Assets – An Update

On February 15, 2023, the SEC proposed a new rule under the Investment Advisers Act of 1940 (“Advisers Act” or “Act”) to address how investment advisers safeguard client assets. The SEC is proposing to amend certain provisions of the current custody rule for enhanced investor protections. The proposed amendments would: a) expand the current custody rule to protect a broader array of client assets and advisory activities to the rule’s protections; b) enhance the custodial protections that client assets receive under the rule; and c) update related recordkeeping and reporting requirements for advisers. The proposed amendments would expand the scope of the current custody rule beyond client funds and securities to include any client assets of which an adviser has custody.

This proposed change uses the more expansive and explicit language employed by Congress in empowering the SEC to develop rules to protect client assets when advisers have custody. “Assets” would mean “funds, securities, or other positions held in a client’s account” and would include all other assets that investment advisers custody for their clients. The safeguarding rule would also explicitly include an adviser’s discretionary authority to trade client assets within the definition of custody.

The proposed safeguarding rule’s enhanced protections would also:

• Require that an adviser enter into a written agreement with and obtain certain reasonable assurances from qualified custodians to ensure clients receive certain standard custodial protections when an adviser has custody of their assets;
• Modify the current custody rule’s exception from the obligation to maintain client assets with a qualified custodian for certain privately offered securities, including expanding the exception to include certain physical assets;
• Retain the current custody rule’s requirement for an adviser to undergo a surprise examination by an independent public accountant to verify client assets, but expand the availability of the current custody rule’s audit provision as a means of satisfying the surprise examination requirement;
• Amend the investment adviser recordkeeping rule to require advisers to keep additional, more detailed records of trade and transaction activity and position information for each client account of which it has custody; and
• Amend Form ADV to align advisers’ reporting obligations with the proposed safeguarding rule’s requirements and to improve the accuracy of custody-related data available to the Commission, its staff, and the public.

The amendments would also redesignate the current custody rule as new rule 223-1 under the Advisers Act (the “safeguarding rule”).

https://www.sec.gov/rules/proposed/2023/ia-6240.pdf

Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information

On March 15, 2023, the SEC proposed amendments to Regulation S-P that would enhance the protection of customer information by, among other things, requiring broker-dealers, investment companies, registered investment advisers, and transfer agents to provide notice to individuals affected by certain types of data breaches that may put them at risk of identity theft or other harm.

The SEC’s proposal would require broker-dealers, investment companies, registered investment advisers, and transfer agents (collectively, “covered institutions”) to adopt written policies and procedures for an incident response program to address unauthorized access to or use of customer information. The proposed amendments would also require, with certain limited exceptions, covered institutions to provide notice to individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization. The proposal would require a covered institution to provide this notice as soon as practicable, but not later than 30 days after the covered institution becomes aware that an incident involving unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred.

The proposed amendments would also make a number of additional changes to Regulation S-P, including:

• Broadening and aligning the scope of the safeguards rule and disposal rule to cover “customer information,” a new defined term. This change would extend the protections of the safeguards and disposal rules to both nonpublic personal information that a covered institution collects about its own customers and to nonpublic personal information that a covered institution receives about customers of other financial institutions;
• Extending the safeguards rule, including the proposed enhancements, to transfer agents registered with the SEC or another appropriate regulatory agency, and expanding the existing scope of the disposal rule to include transfer agents registered with another appropriate regulatory agency rather than only those registered with the SEC; and
• Conforming Regulation S-P’s existing provisions relating to the delivery of an annual privacy notice for consistency with a statutory exception created by Congress in 2015.

https://www.sec.gov/rules/proposed/2023/34-97141.pdf

SEC Issues Risk Alert for Newly-Registered Advisers: Important Considerations and Observations

On March 27, 2023, the SEC’s Division of Examinations (the “DOE”) issued a risk alert (the “Alert”) summarizing the SEC staff’s observations from examinations of newly-registered investment advisers. The Alert discusses the focus areas reviewed during examinations of newly-registered advisers and shares staff observations regarding compliance policies and procedures, disclosures, and marketing practices. According to the Alert, the DOE has prioritized examining newly-registered advisers within a reasonable period of time after their registration has become effective. The Alert also highlights certain information that the SEC staff typically requests and reviews in connection with such examinations. Newly-registered advisers should carefully review the Alert and review their current compliance policies, procedures, practices, and disclosure and consider any appropriate changes in the areas discussed in the Alert.

https://www.sec.gov/files/risk-alert-newly-registered-ias-032723.pdf

Expiration of Vanguard ETF Patent

Since it created the approach in 2001, Vanguard has had the only exchange-traded funds (“ETFs”) that operate as an additional share class of a multi-class open-end mutual fund, rather than as a stand-alone product. This hybrid design has given their funds certain economies of scale and tax efficiencies, particularly in reducing shareholders’ taxable capital gains. Vanguard’s unique fund structure is currently protected by a U.S. patent—a patent that is set to expire in May 2023.

However, this patent is not the only barrier to entry for other managers looking to adopt a similar approach; they will also need exemptive relief from the SEC. At least one other investment manager has already taken an initial step in this direction, filing an exemptive application with the SEC in February 2023 seeking relief to create and operate an exchange-traded share class for seven of its traditional actively-managed funds. While it is not clear whether the SEC will grant this relief, the success of this application would signal to investment managers considering converting their current open-end funds to ETFs that there may be another potential path forward.

16830860 5/3/2023