As investment advisers and broker-dealers increasingly have employees work from home, the effort to protect against infection may give rise to a less deadly, but still serious exposure—to an examination, investigation or potential enforcement action by the Securities and Exchange Commission.
With internal control functions attenuated with distance, the potential that careful record-keeping gets neglected is an invitation to significant liability.
Regulated entities such as registered investment advisers are obligated to maintain accurate copies of certain books and records relating to their investment advisory business in order to permit “easy location, access, and retrieval of any particular record,” pursuant to Section 204 of the Advisers Act and Rule 204-2 thereunder, and to make them available to the SEC, including its examination staff, for inspection.
Importantly, these include records of:
- Orders of securities transactions, plus instructions relating to those transactions, including modifications or cancellations of those sales;
- Transaction records, including date, amount, and price;
- Originals of written communications relating to recommendations or advice or the placing or execution of orders;
- Documentation relating to discretionary authority;
- Copies of advertisements and other communications circulated, directly or indirectly, to 10 or more persons; and
- All documents relating to the calculation of performance or rates of return for managed accounts or securities recommendations.
Similar rules apply to broker-dealers, under Section 17(a)(1) of the Securities Act, as well as Rules 17a-3 and 17a-4 thereunder, as well as under FINRA Rule 4511, et seq.
When firms are operating normally, it should not be that complicated for investment advisers or broker-dealers to follow these regulations, especially when personnel are working at the same office, on firm computers, using firm phones and other firm devices, and reporting to a geographically central authority. But the unusual circumstances of the current pandemic—especially for offices where employees are scattered to their homes—impose obstacles to compliance.
This is especially true even if firms process transactions centrally, but record information regarding transaction instructions or modifications remotely. What if an adviser sends an email to 10 or more clients, but may not keep or forward a record of that communication?
Perhaps even more troubling, how will staff working at home protect non-public customer records and information? Given that the failure to adequately safeguard confidential personal information has already been the subject of several recent SEC Risk Alerts, it is probable this will inspire examinations, investigations, and enforcement actions.
These “technical” violations can result in substantial penalties, and are a mainstay of enforcement cases, and remain examination priorities. As a former SEC prosecutor, books and records cases were tempting because they were seen as easier to prosecute, as they did not require proof of wrongful intent, or even negligence. Often, in complex cases, books and records violations present the easy way out to pursue liability when more complicated claims fail.
Recent Enforcement Actions
Numerous recent enforcement actions highlight this emphasis. In SEC v. Yellowstone Partners LLC (No. 19-cv-374), filed in Idaho federal district court in late 2019, the SEC alleged, among other things, that a registered investment advisor “failed to make and keep true, accurate, and current books and records relating to its investment advisory business” by failing to keep records of its advisory agreements with clients.
Similarly, in the case of In Re Marcos Tamayo, Inv. Advisers Act Release No. 5358, Sept. 20, 2019 (AP File No. 3-19474), an investment adviser was alleged to have kept inadequate records regarding his clients, instead keeping handwritten notes in folders, without records of trades in clients’ accounts.
The coming months will likely see a significant increase in investigations and prosecutions of cases relating to books and records requirements. These are the kinds of cases that are especially attractive, not only because the lack of an intent requirement make these cases easier to pursue, but also because they can be brought as an industry-wide sweep. Because there are no good-faith defenses to these claims, it is easier for the SEC to obtain significant settlements early.
These kinds of cases also provide an opportunity for the SEC to bolster its numbers. The SEC Division of Enforcement is often judged by the number of cases and the total dollar amount of judgments and settlements it obtains during the fiscal year. Consequently, there is often internal pressure to identify potential “sweeps” for cases with lower standards of proof, especially when there are expectations of quick and easy settlements.
Three Actions for Compliance Staff
In order to avoid being the headline in an SEC press release, it is essential for compliance staff to do three things: (1) assess, (2) organize, and (3) act.
Who is assigned to ensure centralized record-keeping functions are maintained during work at home periods? Who is tasked to enact remote collection, central reporting, and organizing functions? Has there been an assessment of how quickly and easily local documents/materials can be collected?
Staff working remotely need to be educated on books and records obligations. While the best time to begin continuity of operations training is before it is needed, even with staff scattered remotely there can be training on books and records obligations, including the development of and education about lines of reporting (including on how to assess what are the books and records that must legally be collected and how to assemble and centrally store them).
In addition to training and education, systems of control, retention, and organization need to be imposed. This includes regular sweeps of all personnel working from remote locations, to secure any materials that might be considered books and records, whether in hard copy or electronic form.
This might include all emails and electronic communications, as well as recorded videochats. To the extent possible, have personnel only work on official firm devices, with centralized storage.
By taking these obligations seriously, regulated entities can forestall being a scalp on some prosecutor’s wall. While few compliance programs can be completely perfect, having robust systems to ensure compliance with books and records obligations will likely significantly lower any penalty owed in an enforcement proceeding, should there be a lapse.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Howard Fischer is a partner in the litigation and white collar departments of Moses & Singer LLP. As a former senior trial counsel at the SEC, he was lead counsel in the litigation against Wing Chau and Harding Advisory LLC (relating to CDO asset selection in the run-up to the financial crisis) resulting in a major victory against one of the characters lampooned in the film “The Big Short.” He also led the SEC litigation involving the infamous London Whale, arising from JPMorgan Chase trader Bruno Iksil’s multi-billion dollar loss in its credit derivatives book, and he has prosecuted books and records cases.