Compliance Matters Q2 2024

Aug 07, 2024

A compendium of regulatory matters for Q2 2024.

ADMINISTRATIVE MATTERS

SEC Staff Risk Alert Focuses on Preparation for T+1 Settlement

On March 27, 2024, the U.S. Securities and Exchange Commission’s (“SEC”) Division of Examinations published a Risk Alert regarding the shortening of the securities transaction settlement cycle. On May 28, 2024, the standard settlement cycle for most broker-dealer transactions in the U.S. shortened from two business days after the trade date to one business day after the trade date (“T+1”). May 28, 2024, was also the compliance date for new rules related to the processing of institutional trades by broker-dealers and certain clearing agencies, as well as certain recordkeeping amendments applicable to registered investment advisers.

To assess registrant preparedness, the Division of Examinations intends to continue engaging with registrants through examinations and outreach. The Risk Alert provides registrants with additional information about the scope and content of the examinations and outreach.

SEC Risk Alert: Shortening the Securities Transaction Settlement Cycle (sec.gov)

SEC Limits the Internet Adviser Exception

On March 27, 2024, the SEC adopted amendments to the rule permitting certain internet investment advisers to register with the SEC (the “Internet Adviser Exemption”). The amendments will require an investment adviser relying on the Internet Adviser Exemption to have, at all times, an operational interactive website through which the adviser provides digital investment advisory services on an ongoing basis to more than one client. The amendments will also eliminate the current rule’s de minimis exception by requiring an internet investment adviser to provide advice to all of its clients exclusively through an operational interactive website and to make certain corresponding changes to Form ADV.

“These amendments modernize a 22-year-old rule to better protect investors in a digital age,” said SEC Chair Gary Gensler. “These changes better reflect what it means in 2024 truly to provide an exclusively internet-based service. This will better align registration requirements with modern technology and help the Commission in the efficient and effective oversight of registered investment advisers.”

The compliance date for the amended Internet Adviser Exemption is March 31, 2025. Advisers no longer eligible to rely on the amended Internet Adviser Exemption, and do not otherwise have a basis for registration with the SEC, must withdraw their registration with the SEC by June 29, 2025, and register in one or more states. The SEC expects to cancel the registration of advisers that fail to withdraw their registration by this date.

Final rule: Exemption for Certain Investment Advisers Operating Through the Internet (sec.gov)

Fact Sheet: Internet Adviser Registration Reforms (sec.gov)

SEC Division of Examinations Issues Risk Alert Regarding Advisers Act Marketing Rule Compliance

On April 17, 2024, the SEC’s Division of Examinations published a Risk Alert sharing preliminary observations from examinations of investment advisers’ compliance with the Marketing Rule under the Investment Advisers Act of 1940, as amended (“Advisers Act”). The Division of Examinations continues to focus on compliance with the Marketing Rule. The Risk Alert encourages accurate completion of the Marketing Rule items contained in Form ADV and compliance with the Compliance Rule, the Books and Records Rule and the Marketing Rule’s General Prohibitions.

The Risk Alert details observations of investment adviser compliance with (1) the Compliance Rule, (2) the Books and Records Rule, and (3) the General Prohibitions of the Marketing Rule. With respect to the Marketing Rule’s General Prohibitions, the Risk Alert provides observations of deficiencies related to the following: (1) untrue statements of material fact and unsubstantiated statements of material fact; (2) omission of material facts or misleading inference, (3) fair and balanced treatment of material risks or limitations, (4) references to specific investment advice that were not presented in a fair and balanced manner, and (5) inclusion or exclusion of performance results or time period in matters that were not fair and balanced.

Final Exams Risk Alert Marketing Observation (sec.gov)

SEC, FinCEN Propose Customer Identification Requirements for Registered Investment Advisers and Exempt Reporting Advisers

On May 13, 2024, the SEC and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) jointly proposed a new rule that would require SEC-registered investment advisers (“RIAs”) and exempt reporting advisers (“ERAs”) to establish, document, and maintain written customer identification programs (“CIPs”). The proposal is designed to prevent illicit finance activity involving the customers of investment advisers by strengthening the anti-money laundering and countering the financing of terrorism (AML/CFT) framework for the investment adviser sector.

Under this proposal, RIAs and ERAs would be required to implement reasonable procedures to identify and verify the identity of their customers, among other requirements, in order to form a reasonable belief that RIAs and ERAs know the true identity of their customers. The proposed rule would make it more difficult for criminal, corrupt, or illicit actors to establish customer relationships — including by using false identities — with investment advisers for the purposes of laundering money, financing terrorism, or engaging in other illicit finance activity.

This proposed rulemaking complements a separate FinCEN proposal in February 2024 to designate RIAs and ERAs as “financial institutions” under the Bank Secrecy Act (BSA) and subject them to AML/CFT program requirements and suspicious activity report (SAR) filing obligations, among other requirements. That proposal cites a Treasury risk assessment that identified that the investment adviser industry has served as an entry point into the U.S. market for illicit proceeds associated with foreign corruption, fraud, tax evasion, and other criminal activities. Together, these proposals aim to prevent illicit finance activity in the investment adviser sector and further safeguard the U.S. financial system.

“The proposed rule is designed to make it more difficult to use false identities to establish customer relationships with investment advisers,” said SEC Chair Gary Gensler. “I support this proposal because it could reduce the risk of terrorists and other criminals accessing U.S. financial markets to launder money, finance terrorism, or move funds for other illicit purposes.”

“Criminal, corrupt, and illicit actors have exploited the investment adviser sector to access the U.S. financial system and launder funds,” said FinCEN Director Andrea Gacki. “This proposal would help investment advisers better identify and prevent illicit actors from misusing their services, while advancing a harmonized set of CIP obligations.”

The rule, if adopted, would require RIAs and ERAs to, among other things, implement a CIP that includes procedures for verifying the identity of each customer to the extent reasonable and practicable and maintaining records of the information used to verify a customer’s identity, among other requirements. The proposal is generally consistent with the CIP requirements for other financial institutions, such as brokers or dealers in securities and mutual funds.

The rule proposal is published on SEC.gov and will be published in the Federal Register. The public comment period will remain open for 60 days after publication of the proposing release in the Federal Register.

Proposed Rule: Customer Identification Programs for Registered Investment Advisers and Exempt Reporting Advisers (sec.gov)

Fact Sheet Customer Identification Program

SEC Adopts Amendments to Regulation S-P to Enhance Protection of Customer Information

On May 16, 2024, the SEC announced the adoption of amendments to Regulation S-P to modernize the rules that govern the treatment of nonpublic personal information of consumers by certain financial institutions, including:

  • Requiring covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information;
  • Requiring that the response program include procedures for covered institutions to provide timely notification to affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization;
  • Broadening the scope of information covered by Regulation S-P’s requirements; and
  • Imposes additional recordkeeping obligations related to the incident response plan, detection of unauthorized access, investigation, service provider oversight, and disposal of consumer information.

In preparation for the upcoming compliance dates of either December 3, 2025, or June 3, 2026, (depending on size), firms should consider the following:

  1. Review and Update Policies and Procedures – this should include updates to existing safeguards and disposal policies to account for the expanded definition of “customer information,” updates to incident response programs and updates to vendor risk management policies and procedures.
  2. Assess Competing Incident Notification Requirements – integrating the Amended Reg S-P requirements into existing notification considerations and understanding how it interacts with other notification obligations will be key to successful incident response.
  3. Identify and Update Service Provider Arrangements – Identify the service providers in scope under Amended Reg S-P and review existing contracts or other agreements to ensure there is sufficient oversight in place for compliance.
  4. Update Retention Schedules – books and records generated by Amended Reg S-P compliance efforts should be appropriately maintained.

Final Rule: Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (sec.gov)

Fact Sheet: Enhancements to Regulation S-P (sec.gov)

Cboe Proposes Rule Changes Related to ETF Share Class Relief

On April 15, 2024, Cboe BZX Exchange, Inc. (“Cboe”) filed proposed amendments to Cboe Rule 14.11(l). Cboe Rule 14.11(l) sets forth listing standards applicable to exchange-traded funds (“ETFs”). The proposed amendments to Cboe Rule 14.11(l) would allow for the listing and trading of exchange-traded shares (the “ETF Class Shares) of open-end investment companies that also offer non-exchange traded share classes, i.e. Mutual Fund Shares, in reliance on exemptive relief granted by the SEC from certain sections of the Investment Company Act of 1940, as amended (the “1940 Act”) (the “ETF Share Class Relief”).

An open-end investment company is required to obtain exemptive relief from Section 18(f)(1), Section 18(i), and related sections of Rule 6c-11 of the 1940 Act. Over the last several months, the SEC has received several applications requesting ETF Share Class Relief. There is no guarantee that the SEC will grant ETF Share Class Relief to any of the current applicants. The Vanguard Group, Inc. is the only recipient of the ETF Share Class Relief.

The Cboe explained that the application for proposed amendments to Cboe Rule 14.11(l) was submitted to prevent any unnecessary delay in listing ETF Share Classes when or if the SEC grants applicants ETF Share Class Relief. The Cboe’s application for proposed amendments to Cboe Rule 14.11(l) would;

  • Make it possible for ETF Class Shares of open-end investment companies granted ETF Share Class Relief to be listed and traded on Cboe pursuant to the Securities Exchange Act of 1934, as amended (the “Exchange Act”).
  • Require ETF Class Shares to satisfy the requirements of their ETF Share Class Relief and certain other requirements as a condition of the ETF Class Shares’ initial and continued listing.
  • Cboe may suspend trading or delist ETF Class Shares should Cboe become aware that an open-end investment company issuing ETF Class Shares no longer operates in reliance of its ETF Share Class Relief.

Without Cboe’s proposed amendments to Cboe Rule 14.11(l), listing for ETF Class Shares would be less streamlined. Without the Cboe’s proposed amendments, listing ETF Class Shares would involve either; (1) using existing generic listing standards for index-based and managed fund shares under Cboe Rules 14.1(c) and 14.1(i) that impose quantitative and qualitative requirements, or (2) the Cboe filing individual applications requesting rule amendments to list ETF Class Shares on the exchange. Both alternatives would require a long and uncertain process with ongoing compliance being complex and difficult.

Proposed Rule Change to Amend BZX 14.11(l) to Permit the Generic Listing and Trading of Multi-class ETF Shares.

NYSE Proposes Rule Changes to Exempt Registered Closed End Funds from Requirement to Hold Annual Shareholder Meetings

On June 6, 2024, the New York Stock Exchange LLC (“NYSE”) filed an application (the “Application”) pursuant to Rule 19b-4 under the Exchange Act, with the SEC proposing amendments to Section 302.00 of the NYSE Listed Company Manual (the “Manual”). Section 302.00 of the Manual currently requires closed-end management investment companies (“CEFs”) listed for trading on NYSE to hold an annual shareholder meeting during each fiscal year. If approved by the SEC, the proposed amendments would exempt CEFs listed on NYSE from the requirement to hold an annual shareholder meeting.

On July 3, 2024, the notice of the Application was made available on the SEC’s website and in the Federal Register. Within 45 days of the date of publication of such notice in the Federal Register, or within such longer period (up to 90 days, as the SEC may designate if it finds such longer period to be appropriate or as to which NYSE consents), the SEC will by order approve or disapprove the proposed rule change or institute proceedings to determine whether the proposed rule change should be disapproved. Section 19(b)(2) of the Exchange Act requires that, after initiating disapproval proceedings, the SEC issue an order approving or disapproving the proposed rule change within 180 days of the publication date of the notice of the proposed rule change. The SEC may extend the period for issuing such order by not more than 60 days if the SEC determines that a longer period is appropriate and publishes the reasons for such determination.

Proposed Rule Change Amending Section 302.00 of the NYSE Listed Company Manual to Exempt Closed-End Funds Registered under the Investment Company Act of 1940 from the Requirement to Hold Annual Shareholder Meetings

SEC Announces Reminder to Confirm Accurate Internal Links in EDGAR Filings

On June 28, 2024, the SEC reminded filers to confirm that internal links in their EDGAR filings are working properly prior to submitting the filings on EDGAR. The SEC noted that filers should confirm whether existing filings have broken internal links and correct any such links.

The SEC noted that it is permissible for electronic filers to include links to different sections within a single HTML document, for example, in exhibits filed pursuant to Item 601 of Regulation S–K. The SEC noted that incorrect internal links will result in errors surrounding those links when the filings are disseminated.

SEC.gov | Reminder: Confirm Accurate Internal Links in EDGAR Filings (updated announcement)

SEC’s Division of Examinations Provides Guidance on Broker-Dealer Exam Process

On June 28, 2024, the SEC’s Division of Examinations published a Risk Alert to help broker-dealers prepare for an examination. The Risk Alert provides information regarding what Division staff may consider when selecting firms to examine and areas of focus for the examination. It also provides the types of information, including documents, staff may initially request during an examination of a broker-dealer and includes a Sample Initial Information Request List.

Risk Alert: Broker-Dealers: Staff Assessment of Risks, Scoping of Examinations, and Requesting of Documents (sec.gov)

SEC Staff Clarifies That Cybersecurity Incident Disclosures For Public Companies Under Item 1.05 of Form 8-K Should Be Limited to Material Cybersecurity Incidents

Erik Gerding, director of the Division of Corporation Finance of the U.S. Securities and Exchange Commission (SEC), issued a statement on May 21, 2024, with clarifying guidance on cybersecurity incident disclosure under Item 1.05 (Material Cybersecurity Incidents) of Form 8-K for public companies. The primary purpose of the statement is that voluntary disclosure of non-material cybersecurity incidents, or for which a materiality determination of a cybersecurity incident has not yet been made, should not be disclosed under Item 1.05 of Form 8-K. Rather, such disclosures should be made under Item 8.01 (Other Events) of Form 8-K.

While the guidance is primarily intended for public companies, the proposed rules and amendments related to cybersecurity risk management for registered investment advisers and registered investment companies include similar disclosure requirements of cyber security risks and incidents on Form ADV Part 2A, Form N-1A or Form N-2, as applicable. Hence, registered investment companies and their advisers should take note of this clarifying guidance considering the SEC’s likely adoption of Rule 38a-2 of the 1940 Act, and Rule 204-2 of the Advisers Act at some point in 2024.

SEC.gov | Announcement: Disclosure of Cybersecurity Incidents Determined To Be Material and Other Cybersecurity Incidents

ENFORCEMENT AND LITIGATION MATTERS

SEC Charges Two Investment Advisers with Making False and Misleading Statements About Their Use of Artificial Intelligence

On March 18, 2024, the SEC announced that two registered investment advisers have agreed to pay $400,000 in total civil penalties to settle charges that each adviser had made false and misleading statements about their use of artificial intelligence (“AI”).

According to the SEC’s order against one adviser, from 2019 to 2023 the adviser made false and misleading statements in its SEC filings, press releases, and on its website. The adviser claimed to use AI and machine learning in its investment process, including claiming that it put “collective data to work to make [its] artificial intelligence smarter so it can predict which companies and trends are about to make it big and invest in them before everyone else.”

According to the SEC’s order against the other adviser, in 2023 the adviser made false and misleading statements on its website and social media accounts. The adviser claimed to be the “first regulated AI financial advisor” and that it provided “expert AI-driven forecasts”.

In both instances, the SEC found that the adviser did not have the AI and machine learning capabilities that it claimed. The SEC remains focused on AI, particularly potential ‘AI washing’. “Investment advisers should not mislead the public by saying they are using an AI model when they are not. Such AI washing hurts investors.” said SEC Chair Gary Gensler.

Each adviser consented to the entry of the SEC’s order finding that the firm violated Sections 206(2) and 206(4) of the Investment Advisers Act of 1940 and Rules 206(4)-1 and 206(4)-7 thereunder. Without admitting or denying the SEC’s findings, each adviser agreed to a cease-and-desist order and censure and to pay $225,000 and $175,000, respectively, in civil penalties.

SEC.gov | Press Release: SEC Charges Two Investment Advisers with Making False and Misleading Statements About Their Use of Artificial Intelligence

SEC Charges Five Investment Advisers for Marketing Rule Violations

On April 12, 2024, the SEC announced settled charges against five registered investment advisers for Marketing Rule violations. All five firms have agreed to settle the SEC’s charges and to pay $200,000 in combined penalties.

The SEC’s orders found that the five firms advertised hypothetical performance to the general public on their websites without adopting and implementing policies and procedures reasonably designed to ensure that the hypothetical performance was relevant to the likely financial situation and investment objectives of each advertisement’s intended audience, as required by the Marketing Rule. Four firms received reduced penalties because of the corrective steps they undertook in advance of being contacted by the SEC staff.

According to the order, one firm also violated other regulatory requirements, including by making false and misleading statements in advertisements, advertising misleading model performance, being unable to substantiate performance shown in its advertisements, and failing to enter into written agreements with people it compensated for endorsements. The order further finds that this firm committed recordkeeping and compliance violations and made misleading statements about its performance to a registered investment company client and that the misleading statements were included in the client’s prospectus filed with the SEC.

“The Marketing Rule’s provisions are crucial to protecting investors from misleading advertising claims,” said Corey Schuster, Co-Chief of the SEC Enforcement Division’s Asset Management Unit. “Today’s actions show that we will continue to employ targeted initiatives to ensure that investment advisers fully comply with their obligations under the rule. They also serve as a reminder of the benefits to firms that take corrective steps before being contacted by Commission staff.”

Without admitting or denying the SEC’s findings, all of the firms consented to the entry of orders finding that they violated the Investment Advisers Act of 1940 and ordering them to be censured, cease and desist from violating the charged provisions, and comply with certain undertakings. One firm agreed to pay a civil penalty of $100,000, while the other four firms agreed to pay civil penalties ranging from $20,000 to $30,000, which reflected certain corrective steps taken by each of these firms prior to being contacted by the SEC staff.

This is the second set of cases that the SEC has brought as part of an ongoing targeted sweep concerning Marketing Rule violations after charging nine other advisory firms in September 2023.

SEC.gov | Press Release: Five Investment Advisers for Marketing Rule Violations

SEC Enforcement Hints at CCO, CISO Liability for AI

During a Program on Corporate Compliance and Enforcement held on April 15, 2024, the SEC’s Director of the Division of Enforcement warned that chief compliance officers (“CCOs”) and chief information security officers (“CISOs”) may be personally liable if certain artificial intelligence (“AI”) risks are not disclosed. In determining such personal liability, the SEC would look to what the CCO or CISO knew or should have known regarding the failure to disclose, what the CCO or CISO actually did or did not do regarding the risk disclosure, and how that conduct, or lack thereof, aligns with the law. However, the SEC has stated that, as long as the CCO or CISO operates in good faith and takes treasonable steps, then that individual would be unlikely to be the subject of an SEC investigation for AI disclosure failures.

Risk disclosures related to AI would include competitive risks and security risks. Security risks failures could result in potential personal liability for CCOs and CISOs. Before making a representation regarding AI in an investment company’s disclosures and using AI in the investment process, investment companies should pause and ask the following questions:

  • What public statements are we making about our incorporation of AI into our business operations?
  • Are these statements and representations accurately reflecting the actual investment process or are they aspirational? Please note that aspirational disclosures may be materially false or misleading and constitute securities fraud.
  • Does AI present a material risk to our business operations in some way?

Additionally, an investment company should disclose its security practices related to AI vendors. These disclosures should include path management and vulnerability assessment of the vendor’s AI infrastructure. Asset managers should ask how the vendor’s products will affect customers and what the role of third-party AI (i.e., ChatGPT) may be.

If an investment company is contemplating using AI in some capacity, the following action items may be considered:

  • Educating all company personnel regarding risks of AI. This includes the risk of violating existing rules and regulations around AI, including overstating capabilities.
  • Executives should engage company personnel to learn how AI interacts with various company activities, strategies, risks, and financial incentives.
  • If new AI uses require updating policies, procedures or internal controls, firms should adopt and execute these changes.

SEC.gov | Remarks at Program on Corporate Compliance and Enforcement Spring Conference 2024

Sign up for Blogs

Interested in receiving the latest blogs information?

SIGN UP
Want to Know More?

Interested in learning more about our solutions? We want to hear from you.

Contact Us Our Services

Institutional Strength | Boutique Service

About Us
Our Services
Resources

The Ultimus Group, LLC is an Equal Opportunity Employer. All rights reserved.

DISCLOSURE: Information contained on this website is based on public data, historical agreements and dialogue with intermediaries. Such information represents our current understanding of the described platforms and the costs associated with them. In many cases, such costs may be negotiable. All pricing and fee information is subject to change without notice.

8778 UFS 2/18/2022

Copyright © 2025 Ultimus Fund Solutions

Ultimus Fund Solution