In the past year, the SEC conducted 760 regulatory examinations and proposed over 30 new rules, many of which impose heightened requirements on firms and chief compliance officers. Additionally, the New Marketing Rule, a highly anticipated regulation, became effective this year. Although some of these rules have not yet been passed, it is evident that the SEC is prioritizing regulatory oversight and expects firms to comply with newly enacted rules and amendments.
Here is an overview of a few of the proposed rules and how they could impact your firm.
SEC proposed rules
SEC Proposes New Oversight Requirements for Certain Services Outsourced by Investment Advisers
This rule, proposed on Oct. 26, 2022, would require advisers to satisfy specific due diligence elements before retaining a service provider that will perform certain advisory services or functions, and to subsequently carry out periodic monitoring of the service provider’s performance. The rule would apply to advisers that outsource certain “covered functions,” which include those services or functions that are necessary for providing advisory services in compliance with the Federal securities laws and that if not performed or performed negligently would result in material negative impact to clients.
SEC Proposes to Enhance Private Fund Reporting
These amendments, proposed on Aug. 10, 2022, would enhance how large hedge fund advisers report investment exposures, borrowing and counterparty exposure, market factor effects, currency exposure reporting, turnover, country and industry exposure, central clearing counterparty reporting, risk metrics, investment performance by strategy, portfolio correlation, portfolio liquidity and financing liquidity to provide better insight into the operations and strategies of these funds and their advisers and improve data quality and comparability.
SEC Proposes Cybersecurity Risk Management Rules and Amendments for Registered Investment Advisers and Funds
The amendments, proposed on Mar. 9, 2022, would require, among other things, current reporting about material cybersecurity incidents and periodic reporting to provide updates about previously reported cybersecurity incidents. The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks; the registrant’s board of directors’ oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implanting cybersecurity policies and procedures. Furthermore, the proposal would require annual reporting or certain proxy disclosure about the board of directors’ cybersecurity expertise, if any.
COMPLY Chief Regulatory Officer John Gebauer Provides His Perspective
We interviewed our own Chief Regulatory Officer John Gebauer to get his thoughts on the rapid pace of new rules being proposed by the SEC, along with which of said rules stand out to him as being particularly intensive in nature.
“I’ve said this before and I continue to believe it, the number of proposed rules is really a solutions looking for a problem,” said John Gebauer.
“There has not been a time (that I know of) where such a broad and aggressive regulatory approach has been taken which wasn’t in direct response to a scandal or market failure, such as Madoff. In such cases, there is specific action to be taken in order to protect the industry from similar negative outcomes. Here, however, there is none. The current commission is taking action to reshape and rebuild the U.S. capital markets to fulfill a specific view point. And I think this will result in the expense of countless resources, which will ultimately be borne by the investing public.
Proposed rules like cybersecurity, ESG, outsourcing and the new Custody rule are all going to have significant impact on the market and to the individual investment adviser. I do believe an update to the Custody Rule is worthwhile and, quite frankly, a long time coming. But from my perspective, what the industry needed from this proposal was additional clarification, not the vast overhaul which has been proposed.”
John has been working on data which assesses the time it takes for a proposed rule to come into effect, and we asked how many rules he expects to pass in the next 12 months.
“Currently there are 30 proposed rules. I believe by year end between six and 12 rules will be adopted, which will have an incredible impact, given that many of the rules are similar in size and significance to the new Marketing Rule. Of the currently proposed rules, I think the cybersecurity rules, ESG rules, outsourced rules and both private fund rules will be adopted – more or less, as proposed.
While it takes quite a bit of work to pass a rule, the majority of the rules proposed last year were, in part, planned to be adopted by the end of 2023. Thus, avoiding rule adoption during an election year,” answered John.
When asked how clients can address red flags regarding these new rules, and if there is any general advice he can give to chief compliance officers, John encouraged compliance professionals to not, “get overwhelmed by all the noise. It’s noisier now than it has been in recent history, but it’s important to go back to the basics:
- Conduct a risk assessment of your business.
- Focus on highest risk areas.
- Pay attention to SEC exam priorities, risk alerts and additional guidance.
Create and implement sound policies and procedures, provide the appropriate disclosures and ensure your firm is doing what it says it will do.”
Download ComplySci’s full 2023 CCO Playbook to learn more about the SEC’s 2022 enforcement actions and 2023 exam priorities.