Investment Management Update

Below is a summary of recent investment management developments that affect registered investment companies, private equity funds, hedge funds, investment advisers, and others in the investment management industry.

SEC Issues No-Action Letter to Independent Directors Council, Easing Some Regulatory Burdens on Mutual Fund Boards

In an October 2018 no-action letter, the SEC advised the Independent Directors Council (IDC) that it would not bring an enforcement action against fund boards that rely solely on quarterly written reports by chief compliance officers (CCOs) certifying that their funds complied with requirements allowing for certain affiliated transactions. This written certification replaces the current requirement that fund boards themselves offer quarterly findings on affiliated transactions. The applicable affiliated transactions for which CCO certification is now permitted are: Rule 10f-3, allowing a fund to purchase securities from an underwriter that is an affiliate of the fund or adviser; Rule 17a-7, allowing cross-trades between affiliated funds; and Rule 17e-1, providing guidelines ensuring that those affiliates of a fund that are broker-dealers do not receive brokerage commissions exceeding the usual and customary rates.  

The IDC sought the no-action letter as part of its role in helping to ease regulatory burdens and assisting mutual fund directors in fulfilling their duties. The organization’s view was that permitting fund directors to rely on representations by CCOs allows directors to perform their oversight role properly.

Rule 38a-1 promulgated under the Investment Company Act of 1940 (the 40 Act) sets forth the requirements for compliance programs. Adopted in 2003, it broadly instructs fund boards to establish policies and procedures for compliance with federal securities laws as well as to designate a CCO. Fund boards must initially approve the compliance policies and procedures, although the CCO then assumes day-to-day administration duties. The SEC stated in its no-action letter that in enacting Rule 38a-1, it sought to make CCOs responsible for the fund’s compliance program. By contrast, directors were to be responsible for program oversight.

In its no-action request, the IDC noted that assigning administrative responsibilities to fund directors in Rules 10f-3, 17a-7, and 17e-1 does not align with the SEC’s goals for enacting Rule 38a-1. The SEC agreed that fund boards can maintain their oversight role while receiving written representations from their CCO that transactions in accordance with Rules 10f-3, 17a-7, and 17e-1 follow fund compliance policies and procedures.

The SEC’s decision is significant because it saves fund boards both time and administrative hassle. Prior to the no-action letter, directors needed to devote themselves to reviewing exempt affiliated transactions. Now, fund boards no longer need to ensure that all purchases each quarter were in compliance with the affiliated transaction policies and procedures. As the SEC noted in its no-action letter, providing for board reliance on CCOs allows directors to concentrate on other conflict-of-interest concerns, such as whether an affiliated transaction is in the fund’s best interest, rather than occupying their time with administrative review.

The SEC’s no-action letter represents a more modern approach to fund regulation. It also relieves directors of added responsibilities without undermining a fund’s ability to follow its compliance procedures and policies.

SEC’s Division of Enforcement Increases Activity and Interest in Cryptocurrencies

The SEC’s view of cryptocurrencies and initial coin offerings (ICOs) continues to be the subject of great interest among investors, regulators, and other market participants.

A cryptocurrency is a digital or virtual currency that uses cryptography for security. A cryptocurrency is difficult to counterfeit because of this security feature. Many cryptocurrencies are decentralized systems based on blockchain technology, a distributed ledger enforced by a disparate network of computers. A defining feature of a cryptocurrency, and arguably its biggest allure, is its organic nature; it is not issued by any central authority, rendering it theoretically immune to government interference or manipulation.

There are many different cryptocurrencies available, with the most well-known being Bitcoin. Unlike a traditional currency, such as the U.S. dollar, a cryptocurrency is a digital asset that is exchanged over the web and cryptographically coded for security and verification. ICOs, which are similar to initial public offerings, occur when a company develops a cryptocurrency that it then offers to investors to raise capital.

In December 2017, SEC Chairman Jay Clayton issued a statement addressing cryptocurrencies and ICOs and foreshadowed the Commission’s current stepped-up enforcement activity. He warned potential investors of several red flags in relation to cryptocurrency sales, such as when sellers guarantee returns on purchases. The Chairman also noted that the SEC may be unable to regulate certain purchases in which investors’ funds are transferred to overseas sellers.

The Chairman’s statement also warned broker-dealers, investment advisers, exchanges, lawyers, accountants, and other market professionals that simply labeling a cryptocurrency as a “currency” does not necessarily exempt it from SEC regulation. Instead, he reminded would-be sellers that cryptocurrencies regularly involve the “investment of money in a common enterprise with a reasonable expectation of profits to be derived from the entrepreneurial or managerial efforts of others.” When this occurs, the cryptocurrency is considered to be a security that falls within the SEC’s purview.

Mr. Clayton concluded his statement by explaining that he had requested the SEC’s Division of Enforcement to continue closely policing cryptocurrencies and ICOs, as well as to bring enforcement actions when ICOs violate federal securities laws.

Since the release of the Chairman’s statement, the SEC has indeed continued to examine ICOs with a critical eye. On September 11, 2018, the SEC announced a settlement between the Commission and TokenLot LLC, which promoted itself as an ICO superstore. The SEC had charged TokenLot and its two owners with acting as unregistered broker-dealers. TokenLot served as an exchange for both ICOs and secondary sales. The SEC’s investigation found that a number of the cryptocurrencies traded on TokenLot’s platform met the definition of a security. TokenLot received payments from trading profits and a percentage of the funds raised during ICOs, which required registration as a broker-dealer. As a result of the investigation, TokenLot refunded any unfulfilled orders and began winding down its business. The company also paid $471,000 in disgorgement, plus interest, and retained a third party to destroy its remaining cryptocurrency inventory. TokenLot’s owners further agreed to pay a penalty of $45,000 each, and they both submitted to being banned from the industry and penny stocks, as well as an investment company prohibition for three years.

These recent charges brought by the SEC illustrate the pitfalls of cryptocurrencies and ICOs for buyers and sellers alike. Buyers must be wary of schemes and false information concerning ICOs. For example, they should be on the lookout for ICOs that promise fast and easy profits, feature celebrity promotions, and fail to follow federal securities laws. The SEC has been quick to remind cryptocurrency investors that its disclosure requirements are meant to provide the public with both information and protection. Investing in ICOs that are registered with the SEC or that properly rely on an exemption from registration is the best practice.

For sellers, it is important to remember that the question of whether cryptocurrencies represent securities subject to SEC regulation is a matter of substance over form. The Commission brought its enforcement action against TokenLot because the cryptocurrency buyers sought to profit from the efforts of others to increase their investment’s value. This activity fits the classic definition of a security even though the underlying investment was described as a “currency.”

Does this mean that all cryptocurrencies are securities? Not necessarily. At least, not according to remarks made on June 14, 2018, by William Hinman, Director of the SEC’s Division of Corporate Finance. In his view, even a cryptocurrency originally offered in an ICO can later avoid falling within the definition of a security. Director Hinman stated that when a cryptocurrency’s network is sufficiently decentralized, secondary market sales of that cryptocurrency are no longer sales of securities. In such cases, the purchasers of the cryptocurrency can no longer reasonably expect to receive a profit based on the efforts of a person or group, such as the company that “minted” the cryptocurrency, to increase its investment’s value. He offered Bitcoin, which has no single administrator and which replaces traditional forms of currency, as an example. These characteristics help distinguish Bitcoin from other cryptocurrencies that companies sell to finance projects.

SEC Chairman Clayton also explained in his 2017 statement that a cryptocurrency that is exchangeable for an offeror’s products or services may not be a security. He commented that, “a [cryptocurrency] that represents a participation interest in a book-of-the-month club may not implicate our securities laws, and may well be an efficient way for the club’s operators to fund the future acquisition of books and facilitate the distribution of those books to token holders.”

Courts may be hesitant to view all ICOs as an offering of securities. On November 27, 2018, a federal court in California denied the SEC’s preliminary injunction against Blockvest LLC. The judge determined that in the absence of discovery, and due to disputed facts regarding promotional materials, available information, economic inducements, and representations at seminars, he was unable to determine whether the company’s crypto coins were securities.

Cryptocurrencies and ICOs could represent an important segment of future investments and currency exchanges. For the present, it is important to bear in mind that sales of cryptocurrencies trigger SEC oversight. Tracking SEC guidance and enforcement actions is hence key to avoiding risky purchases and sales of cryptocurrencies.

Voya Financial Advisors Settles Cybersecurity Enforcement Action for Ignoring Cyber Red Flags

On September 26, 2018, Voya Financial Advisors, Inc. (VFA) agreed to a settlement of SEC charges stemming from a 2016 cybersecurity breach.

Without admitting or denying the charges, VFA agreed to pay the SEC a penalty of $1 million and to retain an independent consultant to assess the firm’s cybersecurity policies and procedures.

According to the SEC’s order instituting the settlement, identity thieves impersonating VFA’s contractors had called the company’s support lines to request that operators reset their passwords. These calls occurred over the course of several days in April 2016. Using the contractors’ login information and the new passwords received over the telephone, the thieves gained access to personally identifiable information (PII) concerning at least 5,600 VFA customers. As a result, the thieves were able to create new profiles and obtain account documents for three customers.

The SEC charged VFA with violations of two rules that apply to broker-dealers and investment advisers: the Safeguards Rule (17 C.F.R. § 248.30(a)) and the Identity Theft Red Flags Rule (17 C.F.R. § 248.201).

The Safeguards Rule requires every broker-dealer and investment adviser to implement written policies and procedures that provide administrative, technical, and physical safeguards for customer records and information. The relevant policies and procedures must be reasonably designed to (1) protect the security and confidentiality of customer records and information, (2) defend against threats or hazards to customer records and information, and (3) block unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience.

The Identity Theft Red Flags Rule requires registered broker-dealers, investment advisers, and other financial institutions to implement an “Identity Theft Prevention Program” designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The program must aim to (1) identity and incorporate certain red flags related to covered accounts, (2) detect such red flags as they occur, (3) respond appropriately to red flags as they occur, and (4) update periodically when changes and new risks arise. “Covered accounts” include accounts that broker-dealers or investment advisers offer or maintain primarily for personal, family, or household purposes; accounts that are designed to permit multiple payments or transactions; and any other accounts that broker-dealers or investment advisers offer or maintain in relation to which there is a foreseeable risk of identity theft. An Identity Theft Prevention Program must be drafted and approved by the firm’s board or an appropriate committee, involve oversight and administration by management, require staff training, and exercise oversight of service provider arrangements.

The SEC’s order alleged several oversights on the part of VFA that triggered violations of these rules. First, VFA ran afoul of the Safeguards Rule by failing to implement policies and procedures for its contractors that were reasonably designed to protect customer information and respond to cybersecurity threats. According to the SEC, VFA contractors typically used their own IT equipment and systems, while VFA employees used the IT networks of Voya Financial, Inc., (Voya), VFA’s parent company. VFA also outsourced cybersecurity functions to Voya, and Voya’s cybersecurity policies and procedures were supposed to govern VFA. These procedures required lockouts for users suspected of causing a cybersecurity incident, session timeouts after 15 minutes of inactivity, prohibition of operating multiple concurrent web sessions in applications containing customers’ PII, and multifactor authentication to acquire access to customers’ PII, among other requirements.

Although these policies applied to VFA’s employees, the company’s contractors were not required to adhere to the same standards. VFA contractors, for example, typically operated using their own IT systems to access customer information through a login portal. In addition, their sessions did not time out after 15 minutes of inactivity, and they could remain logged in to multiple concurrent web sessions containing customers’ PII. The SEC also noted that service line operators were not required to check Voya’s running list of telephone numbers suspected of fraud prior to giving temporary passwords to callers, and those customers whose user settings and preferences were modified by the thieves did not receive any notification of the changes from VFA.

Second, the SEC alleged that VFA violated the Identity Theft Red Flags Rule due to failing to review and update its program, which was established in 2009, as well as failing to respond effectively to cybersecurity threats. As VFA’s program was not capable of addressing risks posed to its customers, the SEC concluded that the program was not reasonably designed to identify and respond to red flags.

The SEC’s order offers a number of lessons for broker-dealers and investment advisers. For one, it is important to review and update cybersecurity policies. Changes in technology and operations, such as adding contractors to an institution’s workforce, necessitate such a review.

It is also wise for broker-dealers and investment advisors to ensure that they employ the most effective cybersecurity methods. For example, the SEC noted that temporary passwords should be provided via secure email, rather than via telephone. However, it is important to ensure that cybersecurity involves more than just IT infrastructure—employees must be trained in protecting customer information in the face of a cybersecurity threat. Finally, broker-dealers should ensure that they remain vigilant about potential cybersecurity threats and should act quickly to address all potential exposures.

SEC Withdraws Two Proxy Advisory No-Action Letters Indicating More SEC Attention to ISS and Other Proxy Advisers

The SEC held a roundtable session on November 15, 2018, to hear investor, issuer, and other market participant views concerning the proxy process and rules. The session focused on in-depth discussions of the current proxy voting mechanics and technology, the shareholder proposal process, and the role of proxy advisory firms.

To facilitate the discussions at the roundtable session as well as to receive information and feedback from stakeholders with multiple perspectives, including on the staff guidance in Staff Legal Bulletin No. 20 (June 30, 2014), on September 13, 2018, the staff of the Division of Investment Management reexamined the no-action letters that had been issued in 2004 to Egan-Jones Proxy Services (May 27, 2004)[1] and Institutional Shareholder Services, Inc., (ISS) (September 15, 2004)[2] and determined to withdraw them. This provided comfort to investment advisers about relying on proxy advisory firm recommendations.

The two no-action letters addressed Rule 206(4)-6 promulgated under the Investment Advisers Act, which requires every investment adviser which exercises voting authority with respect to client securities to adopt and implement written policies and procedures reasonably designed to ensure that the adviser votes in the best interest of its clients. In the Rule 206(4)-6 adopting release, the SEC stated that “an investment adviser could demonstrate that the vote [of its clients’ proxies] was not a product of a conflict of interest, based upon the recommendations of an independent third party.”

Following the issuance of these two no-action letters, on June 30, 2014, the SEC published Staff Legal Bulletin No. 20 to provide guidance about investment advisers’ responsibilities for voting client proxies and retaining proxy advisory firms, as well as to provide guidance on the availability and requirements of two exemptions to the federal proxy rules that are often relied upon by proxy advisory firms. Staff Legal Bulletin No. 20 also provided additional gloss to the two no-action letters. However, Staff Legal Bulletin No. 20 was not withdrawn by the SEC.

The withdrawal of these two no-action letters may not immediately affect investment advisers that rely on independent proxy advisory firms. In a statement regarding SEC staff views, SEC Chairman Clayton emphasized that “[t]he Commission’s longstanding position is that all staff statements are nonbinding and create no enforceable legal rights or obligations of the Commission or other parties.” He stated that the SEC "will continue to review whether prior staff statements and staff documents should be modified, rescinded, or supplemented in light of market or other developments."

SEC Proposes Disclosure Improvements for Variable Annuities and Variable Life Insurance Contracts

On October 30, 2018, the SEC voted to propose rule changes designed to improve disclosure for investors about variable annuities and variable life insurance contracts. The proposal is intended to help investors better understand the features, fees, and risks associated with these contracts and more easily find information they need to make an informed investment decision. The proposal would modernize disclosures by using a layered disclosure approach designed to provide investors with key information relating to the contract’s terms, benefits, and risks in a concise and more reader-friendly fashion, with access to more detailed information available online and electronically or in a paper format on request. Below are some takeaways concerning the proposed rule.

The proposed new rule would permit sending or giving a summary prospectus to investors to satisfy prospectus delivery obligations under the Securities Act of 1933 for a variable annuity or variable life insurance contract. Two distinct types of contract summary prospectuses are permitted: initial summary prospectuses covering variable contracts currently offered to new investors, and updated summary prospectuses for existing investors.

The proposed rule would require the variable contract’s statutory prospectus, as well as the contract’s Statement of Additional Information (SAI), to be publicly accessible, free of charge, at a website address specified on, or hyperlinked in, the cover of the summary prospectus. An investor who receives a contract summary prospectus would be able to request the contract’s statutory prospectus and SAI to be sent on paper or electronically, at no cost to the investor.

The SEC is proposing amendments to the registration forms for variable annuity and variable life insurance contracts to update and enhance the disclosures to investors made in these contracts, as well as to implement the proposed summary prospectus framework. The amendments are intended to improve the content, format, and presentation of information provided to investors, including by updating the required disclosures to reflect industry developments (e.g., the prevalence of optional insurance benefits in today’s variable contracts). 

In addition, the SEC is proposing amendments that require the use of the Inline eXtensible Business Reporting Language (Inline XBLR) format for the submission of certain required disclosures in the variable contract statutory prospectus. This would provide a mechanism for allowing investors, their investment professionals, data aggregators, and other data users to efficiently analyze and compare the available information about variable contracts.

The SEC is proposing certain technical and conforming amendments to certain rules and forms, including amendments to rules relating to variable life insurance contracts, as well as rescission of certain related rules and forms. The SEC also is proposing other amendments and the rescission of certain rules and forms that have been rendered moot by legislative actions or are otherwise no longer necessary.

Lastly, the SEC is seeking comments regarding parallel amendments to rules governing mutual fund summary prospectuses and registration forms applicable to other types of registered investment companies.

The SEC has requested public comment on the proposed rule changes and on the hypothetical summary prospectus samples that it has published. The public comment period will remain open through February 15, 2019.

IRS Adopts Changes for Tax-Exempt Investors: UBTI “Silo Rule”

Tax-exempt organizations, although generally exempt from federal income tax, are subject to tax on their unrelated business taxable income (UBTI). UBTI is defined as income from any trade or business regularly carried on by the exempt organization that is not substantially related to its tax-exempt function. Certain types of income, such as dividends and interest, are exempt from being classified as UBTI.

For tax years beginning in 2018, the Tax Cuts and Jobs Act modified the rules applicable to UBTI. Previously, tax-exempt organizations were permitted to aggregate their unrelated business activities so that losses stemming from any one activity could offset income from another activity. Under the new “silo rule,” the taxable income from each unrelated trade or business is calculated separately. If activity from one unrelated business generates a loss, that loss can only be used to offset future income from that business. Losses that were generated prior to 2018 are not subject to this new limitation.

Earlier this year, the IRS issued Notice 2018-67, which provided some clarification about what activities can be treated as a single unrelated trade or business. The notice acknowledged the complexity of making this determination when an exempt organization holds an interest in a tiered partnership, where there could be multiple underlying businesses. To ease this burden until proposed regulations are issued, a tax-exempt organization may aggregate its UBTI from its interest in a partnership with multiple trades or businesses, including those in a tiered structure, as long as either a de minimis test or a control test is satisfied: 

• The de minimis test is satisfied if a tax-exempt organization holds no more than two percent of the profits interest and no more than two percent of the capital interest in the partnership, as shown on Schedule K-1.   
• The control test is satisfied if a tax-exempt organization (i) holds no more than 20 percent of the partnership’s capital interest and (ii) does not have control or influence over the partnership, taking into account all facts and circumstances. 

For both tests, the applicable percentage includes direct ownership as well as ownership by disqualified persons, supporting organizations, or controlled entities.

If a tax-exempt organization has multiple partnership interests that satisfy one of these tests, the notice further permits the organization to treat all the interests as a single trade or business. Additionally, for interests acquired prior to August 21, 2018, an organization may apply a transition rule and treat a partnership interest with multiple underlying businesses as comprising a single trade or business, even if the de minimis and control tests are not satisfied. Such interests simply cannot be aggregated with other partnership interests for the purposes of calculating the UBTI.

In light of the updated UBTI rules, tax-exempt organizations that are investing in funds structured as partnerships will likely be reviewing their investments and ensuring that they have appropriate documentation to continue aggregating their UBTI to the greatest extent possible. Regulations are expected, and Ballard Spahr’s Tax Group and Investment Management Group will continue to monitor trends in this area.

IRS Issues Qualified Opportunity Zone Regulations Clarifying Certain Ambiguities

In the last edition of Investment Management Update, we highlighted some key risks and rewards stemming from the Tax Cuts and Jobs Act’s creation of Qualified Opportunity Zones. The first set of QOZ regulations have now been issued, and they clarify certain aspects of this potentially valuable program. Key items include provisions for operation of the program after 2028, as well as allowances for working capital held by a QOZ business in its startup phase. Click here to read the full analysis by our Qualified Opportunity Zones Team.