Big data driving SEC focus on disclosures, recommendations and security

Advisers will see SEC regulators employ new methods to investigate a firm's staff training, the suitability of its investment recommendations, conflicts of interest disclosures and cybersecurity safeguards, according to attorneys at the law firm Eversheds Sutherland.

Even if, as many observers expect, enforcement under newly minted SEC Chairman Jay Clayton is not as vigorous as it has been under his predecessors, there will be still be a focus on the most problematic types of conduct, enhanced by increased analysis of large swaths of data.

In a recent presentation, Eversheds Sutherland attorney Adam Pollet highlighted the case the SEC brought against UBS involving the sale of more than $500 million of reverse convertible notes to retail investors, without sufficiently training its advisers on the contours of those complex products.

"Because of the lack of adequate education training, the SEC found that certain reps made unsuitable recommendations. The SEC charged the firm with program-wide violations, rather than finding unsuitable sale for particular customers, and that's where the big data issue comes into play," Pollet says.

Compliance slideshow

Regulators have revealed what kind of issues advisors must address if faced with a review.

1 Min Read

"The takeaways here are, first, while RCNs and other complex products aren't per se unsuitable, this case shows that broker-dealers have to adequately train their sales force to deal with suitability issues with regard to their customers, and particularly customers with limited experience or lower net worth or income," he says.

"Second, the case demonstrates the SEC is becoming more sophisticated harnessing big data to build enforcement cases, and it's possible that there could be future unsuitability cases based just on data."

'A BIG AREA'
Last year may have brought a high-water mark for enforcement at the SEC, when the commission brought a record 868 cases, according to Eversheds Sutherland. The commission also set records for actions brought against broker-dealers and investment advisers or investment companies, at 173 and 159, respectively.

A key part of that scrutiny arises over how advisers are handling conflicts of interest, an issue of mounting concern for SEC enforcement officials.

"This is a big area, and we've seen a number of enforcement actions here," says Eversheds Sutherland partner Brian Rubin.

SEC enforcement statistics

Rubin noted the case the SEC brought against the Robare Group in 2014, where official alleged that the principals of the Houston-based RIA had failed to fully disclose the potential conflicts of interests that could arise from the payments the firm received from its custodian, Fidelity, for placing clients' assets in certain mutual funds. That case has been through a number of twists and turns, with the SEC overturning the initial decision of an administrative law judge to dismiss the matter, which is now pending an appeal in circuit court.

But regardless of how that case turns out, Rubin cautions advisers to revisit their regulatory filings to ensure that they are "disclosing all sources of compensation or potential compensation in their form ADVs that might lead to potential or actual conflicts."

"The takeaways here are first that the SEC will charge a firm for marginal conflicts, even when there's no evidence of harm," he says. "Second, the SEC found that individuals caused the violation on behalf of the adviser, and we're seeing this pop up more and more where the SEC is charging individuals for the firm violations."

SHARE CLASS, CYBER FOCUS
Similarly, the SEC has been ramping up its focus on share classes. The commission has already brought some cases — and Rubin says he knows of "several more in the works" — involving advisers who have been dinged for placing clients in fund shares that carried 12b-1 or other fees, when they were eligible for a no-fee share class.

"If any firms have not focused specifically on 12b-1 and advisory accounts, you should do that because the SEC is looking at that a lot," Rubin says.

Cybersecurity and the larger issue of safeguarding client information are another front where observers expect more activity from enforcement authorities.

In a case that Pollet cites as a cautionary tale, the SEC took action against Morgan Stanley last June, hitting the broker with a $1 million penalty for failing to safeguard client information. A former employee who should not have had access to client data transferred information about more than 700,000 accounts to his personal server, which was subsequently hacked, and some of the clients' information ended up for sale on the internet.

In announcing the disposition of that case, then-enforcement chief Andrew Ceresney noted the importance of having in place policies and procedures governing clients' personal information and who at the firm has access to that data.

"But just having policies and procedures alone isn't going to be enough. Firms should consider testing, auditing and monitoring them as well," Pollet says. "Cybersecurity and other related issues that surround it are growing in importance, and we can expect to see a lot more of these types of cases going forward."

For reprint and licensing requests for this article, click here.
SEC enforcement Enforcement Regulatory actions and programs Cyber security Jay Clayton SEC
MORE FROM FINANCIAL PLANNING