Annual Letter: 2022
This is our annual letter briefly reviewing various issues that our investment adviser clients should consider over the next few weeks. We will be pleased to respond to questions, assist you in preparing needed forms and otherwise assist you in satisfying any of the requirements discussed below. Please contact John Broadhurst, Carolyn Reiser, Jahan Raissi, Neil Koren, Jim Frolik, Christina Hamilton, David Suozzi, Anthony Caldwell or Joan Grant.
Legal and Regulatory Changes
1. New SEC Investment Adviser Marketing Rule. As noted in our January 2021 letter, on December 22, 2020, the Securities and Exchange Commission (the “SEC”) adopted a final rule to replace currently separate advertising and cash solicitation rules. According to the SEC, the new rule represents a move to “principles-based provisions designed to accommodate the continual evolution and interplay of technology and advice.” The new rule includes tailored requirements for certain types of performance presentations and will require SEC-registered advisers to review and in some cases revise their existing performance presentations and adopt policies and procedures to ensure continued compliance. The rule took effect May 4, 2021, and advisers must comply with the rule no later than November 4, 2022. Additional information on the new rule is in our client letter available here: SEC Marketing Rule Information.
2. Treasury Department Reporting of Foreign Securities Survey Requirement. December 31, 2021 marked the next reporting date for the Department of Treasury’s Form SHC, a mandatory quinquennial survey of foreign securities ownership of all U.S. persons that manage or own non-US. securities totaling $200,000,000 or more as of that date for their own accounts or for the accounts of their U.S. clients. Foreign securities include interests in offshore master funds and other non-U.S. securities. The last Form SHC report was due in early 2017, which respect to non-U.S. securities held as of December 31, 2016. The mandatory survey and its instructions are included in the Form SHC Quinquennial Report to the Federal Reserve Bank of New York available at www.treasury.gov. The deadline to complete the survey, if applicable, is March 4, 2022.
3. Change in “Qualified Client” Definition Under Investment Advisers Act of 1940 Rule 205-3. Effective August 16, 2021, the SEC adjusted the dollar thresholds associated with the definition of “qualified client” under the Investment Advisers Act of 1940 Rule 205-3. Under such changes to Rule 205-3, a client is considered a qualified client if: (i) it has at least $1,100,000 in assets under management with the applicable investment adviser (an increase from $1,000,000); or (ii) the investor has a net worth of more than $2,200,000 (an increase from $2,100,000). Please reach out to us about updating your offering documents to reflect this change.
4. New Federal Trade Commission (the “FTC”) Safeguard Rules. On October 27, 2021 the FTC adopted expanded and detailed rules implementing the requirement under the Gramm-Leach-Bliley Act of 1999 (the “GLBA”) that financial institutions safeguard the consumer information that they collect and maintain (the “Safeguard Rules”). Under GLBA, “consumer” refers to any individual who is obtaining a service for personal, family or household purposes. The FTC’s Safeguard Rule applies to all investment advisers other than those registered with the SEC, including state-registered advisers and exempt advisers. SEC-registered investment advisers are subject to the SEC’s Safeguard Rule, discussed on page 12.
The FTC’s Safeguard Rule requires an adviser’s information security systems to include the development, implementation, and continuous monitoring of a comprehensive information security program, which includes: access controls; multi-factor authentication; an incident response plan; data inventory; security awareness training for employees; encryption of customer data; and secure testing and disposal methods. The FTC’s Safeguards Rule also requires investment advisers to develop and implement a risk assessment that identifies risks to information security and evaluates whether the adviser’s policy is sufficient to safeguard against those risks.
The FTC further mandated that advisers designate a single “qualified individual” to oversee, implement, and enforce the information security program and report any updates to the adviser’s governing body. A qualified individual can be an employee of the institution or an external consultant. The information security policies of FTC-regulated investment advisers that collect information on more than 5,000 consumers are subject to additional requirements, including that the risk assessment be in writing, that the testing include certain procedures and that the adviser establishes a written incident response plan.
Advisers that are not registered with the SEC must comply with the new FTC Safeguards Rule by October 27, 2022. These advisers must assess their existing information security programs as soon as practicable in light of the specific requirements of the new rule. SEC-registered investment advisers should also review their information security policies, taking into account the specific requirements of the FTC’s Safeguard Rule, as a matter of best practices. If you need more information on whether you must comply with the Safeguards Rule, please reach out to us.