Developments in RIA Record-Keeping Obligations
There has been a lot of chatter in the industry related to the impacts of the EU’s Marketing in Financial Instruments Directive (MiFID II) on investment managers around the globe which are expected to come into effect in January 2018.
While the effects of MiFID II will affect only some US firms, investment managers should still be aware of the implications of other regulatory developments for US record-keeping obligations. The following provides an overview of the impact of MiFID II for non-EU fund managers, exemptive relief recently issued by the CFTC concerning the use of third-party record-keepers, and a general reminder concerning US record-keeping obligations related to electronic communications.
MiFID II for Non-EU Investment Managers
While MiFID II is expected to have limited direct impact on non-EU investment managers, there may be some key areas where firms are impacted by the new requirements. Non-EU managers may be affected by MiFID II in certain situations, such as:
- The application of position limits and reporting requirements for managers trading in commodity derivatives listed or tradable in the EU;
- The progressive movement of OTC trading onto regulated markets;
- A wider scope of post trade price and transaction reporting of financial instruments required by EU brokers;
- More restrictive access to dark-pools due to new trading volume caps;
- Attempts by EU managers to establish stronger oversight and control over best execution monitoring and research budgeting;
- Due diligence and assessment of users of algorithmic and direct access trading tools provided by EU brokers;
- Tighter controls over the allocation of IPO and secondary allocations effected by banning conflict-ridden fee structures; and
- Product target market definition and costs and charges disclosures where funds are distributed via an EU platform or intermediary.
However, US firms with a physical location in the EU who serve European clients are now within the regulatory crosshairs of the new regulations. In order to be MiFID II-compliant, investment management firms with an EU presence, both large and small (including some hedge fund managers) will need to comply with the new rules covering research unbundling, best execution reporting and monitoring, transaction reporting, telephone recording and product governance responsibilities. For firms obliged to keep electronic records of communications, the MiFID II obligations will require that records are kept for at least five years (and up to seven if requested by National Competent Authorities), which is a significant increase from the six months for telephone recording of records currently required by the FCA.
MiFID II record keeping requirements will, in themselves, be challenging to comply with, but it is also important to note that firms are obliged to do more than simply keep records; they will also have to monitor those records on a proportionate and risk based basis. US firms should evaluate the impact of MiFID II on their operations domestically and in the EU and determine what steps, if any, are necessary in order to comply starting in January 2018.
CFTC Exemptive Relief
Effective June 30, 2017, the U.S. Commodity Futures Trading Commission (“CFTC”) Division of Swap Dealer and Intermediary Oversight (“DSIO”) issued exemptive relief allowing registered commodity trading advisors (“CTAs”) to use third-party recordkeepers. Historically, CTAs have been required to maintain certain client and investor records at their “main business offices.” This relief may be viewed as part of a trend of the CFTC in updating its rules and regulations to more accurately reflect present-day recordkeeping processes and technologies by modernizing and making the processes more technology neutral. In providing this relief, the DSIO is bringing CTAs’ recordkeeping obligations more in line with those of CPOs. Current registrants determining whether or not to use third-party recordkeepers must file Notice when they decide to so. Future registrants will file Notice at the later of the time of their registration or on the date they determine to use third-party recordkeepers.
Recent SEC Sweep Concerning Electronic Communications
Since 2001, advisers have been permitted to maintain records electronically if they establish and maintain procedures: (i) to safeguard the records from loss, alteration, or destructions, (ii) to limit the access to the records to authorized personnel, the Commission, and fund directors (if applicable), and (iii) to ensure that electronic copies of non-electronic originals are complete, true, and legible. With respect to records whose original form is electronic (i.e. email, chat, texts, etc.), such communications must be retained to the extent fall under the scope of records required under Rule 204-2 of the Advisers Act.
Regardless, the SEC has taken the position it can review all electronic communications retained by an adviser regardless of whether or not they fall under an explicit category mandated by the rule. In a new development last month, the Office of Compliance Inspections and Examinations (OCIE) sent requests to registered investment advisers targeting electronic communications on advisers’ systems or on third-party applications. These requests were explicitly not focused on firm-provided email accounts, but rather on other electronic messages (e.g. text messages, social media messages, third-party apps such as Slack or Bloomberg, personal emails, etc.).
The OCIE is evidently focused on the retention and maintenance of records related to electronic communications. This includes documentation around the devices, applications, and third-party vendors being used as well specifics around the retention of required records. To the extent employees are utilizing any electronic messages to conduct firm business, registrants should have a mechanism for retaining and archiving those communications. The retention of the communications should be part of a firm’s recordkeeping system, and there should be processes around ensuring the effectiveness of the controls around the retention. Because most firm communications are housed by third-party vendors, firms should ensure the maintenance of records of any diligence conducted on those third-parties (e.g. did your firm ensure that the service provider has WORM functionality, which is required to be SEC-compliant?).Lastly, compliance policies should prohibit employee use of any communications for business purposes which are not already subject to a firm’s supervisory process.
It is as imperative as ever for firms to keep their record-keeping policies and procedures in line with ever shifting regulations. Should the SEC, CFTC or FCA come into a firm to see if they are compliant, proper policies and procedures should be in order. US firms should be well aware of the implications and action they will face if their record-keeping obligations are not up to par with these regulatory requirements, and similarly the FCA is suggesting it will take enforcement action for firms that do not take sufficient steps to implement MiFID or seek to by-pass their new responsibilities.