With the SEC prioritizing protection of retail investors, investment advisers are facing increased scrutiny for misappropriation offenses. Adviser representatives are becoming more creative, making it harder for investment advisers to detect misappropriation. It may be easy for investment advisers to rely on software and automated-alerts to safeguard client assets, but the days of solely relying on software or even traditional confirmation letters are gone.

On Sept. 25, 2018, the Security and Exchange Commission (SEC) charged a former adviser representative for misappropriating more than $1.6 million from primarily elderly clients over the span of 14 years. This comes after the SEC announced on Aug.15, 2018 that an investment adviser agreed to pay $4.5 million to settle charges that it failed to safeguard retail investors’ assets from theft after four adviser representatives misappropriated, in aggregate, $1 million. This Alert discusses the significance of the Order and what investment advisers can do to avoid similar offenses.

 Key Considerations

Under Section 206(4) of the Investment Advisers Act of 1940 (the Act), investment advisers are required to exercise the duty of undivided loyalty and utmost care to their clients. Specifically, Rule 206(4)-2, commonly referred to as the “custody rule,” requires investment advisers who have custody of its clients’ funds or securities to adopt and implement policies and procedures reasonably designed to prevent violations by the investment adviser and its supervised persons.

In the Order, the SEC’s primary concern with the investment adviser’s supervisory systems was whether the system effectively detected misappropriation and the breadth of its detection. According to the SEC, the investment adviser had a hybrid supervisory system with manual and automated reviews which combined a geographical field-based supervisory model and a centralized supervisory model. However, because of the volume of transactions processed daily, a technical error, and limitations in the supervisory system, the investment adviser was unable to detect misappropriation that the SEC believed it was capable of discovering. For example, one adviser transferred funds from his client’s account to an account he effectively controlled for his personal business. The investment adviser’s supervisory system did not account for “controlled accounts” because the investment adviser’s system used a “hot list” of addresses, which, at the time, did not include the adviser representative’s business addresses. Further, the investment adviser’s system was limited only to flagging “exact addresses” so variations as subtle as using avenue instead of ave. would not have identified fraudulent transfers from a client’s account.

Moreover, the SEC highlighted the importance of investment advisers ensuring that its heightened supervision unit adequately monitors recidivist adviser representatives. An adviser representative under heightened supervision for prior unauthorized trading was one of the five representatives that misappropriated $1 million between 2011 to 2014. With the lowest offender misappropriating $21,000 in funds, the SEC sent a clear message; it will not tolerate misappropriation of any retail investors’ funds, no matter how small. Despite reimbursing clients for the misappropriated funds, the investment adviser was still penalized.

This Order comes weeks after another investment adviser faced a multi-million dollar fine for failing to reasonably design policies and procedures to prevent its adviser representatives from misappropriating client funds. One adviser representative’s misappropriation of $7 million led the SEC to uncover that the investment adviser’s policies and procedures, while appearing robust, failed to detect or prevent the adviser representatives from misusing or misappropriating client funds through use of internal electronic forms. The investment adviser allowed for its clients to place verbal requests by phone or in-person for outgoing wire transfers and journals of up to $100,000 per day per account. Based on the adviser representative’s attestation on an electronic form and providing certain details, the requests were completed. However, the investment adviser failed to account for fabricated request made by the adviser representatives. The SEC suggested the investment adviser could have routinely called clients to verify the authenticity of the transfer request or require oral requests be followed-up with a letter of authorization from the client or any writing with the client’s signature.

Bottom Line

 Investment advisers should reevaluate their supervisory policies and procedures to ensure their systems are performing as intended. Accordingly, investment advisers should:

  1. Ensure if they are handling large volumes of transactions daily, their systems are capable of processing and reviewing the mass number of transactions;
  2. Increase personal client-contact, not merely sending a letter, but rather client callbacks, at random and based on risk, to verify fund transfers are approved; and
  3. Increase anti-fraud expenditures to guarantee that automated-fraud software systems can account for third-party transfers for “controlled accounts” of persons associated with the advisers.

Investment advisers should consider retaining a compliance consultant to access the reasonableness of their policies. As the recent SEC Orders illustrate, the cost of noncompliance is greater than the cost for failing to comply.