Sep. 28, 2023

Final Private Fund Rules: Overview and Key Changes From the Proposal (Part One of Two)

On August 23, 2023, the SEC adopted final rules for private fund advisers (Rules), marking the biggest change in the industry since the Dodd‑Frank Act was passed in 2010. The five new Rules require advisers to provide quarterly fee, expense and performance reports; annual fund audits; fairness or valuation opinions in connection with adviser-led secondary transactions; disclosure and/or consent for certain “restricted activities”; and disclosures in connection with the preferential treatment of investors. The SEC also amended Rule 206(4)‑7 under the Investment Advisers Act of 1940, known as the “Compliance Rule,” to mandate written documentation of the adviser’s annual review of the effectiveness of its compliance program. The SEC adopted the Rules over strong dissents from Commissioners Hester M. Peirce and Mark T. Uyeda, who, among other concerns, questioned the SEC’s authority to enact the Rules. This first article in a two-part series parses the Rules and how they differ from the SEC’s original proposal (Proposal). The second article will discuss the compliance challenges posed by the Rules and the next steps for CCOs. Future articles will dive into the details of each of the Rules, as well as what hedge fund managers need to do to comply with them. See our three-part coverage of comments on the Proposal: “General Concerns” (Nov. 10, 2022); “Requests by Commenters” (Dec. 8, 2022); and “Concerns About Specific Requirements” (Jan. 19, 2023).

Technology & Conflicts of Interest: Issues and Implications for Hedge Fund Managers (Part Two of Two)

In 2021, the SEC requested information on the use of certain digital engagement practices (DEPs) and technology in response to the so-called “meme stock” trading in January 2021, asking about, among other things, conflicts of interest. Later that year, the SEC released a staff report on certain January 2021 trading activity, which identified DEPs as an area for additional study and consideration. Almost two years later, we can see the result of those efforts: proposed new rules (Proposal) to address risks to investors from conflicts of interest associated with the use of predictive data analytics (PDA) by investment advisers and broker-dealers (collectively, firms). The Proposal, which was published in the Federal Register on August 9, 2023, reflects what would be a significant shift in the SEC’s approach to conflicts of interest – disclosure of firms’ conflicts associated with their use of PDA, artificial intelligence and similar technologies to interact with investors would not be sufficient. Instead, firms would be required to eliminate or neutralize the effects of such conflicts. The deadline for comments on the Proposal is October 10, 2023. This second article in a two-part series discusses questions raised by the Proposal and its implications for hedge fund managers. The first article explained the events that lead to the Proposal and provided an overview of its key elements. See “Understanding and Mitigating Risks Associated With Trading Driven by Social Media” (Jun. 17, 2021); and “Can Reddit's Influence Be Regulated? SEC Commissioner Discusses Recent Market Volatility” (Mar. 18, 2021).

SEC Risk Alert Highlights Continuing Broker-Dealer AML Shortcomings

Ensuring compliance with anti-money laundering (AML) rules is a critical component of the efforts of the SEC and law enforcement to protect investor assets and preserve the integrity of the financial markets, the SEC Division of Examinations (Division) stressed in a recent risk alert on AML compliance by broker-dealers (Risk Alert). The Division’s latest alert focuses on deficiencies observed with respect to AML program testing, training and identification, as well as verification of customers and beneficial owners. Like many others, the Risk Alert also provides an overview of the relevant regulations. This Risk Alert complements a 2021 risk alert that addressed compliance issues related to suspicious activity monitoring and reporting by broker-dealers. This article assesses the key takeaways from the latest Risk Alert. See “AML Compliance Officers May Be Held Personally Responsible for AML Program Failures” (Mar. 24, 2022); and “AML Program Failures May Draw Scrutiny From Multiple Regulators” (Sep. 10, 2020).

Checklist for Framing and Assessing Third-Party Privacy and Information Security Risk

Effective risk management involves four basic measures: (1) framing the risk; (2) assessing the risk; (3) responding to the risk; and (4) monitoring the risk. Building or enhancing a third-party risk management (TPRM) program to address third parties’ compliance with data protection and privacy regulations should include each of those steps. Privacy and information security go hand in hand. Information security involves protecting data confidentiality, integrity and availability, and a third party that processes personal identifiable information must have those controls in place. As such, it is possible to conduct privacy and security assessments simultaneously – or even combine them. This checklist, derived from our previous in-depth coverage on managing third-party vendor privacy and data security risks, is intended to serve as a guide for the first two measures of an effective TPRM program – framing and assessing the risk. See “A Checklist for Fund Managers to Ensure Adequate Vendor Management” (Sep. 9, 2021); and “How Fund Managers Can Develop an Effective Third-Party Management Program” (Sep. 21, 2017).

U.K. Penalizes Morgan Stanley for Lax Electronic Communications Practices

Investment advisers and other financial services companies are by now well-aware of the SEC’s and CFTC’s focus on appropriate recording and retention of electronic communications relevant to their business operations. A recent proceeding brought by the U.K.’s Office of Gas and Electricity Markets (Ofgem) is an important reminder that firms must also be cognizant of the requirements of other jurisdictions and regulators. Ofgem determined that Morgan Stanley & Co. International plc (MSIP) had violated recordkeeping regulations applicable to trading in the energy markets by failing to record and retain employees’ WhatsApp messages. To resolve the matter, MSIP agreed to pay a penalty of £5.41 million. This settlement is the first time a fine has been issued in the U.K. for failure to record and retain electronic communications relating to trading in wholesale energy products. This article details the relevant regulatory regime and MSIP’s violations. See “Messaging Apps Come Under Increasing Regulatory Scrutiny” (Aug. 31, 2023); and “SEC and CFTC Continue to Penalize Firms for Electronic Communications Recordkeeping Violations” (Aug. 17, 2023).

Akin Adds Leading Hedge Fund Partner in New York

Akin announced the addition of hedge fund attorney Max Karpel as a partner in its investment management practice. Karpel joins from Lowenstein Sandler and will be based in Akin’s New York office. He advises both emerging and established investment managers. For insights from other Akin attorneys, see “Jail, $8.5‑Million Forfeiture and Industry Bar for Securities Analyst in Front‑Running Scheme” (Sep. 29, 2022).