The role of the CCO has long been defined by labor-intensive, manual tasks – from monitoring insider trading risks to ensuring regulatory filings are both accurate and timely. Artificial intelligence (AI) offers the promise of automating a substantial portion of those routine processes, freeing CCOs to focus on higher-level strategic responsibilities, such as ethical risk management, policy development and stakeholder engagement. Effective use of AI in compliance can transform a CCO from a reactive “policeman” role to that of a strategic partner – an “Algorithmic CCO” for the digital age.

This second article in a two-part series discusses the changing skill set required of the modern CCO, practical steps for implementing AI in compliance functions and the future of AI in hedge fund governance. The first article examined the evolution of hedge fund governance; current and emerging AI use cases in compliance; and potential regulatory challenges.

See “Understanding and Mitigating Risks of Using ChatGPT and Other AI Systems” (Jul. 6, 2023).

The Changing Skill Set of the Algorithmic CCO

From Check-the-Box Compliance to Strategic Partnership

Gone are the days when a CCO’s work primarily involved ticking off boxes for regulatory checklists. Today, the position demands a sophisticated understanding of how data flows through an organization, how algorithms evaluate that data and how to interpret AI outputs in a regulatory context. Rather than spending hours manually combing through documents, the CCO is increasingly a strategic adviser to top management, translating AI insights into policy actions and risk mitigation strategies.

Essential Technical Competencies

Although a CCO need not be a data scientist, a baseline familiarity with AI concepts is becoming crucial. This includes understanding:

• how supervised versus unsupervised learning works;
• the fundamentals of data privacy regulations; and
• the basics of cybersecurity protocols.

Hedge fund manager compliance teams that invest in professional development – through specialized courses, certifications or direct collaboration with data science teams – will be better positioned to maximize AI’s potential.

See this four-part AI compliance playbook: “Traditional Risk Controls for Cutting‑Edge Algorithms” (Sep. 29, 2022); “Seven Questions to Ask Before Regulators or Reporters Do” (Oct. 6, 2022); “Understanding Algorithm Audits” (Oct. 13, 2022); and “Adapting the Three Lines Framework for AI Innovations” (Oct. 20, 2022).

Interpersonal and Leadership Skills

Communication skills are vital, as the CCO acts as a liaison among multiple stakeholders, including IT, legal and senior management. The CCO of the future must be comfortable leading cross-functional AI governance committees, negotiating best practices with external vendors and distilling AI-derived insights into language that regulators and boards can easily understand.

Moreover, a strong ethical compass and the ability to argue for prudent risk management decisions remain essential. If an AI model’s recommendations conflict with ethical guidelines or regulatory norms, it falls to the CCO to raise concerns and, if necessary, intervene to halt questionable practices.

Practical Steps for Implementing AI in Compliance Functions

Conducting a Readiness Assessment

Before deploying AI, fund managers should evaluate their existing compliance workflows and data infrastructure. A readiness assessment may involve mapping all data repositories, identifying manual bottlenecks and measuring the potential return on investment for AI-driven automation. For example, a multi-strategy fund might discover that the majority of its compliance issues stem from poor trade documentation across different desks – a scenario that AI can readily address.

Selecting and Vetting Technology Solutions

Once high-impact areas are identified, the process of selecting and vetting AI technology vendors begins. Key considerations include:

• Explainability: The ability to trace how the AI arrives at its decisions;
• Robustness: The model’s performance under various market conditions or data anomalies; and
• Regulatory Track Record: Vendors with proven success in regulated environments and demonstrated compliance with relevant standards.

Pilot programs or proof-of-concept tests are recommended to ensure the model performs as intended within the fund’s unique environment. Some firms run “sandbox” environments in which they gradually scale up the AI’s responsibilities, monitoring the system’s accuracy and reliability before full deployment.

Building a Strong Governance Framework

Governance is paramount. Fund managers should establish policies and procedures governing AI oversight, such as documenting model development, performing regular audits and involving cross-functional committees that include representatives from IT, compliance, legal and risk management. Those committees should review model updates, evaluate performance and ensure that any drift in model accuracy is promptly corrected.

Additionally, it is advisable to create a clear “chain of command” for AI decisions. Compliance teams must retain the authority to override AI outputs if they suspect technical errors or ethical concerns. This layered approach is crucial for maintaining a culture of accountability and mitigating regulatory risk.

See “IOSCO Issues Final Guidance on AI and Machine Learning” (Oct. 7, 2021).

Training and Change Management

Introducing AI solutions can trigger resistance among employees accustomed to manual processes or concerned about job security. To minimize disruption, fund managers should invest in training that clarifies how AI tools function and how they will interact with existing workflows.

Change management involves setting realistic expectations and highlighting that automation does not necessarily eliminate jobs – it redefines them. Human expertise is still indispensable for:

• interpreting flagged anomalies;
• engaging in nuanced regulatory negotiations; and
• addressing unexpected crises.

See this two-part series on compliance training: “SEC Expectations and Substantive Traps to Avoid” (Sep. 23, 2021); and “Who Conducts the Training and Five Traps to Avoid When Providing Training” (Sep. 30, 2021).

Measuring Success and ROI

After implementation, fund managers should track metrics that reflect compliance improvements and operational efficiencies. Examples of key performance indicators (KPIs) include:

• reduction in manual review hours;
• decrease in false positives versus false negatives;
• speed of generating regulatory filings; and
• number of detected and resolved compliance incidents.

Regularly reviewing those KPIs helps CCOs and senior management assess whether the AI is meeting its objectives and justifying the investment. Over time, AI models can be retrained or refined to adapt to changing market conditions and regulatory updates.

See this three-part series on AI for fund managers: “How to Use It to Streamline Operations” (Sep. 5, 2019); “Government Guidance, Service-Provider Negotiations and Risks of Bias” (Sep. 12, 2019); and “Automating the Legal Department and Maintaining Privacy” (Sep. 19, 2019).

Future Outlook: AI and Hedge Fund Governance in the Next Decade

Regulatory Evolution

Regulators worldwide are likely to formalize expectations around AI usage. The concept of “Explainable AI” is gaining traction, pushing firms to document model inputs, logic flows and decision-making processes in a way that regulators can review. Although the precise contours of those rules remain in flux, fund managers that have already integrated robust AI governance measures will be best positioned to adapt.

Expansion Into Other Governance Areas

AI tools initially deployed for compliance are often extendable to other governance functions, such as operational risk management and internal audit. For instance, the same anomaly detection engine scanning trades could be configured to monitor invoice payments or vendor interactions, spotting unusual patterns that might signal fraud. Over time, AI may become an all-encompassing backbone for hedge fund governance, ensuring not only regulatory compliance but also risk controls across the enterprise.

See “How to Apply Alt Data Best Practices to AI Systems” (Oct. 10, 2024).

Opportunities for Competitive Advantage

A well-run compliance program is more than a cost center – it can confer a reputational edge. Investors increasingly prioritize robust environmental, social and governance criteria, which include a firm’s commitment to transparency and fair practices. Fund managers that demonstrate agile, AI-enhanced compliance can differentiate themselves, potentially attracting institutional investors that value risk mitigation and strong governance as they conduct evermore intense operational due diligence processes.

Moreover, data synergy across the firm’s investment, operations and compliance arms can yield a holistic view of risk exposures. In this sense, AI becomes a driver of strategic insights, breaking down traditional silos between front and back offices.

Ethical Imperatives

The future of hedge fund governance will be about not only technological sophistication but also ethical stewardship. As AI becomes more deeply embedded, fund managers must ensure that they treat investors, employees and counterparties fairly, avoiding algorithmic discrimination or invasive data practices. The Algorithmic CCO will serve as a bulwark against irresponsible AI applications, helping maintain investor trust and regulatory goodwill.

Conclusion

The hedge fund sector is poised for a paradigm shift in its approach to compliance and governance. AI stands at the forefront of this transformation, automating know your customer checks, detecting insider trading, streamlining regulatory filings and offering predictive analytics that can help identify risks before they escalate. Far from rendering CCOs obsolete, these tools elevate their role, enabling them to focus on strategic policymaking, real-time risk assessment and the ethical governance of AI itself.

To unlock AI’s full potential, hedge fund managers should conduct a thorough readiness assessment; select technology solutions with robust explainability and data security features; and build comprehensive governance frameworks that ensure accountability and transparency. As regulators increasingly scrutinize the use of AI, fund managers that proactively adopt best practices will stand on firmer ground – both in meeting evolving regulatory standards and in safeguarding their reputations.

Ultimately, the Algorithmic CCO is not just a job title but a vision of the future: one in which human ingenuity and AI collaborate to create a more efficient, resilient and ethically sound hedge fund landscape. By embracing responsible AI, fund managers can position themselves at the cutting edge of financial innovation, reaping benefits that go well beyond avoiding enforcement actions and achieving a lasting competitive advantage in a rapidly evolving industry.

See “AI Widely Used by Hedge Funds, AIMA Study Finds” (Apr. 25, 2024).

 

Brian Meyer is a partner at AirGC PLLC, a legal practice dedicated to providing experienced fractional GC service to private fund clients. Prior to joining AirGC, Meyer was the co-COO, CCO and GC of Fir Tree Partners, where he was responsible for overseeing the firm’s legal, compliance, IT/administration and regulatory matters. Prior to joining Fir Tree, Meyer was managing director at Veronis Suhler Stevenson, a media-focused private equity firm and investment bank. He also previously worked closely with Fir Tree while serving as GC of The Official Information Company, a Fir Tree investment.

Although the new Trump administration is widely expected to favor business interests and ease regulatory burdens, the SEC is sure to continue its work rooting out misconduct in the financial markets. At this year’s Securities Enforcement Forum New York, a panel of present and former SEC attorneys discussed the critical stages of an investigation by the SEC Division of Enforcement (Division). They offered guidance on preparing for initial contact with SEC staff; avoiding friction during the course of an investigation; preparing for interviews and on-the-record testimony; obtaining reverse proffers by the SEC; and managing the Wells process, negotiations and settlements. This article distills the key takeaways from the program.

See “SEC and CFTC 2024 Enforcement Results: Record-High Financial Remedies Across Fewer Actions” (Jan. 30, 2025); and “Speeches Outline the Ethos, Direction and Priorities of the SEC’s Division of Enforcement Under Gurbir Grewal” (Jan. 13, 2022).

Developing a Defense Strategy

Firms should start developing a defense strategy promptly after the first contact from SEC staff, said moderator Lara Shalov Mehraban, partner at Sidley Austin and former Director of the SEC’s New York Regional Office and Associate Regional Director of the Division. “I think you’ve got to start thinking about strategy before your first conversation with staff,” concurred Zachary S. Brez, partner at Kirkland & Ellis and former staff attorney in the Division. The days of a client's handing off an SEC subpoena to outside counsel and asking them to handle it are long gone. Clients now generally want to be involved in strategic decisions before their counsel’s first call with SEC staff, he added. Key considerations for outside counsel at the commencement of an SEC inquiry include:

• whether the client already knows about the issue and whether it has already been investigated;
• how urgently the client wants the matter resolved;
• whether the DOJ or another federal or state agency is also involved; and
• whether the client is the target of the investigation or the SEC is seeking information about a different firm.

See “Steps Advisers Can Take to Minimize the Risk That a Routine SEC Examination Ends With a Referral to Enforcement: Examination Process, Interview Preparation and Remediation Considerations (Part Two of Two)” (Jan. 18, 2018).

Preparing for Initial Contact With SEC Staff

Although counsel must always be guided by the client’s objectives and instructions, several principles generally apply to any initial interaction with SEC staff, the speakers explained.

Establish Credibility

“You want to make sure the staff knows they can rely on you and establish credibility with the staff,” said Lorin L. Reisner, partner at Paul Weiss and former Deputy Director of the Division and Chief of the Criminal Division of the U.S. Attorney’s Office for the Southern District of New York. Demonstrate early on that you want to respond to requests promptly and thoroughly. Avoid seeking to narrow requests on the first call – counsel should establish credibility before seeking any compromise from staff, he advised.

See “Discussing 2022 Enforcement Results, SEC Enforcement Director Stresses Trust-Building Measures” (Jan. 5, 2023).

Gather Information

Obtain as much information as possible from SEC staff, continued Reisner. However, open-ended questions about what the investigation entails are unlikely to bear fruit. It may be more productive to focus on the SEC’s requests: “I see you requested this. Can you tell me a little bit more about your concerns in that area or about those documents?” he suggested asking. Of course, that approach may still turn out to be a dead end.

Present the Client’s Position

Be ready to present the client’s affirmative position, if known, as early as possible, added Reisner. It is best to plant such seeds early, even if they must include some caveats, such as, “We’re still investigating and have more work to do.”

Consider Cooperation

Counsel must consider whether the client wants to “go down the road of cooperation,” noted Junaid A. Zubairi, shareholder at Vedder Price and former senior attorney in the Division. If so, the client should “demonstrate by doing and not [just] saying.” To that end, the client should conduct a thorough review of the facts and an internal investigation and present its findings in early meetings with SEC staff. Doing so helps structure the investigation and create a roadmap for how the SEC will view the facts. It will also make the investigation more efficient by identifying which people hold relevant information. Additionally, it may keep staff from “meandering and going into areas where you don’t necessarily want them to go,” Zubairi advised. White papers can also be effective but are probably more appropriate later, once facts and legal issues have been more clearly identified, he added.

See “Investment Adviser Avoids Civil Penalty Due to Self-Reporting, Remediation and Cooperation: True, False or Other?” (Jan. 16, 2025); and “SEC Enforcement Director Grewal Emphasizes Benefits of Cooperation” (Sep. 12, 2024).

Avoiding Friction With the Staff

“I don’t like to give advice to the defense bar,” said Sheldon Pollock, an Associate Director of the Division in its New York Regional Office, who noted that the views he expressed were his own, not those of the SEC or any of its commissioners or staff. Still, “open, effective and productive dialog between the government and defense counsel is crucial for both sides in handling a complex securities matter,” he said. Early communications can help SEC staff focus on key issues. They may also provide a better understanding of complicated financial products and business processes with which staff may be unfamiliar.

Although the SEC expects defense counsel to be zealous advocates, friction can arise when the SEC does not have all the operative facts at key points during the process, including settlement discussions, evidence reviews and Wells meetings. SEC staff do not want to be surprised with new facts after they have taken testimony, especially facts central to the case. The concern is not over an inadvertent failure to produce a document. Rather, it is about new facts that delay the process and undermine trust, Pollock stressed. To minimize such potential friction, counsel should:

• ensure good communication with SEC staff;
• commit to a production timeline for documents;
• help staff identify documents that are important to the case; and
• avoid surprising staff with a new facts or explanations the staff did not have a chance to investigate.

Navigating Testimony

Interviews and On-the-Record Testimony

How counsel approach interviews and testimony will depend on several factors, said Brez. Although some matters will always be on the record, when possible, counsel should push for off-the-record interviews, especially if they believe a person will not be a good on-the-record witness. Key considerations include:

• the nature of the matter and the witness’ role in it;
• whether the testimony could reveal misconduct or other problematic matters; and
• whether the witness’ expected demeanor is likely to raise concerns among SEC staff.

When SEC staff seek testimony from someone, defense counsel may not know whether there is a parallel criminal investigation, noted Zubairi. If counsel believes the inquiry poses a substantial risk to the client, it is better to push for early meetings or an attorney proffer, rather than on-the-record testimony.

A staff attorney will never reveal whether there is a parallel criminal investigation, continued Zubairi. Still, if an attorney has a good rapport with staff, the attorney might be able to defuse a potentially serious situation. For example, in one matter, a good employee used terrible judgment, forging documents and submitting them to exam staff, he recounted. Counsel investigated, reported it to the SEC staff and had a candid conversation about whether the matter would be referred to the DOJ. Staff responded, without assurances, that they were not interested in making the matter any more serious. In such fraught interactions, “it comes down to communication and credibility,” noted Mehraban.

Testimony Preparation

One of the most important tasks in preparing for testimony is ensuring the witness is comfortable with the documents the witness is likely to be asked about, said Reisner. SEC testimony differs from a deposition in certain important respects. “Evasiveness is never going to work for a witness who’s testifying in an SEC proceeding,” he observed. “Nothing good is ever going to come out of that.” Additionally, a witness should never spar with the questioner, no matter how difficult or ridiculous a question may seem. “Don’t spar. Don’t fight. Just answer the question truthfully and to the best of your ability. That’s going to score you more points than any other approach,” he stressed.

Counsel should also be wary of “master of the universe” witnesses, who can be particularly challenging, according to Brez. They may ignore their counsel’s preparations and advice and believe they can charm the staff. This is sometimes known as “CEO disease,” observed Reisner. The toughest response a senior executive may have to give is, “I don’t know,” or “I don’t recall,” even though it may be the truthful answer. “There are some people that, no matter what you do, there’s nothing you can do,” he said. For example, some witnesses ignore advice, even saying, “Counsel told me not to volunteer information, but . . .,” he recounted.

Consequently, counsel should seek to develop credibility and trust with witnesses to ensure they take advice to heart, recommended Reisner. A war story about how testimony went horribly wrong can be effective. Additionally, counsel should prepare witnesses using multiple questioners, noted Mehraban. Causing a client to become uncomfortable during a practice session can illustrate how things could go wrong.

SEC testimony is typically taken by the assigned SEC staff member, along with the person’s manager, an assistant director and, if the case may be headed toward litigation, trial counsel, explained Pollock. It is rare for him to attend testimony. He may learn of testimony in quarterly meetings with assistant directors or by asking about the testimony of a crucial witness in a matter.

Obtaining Reverse Proffers

Toward the end of some investigations, SEC staff may meet with defense counsel; share key findings and proposed charges; and seek a resolution, said Pollock. So-called “reverse proffers” show that staff is prepared and determined to move forward with litigation if a settlement is not reached. A reverse proffer requires the staff to review evidence and consider how they would present their case. It can expedite settlement and make the process more efficient. However, because reverse proffers take a significant amount of effort, they are not used in every matter. Additionally, there will never be a reverse proffer in a matter involving an undercover criminal investigation or if key evidence is known to both sides and the proffer is unlikely to move the needle toward settlement, he added.

Although SEC proffers can provide valuable insight into the staff’s thinking, they may also cause staff to “get locked into positions as a result of that investment of resources and fall more deeply in love with their case,” Reisner cautioned. Rather than waiting for a reverse proffer, he prefers to try to approach SEC staff on core factual and legal issues during the investigative process.

Managing the Wells Process

In the Wells process, the Division notifies a firm that it intends to recommend enforcement action and offers the firm an opportunity to make a submission regarding the proposed action. By the time defense counsel have to decide whether to make a Wells submission, they may already have submitted a white paper or made other presentations to staff, noted Zubairi. If there is a legal or factual issue on which defense counsel and SEC staff are unlikely ever to see eye to eye, or if litigation is inevitable, it may not be advisable to make a Wells submission with which counsel will be stuck.

Although the Wells process has been in use for more than 50 years, it has become much less common over the last decade, continued Zubairi. The process can be very beneficial when defense counsel has access to all documents produced, can review relevant transcripts and make a fulsome presentation. Unfortunately, defense counsel have had less access to evidence, making it harder to prepare compelling Wells submissions.

Many interactions with SEC staff now occur long before a Wells notice, according to Reisner. Although it can be important to meet with SEC enforcement leaders, “your most important constituency in an investigation is going to be the staff attorney” and, at times, that attorney’s supervisor, he noted. When meeting with SEC personnel, counsel should be prepared with strong written submissions and “tight presentations, not 50‑page PowerPoints,” he advised.

There have been indications that the SEC under the Trump administration will be receptive to using the Wells process in a more traditional way, said Zubairi. Counsel should continue to push for opportunities to meet with staff and advocate for their clients. Of course, “I’ve never walked into a meeting with a staff attorney who said, ‘Tell us why we’re wrong and we’re going to close this,’” he remarked. When meeting with staff, counsel should be credible, focus on the evidence, highlight the legal or factual flaws in the SEC’s case and make arguments in a nonemotional way. That approach will not change under the new administration.

Counsel should not try to put every issue into a presentation, Pollock added. Wells meetings usually last about an hour, so counsel should focus on key points of disagreement. Defense counsel’s use of a meeting for the sole purpose of threatening to go to trial is rarely productive. If the SEC issues a Wells notice, it has already determined it has a strong case and can prevail. Of course, defense counsel should not hesitate to discuss litigation risks with SEC staff. For example, savvy defense counsel might preview how they would try the case, including trial themes, witnesses and other evidence.

See our three-part series on understanding the Wells process: “Origin and Key Elements” (Jun. 13, 2019); “SEC Enforcement Staff Views of the Process” (Jun. 20, 2019); and “The Pre‑Wells Process Versus the Post‑Wells Process” (Jun. 27, 2019).

Advising Clients About Attendance at Meetings

“In general, I try to talk clients out of coming to any meeting with the government,” but they often insist, said Brez. Counsel should always advise clients of the risks of attending a meeting. For example, if counsel knows the SEC is going to ask a question with a problematic answer, counsel may point out that:

• a direct answer will be problematic;
• responding “I don’t know” will look bad if the person should know; and
• being evasive will also look bad.

When an individual is the target, it is almost never advisable to bring the individual to any meeting with SEC staff, added Zubairi. If the target is an organization, it is usually not advisable. On the other hand, in some matters, including highly contested ones, bringing the respondent’s GC can show how serious the respondent is about litigating. Similarly, in a case involving financial issues, bringing a new CFO can help show the respondent has sought to remediate the issue.

Strategizing for Negotiations, Settlements and Litigation

Although there will be changes at the SEC under the Trump administration, those changes will probably not warrant significant alterations in strategy for interacting with SEC staff, according to Reisner. The “holy grail” will always be to persuade SEC staff early on to discontinue their investigation.

The SEC under the Trump administration is likely to be hostile to so-called regulation by enforcement, noted Reisner. Consequently, there may be some opportunity to push back in areas where regulations and/or SEC policy are not clear, he opined. Additionally, in recent years, SEC staff were unlikely to be persuaded by outcomes in comparable matters or precedents. The incoming staff may be more respectful of comparable situations and precedents, especially as to corporate penalties. “I think that there will be opportunities to argue no actual harm to investors and no financial benefit to the corporation in order to have potentially constructive conversations around appropriate corporate penalties,” he added.

See “What Remedies and Relief Can Fund Managers Expect in SEC Enforcement Actions?” (Jan. 10, 2019).

When seeking to negotiate a settlement or persuade the SEC to downgrade charges, defense counsel generally should lead with their most important points and their clients’ “must haves,” advised Pollock. They should not send a heavily redlined document without any explanation nor should they expect to change stock language the SEC has used in settlement orders for decades.

Once a matter is in litigation, it proceeds in a manner similar to other standard civil litigation, according to Reisner. Defense counsel can portray itself as the more reasonable party, pointing out places where staff may have overreached in a complaint or where evidence may not support the allegations. “But, you know, once you’re in litigation, you’re in litigation,” he said.

See “Current and Former Enforcement Staffs’ Tips for Litigating Against the SEC” (Aug. 17, 2023); and “Present and Former SEC Officials Discuss Enforcement (Part Two of Two)” (Jun. 9, 2022).

Publishing marketing materials that are subject to Rule 206(4)‑1 under the Investment Advisers Act of 1940 (Marketing Rule) brings a new level of risk to firms, and reviewing those materials can be complex and time consuming. There are steps that legal and compliance departments can take, however, to efficiently create a review process that brings those materials into alignment with Marketing Rule requirements by leveraging technology and adopting a business-minded approach to find solutions.

A panel at the CFA Institute’s (CFA) 28th Annual Global Investment Performance Standards Conference, entitled “Marketing Material Reviews Dos and Don’ts,” provided three different perspectives on how to mitigate risks around marketing materials. The program was moderated by Karyn D. Vincent, senior head, global industry standards at CFA, and featured Johanna Anders, head of regulatory compliance at Harris Associates; Janice Kitzman, partner at Cascade Compliance; and Christine Ayako Schleppegrell, partner at Morgan Lewis. This article summarizes the key takeaways for private fund managers.

For more insights from Schleppegrell, see “Morgan Lewis Program Previews Fall 2024 Regulatory Developments” (Oct. 10, 2024).

Marketing Material Reviews

Risk Spectrum

There are many grey areas in the Marketing Rule that the SEC is clarifying through FAQs, exam sweeps and enforcement, Schleppegrell noted. Accordingly, there is a spectrum of risk, and, as outside counsel, she advises clients by looking at what would be the most conservative approach under the Marketing Rule through to the most aggressive approach that would carry a higher risk of receiving a deficiency letter following an exam or a referral to the SEC’s Division of Enforcement.

“When you’re approaching your CCO or the legal and compliance team, remember that it’s not black and white. A lot of this is a grey area, and one thing that helps us streamline our marketing material reviews is thinking about where do we want to be on that spectrum?” Schleppegrell explained. For example, a firm may elect to sit on the riskier side of the spectrum and mitigate that by implementing tight controls, policies and procedures around reviewing marketing materials, she elaborated.

Elements of a Marketing Review Process

Marketing reviews should be tailored to the channels or media used for marketing efforts, Schleppegrell observed. For example, advisers that use social media – or that speak on podcasts, at conferences or on YouTube videos – have benefited from having very specific checklists, as well as policies and procedures tailored to those different channels. Statements on websites are proving even riskier, as reflected in a recent round of SEC enforcement actions, she added.

See “Navigating Substantiation of Facts, Testimonials and Performance Claims Under the Marketing Rule” (Nov. 21, 2024).

One approach a firm can take is to use recent SEC enforcement actions as a training tool to help personnel engage and invest in the process, Schleppegrell suggested. A recent sweep of nine investment advisers for deficiencies relating to testimonials, endorsements and third-party ratings provides real examples of specific quotes, taglines and disclosures that were unacceptable to the SEC and had real consequences for those firms. Showing the level of SEC fines imposed on firms can help the business understand that legal and compliance is a partner in the business that is also working to keep the business running, as well as to avoid monetary penalties and, more importantly, reputational harm, she reminded.

In addition, Schleppegrell recommended that firms update their policies and procedures to address, among other things:

• specific steps to be taken in the marketing review process;
• the frequency of marketing reviews;
• the different types of materials to be reviewed during the process;
• the person or position responsible for final sign-off; and
• what that pipeline looks like – e.g., whether the process starts with artificial intelligence (AI) and funnels down to the CCO to sign-off on the final marketing materials.

By conducting a marketing review process, a CCO can ensure a standard level of information is included in marketing materials while also forcing the marketing team, investor relations (IR) team and others that are considering creating videos and/or social media posts to think about the channel they fit into, Schleppegrell explained. “If personnel are required to complete a checklist for their marketing materials to go through a compliance review for sign-off by legal and compliance, that compels a certain level of reflection – e.g., whether the materials include hypothetical performance,” she said.

Some advisers ask their portfolio management teams to complete checklists before legal and compliance review the materials to ensure, for example, that they have the necessary substantiation and that any hypothetical performance is going to the intended audience, Schleppegrell noted. “Those types of things can help take the burden off the legal and compliance team and also help educate the portfolio management team, the IR team and others involved in preparing components of a firm’s marketing materials,” she summarized.

See “Nine More Advisers Fined by SEC in Ongoing Marketing Rule Sweep” (Nov. 7, 2024).

Intended Audience

The two most recent rounds of SEC enforcement sweeps on hypothetical performance have made it clear that the intended audience is an important concept that pervades the Marketing Rule, Schleppegrell said. In addition to hypothetical performance, there are other aspects of the Marketing Rule in which the SEC considers whether the material is appropriate for the recipients. It is also relevant to the general prohibitions in the Marketing Rule because information that is not appropriate for the audience that receives it is more likely to be misleading, she explained.

See “Third Marketing Rule Risk Alert and New Settlements Portend Vigorous Enforcement” (Jun. 6, 2024).

In light of SEC scrutiny about intended uses of marketing materials, it is important to inventory the types of marketing an adviser plans to use, Schleppegrell noted. Firms that primarily use standard pitch decks and respond to due diligence questionnaires will have a different audience and need different checklists from those that have interactive content on their websites or on social media, she elaborated.

Unique Circumstances to Address

When filling out forms to have a fund or product listed on a consultant database, firms may find it difficult to provide answers that comply with the Marketing Rule because the form provides limited options, according to Schleppegrell. For example, many advisers initially struggled to fill out forms for consultant databases because there was only a box for gross performance, but it was also necessary to show net performance. Although that issue has been addressed, other areas remain problematic. Advisers tend to treat any responses to consultants as marketing material because that information is likely to be shared more broadly, she added.

On the topic of third-party marketing, there appears to have been an increase in marketing agreements between joint venturers – i.e., when two managers co‑market a particular product – to govern who is responsible for which aspects of marketing, review and dissemination, Schleppegrell said. The marketing agreement will include a process to ensure both parties sign off on marketing material and address liability, she noted.

There may also be special considerations relating to wrap products because it can be challenging to get the appropriate net calculation when there are numerous layers of fees, continued Schleppegrell. FINRA Regulatory Notice 20‑21 may also be relevant if a broker-dealer is being used to distribute marketing materials, she added.

See “FINRA Proposes to Permit Use of Performance Projections and Target Returns in Marketing” (Jan. 18, 2024).

Media‑Specific Issues

FinTok – influencers talking about finance on TikTok – is a new trend that may impact advisers, Kitzman noted. As wealth moves from one generation to the next, advisers will want to be able to market to the next generation that is using TikTok. “It is interesting to consider how that will be regulated and the implications for advisers going forward,” she said.

Advisers are increasingly using YouTube videos on their websites, but there appears to be a disconnect because many of them do not run those materials through their Marketing Rule process and/or do not have a media-specific process, Schleppegrell observed. “Many managers pay a lot of money to create glossy videos for their websites, and it is counterproductive to carry out a legal review after they are posted because it is difficult to splice a video and maintain the flow. That is much easier to achieve with podcasts,” she reasoned. It is, therefore, important to consider how certain materials will be presented and the most cost-effective and efficient way to carry out a marketing review, she suggested.

Performance Results

Issues to Monitor

A survey jointly conducted by CFA and the Investment Advisers Association found that 37 percent of respondents still show net of actual returns. The problem, however, is that advisers should probably not show actual returns for composite returns, Kitzman noted. It is worth considering why a private fund wants to show net of actual fees for composites. In certain cases, such as single account composites, clients may prefer to use a model fee to avoid revealing their fee to the rest of the world by showing net of actual. “There are great cases for why model fees are still relevant and important and continue to be even more so now,” she added.

See “CFA Institute/IAA Survey Highlights Marketing Rule Compliance Practices” (Aug. 29, 2024).

Gross-only returns are still being shown in some cases, which are low-hanging fruit for regulators to pursue enforcement action, Kitzman said. Firms should scrub their marketing materials for contribution-only returns and ensure gross returns are shown with net returns in equal prominence. Showing gross returns first and net returns later in a pitch book is unlikely to comply with the rule. For net returns to have equal prominence in presentations, they must come first or at the same time as gross returns, she elaborated.

Any benchmarks used in marketing materials must be appropriate, continued Kitzman. Some funds’ investment strategies have changed over time as the markets have evolved, so firms should ensure their benchmarks are still as relevant now as they were ten years ago when those funds first launched. One way that firms can check for appropriateness is based on returns. For example, significant differentiation between composite returns and benchmark returns may indicate that the benchmark is no longer relevant to a prospective client, she explained.

GIPS and Standardization

Another issue is that many firms spent a lot of time bringing their policies into alignment with the Marketing Rule, but their Global Investment Performance Standards (GIPS) policy manuals may not have been reviewed for a while, Kitzman observed. It would be helpful for firms to ensure they have reviewed their GIPS policy manuals in the last year to avoid any misalignment, she recommended.

Firms should also ensure marketing presentations have a minimum level of information or that there is a standardized process for including performance in presentations, added Kitzman. “Firms should determine the standard level of information and performance they will require their portfolio managers, client service teams and marketing teams to put in presentations and have that documented somewhere,” she said.

See “Performance Advertising Is a Significant Pain Point Under the Marketing Rule” (Oct. 24, 2024).

Disclosures

Review Process Features

The easiest way to ensure all relevant disclosures are included in marketing materials is to establish a minimum standard for disclosures, along with standardized templates that cover special case situations, Kitzman recommended. Again, it is important to consider the different delivery methods and media channels being used because that will impact the required disclosures.

The size and location of disclosures should also be taken into account – e.g., disclosures that are greyed out or in tiny print will not serve anyone, Kitzman mentioned. Fund managers should also consider labeling and calling attention to certain returns, including hypothetical performance, attribution and whether something is - or is not – performance, she added.

See “Parsing the Significance of the SEC’s FAQ on the Presentation of Gross and Net Performance” (Mar. 2, 2023).

Creating disclosure guides and other resources is a great opportunity for legal and compliance teams to partner with the business areas, Anders noted. Collaborating with business areas may minimize criticisms – e.g., that disclosures are too long or do not make sense – and the business will feel empowered as part of the process. “It is important for business areas to understand why disclosures are needed,” she emphasized.

Global Compliance Efforts

Global fund managers may need to comply with many different disclosure requirements and regimes in addition to the Marketing Rule, which can be very complicated, Schleppegrell said. Some managers try to create gold-plated materials that comply with the most stringent applicable regime, but it may still be necessary to depart from that approach at times. Alternatively, fund managers may silo marketing materials for investors in different jurisdictions, which can work if there are procedures to ensure they stay within their respective lanes, she noted.

Many firms harmonize the applicable regulations as much as possible based on their structure and the regulators involved and then create a baseline standard to assist the marketing team, pointed out Anders. Technology can then be used for dynamic disclosures for different countries. “When you pull those down in various tools and systems, you have a really tight process, clear records, etc. The business team also loves it because that approach offers a lot of flexibility for time to market,” she summarized.

There may be complications, however, when a firm wants to issue, for example, a global press release or newsletter that discusses its global presence and crosses over all the regulatory regimes, Schleppegrell cautioned. The problem is it may be necessary to make clear that certain products or services are only available to certain types of investors in different jurisdictions, which is challenging to fit into two pages in a press release, she reasoned.

See “Challenges and Solutions in Managing Global Compliance Programs” (Oct. 5, 2017).

Other Considerations

Some managers may have different approaches to static social media (i.e., posts that provide no opportunity for engagement) as opposed to dynamic social media on which, for example, employees or third parties may comment or reply to a post, Schleppegrell noted. Firms may consider whether they want to turn on dynamic optionality and, if so, how disclosure requirements will be met in that context, she added.

Also, firms continue to reevaluate whether they want to use the GIPS advertising guidelines – and many are electing not to do so, Kitzman observed. Those firms may still provide the GIPS report to a prospective client, but they are removing the GIPS advertising language from the fact sheet, she clarified. Although the GIPS advertising guidelines may be helpful for streamlining processes, they also can create an additional area for scrutiny. The GIPS report includes a lot of useful information, so considering what should be included in fact sheets or various marketing materials is an important exercise, she said.

AI

AI is going to change the world and is developing much faster than anyone anticipated, Anders asserted. AI brings many opportunities, but the private funds industry is wary, and there are calls for regulations and guardrails. At the same time, firms may look at how they can embrace AI alongside the “human touch” to manage the current information overload and grow. AI may assist productivity and transform the talent pool from a compliance perspective, she added.

Small- and mid-sized managers may only have one or two people in their legal and compliance departments, making it very difficult for them to manage and review all marketing materials with a 24‑hour turnaround, Schleppegrell stated. “I’m seeing job postings now that are specifically for professionals just to review marketing materials all day long. That’s a great opportunity for AI to step in,” she observed.

See “Building the Future: Aligning Talent and Technology in Investment Firms” (Jan. 16, 2025).

Beneficial Uses

Processes that are carried out repeatedly may be suitable for AI, Anders suggested. As that relates to a marketing review, AI may assist by checking that the marketing materials match the prospectuses, then flag outliers for human review. That frees up humans to carry out other tasks that require more judgment calls. “It is important to remember that AI is only as good as it is taught, and human oversight is needed to interpret relevant rules and update disclosures,” she stressed.

In addition, automated compliance checks can ensure consistency among a firm’s disclosures, continued Anders. AI can address large volumes of material, which makes it easier to manage compliance as a firm grows. Reviews may also be carried out overnight or in different time zones to help humans work more efficiently for time to market. Further, AI can detect discrepancies in content and ensure consistency across materials, including comparing new marketing materials with previously approved versions to identify any deviations from established standards. Firms can also adjust their AI programming to reflect their compliance risk appetite, she noted.

It can also be time consuming to ensure a material statement of fact is substantiated every time it appears in marketing materials, Anders asserted. To assist, a master database of all material statements of fact may be created with applicable disclosures and substantiation. For example, a claim that cybersecurity expertise is offered 24/7 across the globe requires substantiation that a global 24/7 support model is in place. That involves identifying the firm’s cybersecurity personnel, ensuring their credentials are sufficient to be considered experts and then plotting them on a map to prove they are around the globe. Holding that substantiation in a database avoids carrying out the exercise each time that claim is made, she explained.

Volume is an important compliance consideration, especially when embarking on a new marketing channel, Schleppegrell noted. For example, if a firm starts to publish YouTube videos on its website, that may result in a volume of materials that exceed the legal and compliance teams’ capacity to review. AI may be leveraged to address that gap, or it may be necessary to start slowly, but it can be challenging to limit marketing professionals’ enthusiasm for a new initiative, she cautioned.

In addition, a firm’s production in response to an SEC request is only as good as its metadata, and there is an opportunity to use AI to automate metadata validation to ensure consistency, Anders noted. Workflow automation is another area in which AI may help by identifying who needs to weigh in on different types of marketing materials before they are approved – e.g., marketing materials relating to environmental, social and governance (ESG) factors may need to be reviewed by the AI ESG agent to validate certain items, she elaborated.

See our three-part series on AI for fund managers: “How to Use It to Streamline Operations” (Sep. 5, 2019); “Government Guidance, Service-Provider Negotiations and Risks of Bias” (Sep. 12, 2019); and “Automating the Legal Department and Maintaining Privacy” (Sep. 19, 2019).

Potential Challenges

Anders noted some of the challenges associated with AI, including:

• costs of developing a system – whether in-house or engaging a third party – as well as training costs;
• data quality;
• privacy;
• continued human oversight;
• overreliance on technology; and
• ongoing ethical and legal considerations.

Change management is very important. For example, personnel may feel that they will be eliminated by AI if they do not understand how the firm intends to use it and where they will continue to be needed, Anders cautioned. “My word of advice is to really take that seriously to ensure everybody is steering in the same direction in terms of where you’re trying to go, how you’re trying to get there and what controls are being put in place to make AI an efficient tool,” she emphasized.

See “Dos and Don’ts for Employee Use of Generative AI” (Oct. 24, 2024).

On January 16, 2025, the SEC announced it had reached a settlement (Order) in an enforcement action against hedge fund managers Two Sigma Investments LP (TSI) and Two Sigma Advisers LP (collectively, Two Sigma). The SEC accused the advisers of failing to act on internal information that employees brought to their attention concerning improper employee access to daily live trading algorithms; to reasonably supervise their personnel; and to maintain policies and procedures that would have resolved such issues promptly. The SEC also alleged violations of the Securities Exchange Act of 1934 (Exchange Act) whistleblower provisions relating to disclosures that departing employees had to make about whether they had made complaints to regulators.

Though legal experts broadly concur on the need for robust whistleblower protections, the SEC has, in the view of some, aggressively enforced whistleblower protections in recent years without always providing detailed guidance to help fund managers grasp what practices are or are not legal when it comes to separation agreements. To understand the issues at the heart of the SEC’s enforcement action against Two Sigma, and to draw lessons regarding compliance best practices, this article outlines the SEC’s complaint and presents key takeaways from the case.

See “SEC and CFTC Whistleblower Reports Reflect Continuing Vitality of Programs” (Jan. 16, 2025).

Respondents

TSI and Two Sigma Advisers are both Delaware limited partnerships with headquarters in New York City. According to the Order, the former was founded in July 2001 and registered with the SEC as an investment adviser in August 2009, while the latter was founded in December 2001 and registered with the SEC in February 2010. According to Form ADV filings of March 2024, the firms had regulatory assets under management of roughly $84 billion and $76 billion, respectively.

Altogether, Two Sigma has about 1,700 employees in its global offices managing a variety of funds using different daily trading methodologies and practices. As per the Order, Two Sigma is a large quantitative-analytics-based hedge fund manager that uses models when making investment decisions.

Ignoring Red Flags

According to the Order, Two Sigma knew about internal problems that might cause daily trading to depart widely from what investors believed to be the firm’s established practices and that these variations could result in imbalances among one or more of the funds in its portfolio. A pair of employees raised concerns that a database used to store trading codes, known as the “Jar,” and a supplementary, overflow database called “cellFS,” which held codes correlated with ones in the first database, were vulnerable to manipulation. Yet, for years, Two Sigma higher-ups failed to act on evidence brought to their attention about the vulnerabilities of Two Sigma systems or to adopt proposed remedies.

As far back as March 2019, the SEC alleged, the two employees conveyed their concerns, both in email and memoranda, that unlimited access to cellFs, in which it was possible to alter trading code “parameters,” could drastically affect how the firm’s algorithmic investment models functioned from day to day. They warned that someone acting without managers’ approval could manipulate Two Sigma’s live trading, potentially with severe consequences for the funds’ returns.

Specifically, the employees feared that cellFS, which was used to store trading model code too voluminous and complex to fit in the Jar, did not have read-and-write controls sophisticated enough to prevent unauthorized changes to or overwriting of model codes that guided daily live trading.

See “SEC Penalizes Fund Administrator For Missing Red Flags” (Jul. 18, 2024).

The employees proposed a range of solutions to curb the risk that these internal vulnerabilities posed, including:

• setting tighter limits on which Two Sigma personnel would have access to the cellFS database;
• requiring explicit senior management approval for any changes to the model parameters stored in cellFS;
• using encryption for the model parameters; and
• taking all the model parameters out of cellFS and putting them in a more secure database.

According to the Order, Two Sigma ignored these extensively detailed concerns and the proposed solutions for years. This inaction continued even after one of the firm’s co-founders expressed concerns about cellFS’ vulnerabilities.

Chronic Misuse of Access

The firm failed not only to adopt remedies to the improper access along the lines that the two employees had proposed but also – more seriously – to properly supervise an individual identified in the Order as “Modeler A.” According to the SEC, Modeler A proceeded to make use of access to the code stored inside the trading database and, without the approval of the firm’s management, made changes that affected no fewer than 14 models – with a direct impact on daily Two Sigma live trading and fund valuations.

Despite the firm’s having heard concerns dating back to March 2019 about the improper access to the trading models, Modeler A carried out these activities without detection until August 2023, the Order alleges. By making alterations to model decorrelation parameters kept in cellFS and linked to model code stored in the Jar, Modeler A changed some trading models’ correlation to other models.

As a result, some funds and separately managed accounts (SMAs) performed better than they would have otherwise, to the tune of $400 million, while the performance of other funds and SMAs suffered a $165‑million shortfall. Meanwhile, Modeler A received “millions of dollars of additional compensation” as a direct result of the changes made to the models’ exposures and correlations, the SEC claimed.

Although, in theory, Two Sigma had written policies that would have prevented such abuses from occurring, the firm failed, in the regulator's view, to adopt and enforce internal protocols that would have ensured any changes to model parameters were subject to management review and occurred with proper authorization.

In the Order, the SEC explicitly denied lesser culpability on the part of Two Sigma Advisers for failures of internal compliance on the part of its affiliate, TSI. On the contrary, Two Sigma Advisers was also on the hook, because, as a licensee of TSI trading models that shared some employees with its affiliate, it had a legal obligation to adopt and implement policies and procedures to avoid the same issues.

Specific Charges and Sanctions

For failing to adopt and implement policies designed to avoid the Investment Advisers Act of 1940 (Advisers Act) violations, the SEC charged Two Sigma with violating Sections 206(2) and 206(4) of the Advisers Act and the subsidiary Rule 206(4)-7. For its supervisory failures, which led to Modeler A's getting away with such activities over a period of years, the regulator charged Two Sigma with failing to carry out its duties under Section 203(e)(6) of the Advisers Act. In settling this action, the respondents agreed to pay $90 million in civil penalties and to repay $165 million to the SMAs and funds affected by the violations.

Violating Whistleblower Protections

In addition, the SEC charged Two Sigma with a violation of Rule 21F‑17(a) of the Exchange Act, relating to separation agreements that the firm required departing employees to sign. As noted in the Order, Section 21F of the Dodd-Frank Act amended the Exchange Act to:

• protect and encourage whistleblowers or potential whistleblowers through monetary incentives;
• prohibit any retaliation; and
• assure confidentiality.

Section 21F‑17(a) states, “No person may take action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”

Scope of the Violation

From April 2019 to February 2024, Two Sigma made nearly 300 departing employees sign separation agreements as a condition of receiving benefits and pay after they left the firm. These agreements required employees to certify that they had not complained to regulators about Two Sigma. At the same time, however, the agreements explicitly stipulated that employees were permitted to make complaints to government agencies or otherwise make disclosures protected under whistleblower statutes. Thus, on some level, the firm did seem cognizant that employees had a right to talk to the SEC and might wish to assert that right.

Among the terms of the agreements that departing employees had to sign was the following: “You represent that you have not filed against any Two Sigma Party any charges, complaints or lawsuits regarding any acts or omissions occurring prior to your execution of this Agreement with any international, federal, state, city or local court, government agency or arbitration tribunal.”

In March 2024, Two Sigma revised the agreements slightly to include the following qualifier: “However, this representation does not apply to any charges, actions, or proceedings before, or engaging in communications with, the SEC . . . about possible fraud or other securities laws violations occurring prior to the date you execute this agreement.”

No Retaliation Alleged

In the Order, the SEC admitted that it was not aware of any instances in which Two Sigma retaliated against an employee, financially or otherwise, in an effort to stop that person from communicating with regulators. Nonetheless, the SEC found that the agreements, even in their amended form, interfered with employees’ legal right to report malfeasance as protected under Rule 21F‑17(a).

See “Recent SEC Whistleblower Cases Focus on Repressive Language in Employment‑Related Agreements” (Nov. 9, 2023).

Cooperating With the SEC

The SEC acknowledged that, once the problems came to light, Two Sigma went to considerable lengths to cooperate with the agency and undertake remedies to its internal policies and procedures. Specifically, Two Sigma:

• fully cooperated with the investigation – and even provided information that the regulator, in the normal course of things, might not have found on its own;
• willingly identified “intentional misconduct” on the part of Modeler A, who had tampered with trading codes, and promised to compensate investors that had suffered losses as a result;
• revised its separation agreements to comply with Rule 21F‑17(a);
• made changes to its compliance training programs; and
• communicated with current employees and the former employees who had signed the agreements on their departure to let them know of their whistleblower rights and offer them guarantees that they would not face retaliation for the legal exercise of those rights.

The SEC acknowledged in the Order Two Sigma’s cooperation with its investigation and its remedial steps.

See “Chief of SEC’s Whistleblower Office Discusses Program’s Continuing Success After Its First Decade” (Mar. 25, 2021).

Key Takeaways

Lack of Prompt Remedial Action

The enforcement action against Two Sigma could have easily been avoided if employees’ concerns had not gone ignored and unauthorized alterations to trading codes had not been allowed to occur over a period of years, according to Andrew Feller, senior special counsel at Kohn Kohn & Colapinto. The Order identified specific failures rather than a more general culture of noncompliance, Feller told the Hedge Fund Law Report.

“The fact that employees had identified the potential for just this type of manipulation – and it was years before [Two Sigma] did anything about it – I suspect is why, no matter the level of cooperation [on the part of Two Sigma], they didn’t get away without a penalty,” Feller opined.

If Two Sigma had acted promptly on the concerns the two employees repeatedly raised, shut down the problematic database, instituted proper internal controls and conducted an internal investigation as to how the situation came about, it could have avoided regulatory complications, Feller asserted.

Wording of Agreements

The firm should have also had separation agreements that did not deter employees who might have wanted to bring issues to the attention of regulators, Feller observed. As written, the agreements did serve as a deterrent even though, in theory, they simply asked for a disclosure about what might or might not have already taken place and explicitly permitted employees to blow the whistle after leaving the firm.

“As to the Rule 21F‑17(a) violation, the Commission did a reasonably good job of saying why this was important because the agreements conditioned and appeared to threaten employees who wanted a payout” after they left, Feller said. “To get that payout, under the terms of the agreement, they would have to have either outed themselves as whistleblowers or lied to the firm, which I’m assuming would be its own violation of the agreement.”

In Feller’s view, the case serves as a warning to firms to take extra care to craft separation agreements that do not, in any way, contravene whistleblower rights or discourage employees from exercising them, which can happen even if a policy is written in such a way as to require seemingly neutral, post-hoc disclosures about what an employee may or may not have done. “You’re not supposed to put a Sword of Damocles over people for being whistleblowers,” he noted.

David Pentlow, of counsel at Coran Ober, told the Hedge Fund Law Report that he sees the Two Sigma case as the continuation of a pattern of “heavy-handed” enforcement of the whistleblower laws going back to 2015. “This action is part of a pattern of very aggressive enforcement of the whistleblower laws,” he said.

Lack of Guidance From the SEC

In pursuing this action, the SEC did not err on the side of specificity, added Pentlow. Even all these years after highly proactive enforcement of the whistleblower laws began, he still sees a lack of specificity on the part of the regulator as to what firms may or may not legally require of employees. The agency has faulted firms without offering useful guidance as to what internal policies would be in compliance, he observed. “[The SEC] doesn’t even require any kind of nefarious intent on the part of the firm that was sanctioned. It hasn’t answered the question, ‘What should you say in your confidentiality agreement?’” he said.

“I still think there’s no real template as to what will pass SEC muster in employee handbooks or separation agreements, other than, ‘You can say anything to the SEC that you want to.’ So the enforcement actions are not an ideal way to provide guidance,” continued Pentlow. This broad standard brings its own set of problems. “I have seen instances of lower-level employees making inflammatory statements that turned out to be inaccurate or at least incomplete,” he stated.

Pentlow said he holds out hope that a new regulatory regime under incoming SEC Chair Paul Atkins and President Donald Trump will offer more specific and useful guidance. Whistleblower laws, in particular, could benefit from greater clarity – but firms will still need to be careful, he cautioned. “Obviously, it is in the public interest to protect whistleblowers. But regulators, regardless of who’s in office, have a tendency to give themselves as much wiggle room and jurisdiction as possible.”

See “What Hedge Fund Managers May Expect From the SEC in 2025” (Jan. 16, 2025).

Benefits of Cooperation

The case is also instructive when it comes to the benefits of full and open cooperation with the SEC in an enforcement matter. Although regulators will not give a free pass to a respondent that cooperates, they are still likely to take it into account when considering potential penalties.

“I would look at the remedial efforts and say that the SEC is clearly holding these out as best practices for remediation if it does find something. In many ways, Two Sigma acted in exactly the right ways when these violations came to light, after ignoring the issue for years,” Feller said.

See “SEC Enforcement Director Grewal Emphasizes Benefits of Cooperation” (Sep. 12, 2024).

The SEC has fined 12 registrants $63.1 million in a new round of settlements under its risk-based initiative (Initiative) to investigate registrants’ preservation of electronic communications on unapproved electronic devices and systems (off-channel communications). As in other settlements under the Initiative, the latest respondents allegedly failed to preserve their employees’ off-channel communications and supervise employees with a view to preventing violation of SEC recordkeeping requirements. Separately, the SEC announced (Announcement) it had commenced a record-setting number of enforcement actions in the first quarter of its 2025 fiscal year (FY2025), which ran from October through December 2024. This article discusses the increased enforcement activity and the eight new settled enforcement orders (Orders).

See “26 Firms Fined Nearly $393 Million in Newest Off‑Channel Communications Settlements” (Sep. 26, 2024).

Record-Setting Pace of Enforcement Activity

The Orders come in the wake of a flurry of SEC enforcement activity. According to the Announcement, the SEC initiated a record 200 enforcement actions in the first quarter of FY2025, including 118 standalone actions. It filed 75 enforcement actions in October 2024 alone. These were the most actions filed by the SEC in the same periods since at least 2000.

“Investors and issuers alike benefit from the Commission’s efforts to hold wrongdoers accountable,” said then-SEC Chair Gary Gensler in the Announcement. “As these impressive figures reflect, the Division has not taken its foot off the pedal in the new fiscal year,” added Sanjay Wadhwa, then-Acting Director of the SEC Division of Enforcement. “On the contrary, the hard work of the dedicated staff in the Division . . . has resulted in the busiest start to a fiscal year that I have witnessed in my 20‑plus years at the Commission, providing invaluable protections to investors and promoting fairness and integrity in the securities markets.”

The Announcement highlights the wide range of violations covered by these actions, including financial misstatements, misleading disclosures, failures to disclose conflicts of interest, alleged bribery schemes, frauds targeting retail investors and misleading statements about artificial intelligence. Notably, however, the issue of recordkeeping failures relating to off-channel communications was not mentioned in the Announcement.

See “SEC and CFTC 2024 Enforcement Results: Record-High Financial Remedies Across Fewer Actions” (Jan. 30, 2025).

SEC Recordkeeping Requirements

SEC recordkeeping requirements help ensure that investment advisers and broker-dealers act responsibly in the financial markets. They are “essential to investor protection and the Commission’s efforts to further its mandate of protecting investors, maintaining fair, orderly, and efficient markets, and facilitating capital formation,” the SEC stressed in the Orders.

Investment Advisers

Section 204 of the Investment Advisers Act of 1940 (Advisers Act) and Rule 204‑2(a)(7) thereunder require an adviser to maintain, among other things, “[o]riginals of all written communications received and copies of all written communications sent by such investment adviser” relating to:

• any investment recommendations and advice;
• receipt, disbursement or delivery of funds or securities;
• trade orders and executions; and
• certain performance information.

See “Four Electronic Communication and Recordkeeping Traps for Hedge Fund Managers to Avoid” (Oct. 26, 2023); as well as our two-part roadmap to maintaining books and records: “Compliance With Applicable Regulations” (Nov. 2, 2017); and “Document Retention and SEC Expectations” (Nov. 9, 2017).

Broker-Dealers

Section 17(a)(1) of the Securities Exchange Act of 1934 (Exchange Act) and Rule 17a‑4 thereunder set forth recordkeeping requirements for broker-dealers. Rule 17a‑4(b)(4) requires a broker-dealer to preserve, for at least three years, “[o]riginals of all communications received and copies of all communications sent (and any approvals thereof) by the member, broker or dealer . . . relating to its business as such. . . .” For the first two years, those records must be in “an easily accessible place.”

See “SEC Modernizes Broker-Dealer Electronic Recordkeeping Rules” (Mar. 2, 2023).

Common Facts and Allegations

Electronic Communications Policies and Procedures

According to the Orders, all respondents maintained policies and procedures designed to ensure retention of electronic communications and other business-related records. Additionally, respondents all:

• prohibited use of unapproved communications methods;
• conducted surveillance of communications;
• conducted trainings on their policies and procedures;
• notified employees that communications were subject to surveillance; and
• required periodic compliance attestations.

Additionally, all respondents monitored, reviewed and, when appropriate, archived messages sent through approved channels. Critically, however, none of the respondents monitored, reviewed or archived any off-channel communications.

Failing to Preserve Off-Channel Communications

All respondents cooperated with the SEC and proactively gathered relevant information from their personnel, including samples of off-channel communications. The SEC found multiple instances of off-channel communications that each respondent should have preserved. Notably, in most cases, supervisors and senior personnel had engaged in off-channel communications. Respondents failed to preserve a “substantial majority” of the relevant off-channel communications, according to the Orders.

Each respondent failed to implement a system or systems reasonably expected to determine whether its personnel were following its electronic communications policies and procedures, alleged the SEC. Additionally, while permitting personnel to use approved communications methods, including certain personal devices, respondents failed to implement sufficient controls to ensure their personnel followed their recordkeeping and communications policies.

See “SEC Penalizes Adviser for Failing to Preserve Off-Channel Communications” (Aug. 29, 2024); and “16 Firms Fined $81 Million in Latest SEC Electronic Communications Recordkeeping Settlements” (Apr. 11, 2024).

Impeding the SEC

Additionally, during the periods covered by the Orders, most respondents had received and responded to subpoenas or requests for information from the SEC. By failing to preserve off-channel communications, those respondents may have deprived the SEC of relevant communications in various investigations and/or impeded its ability to carry out its regulatory functions.

“In order to effectively carry out their oversight responsibilities, the Commission’s Examinations and Enforcement Divisions must, and indeed do, rely heavily on registrants complying with the books and records requirements of the federal securities laws,” said Wadhwa in the press release announcing the Orders. “When firms fall short of those obligations, the consequences go far beyond deficient document productions; such failures implicate the transparency and the integrity of the markets and their participants, like the firms at issue here.”

See “GameStop and the Challenges of Monitoring Communication Channels” (May 13, 2021).

Respondents’ Remedial Measures

Each Order credits the respondent with its efforts to comply with relevant recordkeeping requirements, both prior to and after being contacted by SEC staff, as well as its cooperation with SEC staff during their investigation. In fact, prior to the initiation of the SEC’s investigations, most respondents had voluntarily begun a review of their recordkeeping practices and a program of remediation. To that end, some:

• enhanced their policies and procedures;
• conducted additional training; and/or
• implemented new technological solutions.

See our two-part series on compliance training: “SEC Expectations and Substantive Traps to Avoid” (Sep. 23, 2021); and “Who Conducts the Training and Five Traps to Avoid When Providing Training” (Sep. 30, 2021); as well as our three-part series on tailoring a compliance program: “Why Fund Managers Should Customize” (Jul. 16, 2020); “What Fund Managers Should Consider” (Jul. 23, 2020); and “When Fund Managers Should Review and Update” (Jul. 30, 2020).

Self-Report by PJT Partners

After the SEC announced the Initiative, respondent PJT Partners LP (PJT) initiated a review of its recordkeeping policies and sought to enhance its electronic communications training and compliance efforts. It conducted an internal investigation and voluntarily reported its findings to SEC staff. Prior to its self-report, it had:

• implemented an application on employee devices for keeping messaging on-channel;
• increased training; and
• implemented an easy process for employees to onboard existing off-channel communications.

“In today’s actions, while holding firms responsible for their recordkeeping failures, the Commission once more recognized and credited a registrant’s self-report, demonstrating yet again that there are tangible benefits to be gained from proactive cooperation,” said Wadhwa, referring to PJT, on which the SEC imposed by far the lowest fine in this round of settlements.

See “Investment Adviser Avoids Civil Penalty Due to Self-Reporting, Remediation and Cooperation: True, False or Other?” (Jan. 16, 2025); as well as our two-part series “Why, When and How Fund Managers Should Self-Report Violations to the SEC”: Part One (Jan. 10, 2019); and Part Two (Jan. 17, 2019).

Specific Violations, Sanctions and Undertakings

Violations

Each respondent admitted the facts alleged by the SEC and that its conduct violated the federal securities laws. The Orders include the following charges.

Recordkeeping Violations

Each respondent registered as an investment adviser, with the exception of dual registrant Charles Schwab & Co., Inc. (Schwab), willfully violated Section 204 of the Advisers Act and Rule 204‑2(a)(7) thereunder. Each respondent registered as a broker-dealer willfully violated Section 17(a) of the Exchange Act and Rule 17a‑4(b)(4) thereunder.

Failure to Supervise

Each investment adviser respondent other than Schwab violated Section 203(e)(6) of the Advisers Act, which requires an adviser to reasonably supervise its personnel with a view to preventing violations of the federal securities laws. Each broker-dealer respondent violated Section 15(b)(4)(E) of the Exchange Act, which requires a broker-dealer to supervise its personnel reasonably with a view to preventing or detecting violations of the federal securities laws.

In each case, the respondent failed to reasonably supervise its personnel with a view to preventing or detecting certain supervised persons’ aiding and abetting violations of SEC recordkeeping requirements.

Although Schwab is dually registered as an investment adviser and broker-dealer, it was charged only under the Exchange Act. The Schwab Order also covers its failure to preserve approximately 330,000 text messages on firm-issued devices, which occurred when its telecommunications vendor enabled texting on such devices without Schwab’s knowledge. Schwab had self-reported that issue to FINRA in May 2021.

See our three-part series on the duty to supervise: “Recent SEC Enforcement Actions Claim Violations by Broker-Dealers and Investment Advisers” (Sep. 6, 2018); “Conduct Proper Trade and Electronic Communications Surveillance” (Sep. 13, 2018); and “Respond to Red Flags; Implement Reasonable Policies and Procedures; and Conduct Adequate Training” (Sep. 20, 2018).

Review by Internal Audit, Rather Than Compliance Consultant

In many prior settlements under the Initiative, the respondent retained an independent compliance consultant to conduct a comprehensive review of the respondent’s recordkeeping practices. In contrast, in each of the latest settlements, the respondent was compelled to cause its internal audit function to conduct such review, which must include:

• a comprehensive review of the respondent’s supervisory, compliance and other policies and procedures for ensuring it preserves electronic communications, including those found on personal electronic devices, in accordance with the requirements of the federal securities laws;
• a comprehensive review of its training on preserving electronic communications and periodic compliance attestations;
• an assessment of its surveillance measures for ensuring preservation of electronic communications;
• an assessment of its technological solutions for preserving electronic records, including:
  • the likelihood that personnel will use the solutions; and
  • the measures it uses to track usage; and
• a comprehensive review of its framework for addressing violations of its communications policies, including:
  • how it determines which employees have violated those policies;
  • its corrective actions;
  • evaluating who violated the policies and why; and
  • penalties imposed and whether they are imposed consistently across business lines and seniority levels.

The review to be conducted by broker-dealer respondents must also include:

• an assessment of its measures for preventing off-channel communications; and
• a review of its electronic communications surveillance routines to ensure approved communications on personal devices are incorporated into its overall communications surveillance program.

Respondents Schwab and Santander US Capital Markets LLC must cause their internal audit function to complete the review within 270 days after entry of the relevant Order. The remaining respondents have a full year. Each must certify its compliance with the undertakings to the SEC in writing. Unlike many prior off-channel communications settlements, none of the Orders requires the respondent to conduct a follow-up review or report the discipline it imposes for policy violations.

See our three-part series on best practices for employee discipline: “Developing a Framework That Fosters Predictability in the Face of Inconsistent Laws” (Feb. 8, 2018); “Investigating and Documenting” (Feb. 15, 2018); and “Ensuring a Fair Process” (Feb. 22, 2018).

Sanctions

Each respondent consented to entry of the Order against it, which covers conduct commencing on or about the date indicated in the following table. Each Order provides that the subject respondent(s):

• must cease and desist from committing or causing any violations of:
  • Section 204 of the Advisers Act and Rule 204‑2(a)(7) thereunder (investment adviser respondents other than Schwab); and
  • Section 17(a) of the Exchange Act and Rule 17a‑4 thereunder (broker-dealer respondents);
• is censured;
• must pay the fine specified in the table below; and
• must comply with its undertakings regarding internal audit review.

SEC Respondent(s)	Registrant Type[1]	Date Conduct Commenced	Fine
Apollo Capital Management, L.P.	IA	December 2019	$8.5 million
Blackstone Alternative Credit Advisors LP Blackstone Management Partners L.L.C. Blackstone Real Estate Advisors L.P.	IA   IA IA	December 2019 (all respondents)	$4 million   $4 million $4 million
Carlyle Investment Management L.L.C. Carlyle Global Credit Investment Management L.L.C. AlpInvest Partners B.V.	IA   IA   IA	December 2019 (all respondents)	$5.6 million   $1.7 million   $1.2 million
Charles Schwab & Co., Inc.	Dual	January 2020	$10 million
Kohlberg Kravis Roberts & Co. L.P.	IA	December 2019	$11 million
PJT Partners LP	BD	March 2021	$600,000
Santander US Capital Markets LLC	BD	January 2021	$4 million
TPG Capital Advisors, LLC	IA	December 2019	$8.5 million

 

For discussion of other settlements under the Initiative, see “SEC and CFTC Continue to Penalize Firms for Electronic Communications Recordkeeping Violations” (Aug. 17, 2023); “SEC and CFTC Penalize Broker-Dealers $1.8 Billion for Electronic Communications Recordkeeping Violations” (Oct. 27, 2022); and “JPMorgan Fined $200 Million for Failure to Maintain Electronic Communication Records” (Feb. 17, 2022).

A regulatory specialist and tax attorney have joined Proskauer’s private funds group. Nathan Schuur is a partner in the firm’s Washington, D.C., office, having previously served as counsel to an SEC Commissioner and in the Rulemaking Office of the Division of Investment Management. Christine Harlow is a tax partner in the New York office, where she brings more than two decades of experience in advising private funds, including hedge funds, private equity funds, hybrid funds, joint ventures and credit funds, on tax law issues.

For another recent addition to Proskauer, see “Patrick Dundas Is Newest Member of Proskauer’s Private Funds Group” (Dec. 5, 2024).

Schuur’s practice focuses on regulatory and compliance issues arising under the Investment Advisers Act of 1940 and Investment Company Act of 1940. He also advises clients on regulations surrounding the structuring and operation of funds, including:

• marketing issues;
• SEC examinations;
• adviser M&A;
• general partner (GP) stake sales;
• continuation funds; and
• stapled transactions.

See “Client Consent and Other Issues Requiring Careful Consideration by Fund Managers Involved in M&A Transactions” (May 18, 2017).

Before joining Proskauer, Schuur spent several years at the SEC. During his time there, he served as counsel to a Commissioner, where he provided legal and policy advice on rulemaking, enforcement, litigation and other matters, with a special focus on investment management issues. He also served as Senior Counsel in the Division of Investment Management.

See “SEC Investment Management Attorneys Offer a Roadmap to SEC Rulemaking and Public Comments” (Sep. 8, 2022).

As a partner in the firm’s tax department and a member of the private funds group, Harlow represents private fund managers in connection with the formation of private funds, ongoing operations and the tax consequences of purchasing and disposing of investments. She also advises investors with respect to the impact on their taxes of investing in private funds.

See our two-part series “Tax Considerations for Sovereign Wealth Funds’ Investments in Hedge Funds”: Part One (Sep. 8, 2022); and Part Two (Sep. 15, 2022).

In addition, Harlow’s practice includes structuring and negotiating seed and strategic investments, as well as advising private fund managers with respect to the sale of investment manager and GP entities.

See “Study Tracks Evolving Seed Deal Terms” (Aug. 18, 2022).