SEF Central 2024: Financial Firms in the SEC's Crosshairs Key Developments for Asset Managers, Broker Dealers, Private Funds and Hedge Funds

Check out this transcript from this Securities Enforcement Forum Central 2024 panel. Katten’s Danette Edwards introduced, and the participants were:

• John Sikora, Partner, Latham & Watkins

• Ann Gittleman, Managing Director, Kroll

• Anne McKinley, Assistant Director, SEC

• Leigh Shea, Managing Director, Charles Schwab

• Michael Diver, Partner, Katten Muchin Rosenman

  You can find the video on Docket Media’s YouTube channel here.

00:00 - 00:36

Danette Edwards: Welcome back everyone. The last panel of the day is Financial Firms and the SEC's Crosshairs. Key developments for asset managers, broker dealers, private funds, and hedge funds. Our moderator for this last panel is John Sikora. John is a partner at Latham and Watkins in Chicago. Prior to joining Latham, John served at the SEC for 16 years and was an assistant director in the Chicago regional office and in the Asset Management Unit of the Enforcement Division. We have Ann Gittleman next. Ann is a managing director and co-head of the North America Expert Services Practice for Kroll, based

00:36 - 01:14

Danette Edwards: in New York City. With over two years, two decades, I'm sorry, two decades of forensic experience, Anne has acted as an expert and neutral accountant on technical accounting issues in cases involving financial fraud, Ponzi schemes, SEC enforcement actions, and more. We have another Anne, Anne McKinley, next to her. Anne joined the SEC in 1999. She is currently an assistant director in the Division of Enforcement in the Chicago Regional Office. She previously served as an assistant director in the Complex Financial Instruments Specialty Unit and on the steering committee for the Division of Enforcement's Broker Dealer Task Force.

01:15 - 01:53

Danette Edwards: Leigh Shea, Leigh is currently a managing director and deputy chief counsel at Charles Schwab & Company. In that role, she leads the regulatory practice group and has primary responsibility over regulatory matters. Leigh began her career as an examiner for the Chicago Board of Trade after law school. We worked in the SEC's Office of the Secretary and then the Division of Trading and Markets, Office of Broker-Dealer Financial Responsibility in Washington, D.C. Last but not least is Michael Diver. Mike is a partner at Katten Muchin Rosenman in Chicago. Mike previously served as a supervisor in the SEC's Enforcement Division in the Chicago Regional Office.

01:56 - 02:32

John Sikora: All right, thank you. It's good to see so many friendly and a few not so friendly faces out there. Looking forward to talking today. We have a great panel, as you've heard. We're going to kick it off by starting with a topic that makes it hard for legal and compliance teams to sleep at night, which is the topic of systemic problems at a major financial firm. There are, I think the way this typically flows is there's a problem lurking, right? And from the legal and compliance perspective, of course your question is, is there a problem lurking . . .

02:32 - 03:17

John Sikora: in our systems I don't know about and I may not even have a great way of detecting. As we all know, the big firms rely on very sophisticated systems that are automating nearly every facet of their operations, which is, automation obviously has great efficiency benefits, but the flip side of automation is the catch, which is that a small problem that might have been a small problem in the old days and easily resolved quickly becomes a very big problem and one that you have to think of from an enforcement perspective and a regulatory perspective. Mike, starting with you and your experience, how do you think as outside counsel advising firms when they're looking at systemic and system-wide compliance issues, how do you advise your clients and What are the considerations that you touch on?

03:17 - 03:53

Michael Diver: Yeah, I mean, look, it's an interesting position to be in as a lawyer, as Lee and I discussed, because we're not technical experts. And a lot of it comes down to making sure you have the right people looking at the right issues very quickly. And I think we're going to get into today the 4530 process, self-reporting issues, when and how you do that, when you should start remediation, which in my view is immediately because one of the things that we counsel clients about is, okay, you have an issue, but you haven't disclosed it to the regulators . . .

03:53 - 04:30

Michael Diver: yet, they're not aware of it. You have this opportunity to actually create the record that will be potentially either the basis for a settlement negotiation or a Wells submission. So take that time and opportunity to create a record that's gonna put the firm in the best possible light. Lee and I have chatted extensively about this. The issue with these cases is, nine times out of ten, you have no idea how significant the issue is initially. And a lot of times it takes a long time for your IT professionals to get to a quantification of the issues. . . .

04:30 - 05:02

Michael Diver: I've done, I don't even know how many blue sheets and lopper cases, and a lot of the job is calling the SEC and FINRA and saying, look, we've got the root cause, but it's going to take a while before we can have a quantification and hear all the things that we're doing from a tactical standpoint. We've cauterized the issue. We've got a manual work around. But you've got to be patient with us. Give us additional time to quantify the issue so that we can come in and have an intelligent dialogue about it.

05:03 - 05:34

Leigh Shea: Yeah. I'll just add in there, Mike, this has been very humbling for me in-house that I imagine for anyone else in-house who felt this too. It takes so much longer than you think it should. It takes exponentially longer to run things to ground than you think it should. And I think that it's true at Charles Schwab and it's true elsewhere. It's an industry-wide phenomenon. It is a lot of people. It is a lot of systems. It's a lot of different things that you're looking at. And You, as an in-house person or as outside counsel, you want . . .

05:34 - 05:57

Leigh Shea: to go to the SEC or FINRA right away. You want to create that record and you wanna be on top of it, but in reality, it's really slow go. It is a slog. I mean, it's a lot of work to sometimes run these things down. And having that perspective, I think, is critical when you're advising your clients. Because just being told to get you the answers is not helpful.

05:58 - 06:32

Michael Diver: And John, you raise the point about the trend. I have the pleasure or lack thereof of being one of the people who've done more large option position reporting cases. I'm sorry to be talking about this before a cocktail party, but here we are. Lopper cases, it's trade reporting, it's basic stuff. But you know what, someone goes in to make a patch or a fix on a system and lo and behold, some field is thrown off and it's not detected for three months, even though it's one issue, one field may not be really material from a surveillance . . .

6:32 - 07:18

Michael Diver: standpoint. Lo and behold, you're staring at a huge exception count and really big numbers, like the many millions of dollars that are at stake in these cases. It's really changed significantly. So those are the obvious cases, you know, LOPR, EBS, CATS, but there are other cases that we're seeing with advisors. Systems not capturing certain critical information about their advisory clients. E-comms, one of the cases that was just announced, there was a fix put in place to capture e-comms by one firm. They didn't do it. Someone forgot to flip the “on” switch to use my brilliant legal description. And lo and behold, you're staring at a very material exposure.

07:20 - 07:52

John Sikora: But, Leigh and Mike, what do you think about the strategy considerations about when to surface when you have a systemic problem, right? So you obviously want to surface as soon as you can to get the maximum amount of credit, but you can surface too soon, right? Where you don't really have the problem scoped and you're coming in with essentially half a loaf and a fairly chaotic presentation of the facts where the staff might get that much more intrigued and maybe even aggravated with the registrant, with the way that the registrant's handling it. How do you think about that strategically?

07:53 - 08:27

Leigh Shea: So I think that's actually very dangerous to rush in. I think you're better off if you're willing to pull back and spend the time and the energy needed to run something all the way to ground. I know we're talking about thinner rule 4530(b) and when you have to report into that, but that has a 30-day clock, right? That doesn't start until after a materiality assessment has even been made. So maybe you're operating under that, but some regulators, the Fed, the CFTC, other regulators have 24-hour notice provisions, right? So what entity did the issue occur at?

08:27 - 08:48

Leigh Shea: And do you have other reporting obligations that supersede maybe FINRA or the SEC. And one thing to think about, and I'll turn it to you here, but even if I call FINRA, even if I give my friendly risk coordinator a ring, that doesn't satisfy any obligation I have to you. That's true.

08:50 - 09:25

Anne McKinley: And before I say anything more, please let me just do the disclaimer so I can make sure that I've done that. I'm providing my remarks today in my official capacity as assistant director in the Division of Enforcement. Nothing I say reflects the views of the commissioners, the commission, or any other member of the staff. And with that, I mean, it is true. I know we'll get a little bit more into the whistleblower program, but we do have whistleblowers that are coming to us on a regular basis. We do actually look at those tips, even though there . . .

09:25 - 09:57

Anne McKinley: are a huge number of them coming in. And if we get a whistleblower complaint and say we open an investigation and we do a lot of work on that investigation you may not know that. You may not know that we already have the investigation open. We may not communicate with you yet and so then if you come in and ask for cooperation credit the amount of time that we've already spent on the investigation could impact your ability to get as much cooperation credit as I think many people ask for, as I'm thinking I deserve.

09:57 - 10:45

Michael Diver: I want to answer John's question, but Anne, one of the things that we're wrestling with right now is a trade reporting case where it's clear we have to go to FINRA. And the client is asking, well, should we go to the SEC as well? And I think they would prefer not to. All due respect, Anne, to the agency. But I think we're coming out in a place where look, there's gonna be awareness, why not just touch both bases and handle it that way. But have you had cases where, or has the Commission, let me put it this way, Has the Commission had cases where a registrant has reported into FINRA, the SEC's gotten interested, and the SEC has at least credited the fact that there was a report to FINRA and not necessarily the SEC?

10:45 - 11:21

Anne McKinley: So I think it depends a little bit on the facts and circumstances. I could see a situation where there's a report into FINRA, but we've already opened our investigation. That could impact, I think, when someone comes and says, well, we should get full cooperation credit. We've already been doing things, and you didn't report to us, and we weren't aware of the report to FINRA. Maybe that could impact things. On the other hand, if you come to both of us at the same time, we're going to talk. We aren't going to just hole up in our silos and say,

11:21 - 11:40

Anne McKinley: well, FINRA do what you want, SEC do what you want, and not speak to each other. So, from my perspective, I personally would rather get the self-report, the communication, hey, we're also talking to FINRA at the same time, here's the person, and I'll pick up the phone and I'll call you.

11:40 - 12:12

Michael Diver: Yeah, yeah, yeah. But John, to your question about, I agree with what Lee just said. Coming in too early can really backfire. It really can, and when I was at the agency, I had that feeling like, wow, you guys really may not know what you're doing, sort of thing. That's not the impression you want to lead. So What I typically advise clients is, look, at least have the root cause down. At least have the root cause down and couple that with the plan. Here's what we're doing. Here's why we don't have the full story

12:12 - 12:28

Michael Diver: because this takes a long time. There are so many people that have to touch this before it's quantified and remediated, but at least have roots cause, have a cogent plan, and be prepared to offer, you know, probably numerous status calls.

12:28 - 12:53

John Sikora: Yeah, and this is probably best directed to Mike Lee, it's probably unfair to ask you this, but you know when you're dealing with these situations right with your client the very same people you're going to to identify the root causes right are also asking themselves the question what does this mean for me right where do individuals have exposure in these cases? How does that come about from what you've seen and how would you advise the people you're working with in these situations?

12:54 - 13:29

Michael Diver: Yeah. So that's where you get into some obviously very thorny questions because we generally represent the firm. One of the challenges with these cases is you have so many people touching the function. The business needs the functionality, they've asked for it, IT has developed it and tested it, Ops is actually using it on a day to day basis, audit is coming in and looking at it periodically, and then compliance is asking, is there to field compliance questions? And a lot of times we'll come in and it's people in good faith. I'm not saying sort of CYA, . . .

13:29 - 14:06

Michael Diver: people in good faith are saying, well, sort of I thought, you know, what I heard compliance saying was that we didn't have to configure it this way or the specs for purposes of developing the product weren't clear, so IT didn't interpret it properly. And that's a long way of saying 1 of our primary defense approaches to these cases is, look, we acknowledge we have an issue, but it's an institutional issue. You really can't fairly single out any individual in this process. You know, there are exceptions. You know, You're obviously looking when you're trying to identify root . . .

14:06 - 14:34

Michael Diver: cause, one of the things that you should be looking at is were there red flags of non-compliance? And if unfortunately there's someone who had unique information, isolated information about a red flag, then you may be in a circumstance where, you know, hopefully John, Latham would call me at Kattten and say, hey, we've got someone that, you know, that needs representation. And I assume that presents special challenges for in-house counsel as well.

14:35 - 14:48

Leigh Shea: Yes, because typically we're representing the firm, so just like you, and then you have to do that same analysis and decide whether you have to consider an Upjohn warning, and then you have to also consider whether your interests are still aligned.

14:49 - 15:27

John Sikora: Yeah. Yeah, absolutely. And hopefully keep it to more of an employment issue and not an enforcement issue, right? Right. Yeah. Even where somebody may not have been at their best. All right. Well, why don't we... We're going to spend a little bit of time talking about Regulation Best Interest. We are very fortunate that we have Anne McKinley on this panel because she's actually one of the foremost enforcement experts on Regulation Best Interest. But we've asked, Anne's going to walk through a little bit of the cases that have been brought to date, and just to give us the lay of the land there, and then we'll have some questions for the rest of the panel on the kind of the implications of those cases and questions that are coming out of the cases that have been brought to date.

15:28 - 16:20

Anne McKinley: Sure, thanks, John. So, Reg BI has been, continues to be a significant priority for enforcement. And just as a reminder, a refresher for everyone, the compliance date for Reg BI is June 30th of 2020. So since that time, we have filed a number of enforcement actions. And they started really in 2021 with the Form CRS cases. And we filed a number of those in 2021, 2022. Then I think last year, and especially really the last 12 months, there have been a lot of additional actions focusing more on the component obligations under Reg BI. That would be the care obligation, the compliance obligation, the conflicts of interest obligation, and the disclosure . . .

16:20 - 17:10

Anne McKinley: obligation. So the types of cases that we have filed have ranged from an action against a firm for failing to implement and really have reasonably designed policies and procedures under Reg BI, which implicated the conflicts of interest and compliance obligations. We've taken action against a firm for failing to disclose the lower cost share classes of affiliated investments that were available in one of their products but not another, which implicated several of the obligations. We've taken action under the conflict of interest obligation for a failure to really fully disclose a conflict in recommending that investors transfer securities . . .

17:10 - 17:34

Anne McKinley: from a registered entity to an affiliate that's not registered. And then actions related to the care obligation and against both firms and individual registered representatives for failing to exercise reasonable diligence, care and skill, to understand the investment and then make particular recommendations to their retail customers.

17:35 - 18:07

John Sikora: And sort of for the rest of the panel, on the Reg BI cases so far, just to get your sense of it, so you can read, say, the Key Investment Services case, where you have a dual registrant, an advisor and a broker dealer, and the charges in that case are both Reg BI and then undisclosed conflicts of interest using 206-2 under the Advisers Act as the hook there, right? What's your sense about whether there's any daylight, really, between Reg BI and the duties that we see the commission enforcing under the Advisers Act?

18:07 - 18:44

Anne McKinley: So Reg BI really goes more to the broker-dealer business and so, I mean there are some similarities but there's a very specific standard. Scienter isn't a part of Reg BI so we're not needing to prove intent. And then under the Advisors Act, depending on the particular provision, there may be a scienter component. But if it's a dual registrant and dually headed or individuals on both sides of the house engage in similar or the same type of conduct, both acts are in play.

18:44 - 19:20

Michael Diver: Right, It's interesting, I read the first Horizon case that was just announced. Of course it involved structured product. It just seems like defense lawyers should send their business cards to everyone who's selling structured product. But it mirrored a case that I had coming out of the credit crisis with Peter Chan, who I thought I saw a little bit ago, and basically it was a suitability case. And I don't see a huge difference between Reg BI, and I don't know if you see a big distinction, with respect to a broker-dealer suitability obligation and their BI obligation. It

19:20 - 19:33

Michael Diver: seems like the factors are all the same. Maybe it's a little bit more prescribed with BI, but it sort of feels like it's suitability kind of supercharged maybe.

19:33 - 19:40

Anne McKinley: I think Trading and Markets would probably not want me to answer that question in the affirmative.

19:40 - 20:29

John Sikora: Yeah, this is where the disclaimer is extremely useful. Yeah. Okay, so let's move on to the elephant in the room, off-channel communications. This discussion will be on-channel. The commission keeps plugging along, right? So it's, you know, first they came for the broker-dealers, then they hit the investment advisers. Most recently we saw a sweep of municipal advisors, right? I don't know what's next. I was joking with the panel, maybe the transfer agents. So, get ready if you work for a transfer agent. But you can see that these cases are getting a lot of attention for obvious reasons and the recoveries are, you know, in the aggregate, quite significant. Anne McKinley, do you wanna just walk us through just an overview of the cases today and then we'll have a discussion of those?

20:29 - 21:28

Anne McKinley: Sure. So for anyone who is not aware of it, since about December of 2021, the Enforcement Division has been doing an ongoing sweep of regulated entities for compliance with the record-keeping requirements. The actions have ranged from broker-dealers to investment advisors to duly registered firms, credit rating agencies, municipal advisors, pretty much I think everybody, except maybe transfer agents so far. But we've charged at this point 90 firms, a little over 90 firms, that includes their affiliates. And there've been about $2 billion in civil penalties so far. There were another dozen cases announced over the last couple of days. And in each of the cases, the firms admitted the conduct that violated the federal securities laws. They agreed to make improvements and agreed to certain undertakings.

21:29 - 22:06

John Sikora: Yeah and thanks Anne that's a that's a great summary and it's a scary summary right I mean this is this is really prevalent and these settlements all follow the same form. As Ann said, everybody's admitting the violation, right? So you don't get the comfort of neither admit nor deny. When you're on the enforcement side, it was actually funny the first time I ever got a call about a non-negotiable eight-figure settlement demand as the first outreach. But that happens in this space. The cases for as many, I think, you know, as much attention as they get, . . .

22:06 - 22:40

John Sikora: they raise a bunch of questions. We get countless questions on the defense side, you know, questions like, what is a required record? You know, what do we do when off-channel communications come to light, even for, say, one person? And then, you know, another one, what's the magic bullet, systems-wise, right, that can protect the firm, you know, capturing the off-channel communications well enough to satisfy the Commission's concerns about the, you know, the adequacy and implementation of the systems. So maybe starting with Mike, what's your perspective on how you deal with those questions as you encounter them?

22:41 - 23:20

Michael Diver: First of all, hearing those statistics, I think we can all agree as a room that the SEC's done enough and maybe should stop with the off-channel cases? Maybe show of hands on that? So we have had clients all over the board on this issue, meaning clients in the original sweep, the big bank sweep. We've had regional clients, IAs and BDs in the follow-on sweep. And then we have another sort of group of clients who haven't been contacted yet. And they're the people who are really scared and trying to figure out what to do. And it is

23:20 - 23:54

Michael Diver: to me, I know John, you're gonna talk about Commissioner Peirce and Uyeda's dissent today, but I really think they struck a chord at least with me about how hard it is to achieve compliance with this, given the number of different communication platforms and technologies that exist there today. There really is no silver bullet, as far as I'm concerned. We have advised clients a few things. Number one is, this isn't going away. Even if the commission were to move on to a different topic, one of the things we wanted to tell people today is FINRA has now . . .

23:54 - 24:33

Michael Diver: picked up the mantle with a pretty robust examination suite into all things off-channel. Basically following the orders and the undertakings in the orders, all the various areas where compliance comes into play. And now they're out there examining firms who have presumably not been in the sweep but may end up being in the crosshair. So it's a virtual certainty that the issue is gonna arise if you haven't been contacted by a regulator yet, whether it be through a whistleblower complaint, which we have one client, we suspect that's an issue, whether it just be through responding to . . .

24:33 - 25:14

Michael Diver: a document request, either an examination request or a subpoena in civil litigation, you may realize doing custodial interviews that someone has been using their personal phone to communicate about firm business. So we've recommended that people do something. And what we've done, there are really two paths I think our clients have taken. One is we think we have this problem. Pretty good sense we've got this problem. We're not going to go do what the Commission and the CFTC did by grabbing 20 phones and imaging them and pouring over text messages to determine, you know, what's a business

25:14 - 25:59

Michael Diver: communication, what's not. Let's, you know, let's let that lie, but let's pick up everything else that the Commission is focused on. And I think the one silver lining for these cases is the undertakings really give you a roadmap of what the Commission wants you to be focused on. Everything from technology, policies and procedures, supervisory activities, discipline, I know in direct communications with the staff that is a big focus. What are you doing when you find out that people have been communicating off-channel. And surveillance, what are you doing in terms of your algorithm or program to . . .

25:59 - 26:57

Michael Diver: identify off-channel communication? So we've worked with a number of clients to devise a program that would allow them to get some comfort and do a gap analysis. Other clients are really, have said, well look, we may self-report, but regardless, we wanna know how big this problem is if we have it. And so we've had several clients, IAs and BDs, say, Mike, basically let's replicate the SEC, CFTC process. So you grab the 20 phones, you image them, talk to your senior level people about their privacy rights not really mattering and then you go through that process of okay here's your percentage if the SEC and CFTC come calling here's sort of how we think you would fall in precedent and here's what we think you need to focus on in terms of remediation. Part of the reason why I agreed to join this panel is because I really wanted the Latham playbook, John.

26:58 - 27:00

John Sikora: You've done a good job of explaining the Latham playbook.

27:00 - 27:01

Michael Diver: What is Latham doing?

27:01 - 27:36

John Sikora: No, so we get the same kinds of questions, right? And do you want to go and replicate the SEC's process, right? To scope out the problem for yourself. There's a lot of risk there, right? I will tell you that our experience has been that many, many of our clients start off with a belief that there's no way they have any real issue. Everybody swears up and down, no, never, never, never, never. And then you actually look at people's phones, almost everybody's gonna have something. So you're gonna have a flavor of the issue and you should know . . .

27:36 - 28:07

John Sikora: that going in. If you go down the route of, all right, we're going to grab phones, scope out the problem, you are very likely committing yourself to resolving an enforcement action, right? So an enforcement action that may never have come, if let's say the Commission moves on, this becomes less of a priority, whatever the case may be. So you have to think about that risk, right? I agree like doing things prospectively to make sure your systems are where they should be, your monitoring's appropriate, you've got appropriate disciplinary, both the way that your disciplinary matrix is written . . .

28:07 - 28:41

John Sikora: up, but also how it's applied, even handedness, that sort of thing. Those kinds of things, that's easy. Do that. That's going to look good. It may not be everything, but it's something, and it's something that could be valuable. I do want to touch on this dissent that Mr. _________ was talking about in the catalyst case. This is truly breaking news. You guys are so lucky to be here. This literally came out this morning. This morning, the two Republican commissioners, when they announced a sweep of, a new sweep of off channel communications cases, the two of the . . .

28:41 - 29:14

John Sikora: Republican commissioners wrote a dissent and they said, and it was about the catalyst case, Q-a-t-a-l-y-s-t. And what they said is, we think we've gone, I'm paraphrasing here, but we think the commission has gone too far with these cases, right? In the catalyst case, catalyst self-reported, you know, roughly speaking, had a small version of the problem, right, and was credited with, they were not fined. They did not get an order to pay a penalty. But when you look at the language of the order, what the commissioners, the Republican commissioners were saying was, it looks like the Commission, . . .

29:14 - 29:49

John Sikora: the standard is perfection, not reasonable. Policies and procedures reasonably designed to avoid an issue. So the language from the order is that Qatalyst failed to implement sufficient monitoring to ensure that its record keeping and communications policies and procedures were, and this is the word, always being followed, right? So an exception to that was deemed worthy of an enforcement action. And so I thought it was a very, I thought it was a well done dissent. Yeah, obviously, you know, it's just a dissent, right? So you can't take that to the bank. But you know, it really is, . . .

29:49 - 30:20

John Sikora: you're starting to see more and more pushback with the idea that the Commission may have gone too far with this. In the end, when you hear the numbers, billions of dollars really over record-keeping violations, there's an argument that they aren't even like all that significant, right? So that's a lot for the Commission to be getting out of cases that really don't amount to anything of great substance necessarily, but I know they want to send a message. I think there's an argument, message has been sent and received, right?

30:20 - 30:24

Michael Diver: And so that's why I think they should stop. I mean, Ann, I don't know if you could talk to some people, but...

30:26 - 30:26

Anne McKinley: All right.

30:26 - 30:27

Michael Diver: No comment.

30:27 - 30:56

John Sikora: Let's move. I've got... We want to hear from Leigh first on self-reporting and cooperation credit. We're going to start with the FINRA context, which as Leigh alluded to before, it's pretty different than the SEC context. The SEC doesn't have a rule saying you have to self-report. It's maybe the unspoken or unwritten rule. But FINRA comes at it from a different angle. Leigh, why don't you, if you could, just walk us through the way you think about self-reporting from a FINRA perspective. . . .

30:57 - 31:38

Leigh Shea: Sure, thanks, John. So FINRA rule 4530(b), which applies to broker dealers and other FINRA registrants, requires firms to report conduct that is widespread or potentially widespread with an impact to the firm, its customers, the markets, conduct that arises from a material failure of the firm's systems, policies, procedures. So you get the idea. Pretty much anything can get swept up under 4530(b). A lot of firms, Charles Schwab is one, I think many of our peer firms would look at this similarly. We have a committee in place. It's mostly compliance and legal. We rely somewhat on the business . . .

31:38 - 32:15

Leigh Shea: to surface the issues. We don't know everything that's going on out there. And so you're relying on your partners to bring forward issues for your consideration, and then the committee is charged with determining whether or not one of these triggering aspects of Federal Rule 4530(b) has in fact been triggered and whether to self-report. I think, I mean, I'm sure everyone knows, but if you self-report something, you're basically buying yourself a cause exam, and you're also most likely buying yourself an enforcement action. So, to the conversation we were having earlier, you want to be really buttoned up. . . .

32:15 - 32:34

Leigh Shea: You don't want to go in there with a 4530(b) report that's not fully done, because that's where you could really walk into something, but you only have 30 days. There's a clock. So you're up against the clock, you need to figure it out, and you need to really have your arms around what's going on. . . .

32:35 - 33:04

Michael Diver: Yeah, in my experience on the outside, the one thing I've observed is perhaps Schwab is really, really buttoned down on this. But we have other clients where everyone is so focused on the issue. Like, we've got to understand this. We've got to fix it. We've got to figure out if our people did something wrong, that sometimes 4530 falls off the list and then at some point late in the game, someone says, well wait a minute, should we've reported this or do I need to report this? I don't . . .

33:04 - 33:35

John Sikora: know. The saving grace though is that if you ever read the 4530 and then they have, if someone has an FAQ where they say, the exceptions basically swallow up the rule practically. You have to determine that it's truly a material issue, right? You know, market impact, that sort of thing. So usually when you get into those, and we've had those, you know, say tense, if not panic situations, those kinds of calls, you look at it and you're like, I feel good. If they ever ask why we didn't report it sooner, we go right to their FAQs. . . .

33:36 - 33:57

Leigh Shea: And I think documentation here is key, right? So if you complete the analysis and determine that it's not reportable, you want to have that well documented as well. So it's both sides. It's not just walking it in needs to be well done, but the alternative where you have examined something and determined that it should not be reportable, that also needs to be well documented.

33:57 - 34:30

Michael Diver: So I don't want to get into Schwab internal workings, but one of the issues that I've run into is disagreement. Let's just hypothetically say someone in a senior capacity on the business side really doesn't want to self-report, and you've got legal and compliance people saying, you know, this appears to be something that we've got to put in. Do you guys, are you aware, hypothetically, of any sort of voting system or process to break that deadlock?

34:31 - 35:21

Leigh Shea: Thank you. So largely we think about it with legal and compliance being your voting members and the business is not voting because it really is a compliance obligation. 4530 puts the burden on the firms from a compliance perspective. And just what I would say anecdotally is, you want healthy challenges. I mean, you don't want to walk into a room to make this decision, and it's like, yeah, we're all voting yes. Why are we here? I mean, you want to have a conversation, and you want to have a material conversation about the factors in the rule, how they applied to the situation. And it's OK to have a disagreement. I think not having a disagreement, honestly, can be a little odd. You want to all be using your best professional advice when making this decision. Because it is an important one. It is an important decision.

35:21 - 35:29

Michael Diver: Particularly when you oftentimes, if not all the time, have incomplete information about the issue. It's generally not black and white.

35:30 - 36:46

John Sikora: Let's turn to Anne Gittleman for her perspective on Rule 21F. So just to set this up, there are whistleblower protection rules that the SEC has in place, and those protect whistleblowers when they're reporting to the SEC. And part of that is the rules say that you can impede a whistleblower by having essentially an overly restrictive confidentiality requirement. But over the last few years, the Commission's view of what it means to impede a whistleblower by the agreements you have with your employees, for example, has evolved. So it's, well, if you by agreement are waiving the right to a whistleblower award. The SEC says that's impeding a whistleblower. That's a theory they have and you can see it in the settlements. We can fight behind the scenes with the staff about that, but that is where they've landed. That's a tried and true. But more recently, for the longest time, all these cases were about agreements you have with your employees, right? And more recently the SEC expanded the scope of in these 21F cases and, Ann, over to you with an update.

36:47 - 37:33

Ann Gittleman: No, that's great. Thank you. That's exactly right. In the past, and I don't wanna say just the past, currently there are cases that the SEC has brought regarding those employment sort  of restricted covenants and employment contracts to prevent employees to come forward to the SEC when there's violations of the Securities Act. And recently, I think earlier this year, there was a case brought against JP Morgan, and there was a settlement of, I believe, $18 million for whistleblower protection violations and so that case is a bit different than the prior cases that the SEC has brought on . . .

37:33 - 38:20

Ann Gittleman: 21F, because it didn't just relate to, like in the past, employment agreements, it relates to their agreements with their clients. And so in this particular case, It was the first one that we've seen where they were looking at the agreements that JPM had with its clients and basically specifically looked at agreements between March of 2020 to July of 2023 where JP Morgan asked clients who received a settlement of more than $1,000 to sign agreements that required them to keep confidential all underlying facts relating to the settlement. The SEC said that at least 362 clients had . . .

38:20 - 39:30

Ann Gittleman: signed off on such releases since 2020, each receiving amounts from $1,000 to $165, 000. The SEC alleged that while the confidentiality agreements allowed the clients to respond to inquiries from regulators, it did not permit those clients to voluntarily contact the SEC and other regulators to report potential misconduct, which is in violation of the plain language of 21F. So definitely a deviation from the prior cases that has brought in this space. And more recently, the SEC charged a broker-dealer nationwide planning and two of its affiliated investment advisors with violating the same Rule 21F for whistleblower protections and in that case it was sort of similar fact to the JP Morgan case where there was, the client agreements were at issue similar to the JP Morgan matter.

39:31 - 40:21

John Sikora: That's great. And I mean, just for dealing with the staff on these 21F cases, which I've done a lot of especially over the last year, the staff has gotten super, this could be said of almost every subject we're talking about, staff's gotten very aggressive, right? And their view now is that even if the real issue is that there's a risk that somebody could be confused about whether they are able to blow the whistle or not, that is a form of impeding a whistleblower. Again, I think that's about as far as you could go with it, but we're hearing that behind closed doors when we're dealing with the staff. All right, in the remaining time, I want to just touch on an issue that surfaced relatively recently in the enforcement context involving the duty of care and investment advisors. Mike, do you want to just kick this off?

40:21 - 40:58

Michael Diver: Yeah, so you may have picked up on the number of bank deposit sweep program cases that have been brought. A number have been brought and announced. It actually started with the ShareCat class initiative, and it morphed into this bank deposit sweep. And now we have good intel that there are a number of cases ongoing right now with big banks and these sweep programs are as they suggest which is you have an advisor, a number of clients, the clients may have idle cash in their accounts and the advisor will sweep the cash oftentimes into an affiliate bank. . . .

41:00 - 41:40

Michael Diver: And the benefit to the advisory client, of course, is interest is earned on the money in the program, whereas it would just be sitting in the account, not earning any income. And the staff has really attacked these cases recently, those structures. And one of the main thrusts of the enforcement theory is duty of care, and it arises in several cases. One is sort of a, it's almost like a reverse churning theory where the staff looks at the amount that's deposited into these programs where the advisor's still charging an advisory fee over it and saying, you really . . .

41:40 - 42:18

Michael Diver: shouldn't be doing that. You're not doing anything to earn that fee. That, to me, I'm not so sure that's a duty of care issue per se, but the supervision over that, the monitoring of the percentage of money that's sitting in the accounts is a duty of care issue. So what surveillance did you have? What triggers did you have in place to ensure that John Sikora's account only had, what, $100 in cash for nine months or whatever. That's duty of care. Permitting cash to sit in the accounts for too long and then failure to consider, one of . . .

42:18 - 43:15

Michael Diver: the primary ones, failure to consider other alternative investments. So other cash equivalent investments that may have been earning higher yields. What were you doing on an ongoing basis, do you care, to evaluate your suite program versus a money market fund or whatever else may be out there? And in having direct conversations with the staff, they've cited a couple of releases in support. It's releases and settlements, which always raises the antenna, like no statute or case law. There was a commission release and interpretation in 2019, and then the staff just recently in 2023 came out with an additional statement and commentary on the duty of care. So John, let me ask you, does this theory hold water?

43:15 - 43:42

John Sikora: It absolutely doesn't and I fought the law and the law has not won on this one. So I would tell you that if you go to the statute book you're not going to see a violation of the duty of care spelled out anywhere right. They are implying that into when it comes to investment advisors they're trying to imply that into the anti-fraud provisions right. You've got 206-1, 206-2 those say you know you have to you know just close material facts to your advisory clients. What the SEC is saying is, if we think you have a problem

43:42 - 44:08

John Sikora: and that you weren't acting in the best interest of your client, there's nothing you can do to disclose that problem and solve it, right? That is not solved by disclosure. You just, in our view, you didn't act in the best interest of your client. You didn't, you know, put the cash in the highest, you know, income generating vehicle or whatever the case may be. You could disclose till the cows come home and it's not going to protect you because we've got you on a duty of care. And they're trying to turn that into an anti-fraud type . . .

44:08 - 44:58

John Sikora: of charge. The problem that the staff has is that there's no deception. Everything under the Advisers Act turns on disclosure. The staff would like it to be a little different than that, right, because that gives them an opportunity to bring all sorts of cases they might not otherwise be able to bring, but it doesn't really fly, right, because if you make appropriate disclosures of what you're doing, right, that should be protective of a claim under the advisors act for not disclosing all that you should to your client. So I think it's really that you're seeing the staff and the commission trying to morph this duty of care into more of, it's a claim that you could never defend against successfully, right? If they say that the advisor didn't act in the best interest of the advisory client, they're done. They can establish that and they're done. It doesn't matter what you disclosed, they're off the hook. It does not work as an anti-fraud charge.

45:00 - 45:01

Michael Diver: I hope you're taking notes.

45:01 - 45:02

John Sikora: Yeah.

45:04 - 45:04

Michael Diver: That's good.

45:04 - 45:13

John Sikora: All right, I think we're out of time. But we'll be back there sipping sasparillas and answering every question you guys have. Thank you.

45:15 - 45:15

Michael Diver: All right.

45:16 - 45:16

Leigh Shea: All right.

45:22 - 45:55

Bruce Carton: Thanks so much, John. Great job. And thanks to the panel for bringing us home. That is our last panel of the day and a great way to wrap this event up. I'd like to thank the 27 world-class consulting and law firms that helped participate here today, including our lead sponsors, Ankara Consulting and Foley & Lardner. And a special thank you to Jonathan Draghi and Jim Lundy for all of your help. Thank you. And thank you all to all the panelists and for everybody for being here with us today.