According to a February 10, 2026, decision of the U.S. District Court for the Southern District of New York, documents created by consumer AI-generation programs are not protected by the attorney-client privilege. In the case, a criminal defendant had generated multiple documents using the AI tool Claude prior to hiring his counsel, then gave those documents to his counsel in the course of seeking advice.

The court’s analysis recited the elements necessary to establish the privilege, namely, (1) communications, (2) among only privileged parties, (3) made for the purpose of providing or obtaining legal advice. The judge then held that the privilege was lost when the information was shared outside of the attorney relationship because it was shared with the third-party tool, ie., Claude, which did not maintain confidentiality. Claude’s disclaimer made it clear that users should not expect confidentiality of the information. Claude’s Privacy Policy also explains that prompts – questions entered by consumers – may be disclosed to regulators and can even be used to train the AI model.

The court also held that the documents were not protected as work product. The work product doctrine protects (1) legal work product, (2) discussing legal strategy, (3) prepared by or at the direction of legal counsel, (4) in anticipation of litigation. The court declined to classify the reports as work product because the AI reports did not contain or reference the legal strategy of counsel, and in any event neither the defendant nor Claude were working at the direction of counsel.

The most important conclusion to be drawn from the case is that use of consumer AI tools is inconsistent with the confidentiality requirement that underpins both the attorney-client privilege and the work product doctrine. Despite the ruling, AI prompts using programs that maintain confidentiality and are not used for AI training, may still be protected under one or both doctrines, as would the resulting reports. The work product doctrine, in particular, would seem to apply if counsel directed the client or other person to enter the prompts. In that situation, the attorney’s request should be well documented in order to maximize the possibility of preventing disclosure as work product. The reports should be shared only with counsel, at least until such time as counsel permits further disclosure.

Finally, in a litigation setting, privilege logs should be kept clearly denoting the basis for the privilege and that the AI tool was used with the expectation of confidentiality. The entry should also state that the communication reflects legal advice from an attorney or that the work was done at the direction of counsel, or both.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post AI-Generated Documents Are Not Subject to the Attorney-Client Privilege, Court Rules appeared first on RIA Compliance Blog.

The Marketing Rule prohibits the use of third-party ratings in advertisements unless the adviser has a reasonable basis for believing that any questionnaire or survey used in the preparation of the third-party ratings meet certain criteria, and that either the rating or the adviser discloses certain information related to the ratings.

The Division staff found that advisers used several methods to show that the third-party ratings in their advertisements complied with the due diligence requirement. The Risk Alert gave examples of (1) reviewing publicly disclosed information about the methodologies of the third-party surveys; (2) retrieving any surveys used in the rating’s creation; and (3) seeking the rating agencies’ disclosures of the surveys’ design, structure, and administration.

The Commission also found, however, several advisers who failed the due diligence requirement. According to the Risk Alert, these advisers had failed to (1) develop policies and procedures for satisfying the due diligence requirement or (2) otherwise take steps to meet said requirement, such as reviewing surveys used in ratings preparation.

Commission staff also found several advisers who used third-party ratings in their advertisements without making sufficient clear and prominent disclosures, as required. The Risk Alert gave the following examples:

(1) Advisers whose advertisements linked to third-party websites containing ratings of the advisers without the required disclosures.

(2) Advisers whose advertisements included third-party ratings without clearly and prominently displaying the date on which the ratings were given and the time period upon which they were based. The Risk Alert highlighted cases where the third-party ratings referenced a range of years when the adviser received said rating, while the adviser listed years in which the rating was not received.

(3) Advisers whose advertisements contained third-party rating logos but did not clearly and prominently identify the third party that created the ratings.

(4) Advisers that paid, directly or indirectly, for the third-party ratings without properly disclosing such. The Risk Alert gave examples of advisers who paid third-party agencies for ratings but reprinted or linked to the third-party rating without disclosing the payments. Specifically, advisers did not disclose that payments were made for “(1) the use of the third-party rating providers’ logos or reprints of the ratings; and (2) the advisers’ priority placement in the third-party providers’ advertisements or for upgraded or enhanced exposure.” Advisers also failed to disclose payments for referrals through the third-party agencies’ linked websites.

(5) Advisers that had paid to be considered by third-party agencies but failed to disclose said payments in advertisements using the third-party ratings.

(6) Advisers who failed to make their required disclosures in a clear and prominent manner. The Risk Alert gave examples of advisers who used hyperlinks, used smaller fonts, or placed disclosures out of context from the ratings.

The various observations and examples given in the Risk Alert highlight the importance of full compliance with the SEC Marketing Rule.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post SEC Issues Risk Alert Regarding Third-Party Ratings appeared first on RIA Compliance Blog.

In the Risk Alert, the SEC staff observed adviser advertisements containing testimonials or endorsements that failed to provide one or more of the required clear and prominent disclosures. This includes whether the promoter, the person providing the testimonial or endorsement, was a current client, was a current investor in a private fund advised by the investment adviser, was paid cash or non-cash compensation, or had a material conflict of interest. The Commission found cases where the disclosures were made but not in a clear and prominent manner, as the disclosures were made via hyperlink or made in smaller or lighter font than the associated testimonials and endorsements. Commission staff also noted cases where advisers incorporated client testimonials or endorsements on third-party websites onto their own websites without adding sufficient disclosure. Finally, SEC staff observed advisers that compensated clients to write reviews on third-party websites without having basis to reasonably believe that the promoters complied with the disclosure requirements for paid testimonials.

The SEC staff continued to find advisers that had not disclosed material conflicts of interest resulting from the advisers’ relationships with the promotors and/or their compensation arrangements. The Risk Alert gave the example of advisers who failed to disclose material conflicts resulting from promoters’ financial interests in the advisers. This includes promoters who were investors in the advisers and promoters who were principals or officers of other advisory firms with sub-advisory or other arrangements with the advisers.

Further, Commission staff observed advisers who failed to meet the “reasonable basis for belief requirement” (oversight and compliance provision requiring advisers to have a reasonable basis for believing that testimonials and/or endorsements comply with the Marketing Rule). The Risk Alert gave examples of advisers that were (1) unaware that their arrangements were testimonials or endorsements; (2) had no documentation, written policies, or documented agreements to satisfy the reasonable basis for belief requirement; (3) did not create or maintain agreements that sufficiently described the scope of promotion activities or compensation terms with paid promoters; or (4) exceeded the $1,000 de minimis exemption threshold by making multiple payments under $1,000 that totaled $1,000 within twelve months.

SEC staff also found advisers that knew, or reasonably should have known, that promoters were disqualified from giving endorsements by the Marketing Rule and used them anyway. Examples included advisers compensating promoters who were disqualified because of their disciplinary histories with state securities regulators.

Finally, Commission staff found advisers insufficiently disclosing their use of promoters affiliated with their firms. In such cases, advisers did not adequately disclose, and did not warrant exemption from adequately disclosing their affiliation with the promoters as required by the Marketing Rule. Examples included failure to disclose the affiliation until prospective clients or investors met the advisers, rather than at the time the testimonials or endorsements were provided.

The various observations and examples given in the Risk Alert highlight the difficulty and importance of full compliance with the SEC Marketing Rule. As always, it is necessary for investment advisers to consult with experienced legal and compliance professionals to avoid regulatory pitfalls.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post SEC Releases Risk Alert Regarding Investment Adviser Testimonials appeared first on RIA Compliance Blog.

The six connected firms, Bluesky Eagle Capital Management Ltd., Supreme Power Capital Management Ltd., AI Financial Education Foundation Ltd., AI Investment Education Foundation Ltd., Invesco Alpha Inc., and Adamant Stone Limited, were allegedly deficient in several areas, including claiming incorrect business addresses and falsely claiming to be public companies. AUM reporting, however, was the primary offense, as the cause of action was “making material misrepresentations in their SEC-filed Forms ADV that could not be substantiated.” While the advisers were allegedly engaged in several blatant forms of violative conduct, the SEC’s focus on their AUM misrepresentations underscores the importance of advisers’ proper calculation of AUM.

In order to properly calculate assets under management, advisers must understand AUM’s definition. AUM is defined as, “securities portfolios for which the adviser provides continuous and regular supervisory or management services.” The SEC’s instructions for Form ADV define “securities portfolios” as accounts consisting of at least 50% securities. Beyond stocks, bonds, and derivatives, the Instructions define securities to include any cash or cash equivalents. This broad definition of “security” means most advisory accounts will be “securities portfolios,” as long as the adviser provides “continuous and regular supervisory or management services” with respect to that account.

The Instructions state that regular supervisory or management services are provided if:

(1) the advisor has discretionary authority over and provides ongoing supervisory or management services with respect to the account; or

(2) the advisor does not have discretionary authority over the account, but has ongoing responsibility to make recommendations, based on the needs of the client, as to specific securities or other investments the account may purchase or sell and, if such recommendations are accepted by the client, the adviser is responsible for arranging or effecting the purchase or sale.

Essentially, this means that continuous and regular supervisory or management services are provided in a non-discretionary account if an adviser is continuously recommending and making recommended trades for the account.

Where application of the definition of AUM is not clear, the SEC looks to factors such as (1) advisory contract language, (2) compensation, and (3) management arrangement. The SEC is more likely to find continuous and regular supervisory or management services provided where the contract explicitly describes the services as such, where compensation is continuous (such as by charging a monthly percentage of AUM) and where the adviser is frequently monitoring the account and communicating with its holder. Inversely, the SEC is less likely to find continuous and regular supervisory or management services provided where the contract’s language does not describe its services as such, where compensation is less continuous, such as hourly fees, and where the adviser does not regularly monitor the account and only infrequently communicates with the account holder.

The SEC gives several examples of advisory relationships that don’t constitute continuous and regular supervisory management (and thus should not be counted towards AUM), such as (1) advisers who make initial recommendations without ongoing monitoring or trading, (2) making recommendations without further managing responsibility, (3) providing broad, mass-marketed advice without tailoring it to specific clients, (4) only providing advice on an irregular basis, such as in response to client request, and (5) quarterly or annual meetings to adjust allocations. These examples emphasize the importance of continuous and regular supervisory management.

While different advisers may wish for a larger AUM to present credibility to potential clients, or a smaller AUM to avoid registration requirements, the SEC continues to emphasize the importance of accurate and substantiated AUM calculations. Where advisers wish to report client funds that do not constitute AUM, they may report assets under advisement in their Form ADV Part 2A Brochure and in their marketing material.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post SEC Charge Investment Advisers with Misrepresenting AUM appeared first on RIA Compliance Blog.

Regarding investment advisers, the Division’s examination priorities are:

1. Adherence to Fiduciary Standards of Conduct. The Division expressed continued focus on advisers’ compliance with their duties of care and duties of loyalty, especially relating to servicing retail investors. The Division plans to examine investment advice and connected disclosures given to clients to ensure they comply with their fiduciary obligations, including:

(1) the impact of advisers’ financial conflicts of interest on providing impartial advice;

(2) advisers’ consideration of the various factors associated with their investment advice, such as generally the cost, investment product’s strategy’s investment objectives, characteristics (including any special or unusual features), liquidity, risks and potential benefits, volatility, likely performance in a variety of market economic conditions, time horizon, and cost of exit; and

(3) advisers seeking best execution with the goal of maximizing value of their clients under the particular circumstances occurring at the time of the transaction. Moreover, the Division will focus on:

• Investment products with the following strategies or characteristics: (1) alternative investments (e.g., private credit and private funds with investment lock-up for extended periods); (2) complex investments (e.g., exchange traded funds (ETF) wrappers on less liquid underlying strategies, option-based ETFs, and leveraged and/or inverse ETFs); and (3) products that have higher costs associated with investing (e.g., high commissions and higher investment expenses than similar products/investments).

• Investment recommendations for consistency with product disclosures and the clients’ investment objectives, risk tolerance, and financial/personal backgrounds, with emphasis on: (1) recommendations to older investors and those saving for retirement; (2) advisers to private funds that are also advising separately managed accounts and/or newly registered funds (e.g., reviewing for favoritism in investment allocations and interfund transfers); (3) advisers to newly launched private funds; (4) recommendations of certain products that may be particularly sensitive to market volatility; and (5) advisers that have not previously advised private funds (e.g., reviewing for regulatory awareness, liquidity, valuation, fees, disclosures, and differential treatment of investors, including use of side letters).

The Division also plans to focus on specific kinds of advisers, advisory services, or business practices that might cause more risks and potential or actual conflicts of interest. The Commission provided the following examples:

• advisers that are dually registered as broker-dealers, particularly where such advisers have advisory representatives who are also dually licensed as registered representatives and receive compensation or other financial incentives that may create conflicts of interest that must be addressed (e.g., account recommendations and allocations);

• advisers utilizing third parties to access clients’ accounts, where controls may be insufficient to protect client assets and data; and

• advisers that have merged or consolidated with, or been acquired by, existing advisory practices, which may result in accompanying operational and/or compliance complexities or new conflicts of interest.

2. Effectiveness of Advisers’ Compliance Programs. The SEC described evaluating advisers’ compliance programs as a “fundamental part of the examination process.” Compliance program examinations will usually include assessing how the programs handle marketing, valuation, trading, portfolio management, disclosure and filings, and custody, and the programs’ effectiveness in each area.

The SEC also expressed a focus on whether the advisers’ policies and procedures address compliance with the Investment Advisers Act of 1940 and the rules thereunder, and whether the policies and procedures are reasonably designed to address conflicts of interest and ensure that adviser interests remain subordinate to client interests. The Commission specified that examinations may focus on: “(1) whether the policies and procedures are implemented and enforced; and (2) whether disclosures address fee-related conflicts, with a focus on conflicts that arise from account and product compensations structures.”

The SEC also warned of varying focus areas depending on an adviser’s specific circumstances, such as late or inaccurate filings on Schedules 13D and 13G, Form 13F, Forms 3, 4, and 5, or Form N-PX, changes in business models, or the offering of new types of assets, clients, or services.

3. Never-Examined Advisers and Recently Registered Advisers. The Division reiterated its focus on examining advisers that have never been examined, especially recently registered advisers.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post SEC Division of Examinations Announces 2026 Exam Priorities appeared first on RIA Compliance Blog.

Last month, FINRA settled a case with J.K. Financial regarding Form CRS disclosures. The California based, SEC-registered broker-dealer agreed to FINRA’s settlement without admitting or denying its allegations.

Also known to investment advisers as Form ADV Part 3, Form CRS is a brief introduction to the broker-dealer or investment adviser, providing retail clients with highlights and conversation starters regarding the adviser. A key conversation starter is Item 4’s “Do you or your financial professionals have legal or disciplinary history?” Form CRS’s instructions require advisers to respond “Yes” if the firm or any of its financial professionals are required to disclose disciplinary history on any regulatory disclosure forms.

In 2022, the SEC fined J.K. Financial $10,000 and found that the firm had willfully violated § 17(a)(1) of the Securities Exchange Act of 1934 and Exchange Act Rule 17a-14 regarding its failure to file or distribute a Form CRS.  There, the SEC found that J.K. Financial had not filed its initial Form CRS in time for the June 30, 2020, deadline, delaying until October 5, 2020. The Commission then found that J.K. Financial’s Form CRS lacked required language and was not delivered to its clients until January 2022, when the firm corrected its Form CRS and delivered the form to its clients.

Three years later, J.K. Financial found itself under further scrutiny regarding its CRS – this time from FINRA, for not responding “Yes” to the question regarding disciplinary history. FINRA found that J.K. Financial failed to respond “Yes” from June 2024 to April 2025, despite the requirement by Form CRS’ instructions.

FINRA also found that required conversation starters regarding fees and costs and conflicts of interest were omitted from J.K. Financial’s Form CRS altogether until April 2025. The Form CRS instructions also require firms to direct clients to investor.gov/CRS for a “free and simple search tool” to search the adviser and its representatives, which J.K. Financial omitted.

Beyond the importance of full and accurate disclosure in Form CRS, J.K. Financial serves as a reminder to thoroughly rectify any deficiencies found by the SEC or FINRA, as those deficiencies serve as points of scrutiny in following examinations.

FINRA found that J.K. Financial had three other violations in addition to its Form CRS. First, FINRA found that the firm’s written supervisory procedures (WSPs) did not specify who was responsible for archiving emails and did not specify the review process for such email reviews. FINRA subsequently found J.K. Financial to have violated § 17(a) of the Exchange Act, Exchange Act Rule 17a-4 and FINRA Rules 3110, 4511, and 2010.

Second, FINRA found that J.K. Financial had two instances of violative conduct around the supervision of outside business activities (OBAs), failing to adopt or enforce a system to properly supervise representatives’ OBAs. FINRA found that J.K. Financial (1) failed to require documentation of the firm’s consideration of necessary factors and (2) failed to actually document said consideration on multiple occasions. FINRA therefore found J.K. Financial to have violated FINRA Rules 3110, 3270.01, and 2010.

Finally, FINRA found that J.K. Financial failed to adopt sufficient WSPs regarding client investment profile information, per Regulation BI’s Care Obligation. FINRA found (1) that J.K. Financial’s new account forms did not sufficiently collect information on customer risk tolerance, liquidity needs, or time horizons, (2) that clients only investing in mutual funds did not receive the new account forms and relied on the forms required by the investment company, (3) that the firm had no supplementary tools besides the new account forms to collect customer profile information, and (4) that J.K. Financial had no requirement or procedure for documenting investment profile information received from clients orally. FINRA subsequently found J.K. Financial to have violated § 17(a)(1) of the Exchange Act, Exchange Act Rules 151-1(a)(1) and 17a-3, and FINRA Rules 3110, 4511, and 2010.

For the found violations, FINRA censured J.K. Financial, fined the firm $65,000, and required it to certify that it had fixed the identified deficiencies.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post FINRA Cracks Down on Form CRS Deficiencies appeared first on RIA Compliance Blog.

Critically, Reg S-P now requires RIAs to notify clients in the event of certain data breaches. Under the amended rule, RIAs must notify clients of any event that could endanger their personal data, unless the RIA has determined, after reasonable investigation, that sensitive client information has not been, and is not reasonably likely to be, used for substantial harm or inconvenience. Such notice must be sent as soon as practicable, and no later than 30 days after learning of the breach, to any affected or potentially affected clients. If the RIA cannot identify which clients may be affected, the RIA must notify all of its clients. Substantively, any such notification must:

1. Describe the breach and the type of client information that was or is reasonably believed to have been affected by the breach;
2. Describe what has been done to protect client information from further breach;
3. Include, if known, any of the following: the breach’s date, estimated date, or date range;
4. Include contact information for affected clients to ask the RIA for information and help regarding the breach, including the following: a phone number, an email address, a mailing address, and the name of a specific office to contact;
5. Recommend that the client review account statements and immediately report any suspicious activity to the RIA;
6. Explain fraud alerts and how clients may place them in their credit reports to notify creditors of potential fraud;
7. Recommend that clients regularly check credit reports from the major reporting agencies and delete information connected to fraudulent transactions;
8. Explain how clients can get free credit reports; and
9. Include information about the Federal Trade Commission (FTC) and online guidance from usa.gov about how clients can protect against identity theft, a statement encouraging clients to report any incidents of identity theft to the FTC, and include the FTC’s website address where clients can get government information about identity theft and report suspected identity theft.

At a September 25th, 2025 compliance outreach session, the SEC highlighted the Commission’s remaining points of emphasis in an examination. First, the SEC will be concerned with network security. Next, the SEC will be interested in reviewing the channels the RIA uses to transfer data. Specifically, the Commission will be looking at security when the RIA transfers data into and out of its network.

Examiners recommend using a risk matrix and also recommend they “go a little bit deeper” with their risk assessment than simple low, medium, or high designations. Lastly, SEC examiners stressed the need for heightened requirements monitoring third-party service providers. Examiners also emphasized ensuring that third-party service providers can detect and notify the RIA of a breach within 72 hours.

Finally, the SEC reiterated the importance of documenting each procedure, process, and precaution implemented by the adviser, as well as all decisions and actions taken in the notification process.

Any SEC-registered RIA should consult experienced legal counsel to ensure compliance with the amended Reg S-P before their compliance deadline.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post New Reg S-P Requirements for RIAs appeared first on RIA Compliance Blog.

In the first case, a CCO allegedly submitted around 170 falsified forms in an SEC examination. Suzanne Ballek, CCO of a now-defunct RIA, agreed to a settlement where she neither confirmed nor denied the findings that the Commission requested her employer’s pre-clearance policies and procedures. While gathering the responsive documents, Ms. Ballek found that most of the pre-clearance trading forms were signed after the transaction date, in violation of the firm’s Code of Ethics. Ms. Ballek then used whiteout to remove the original signature dates and wrote the transaction dates, giving the appearance that the forms were signed according to the firm’s compliance policies. Ms. Ballek also added missing information on some of the forms. In some cases, Ms. Ballek created new pre-clearance trading forms and signed for an investment adviser representative without informing him.

When questioned by the SEC Examiners about the alterations, Ms. Ballek claimed that the forms were incorrect when submitted to her on the dates of the transactions, and her corrections were made in real time.

The SEC found that Ms. Ballek had aided and abetted her employer RIA’s violations of Section 204(a) of the Advisers Act, which requires investment advisers to make their records available for examination by representatives of the Commission. The SEC also found that Ms. Ballek aided and abetted her employer’s violations of Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder, which together require an SEC-registered investment adviser to adopt and implement written policies and procedures reasonably designed to prevent violation of the Advisers Act and rules thereunder by the investment adviser and its supervised persons.

For her violations, Ms. Ballek agreed to a $40,000 civil penalty and a three-year bar from serving in any compliance or supervisory capacity for an investment adviser.

Similarly, the SEC settled a case with an investment adviser named American Portfolio Advisors (APA), Gary Bruce Gordon, its President, and Colin Michael Moors, its CCO. Without admitting or denying the facts, the parties agreed to settlement agreements finding that, in its unrelated SEC examination, Mr. Moors created backdated compliance calendars for three years rather than admitting that they did not exist. Although said compliance calendars are not explicitly required by the Advisers Act, APA mandated them internally. When responding to the SEC’s request for APA’s compliance review records, Mr. Moors found that the compliance calendars described in APA’s policies and procedures had not been created for 2018, 2019, and 2020. Rather than responding that APA did not have said calendars, Mr. Moors created calendars for each year and backdated his signature of each, as did Mr. Gordon. Mr. Moors voluntarily admitted his conduct to SEC staff.

APA was found to have violated Section 204(a) of the Advisers Act and Rule 204-2 thereunder, which requires SEC-registered investment advisers create and maintain accurate records of its annual review of policies and procedures. Messrs. Moors and Gordon were found to have aided and abetted APA’s violation of the same act and rule.

In conjunction with a larger violation, APA agreed to a censure, an order to cease-and-desist from violating Sections 204(a) and 206(2) of the Advisers Act and Rule 204-2 thereunder, and an order to pay a civil money penalty of $1,750,000. Messrs. Moors and Gordon agreed to similar censures, orders to cease-and-desist from violating Section 204(a) of the Advisers Act and Rule 204-2 thereunder, and civil money penalties of $10,000 and $20,000.

Another aspect of these cases illustrating the importance of presenting true and accurate records when requested by the SEC is the potential for personal liability for financial professionals when falsifying records. It is, therefore, vital to engage experienced counsel when responding to an SEC exam.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post SEC Punishes Firms for Altering Records appeared first on RIA Compliance Blog.

With this proposal, NASAA intends to “more closely align” state rules with the SEC’s investment adviser advertising rules. In 2020, the SEC amended Rule 206(4)-1, its investment adviser marketing rule, to, among other things, allow testimonials, endorsements, third-party ratings, and performance advertising so long as certain restrictions and/or conditions are met. NASAA’s proposal mirrors the SEC marketing rule by permitting the following marketing activities:

• Testimonials and endorsements. Currently, NASAA Investment Advisers Model Rule USA 2002 502(b) Section (o)(1) prohibits testimonials or endorsements “of any kind.” The proposed changes would permit testimonials so long as they prominently disclose (1) whether the testimonial was given by a current client or investor, (2) whether compensation was provided for the testimonial, and (3) any material conflicts of interest the person providing the testimonial has. Like the SEC marketing rule, the NASAA proposal creates a de minimis rule allowing for compensation up to $1,000 per year without disclosure. Testimonials made by “ineligible persons” convicted of investment-related violations in the past 10 years remain prohibited.
• Third-party ratings. Currently, NASAA Investment Advisers Model Rule USA 2002 502(b) makes no allowance for the advertising of third-party ratings. The proposed changes would permit third-party ratings if the adviser has done due diligence on the rating methodology; reasonably believes the survey used in the rating is structured to fairly yield accurate results; and “clearly and prominently” discloses the dates, identity of the third-party rater, and whether the third-party rater was compensated for the rating.
• Performance advertising. Currently, NASAA Investment Advisers Model Rule USA 2002 502(b) makes no allowance for performance advertising. The proposed changes would permit performance advertising with several restrictions. Generally, performance advertising must clearly distinguish between net returns and gross returns and must include specific time period disclosures.
  • Hypothetical performance advertising would require an adviser to (1) adopt policies ensuring that the hypothetical performance is relevant to the audience’s financial circumstance, (2) provide sufficient information for the audience to understand the criteria and assumptions of the hypothetical performance’s calculations, and (3) provide sufficient information enabling the audience to understand the risks and limitations of the hypothetical performance’s use in making investment decisions.
  • Predecessor performance advertising would only be permitted when (1) the person(s) “primarily responsible” for the predecessor’s performance being advertised manage(s) adviser accounts, (2) the accounts in the predecessor performance being advertised are sufficiently similar to the adviser’s current accounts, (3) no substantially similar accounts that would materially alter the predecessor performance results are excluded, and (4) the advertisement contains all relevant disclosures “clearly and prominently.”

Like the SEC marketing rule, NASAA’s proposal also includes explicit language applying its rules to social media and digital content.

NASAA’s proposal includes amendments to NASAA Recordkeeping Requirements for Investment Advisers Model Rule 203(a)-2 and USA 2002 411(c)-1. These amendments would incorporate “various SEC recordkeeping changes made” in conjunction with the SEC marketing rule. Specifically, the amendments would require advisers to maintain records regarding predecessor performance, written materials relating to oral advertisements, and the surveys used in third-party ratings. The amendments would also require maintenance of any disclosures made to clients not incorporated into their advertisements; documentation substantiating the adviser’s reasonable belief that their advertisements comply with the marketing rule; and record of all the adviser’s partners, officers, directors, employees, and persons under the adviser’s control.

NASAA has stated explicitly that this proposal is aimed at creating a model advertising rule, mimicking the SEC’s, available for all states to adopt. This would be a huge first step in creating uniformity among state regulators. However, as mentioned above, even if NASAA does finalize its proposed amendments, each state would have to independently adopt the model rules to reach uniformity across all states. Therefore, discrepancies among state regulators’ advertising rules will remain. Such discrepancies highlight the importance of consulting experienced counsel before making any changes to your marketing practices.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our regulatory practice group assists financial service providers with complex issues that arise in the course of their business, including compliance with federal and state laws and rules. Please visit our website for more information.

The post NASAA Proposes Changes to Advertising Rules appeared first on RIA Compliance Blog.

AML Rule

We have previously written about FinCEN’s proposed rule and the passage of the final version.

FinCEN’s recent announcement delays the effective date of the IA AML Rule from January 1, 2026, until January 1, 2028. At the same time, FinCEN detailed that it intends to revisit the IA AML Rule through future rulemaking during the postponement period. What future form the IA AML Rule will take, if any, is unknown and depends on the future priorities of the Treasury and SEC.

Without the postponement, under the new IA AML Rule, certain investment advisers would have had the same regulatory requirements historically reserved for banks, broker-dealers, money transmitters, and casinos. These requirements would have required investment advisers to adopt a risk-based anti-money laundering and countering the financing of terrorism (“AML/CFT”) program, file Suspicious Activity Reports (“SAR(s)”) with FinCEN, comply with the Recordkeeping and Travel Rules, and fulfill other obligations relevant to the Bank Secrecy Act (“BSA”) and FinCEN.

Proposed Cybersecurity Rule

When first announced, the SEC stated that the proposed cybersecurity rule reflected observations and deficiencies found during examinations of RIAs and investment funds. As the SEC stated in the proposing release, the financial services industry is increasingly faced with hackers and others who “use constantly evolving and sophisticated tactics, techniques, and procedures” that pose a “serious risk” to the financial system.

The proposed rule would have required investment advisers and funds to adopt cybersecurity policies and procedures that are reasonably tailored to the business operations and cybersecurity risk. While the SEC found that many RIAs and funds already had cybersecurity policies and procedures under Rule 206(4)-7, they also found that these policies were typically not substantial enough to reflect the firm’s operations or risk. The proposed rules would have required cybersecurity policies and procedures to address specific elements dictated by the Rule.

It is difficult to predict the future actions of the SEC or FinCEN with regards to the impacted rules and their underlying subject matter. FinCEN has announced that it intends to revisit the AML Rule, but how and when are still outstanding questions. The SEC’s withdrawal does not include information about any intention to revisit the proposed rule. Both rules would have had significant compliance impacts and associated costs, and without doubt, will face significant opposition from industry participants if re-proposed in the near future.

Parker MacIntyre provides legal and compliance services to investment advisers, broker-dealers, registered representatives, hedge funds, and issuers of securities, among others. Our Investment Adviser Group assists financial service providers with complex issues that arise in the course of their business, including complying with federal and state laws and rules. Please visit our Investment Adviser Practice Group page for more information.

The post Regulators Postpone and Withdraw Proposed Rules Impacting Investment Advisers appeared first on RIA Compliance Blog.