Now that you’ve seen what ACA Insight has to offer, don’t be without it. Subscribe now!

The weekly news source for investment management legal and compliance professionals

Current subscribers - please log in to the website in the upper right-hand corner

News January 1, 2018 Issue

2017 in Review: A New SEC, Cybersecurity Threats and the Fiduciary Rule

The past year saw a great deal of change and development in the asset management community, but three loom larger than others: A new SEC with Jay Clayton at the helm, bringing different priorities than his predecessor; exacerbating cybersecurity concerns, with the SEC itself one of the victims; and the Department of Labor’s Fiduciary Rule and its exemptions, delays in their taking effect, and the increasing likelihood of SEC involvement in the process.

There were other developments, of course, some of them having a significant effect on investment advisers and investment companies. These include the role of administrative law judges in hearing enforcement cases; examinations by the agency’s Office of Compliance Inspections and Examinations; ongoing Division of Enforcement campaigns against specific adviser and/or fund practices; and the reduction of the threat posed by advocates of prudential regulation, under which advisers would be treated similar to banks.

"2017 brought a new regulatory perspective at the SEC, CFTC, the Department of Labor and the Department of the Treasury," said Investment Adviser Association president and executive director Karen Barr, "driven by the Trump Administration’s articulation of ‘core principles’ for regulation and its 2-for-1 initiative. That is, for every one new rule, two should be eliminated."

"However," she said, "folks who thought regulation was going to be immediately scaled back were probably disappointed. It takes just as long to deregulate as it does to regulate, and, in fact, the hurdle may be higher given previous analyses in the original rulemakings. So we may have seen a ‘pause’ in new regulation in 2017, but no rollback of current rules. Indeed, advisers were still knee-deep in the challenges of implementing rules that had already been enacted, including Form ADV amendments, investment company reporting requirements, the Liquidity Risk Management Rule, new custody guidance, the DOL fiduciary rule, and more, as well as MiFID II on the international front."

"The one word that sums up this year from a regulatory perspective is ‘uncertainty,’" said Pickard Djinis and Pisarri partner Mari-Anne Pisarri. "From the disheveled roll-out of the DOL Fiduciary Rule and related exemptions, through Congress’ ham-handed efforts to obliterate Dodd-Frank, to the persistent vacancies on the Securities and Exchange Commission, regulated entities have scrambled to find their footing." (The Senate finally approved the pending two Commission nominees December 21, see story below.)

The year in review

Following is a list of the top developments from 2017. Not all are new, as developments typically do not start or end just because an old year ends and a new one begins. Individual advisers and funds will doubtless have their own ideas as to which developments they would include, believing that some should be added and others dropped from the list, but there can be little doubt that the following had an impact. Following the list is a month-by-month breakdown of some of the top asset management stories of the year.

  • A new SEC with new priorities. Clayton, sworn in as agency chairman on May 4, brought a new perspective to the SEC, with capital formation and protection of retail investors high on his list of priorities (ACA Insight, 5/8/17). The tenure of his predecessor, Mary Jo White, was perceived by some in the asset management community, rightly or wrongly, as focused primarily on tough enforcement and rulemaking. "Clayton’s nomination and Senate confirmation was the biggest news of the year," said Ropes & Gray partner David Tittsworth. "Since being sworn in, he has put together his senior staff and established two new units in the Enforcement Division to focus on retail fraud and cybersecurity issues, while continuing his calls to enhance the IPO market. Thus far, his approach to his new position has not been revolutionary, but evolutionary."
  • No more broken windows. Of particular significance to investment advisers and funds after Clayton took office was a publicly stated decision to abandon the agency’s former "broken windows" enforcement policy. In an October 26 speech, Division of Enforcement co-director Steven Peikin, a Clayton appointee, indicated that this practice – under which minor violations were pursued along with major ones – would end. "It may be the case that we have to be selective and bring a few cases to send a broader message rather than sweep the entire field," he said, according to the Wall Street Journal. He also reportedly said that the SEC would make fewer attempts to get companies to admit wrongdoing (ACA Insight, 11/6/17).
  • Rulemaking reconsidered. Clayton said quite plainly in a July speech (ACA Insight, 7/17/17) that he looks at rulemaking through a prism that reflects all the costs and ramifications of a possible rule. "Regulatory actions drive change, and change can have lasting effects," he said, while also noting that "effective rulemaking does not end with rule adoptions" and that "the costs of a rule now include the cost of demonstrating compliance." Whether this will result in a slower pace of rulemaking or fewer rules in 2018 and beyond remains to be seen, but his statements appear to have been welcomed by members of the asset management community. "Prior to the new SEC under Clayton, it seemed like new rules were coming out so frequently that the industry had to adopt to a new one every other month, although the frequency was much lower in reality than monthly," said Willkie Farr partner and former SEC Division of Investment Management director Barry Barbash. "Now the industry has more breathing space in which to adapt systems and procedures so as to be in compliance with new rules."
  • Cybersecurity attacks and threats. Any honeymoon that Clayton had after being sworn in as SEC chairman ended when he learned in September of the cybersecurity breach of the agency’s EDGAR program (ACA Insight, 9/25/17). He revealed that the Commission only the month before had learned of a 2016 breach, but that no personally identifiable information was compromised. Less than two weeks later, he disclosed that there had been PII breaches affecting at least two individuals (ACA Insight, 10/9/17). While not directly related to this incident, the SEC’s Office of the Inspector General on October 5 issued its annual statement on the agency’s management and performance challenges, and among the challenges that OIG listed was ensuring an effective information security program (ACA Insight, 10/16/17). Most recently, on December 18, cybersecurity concerns caused the SEC to delay by nine months its requirement that investment companies and advisers report enhanced information on EDGAR. In May, the agency issued a risk alert urging advisers, investment companies and broker-dealers, following a ransomware attack that was playing out globally, to not only keep current with the latest developments about the attack, but to conduct cyber-risk assessments, penetration tests and ensure that they are maintaining their IT systems (ACA Insight, 5/22/17).
  • The long journey of the Fiduciary Rule. If the DOL Fiduciary Rule were a live entity, it might have a valid case of claiming torture. The Rule, which among other things would categorize broker-dealers selling retirement investments as fiduciaries, was originally approved for an expected April 10 effective date by the Obama Administration after six years of work. After the Trump Administration came in, however, the Rule was delayed by a February Presidential Memorandum that raised new questions. It was eventually allowed to take effect in June, but the DOL sought further public comments on various aspects of the Rule and some of its exemptions, including the Best Interest Contract Exemption. The DOL in December adopted an 18 month delay for the exemptions, meaning that they would not take effect until July 2019, and also extended a non-enforcement period for the exemptions for the same time period (ACA Insight, 12/4/17). Meanwhile, the SEC and the DOL began making noises about working together on a new Standards of Conduct Rule, one that possibly would be created by the SEC (ACA Insight, 10/2/17).
  • Role of administrative law judges. The SEC, like other agencies, has for years used ALJs to hear cases that it has chosen not to take to federal court. In recent years, however, the agency has been criticized by defense attorneys and others for overusing this method. The attacks against the use of ALJs have included the argument that, since ALJs are SEC employees, they have a "home field advantage" over those against whom charges are brought. Another challenge to the agency’s use of ALJs was brought by investment adviser Raymond Lucia and may be headed to the U.S. Supreme Court. Lucia’s attorneys have argued that ALJs are not properly appointed under the U.S. Constitution. Their argument is that the Constitution requires that ALJs, who are currently hired as SEC employees, be appointed by the President, courts or the head of a government department. Making matters more complex, the U.S. solicitor general in December filed a brief with the high court in which the federal government reversed its position – and now argues that ALJs are not properly appointed. The SEC itself then followed suit and ratified the appointment of its existing five ALJs. As a result, should the Supreme Court take up the case, a result in favor of Lucia is considered more likely. If that occurs, it might mean that certain cases already in the pipeline may need to be re-heard (ACA Insight, 12/11/17).


Following is a list of selected 2016 SEC actions and other developments that had an effect on advisers and funds.


  • SEC issues its 2017 examination priorities, which include the use of robo-advisers, compliance with rules governing money market funds, and cybersecurity.


  • President Trump issues a Presidential Memorandum directing the Department of Labor to "examine the Fiduciary Rule to determine whether it may adversely affect the ability of Americans to gain access to retirement information and financial advice."
  • OCIE identifies the top five compliance problem areas it has found while conducting examinations.
  • SEC issues Guidance Update on use of robo-advisers.


  • U.S. appellate court agrees to review a ruling by a three-judge appellate panel against adviser challenging an administrative law judge ruling on the grounds that ALJs have been appointed unconstitutionally.
  • Examination of advisers and funds up 20 percent in fiscal year 2016 over previous year.
  • DOL proposes to extend the applicability date of Department of Labor’s Fiduciary Rule by 60 days.
  • SEC’s Office of the Inspector General finds that SEC information security is below par.


  • Clayton approved by Senate Banking Committee on a 15 to 8 vote, with three Democrats joining Republicans in voting yes.
  • DOL Fiduciary Rule will take effect June 9, following Department rule setting the date.


  • SEC issues a risk alert following a global ransomware attack.


  • Supreme Court rules that the SEC cannot require disgorgement for violations that occurred outside a five-year statute of limitations.


  • Cybersecurity again listed as the hottest compliance topic among investment advisers, according to a national survey by ACA Compliance Group and the Investment Adviser Association.
  • DOL seeks public input on a further delay, as well as changes, to Fiduciary Rule exemptions.


  • The SEC’s Boston Regional Office says it is conducting unannounced examinations of investment advisers.
  • DOL proposes delaying the compliance date for Fiduciary Rule exemptions, including the Best Interest Contract Exemption, until July 2019.


  • Clayton reveals potential harm from 2016 breach of SEC’s EDGAR system, which he says the agency became aware of in August 2017.


  • Clayton reveals that SEC cyber breach resulted in access to personally identifiable information.


  • SEC reportedly states that the agency will no longer pursue the "broken windows" enforcement strategy, and that there might also be fewer attempts to get companies to admit wrongdoing in settlements.
  • Clayton rejects request from the national securities exchanges and FINRA to extend Comprehensive Audit Trail deadline by a year, while leaving the door open for further negotiation.


  • SEC revises rulemaking agenda, limiting its near-term plans to 26 proposed and final rules.
  • Cybersecurity concerns cause SEC to delay new investment company reporting requirements by nine months.
  • Justice Department switches sides in the pending Supreme Court appeal involving the status of administrative law judges, backing the adviser challenging the SEC.
  • DOL finalizes an 18 month delay for compliance by advisory firms, funds and broker-dealers with Fiduciary Rule exemptions.