Welcome to our January 2025 Regulatory Roundup, where we provide practical advice on the latest regulatory headlines. We start this issue with the appointment of the SEC’s acting Chair, Mark Uyeda. Next, we recap the SEC’s report on its aggressive enforcement efforts in the first quarter of 2025. Finally, we discuss a few of the latest SEC settlement orders, including issuers getting fined for failing to file Form D for unregistered offerings, two cases on fiduciary duty fails, and one more “off-channel” communications case that highlights what a firm did right (for once). Enjoy!

Hello to the New Boss: Mark T. Uyeda Appointed Acting Chair of SEC until Paul Atkins Gets Final Nod 

President Trump designated Mark T. Uyeda as Acting SEC Chairman (press release). Trump previously announced plans to nominate ex-SEC Commissioner Paul Atkins (currently CEO of financial consulting firm Patomak Global Partners LLC) as the permanent head of the agency, pending U.S. Senate approval.

Acting Chair Uyeda has already revealed plans to establish a task force to create a regulatory framework for cryptocurrencies to be headed by Commissioner Hester Peirce.  Acting Chair Uyeda and Commissioner Peirce were former clerks for Mr. Atkins and have been consistent critics of the broad regulatory initiatives pursued by former Chair Gary Gensler.

SEC Touts Aggressive Enforcement in Q1 of 2025 Fiscal Year

The SEC is setting a blistering pace for fiscal year 2025, bringing 200 enforcement actions from October 1 through December 2024, according to a recent press release. This represents the highest number of actions filed in the first quarter since 2000.  As noted by Sanjay Wadhwa, Acting Director of the Division of Enforcement, “the Division has not taken its foot off the pedal in the new fiscal year.”

Since the SEC issued that press release, President Trump has appointed SEC Commissioner Mark T. Uyeda as acting Chairman. Given his many dissents to SEC enforcement actions during Chairman Gensler’s term, it seems unlikely that Chair Uyeda will pursue the same “regulation by enforcement” agenda.

Some have suggested that this enforcement push was the result of the upcoming change in administration.  However, as noted by Scott Mascianica of the law firm Hilger Graben PLLC, “a review of Commissioner votes between October and December reveals that approximately 2/3rd of all enforcement actions were approved unanimously by all Commissioners present at the meeting…So although the enforcement push before the administration change may have been greater than we typically see, important to remember that the overwhelming majority of these matters were approved by Commissioners on both sides of the aisle.”

Private Fund Managers Granted 3-Month Extension on Form PF Amendments

The SEC and the CFTC announced that the compliance date for Form PF amendments adopted on February 8, 2024, has been extended from March 12, 2025, to June 12, 2025. This means that private fund managers can continue to use the existing Form PF when making the required April 30, 2025 filing. 

Details Matter: Private Funds Fined for Failing to File Form D on Time

Among the many enforcement actions from the SEC’s first fiscal quarter of 2025, the Commission chose to highlight settlements with three companies for failing to file Form D on time as required under Regulation D. The SEC typically does not bring cases under Rule 503, so these actions may signal a new trend.

Section 5 of the Securities Act of 1933 requires that all offers and sales of securities must either be registered with the SEC or fall within an exemption from registration. Regulation D provides several separate safe harbor exemptions from registration.  Rule 503 of Regulation D of the Securities Act of 1933 requires that a company relying on Rule 504 or 506 exemptions must file a Form D with the SEC for each new offering of securities no later than 15 calendar days after the first sale of securities in the offering. Many private funds are offered in reliance on Rule 506. In these cases, the SEC found that all three offerings relied on either Rule 504 or Rule 506(c) of Regulation D and, thus, required initial and updated filings of Form D for continuing offers.

Failure to file Form D or make annual amendments does not mean the issuer loses the exemption from registration but can result in fines and censures. In these cases, the issuers were fined $60,000, $195,000 and $175,000 respectively.

SEC Finds Dual Registrants Failed to Consider Client’s Best Interest When Recommending Cash Sweeps

Two large dual registrants recently settled with the SEC for approximately $60 million for failing to put their clients first when recommending cash sweep vehicles.  In both cases, the dual registrants (the “Advisers”) automatically swept advisory clients’ uninvested cash holdings into FDIC-insured interest-bearing accounts at certain banks. When interest rates rose, the cash sweep programs paid yields that were as much as 4% lower than other alternatives. Both advisers received advisory fees on the balances in the sweep programs and revenue from the banks participating in the sweep programs. In the settlement orders, the SEC determined that both Advisers violated Advisers Act Section 206(4) and Rule 206(4)-7(a) because of their failure to adopt and implement written compliance policies and procedures reasonably designed to prevent violations of the Advisers Act and its rules.

Essentially, the SEC found that the Advisers violated their basic fiduciary duties of care and loyalty (See Commission Interpretation Regarding Standard of Conduct for Investment Advisers, the “2019 Interpretation”). The duty of care requires that advisers provide advice that is solely in the client’s best interest, and to provide advice and monitoring over the course of the relationship as defined by the advisory contract. In this case, the Advisers could provide no evidence that they considered what was best for their clients when selecting cash sweep options. And when the Advisers charged a fee for advisory services on the cash in clients’ accounts, they were agreeing to manage and monitor those assets on an ongoing basis.  The facts, however, indicated that the Advisers were not managing the cash; funds were simply swept into the selected cash sweep program.

These firms were also found to have violated their duty of loyalty, which requires that an adviser cannot place its own interest ahead of its clients.  Where certain conflicts cannot be eliminated, an adviser must mitigate such conflicts to the extent possible and make full and fair disclosure to its clients of all material facts relating to the advisory relationship. Although both firms provided some disclosure about the revenue-sharing arrangements with the banks providing the cash sweep, they did nothing to mitigate this conflict, such as by offering other short-term cash investment options. 

The lesson from these cases is simple. When an adviser takes a fee to manage assets, it must meet its fiduciary duties of loyalty and care. These firms had to fix their errors by (i) implementing enhanced supervisory procedures for managing accounts with significant cash holdings, (ii) providing clients with more options for investing cash, including access to money market funds, and (iii) placing limits on bank sweep holdings.  Advisers are not required to manage cash in client accounts. But if they do, then they must apply the same care and diligence in managing that cash as they would for any other portfolio investment. More generally, the 2019 Interpretation should be seen by advisers as a warning that simple disclosure is not enough. The Commission can be expected to weigh both the efforts to eliminate, or at least mitigate the impact of, conflicts and to evaluate the adequacy of any disclosures in terms of effecting informed consent.

When Models Aren’t So Pretty: Failing to Fix Trading Costs Advisers $90 Million 

The SEC recently settled a case against two hedge fund advisers (the “Advisers”) for failing to address known vulnerabilities in their quantitative investment models, which the SEC viewed as fraud under Advisers Act Section 206(2) and a breach of its fiduciary obligations.  In the settlement order, the SEC goes into a lot of detail about these models and exactly how things went wrong. In the simplest terms, the Advisers used quantitative models when making investment decisions for clients. The Advisers had a process in place to evaluate and approve the models and an additional process to approve changes to existing models.

At some point, firm employees discovered that there were security issues with the models that allowed changes to be made without going through the approval process. Although the problem was communicated to management, no action was taken to prevent further unauthorized changes. A few years later, an incident occurred that again exposed the lax control and the Advisers made some changes that fell short of fixing the problem.  Unsurprisingly, an employee exploited this vulnerability and made changes to some of the models to boost his compensation by millions. Unfortunately, these changes also caused some accounts to overperform while others underperformed.

The lessons in this case include:

• Fix issues promptly. In this case, management knew that changes could be made to the models without going through the approval process and failed to act. If this issue had been addressed quickly, the Advisers could have avoided the $90 million penalty and reimbursing the negatively impacted clients to the tune of $165 million.
• Ensure the fox isn’t guarding the henhouse. Although firms may trust employees, reviewing who is accessing essential firm systems (and why) is always good practice.  In this case, once the Advisers began monitoring the database to check for unauthorized changes to the models, the employee making those changes was caught. 

Self-Reporting Broker-Dealer Gets Rewarded for Stepping Up its Process for Retaining Off-Channel Communications

The SEC brought yet another series of cases against twelve industry firms (nine advisers and three broker-dealers) for failing to comply with record-keeping rules as a result of its employees using “off-channel” communications on their personal devices. The penalties ranged from $600,000 to $12 million.  According to its press release, the SEC “rewarded” one firm by charging it “significantly lower civil penalties” for self-reporting its violations. 

According to the settlement orders, these cases arose from a risk-based initiative started by the SEC staff in October 2022 to investigate whether investment advisers were maintaining all communications as required under the Advisers Act.  For the nine investment advisers, the SEC cited violations of Advisers Act Rule 204-2(a)(7), which requires investment advisers to preserve for at least five years[1],  originals of all communications received and copies of all written communications sent relating to, among other things, (i) recommendations made or proposed to be made or advice given or proposed to be given, (ii) the investment adviser’s receipt, disbursement or delivery of funds or securities, (iii) the performance or rate of return of client portfolios, or securities recommendations, or (iv) the placing or execution of purchase or sale orders.

The facts are similar to other cases brought in the past year – the firms had policies and procedures to comply with the record-keeping rules, trained firm employees on the record-keeping rules and the policies and procedures, and reviewed and monitored messages sent through firm-approved communication methods. The firms also asked employees to certify periodically that they complied with the firm’s communications policies. Despite these efforts, firm employees continued to use their personal mobile devices to send texts to colleagues and clients dealing with firm business that were not captured on the firm’s systems. The SEC found that the firms failed to adequately supervise their personnel.  

The self-reporting firm, however, took some additional steps. First, it conducted an internal investigation and self-reported the facts to the SEC. Second, the firm installed an application on employee devices to help keep messaging on-channel and increased the frequency of training on the firm’s communications policy and procedures. Finally, the firm “implemented a process for employees to easily onboard and preserve any off-channel communications that had already taken place.”

It is unrealistic to think that people will not use their personal devices to communicate with colleagues and clients. The self-reporting firm understood that fact and took steps to make it easier for its employees to communicate using their personal devices while at the same time complying with regulatory record-keeping requirements. The firm also made sure that employees understood how to preserve any off-channel communications that had already happened.  By giving their employees the appropriate tools and support, the self-reporting firm saved itself additional regulatory heartache.

Photo by Markus Spiske on Unsplash

[1] Five years from the end of the fiscal year during which the record was created or the last entry was made on such record.

Need assistance with your compliance program? SEC’s team of experienced compliance professionals can help. For more information, please email us at info@sec3ccompliance.com, call (212) 706-4029 x 229, or visit our website at www.sec3compliance.com.