Recently, the Securities and Exchange Commission (SEC) brought charges against Institutional Shareholder Services Inc. (ISS), a company that advises large investors on corporate proxy issues, claiming that ISS failed to safeguard its clients’ confidential votes. Specifically, the SEC claimed that an employee at ISS provided a proxy solicitor with material, non-public information revealing how more than 100 ISS clients intended to vote their proxy ballots, and thus violated Section 204A of the Investment Advisers Act of 1940. In exchange for this information, the employee received more than $30,000 worth of benefits including meals, tickets to concerts and sporting events, and an airline ticket. The SEC said that this breach was made possible because ISS lacked sufficient controls over employees’ access to confidential client vote information. While ISS neither admitted nor denied the charges, it agreed to a settlement with the SEC whereby ISS is required to pay $300,000 and retain an independent compliance consultant.
This case clearly exemplifies the importance of tailoring a firm’s own policies and procedures to adhere to the mandate promulgated by Section 204A, which requires investment advisers to “establish, maintain, and enforce written policies and procedures reasonably designed…to prevent the misuse…of material, nonpublic information by such investment adviser…”.
However, what is equally as important, but often overlooked, is the importance of developing policies and procedures for effectively monitoring third-party vendors. Part of the fiduciary duty that investment advisers owe their clients is to conduct due diligence on those third-party vendors employed by the adviser, to ensure that their policies and procedures are adequate. It will be interesting whether this case will prompt SEC investigators to now scrutinize the due diligence efforts of the investment advisory firms that employed ISS’s services. In any case, this is a good reminder for firms to ensure they have tested not only their own policies and procedures for compliance with state and federal regulations, but also those of their third-party vendors as well.
For further information on this, or other related topics, please contact us at email@example.com or (619)298-2880.