As the regulatory landscape for financial services continues to evolve, investment companies are finding themselves at a crossroads.
The 2024 NSCP Conference offered IMP a first-hand look at current and recently adopted SEC proposals and how firms are thinking about them. These proposed regulations, designed to enhance transparency and protect investors, are raising concerns about their practical implications. For many firms, these new rules and amendments mean major operational adjustments, increased compliance costs, and a reshaping of long-standing industry practices.
While investment companies are accustomed to the consistent roll-out of proposals, the SEC's Spring 2024 "Reg-Flex" agenda, led by Chairman Gensler, seemed to be particularly ambitious in anticipation of the year-end election. According to the U.S. Office of Information and Regulatory Affairs, 19 out of 34 proposals are now in the final stage of rulemaking. Investment companies are being tasked with prioritizing current rules as well as rules in the pipeline for early 2025.
Among the most notable changes under the SEC’s current agenda, and the biggest discussion points during our NSCP session, were the adopted amendments to Rule 35d-1, as well as updates to open-end fund liquidity risk management programs, and cybersecurity risk management.
Expansion of Rule 35d-1
The discussion started with the expansion of Rule 35d-1 under the Investment Company Act of 1940, or the “Names Rule,” and its implications for the investment management firms represented in the audience. The rule requires mutual funds to clearly disclose their investment strategies in their name, ensuring that at least 80% of a fund’s assets are invested in accordance with its stated investment objectives.
The rule amendments enacted in September 2023 broadened the scope to include funds that focus on investments in specific countries, geographic regions, or contain terms in the fund name that suggest that the investments, or issuers of the investments, have “particular characteristics.” This applies irrespective of whether the characteristics describe a security or an investment strategy.
Questions on whether a specific funds’ name needed to be updated to avoid rule subjection circled the room, as investment firms with net assets of $1 billion or more are coming up fast on their 24 month “in-compliance” deadline. In addition to the larger 80% requirement scope, firms have been tasked with disclosing additional notice requirements to shareholders, new reporting items on Form N-PORT, and continual compliance testing to maintain written records (whether passing or deviating) with a 6-year retention period.
Liquidity Risk Management Updates to N-PORT/N-CEN
The discussion on the additional Form N-PORT reporting items led to a shift in focus toward updates on Liquidity Risk Management (LRM), specifically regarding N-PORT and N-CEN requirements. In August 2024, the SEC amended rules to require investment firms to file monthly portfolio holdings reports on Form N-PORT within 30 days of month-end, with public disclosure delayed by 60 days. Additionally, Form N-CEN now requires open-end funds with LRM programs to disclose third-party service providers used to comply with Rule 22e-4 under the 40 Act.
Despite the SEC’s decision to not adopt its controversial proposals on swing-pricing and close reforms in 2024, the accelerated reporting schedule for N-PORT & N-CEN forms puts a significant strain on the compliance teams. These changes have increased the frequency and speed at which they must gather, review, and submit data to the SEC, putting pressure on internal resources, technology systems, and overall workflows.
Cybersecurity Risk Management
In response to the need for updated infrastructure to comply with evolving SEC regulations, the Commission has acknowledged the increasing cybersecurity risks and adopted new rules mandating registrants to disclose material cybersecurity incidents as they occur, along with annual updates on their cybersecurity risk management practices, strategies, and governance.
The session leaders emphasized best practices for protecting sensitive data through a 'Written Information Security Program' (WISP), which outlines an organization's policies, procedures, and controls to identify, assess, and mitigate cybersecurity risks, while ensuring compliance in an increasingly complex threat landscape. Investment companies now bear an even greater responsibility to conduct thorough risk assessments on all service providers and systems, continuously monitor data access controls, and regularly train employees on incident response protocols.
More SEC Proposals
The session highlighted the significant impact of current SEC proposals on investment firms and their compliance teams nationwide. Be sure to check out our previous articles on ESG and AI regulations to see how firms are navigating these additional regulatory challenges as they move into the new year.
We encourage you to reach out to our firm to help alleviate the stressors that come with navigating these additional regulatory pressures, ensuring your compliance efforts remain seamless and effective.
