SEC Division of Examinations (Finally) Speaks on Alternative Data
Key Points
- The SEC’s Division of Examinations published a risk alert that, in the context of a focus on MNPI, highlighted observed deficiencies related to the use of alternative data by private fund managers and other investment advisers.
- While the alternative data discussion is brief, these findings are notable – and important – given the Division’s focus on alternative data in recent examinations and the SEC’s enforcement action against App Annie in 2021.
Background
In recent years, the staffs of the Divisions of Examinations and Enforcement of the U.S. Securities and Exchange Commission have been engaged in several efforts focused on alternative data. The Division of Examinations, for example, has conducted numerous (and often lengthy) examinations of private fund managers that utilize alternative data in their research processes, yielding non-public deficiency letters.
Relatedly, the Division of Enforcement, with the assistance of the Examination Staff, brought and settled a high profile action against an aggregator of alternative data.1 This 2021 action against App Annie, Inc., a leading alternative data provider for the mobile app industry, was a watershed moment in the alternative data industry.2 In the settlement order, the SEC found that App Annie misrepresented the nature of the data it sold to investment firms, who relied on that data when making investment decisions; as a result, the SEC charged App Annie with securities fraud.
In the wake of App Annie, private fund managers were left wondering whether the SEC could or would assert that managers themselves could commit wrongdoing with respect to their handling of alternative data. Many identified Section 204A of the Investment Advisers Act of 1940, which requires investment advisers to maintain policies and procedures designed to prevent the misuse of material non-public information (MNPI), as a potential risk area.
Risk Alert
This question was answered on April 26, 2022, when the Division of Examinations published a risk alert highlighting a wide range of MNPI-related deficiencies found in recent examinations, all of which were deemed to relate to Section 204A and Rule 204A-1 thereunder.3 This risk alert squarely placed alternative data and its use (or misuse) within the ambit of Section 204A and Rule 204A-1 liability.
Private fund managers that utilize alternative data, for some time, have been expecting a risk alert, or similar guidance, from the Division of Examinations that would detail the staff’s observations and highlight what the staff feels are examples of best (and deficient) practices in accessing alternative data. This risk alert provides initial, albeit very brief and high level, guidance from the Division of Examinations on alternative data policy expectations and best practices.
Embedded in the risk alert was the following guidance:
advisers that used [alternative data] ... did not appear to adopt or implement reasonably designed written policies and procedures to address the potential risk of receipt and use of MNPI through alternative data sources[,]
which was supplemented by three specific examples of observed deficiencies and weaknesses from recent examinations:
- Advisers who “did not appear to adequately memorialize diligence processes or follow them consistently and instead engaged in ad hoc and inconsistent diligence of alternative data service providers.”
- Advisers who “did not appear to have policies and procedures regarding the assessment of the data, including when advisers became aware of red flags about the sources of such alternative data.”
- Advisers who “did not appear to consistently implement their policies and procedures related to alternative data service providers. For example, advisers did not apply their due diligence process to all sources of alternative data. In addition, staff observed advisers that had an onboarding process for alternative data service providers, but did not have a system for determining when due diligence needed to be re-performed based on passage of time or changes in data collection practices. Staff also observed advisers that could not demonstrate, such as by producing documentation, that their policies and procedures had been consistently implemented.”
At the outset, the risk alert describes alternative data as covering “many different types of information increasingly used in financial analysis, beyond traditional financial statements, company filings, and press releases.”4 As a result of the breadth of the SEC’s description, private fund managers may want to broadly construe the term “alternative data” when reviewing their own policies and practices.
Outlook
We expect to see the SEC continue to focus on how investment advisers handle and use alternative data. We likewise expect additional, non-public deficiency letters resulting from examinations and further public guidance and/or enforcement action regarding alternative data.
In the future, the SEC may find the use of alternative data implicates not only Section 204A, but also potentially Rule 10b-5, the principal anti-fraud authority under which the SEC polices insider trading in the securities markets. Indeed, the risk alert goes out of its way to state that “[a]lternative data does not necessarily contain MNPI,” suggesting the SEC believes a situation could arise when alternative data does contain MNPI, and an insider trading action could lie with complimenting proof of a breach of a legal duty or deception and the requisite mental state, or “scienter.”
Implications and Take-Aways
Taken together, the staff’s findings suggest that advisers should implement, or revisit, policies and procedures associated with alternative data. To the extent that this area of focus can be boiled down to a discrete list of tasks urged by the risk alert, that list likely would include elements such as the following:
1. Carefully review the requirements for diligence to be performed under a manager’s policies and procedures, and assess whether they need to be enhanced.
2. Confirm there is a process designed to ensure that diligence efforts are memorialized.
3. Review the controlling policies and procedures to determine whether there is appropriate guidance on the nature and amount of diligence that is expected; assess whether there is support or guidance for following up on “red flags.”
4. Assess whether the diligence efforts are sufficiently consistent across different sources of alternative data.
5. Confirm that diligence is not limited only to a subset of “alternative data” vendors.
6. Consider how often diligence should be “re-underwritten.”
For many managers, these findings will line up with their practices and provide comfort that they are doing the right thing. For others, this risk alert could serve as an impetus for changes in staffing, resources and policies and procedures in this developing area of the investment research process.
1 App Annie Inc. and Bertrand Schmitt - SEC.gov.
2 SEC Brings First-Ever ‘Alternative Data’ Enforcement Action.
3 Investment Adviser MNPI Compliance Issues. The risk alert further addresses the management of capital on behalf of so-called “value-add investors,” deficiencies associated with advisers’ use of expert networks, and trading-related matters touching on requirements of the Code of Ethics Rule.
4 The risk alert included examples of “alternative data,” including “information gleaned from satellite and drone imagery of crop fields and retailers’ parking lots, analyses of aggregate credit card transactions, social media and internet search data, geolocation data from consumers’ mobile phones and email data obtained from apps and tools that consumers may utilize.”