Going Viral

Cybersecurity Policy Reviews a Big Priority

Over the past several years, the US Securities and Exchange Commission (SEC) has emphasized establishing robust cybersecurity policies as a priority for US investment advisors. Through a series of recent enforcement actions and by repeatedly highlighting cybersecurity in their annual list of examination priorities, the regulator and also industry watchdog FINRA have raised the profile of this issue for advisors. More recently, attorneys have warned clients of “spear phishing” scams, where staff at investment firms have been lured into providing their e-mail credentials to scammers or where wire transfer instructions for current clients are changed.

Cambridge Associates’ Business Risk Management (BRM) team meets with hundreds of managers each year. When conducting reviews of hedge fund managers, part of the analysis includes the examination of the adequacy of the managers’ cybersecurity assurance program. For example, our BRM team considers whether managers have appropriate oversight measures in place for conducting assessments of the cybersecurity assurance programs of their key service providers (fund administrators, prime brokers, IT service providers, etc.) given the sensitive fund and client-related data that are maintained by these service providers.

Overall, we find that the majority of managers continue to be vigilant and have adopted robust IT infrastructures that include reasonable cybersecurity assurance programs, whether their IT is supported in-house or outsourced to a third-party provider. Many managers use third-party IT service providers to monitor and maintain their networks. In general, these third party service providers can be integral in instituting robust preventative and detective protocols to screen and block cyber intruders. However, we prefer to see other leading service providers that are independent of the manager’s third-party IT consultant perform separate exercises for penetration and vulnerability testing. This creates a reasonable control for identifying gaps not detected by the third-party IT service provider and also strengthens a seemingly flawed outsourcing model that, by nature, permits the third-party IT service provider to “check their own homework.”

We also see an increased trend of managers who have moved beyond focusing simply on in-house cybersecurity by adopting and/or enhancing their oversight measures to include assessing the cybersecurity assurance programs of their key service providers. Managers view this as part of their oversight program to monitor and manage their service relationships. We believe these efforts to address internal systems and external provider vulnerabilities are a positive, since the SEC has indicated that vendor management is a key concern and will be a priority in SEC examinations.

Yours, Mine, and Ours

Advertently Avoiding “Inadvertent Custody”

Does your separate account manager have “custody” of your assets? You might not think so if you have a separate custodian and take a close look at your investment management agreement (IMA). Yet, the SEC Office of Compliance Inspections and Examinations (OCIE) recently highlighted “inadvertent custody” as one of the five most frequent compliance topics for investment advisors.^[1]Securities and Exchange Commission, Office of Compliance Inspections and Examinations, “National Exam Program Risk Alert,” (February 7, 2017). Clients are already hearing about this from their managers, which can avoid this issue through additional documentation. While the use of “inadvertent” in the description makes this sound like a non-issue, SEC staff are rightly pointing out how a failure to square the terms of agreements made with separate service providers can increase the risk of fraudulent transfers.

Generally, investment advisors are subject to additional compliance burdens and regulatory scrutiny if they have “custody” of client assets. Traditionally, non-custodial separate account managers are given the ability to buy or sell securities within a segregated account but, under the terms of an IMA, may not transfer assets out of the account.^[2]There are, of course, other variations on this theme that may not violate the custody rule. This would seem to be sufficient to avoid taking custody of client assets. However, OCIE points out that the terms of some custodial contracts may permit an investment advisor to make transfers out of a client account. Importantly, since an advisor is not party to the client custody agreement, the firm may technically have custody without realizing it. For clients, this means that the custodian would not necessarily act as a brake on accidental or fraudulent transfers out of a managed account, even if a transaction violated an advisor’s IMA.

While it may involve filling out yet more paperwork, the solution to this issue is fairly painless. According to the OCIE, managers can avoid taking inadvertent custody of client assets by notifying a client’s custodian of the manager’s limited authority within the account and seeking client and custodian consent to the notice. In effect, this solution fills the information gap between the custodian and the manager without requiring a major contract review by all parties. According to Cambridge Associates’ Compliance team, some clients have already received such notices from managers, and we expect this will happen to more of them. Good to know!

Yes? No? Wait . . . Maybe So?

Labor’s Fiduciary Rule Remains in Limbo

The US Department of Labor said in late May that a rule designed to ensure that financial advisors are on the same side of the table as their clients may eventually be dismantled after an economic review is conducted; however, there are signs that the industry may have already adopted structural changes precipitated by the proposed Fiduciary Rule.

Last quarter, when discussing some regulatory tailwinds that favored the increased adoption of indexing, we mentioned that the Trump administration was seeking to delay or block the Fiduciary Rule. The rule would require that financial advisors act in clients’ best interests, rather than merely selling them a “suitable” fund or other product.

In February, President Trump ordered the agency to review the rule’s potential impact and assess whether it would limit retirees’ access to products or information, create industry disruption, or spur litigation. The review has been ordered despite the rule’s six year design process (which included a five-month public comment period and more than 100 stakeholder meetings). In late May, Labor Secretary Alexander Acosta said the rule will take effect June 9, without further delay, but left the door open for an eventual repeal or revision subsequent to the department’s economic review, which will involve additional rounds of public comment solicitation.

Given the long lead up to implementation, the brokerage and asset management industries have already adopted many changes intended to bring them into compliance with the rule. Many brokerage firms have abandoned or de-emphasized commissions in favor of wrap fees. Mutual funds that charge “loads” or sales commissions have seen net outflows of more than $750 billion over the ten years through 2015, compared to net inflows of more than $2 trillion for no-load funds. During that period, load funds have decreased from representing about one-third of fund industry assets to less than one-fifth. Individual investors appear to be favoring low cost investments and adopting less conflicted advisory models to a much greater extent than before. Assets managed by index-fund leader The Vanguard Group have doubled in just four years, from $2 billion in 2013 to $4 billion today.

As of early May, a bill repealing Dodd-Frank, the Volcker Rule, and the Fiduciary Rule was winding its way through the US legislature. A committee within the House of Representatives passed it, but eventual passage through both houses is not a sure thing. Even if the rule is repealed, investor concerns about the impact of conflicts and fees may prevail, and the securities industry could find itself unable to put the genie back into the bottle.

Toil and Trouble in Puerto Rico

Creditors Will Need to Pack Their Patience

Puerto Rico entered into bankruptcy-like legal proceedings in May after negotiations between the island and creditors faltered, but it remains to be seen how this step will impact returns for the hedge funds and other investors that own the island’s defaulted debt.

In 2014 and 2015, a wide variety of hedge funds purchased distressed municipal bonds issued by Puerto Rico. Some investors were certain that legal protections meant that the island’s fat-coupon payments would be maintained, while others were persuaded that even in a default, eventual recoveries would be large enough to justify purchases of the deeply discounted bonds.

The island defaulted on its general obligation bonds last summer. With few outward signs of progress in the months that followed, some funds have trimmed or exited their bond holdings, and those remaining have been negotiating to maximize their eventual recovery. However, on March 13, a federal oversight board approved a recovery plan from the island’s governor that sharply cut the amount of funds reserved for debt repayment compared to an earlier proposal. The revised proposal leaves just $800 million annually for debt service over the next five years, about one-fourth of what is owed.

A few weeks later, Puerto Rico missed a deadline to reach agreement with creditors that would have staved off lawsuits. Creditors immediately began filing suit, and in early May Puerto Rico entered Title III proceedings, a process akin to bankruptcy created last year as part of the PROMESA rescue legislation. Title III restructuring is somewhat similar to the Chapter 9 bankruptcy proceedings used by Detroit, but it relies on the appointed oversight board rather than on elected officials.

Hedge funds that have invested in Puerto Rico own a wide variety of bonds, including general obligation bonds (the chart below shows one issued primarily to hedge fund buyers after the island’s debt had become distressed, but many other general obligation bonds are also outstanding) and revenue bonds. Puerto Rico’s troubled electrical and water utilities were big issuers, in addition to its sales tax authority. The different varieties have mixed bondholder constituencies, which appear to be competing for the island’s limited repayment capacity, together with pensioners, government vendors, and other entities.

Detroit moved through bankruptcy in about 16 months. How long might the hedge funds that own Puerto Rico debt have to wait to get some certainty about eventual recoveries and returns?

“It’s going to be a long struggle,” one manager told us. When asked about how much longer hedge funds will continue to be involved in Puerto Rico, the manager replied, “years, not months.”

While Detroit’s bankruptcy filing came as a surprise (at least in terms of its timing) and generated ripples of fear in the muni market, Puerto Rico’s was not a shock to the wider market. Muni bond trading has been uneventful. Most quality municipal bond managers and funds have inconsequential exposure to Puerto Rico.

Want to Make a Deal?

M&A Activity Falls Despite Regulatory Easing

While some hedge funds that participate in merger arbitrage transactions have expected an uptick in deal activity due to the election of President Trump, the opposite appears to be happening more often, at least for now.

Republican administrations are generally perceived as having a less interventionist approach to merger activity, and Trump’s nominee to head the Justice Department’s antitrust division, lobbyist Makan Delrahim, appears to be disinclined to attack mergers that don’t involve clear antitrust violations (his appointment is likely to be confirmed by the Senate). In a recent New York Times interview, Delrahim pointed out that monopolies are legal as long as the monopoly does not abuse its monopoly power, and that the role of antitrust is to enable free markets. Last year (well before his appointment), Delrahim was asked about the pending AT&T acquisition of Time Warner, and said, “I don’t see this as a major antitrust problem.” Other pending deals include drug retailers Walgreens/RiteAid and chemicals manufacturers Dow/DuPont and Bayer/Monsanto.

The likelihood of a soft regulatory touch has not spurred much deal activity, however. The three-month total of announced US deals is the lowest in more than two decades, falling even below the trough levels of the financial crisis (some of the announced deals are sizable, and thus the dollar amount of announced deals over the past three months is typical compared to recent history).

Merger arbitrage funds have returned 3.4% (annualized) over the past three years, according to HFR’s index of such funds. However, many investors are more likely to have exposure to merger arbitrage through open mandate or event-driven funds that selectively rotate into merger arbitrage depending on the availability of attractive spreads. One event-driven fund manager told us in May that although deal activity was robust in 2016 and spreads were wide, 2017 is shaping up to have less risk of deals blowing up because of antitrust action (and thus lower arbitrage spreads).

Mary Cove, Managing Director
Sean McLaughlin, Managing Director
Robert Tello, Senior Investment Director