Memo #
31613

OCIE Publishes Risk Alert on Transfer Agent Safeguarding of Funds and Securities
| Print

[31613]

February 14, 2019 TO: ICI Members
Operations Committee
Transfer Agent Advisory Committee SUBJECTS: Operations
Transfer Agency RE: OCIE Publishes Risk Alert on Transfer Agent Safeguarding of Funds and Securities

 

The SEC’s Office of Compliance Inspections and Examinations (OCIE) published a Risk Alert yesterday highlighting deficiencies it found in exams of 75 transfer agents that serve as paying agents.[1] These exams were conducted between October 2014 and September 2017. While the Risk Alert is briefly summarized below, from our reading of it, it does not appear that deficiencies highlighted related to mutual funds. We base this view on the fact that the deficiencies highlighted seem more applicable to stock transfer agents and the fact that, had a mutual fund transfer agent been deficient, we would have expected the Risk Alert to also address a transfer agent’s obligations under the SEC’s mutual fund compliance rule, Rule 38a-1. As you know, Rule 38a-1 requires all mutual fund transfer agents to have policies and procedures that are reasonably designed to ensure that the fund – and its transfer agent – are in compliance with all applicable regulatory requirements. Had the transfer agents that OCIE inspected experienced the deficiencies highlighted in the Risk Alert, such deficiencies would potentially have been a violation of Rule 38a-1.

Background

As noted above, OCIE’s review related to the transfer agent’s “paying agent” activities. As described in the Risk Alert, a paying agent’s activities “commonly include:”

  • Processing and disbursing principal, interest, and dividend payments to bondholders or shareholders based on an issuer’s payment schedule;
  • Administering direct stock purchase and dividend reinvestment plans;
  • Handling escheatment and lost shareholder search and report filing;
  • Managing interest bearing accounts or demand deposit accounts in the name of mutual funds for activities such as inflows and outflows from fund orders; and
  • Making distributions for mutual funds.

The Risk Alert notes that, pursuant to Rule 17Ad-12 under the Securities Exchange Act of 1934, the “Safeguarding Rule,” registered transfer agents have a duty to safeguard any shareholder’s securities and protect their funds against misuse.

OCIE’s Observations and Compliance Concerns

OCIE’s observations from the exams fall into two categories: (1) compliance with the Safeguarding Rule and (2) notification to unresponsive payees and policies and procedures for lost securityholder searches. With respect to (1), there were four issues of concern to OCIE. These four were:

  • Transfer agents misappropriating or stealing shareholders’ funds and physical securities;
  • Transfer agents failing to have adequate policies, procedures, and controls to ensure compliance with the Safeguarding Rule;
  • Transfer agents failing to have adequate account reconciliation controls and procedures; and
  • Transfer agents not securing access to vaults, computers, and areas of the firm that handle disbursements.

The deficiencies OCIE highlighted relating to lost securityholder searches and unresponsive payee notifications were as follows:

  • Transfer agents not complying with the database search requirements in Rule 17Ad-17(a)(1);
  • Transfer agents failing to send written notices to unresponsive payees (i.e., payees who fail to cash checks within six months) as required by Rule 17Ad-17; and
  • Transfer agents failing to have policies and procedures to ensure compliance with Rule 17Ad-17.

Features of Robust Policies, Procedures, and Controls

The Risk Alert highlights “robust written policies, procedures, and controls related to the processing of funds, handling of physical certificates, lost securityholder searches, and unresponsive payee notifications” that they observed during their exams.[2] With respect to safeguarding funds, these robust policies, procedures, and controls were:

  • Using segregated and specifically designated accounts for client fund deposits and payments to prevent comingling with the transfer agent’s operations accounts;
  • Segregating the duties among different individuals holding different positions in the transfer agent to limit any one person having too much control or access over funds or securities;
  • Frequent bank reconciliations;
  • Implementing accounting controls;
  • Requiring all payment instruction changes be made in writing;
  • Maintaining logs of unissued and uncashed checks;
  • Establishing specific deadlines or timeframes for each step in the paying agent process or certificate movement; and
  • Identifying entities or positions responsible for specific tasks in the policies and procedures.

With respect to lost securityholder and unresponsive payee practices, the robust policies, procedures and controls observed were:

  • Establishing and maintaining written procedures that outline how to identify and record a lost securityholder in the recordkeeping system;
  • Discontinuing the mailing of physical checks to lost securityholders;
  • Maintaining copies of dated, returned mail, including the outer envelope;
  • In addition to the required lost securityholder searches, “reviewing the list of lost securityholders, including non-natural persons, to determine if an updated address can be easily attained by searching information available in the public domain;”[3] and
  • Establishing and maintaining written procedures that outline the escheatment services provided to issuers[4] and the requirements of each applicable state.

According to OCIE, “transfer agents may wish to consider these practices in the implementation of safeguarding policies, procedures, and controls.”

 

Tamara K. Salmon
Associate General Counsel
 

endnotes

[1] See Transfer Agent Safeguarding of Funds and Securities, SEC Office of Compliance Inspections and Examinations Risk Alert (February 13, 2019), which is available at: https://www.sec.gov/files/OCIE%20Risk%20Alert%20-%20Transfer%20Agent%20Safeguarding.pdf.

[2] The discussion in the Risk Alert relating to “Safeguarding Physical Securities” has been omitted as largely irrelevant to our members. 

[3]  It should be noted that these additional searches are not required by law and a transfer agent that does not conduct them cannot be deemed deficient in complying with their regulatory requirements.

[4]  The Risk Alert does not explain what they mean by “the escheatment services provided to issuers.”