During the period of October 2014 through September 2017, the Office of Compliance Inspections and Examinations (“OCIE”) conducted 75 examinations of transfer agents (“TAs”) that also served as paying agents. 1 The staff examined for the possible misappropriation of funds and assessed the TAs’policies, procedures, and controls for paying agent activities.2This Risk Alert highlights some of the risks and issues associated with paying agent activities, identifies significant exam deficiencies related to the safeguarding of funds and securities by paying agents and provides a listing of some common features of robust safeguarding policies, procedures, and controls for paying agents. II.Background TAs serve as agents for issuers and play a critical role in the settlement of securities transactions. Among their key functions, TAs are responsible for maintaining issuers’ security holder records, recording changes of ownership, canceling and issuing certificates, distributing dividends and other payments to security holders, and facilitating communications between issuers and security holders. Paying agent activities to vary, but commonly include:Processing and disbursing principal, interest, and dividend payments to bond holders or shareholders based on an issuer’s payment schedule;Administering direct stock purchase and dividend reinvestment plans;Handling escheatment and lost shareholder search and report filing;Managing interest-bearing accounts or demand deposit accounts in the name of mutual funds for activities such as inflows and outflows from fund orders, andMaking distributions for mutual funds. In certain circumstances, TAs that serve as paying agents are unable to distribute shareholder funds as intended.For example, checks may be returned to the TA as undeliverable, shareholders may receive a check but never cash it, or electronic banking instructions may be inaccurate. In these situations, shareholder funds may remain in the TA’s bank accounts for years until the funds are escheated per relevant state law. Exchange Act Rule 17Ad-12 (the “Safeguarding Rule”) requires any registered TA in possession of funds or securities related to transfer agent activities to assure that:1A the paying agent accepts payments from the issuer of a security and distributes the payments to the holders of the security. See Rule 17Ad-17 under the Securities Exchange Act of 1934 (“Exchange Act”). 2OCIE has prioritized examining for the safeguarding of funds and securities transfer agents. See Examination Priorities for 2016, Examination Priorities for 2017, and examination Priorities for 2018.Key Takeaway: Transfer agents should review their practices, policies, and procedures to ensure funds and securities are protected while held at the transfer agent. (1)the securities are held in safekeeping and are handled, in light of all facts and circumstances, in a manner reasonably free from the risk of theft, loss, or destruction; and (2)the funds are protected, in light of all facts and circumstances, against misuse. In evaluating which particular safeguards and procedures must be employed, two relevant factors are the cost of the various safeguards and procedures as well as the nature and degree of potential financial exposure. Exchange Act Rule 17Ad-17 (the “Lost Securityholder/Unresponsive Payee Rule”) requires every TA that maintains an issuer’s master security holder file3to conduct searches for lost security holders within a defined time period and send notices to unresponsive payees within a defined time period. A TA must keep and maintain records to demonstrate compliance with the rule including written procedures that provide the TA’s methodology for complying with the rule.4III.Examination Observations and Compliance IssuesThe staff’s observations from recent examinations of paying agents generally fall into two categories: (i) safeguarding of funds and securities and (ii) notification to unresponsive payees and policies and procedures for lost security holder searches. 1.Safeguarding RuleBelow is an example of deficiencies and weaknesses that OCIE staff observed in connection with the Safeguarding Rule: Misappropriation and Theft. OCIE staff observed the misappropriation of shareholder funds and the theft of physical certificates.5For example, in some instances, TA employees misappropriated issuer funds for personal use, and in other instances, a TA used shareholder funds to pay fees of the TA. The staff also observed TAs keeping physical certificates in unsecured locations for long periods of time, resulting in the issuance of those certificates to different shareholders. Policies, Procedures, and Controls. OCIE staff observed that some TAs did not have adequate policies, procedures, and controls for the safeguarding of funds and securities.In some instances, TAs did not have policies and procedures for any paying agent activities, while in other instances, their policies and procedures did not address the issuance and handling of checks, the distribution of dividends, bank account reconciliation, escheatment, or periodic redemption requests for limited partnerships.Some TAs had policies and procedures, but they lacked specificity, did not designate responsibility for performing or documenting reviews, or only quoted rule requirements. Some TAs did not have reasonable controls to protect funds from misuse when conducting typical disbursement activities, such as requiring confirmation from multiple individuals in order to move issuer funds.3Exchange Act Rule 17Ad-9(b) defines master securityholder file as “the official list of individual securityholder accounts.”4Exchange Act Rule 17Ad-17(d). 5The Commission has brought enforcement actions in this area. See, e.g.,Securities and Exchange Commission v. Robert G. Pearson and Illinois Stock Transfer Company d/b/a IST Shareholder Services(Litigation Release No. 23007, May 28, 2014) (complaintallegingIllinois Stock Transfer Company and its president, Robert Pearson,misappropriated approximately $1.3 million of issuer and shareholder funds).
3. Account Reconciliation.
OCIE staff observed that some TAs did not haveadequate account reconciliation controls and procedures. For example, the staff observed the comingling of shareholder funds with TA operating funds without an adequate reconciliation process, as well as the commingling of funds in a single account despite policies and procedures stating that funds would be maintained in separate accounts designated for the benefit of each issuer. Security Protocols.OCIE staff observed instances where TAs did notsecure access to vaults, computers, and areas of the firm that handle disbursement operations, creating a risk of theft, loss, or destruction.2.Lost Securityholder Searches/ Unresponsive Payee NotificationsBelow are examples of deficienciesand weaknessesthat OCIE staff identified in connection with the Lost Securityholder/Unresponsive Payee Rule. Lost Securityholder Searches. OCIE staff observedTAsthatdid not complywith the database search requirements of the Lost Securityholder/Unresponsive Payee Rule. For example, the staff observed TAs that did not conduct lost securityholder searches, or if searches were conducted, they were not conducted within the propertimeframe.In addition, some TAs conducted searches for lost securityholders using only public resources instead of an information database service, as required by Rule 17Ad-17(a)(1). The staff also observed TAs that did not identify securityholders as lost and record the lost status in theirrecordsand, as a result, were unable to determine whether lost securityholder searches were required.Unresponsive Payee Notifications.OCIE staff observed TAs that failed tosend written notifications to unresponsive payees or had sent notifications aftertherequired timeframe set by Rule17Ad-17.Policies and Procedures.OCIE staff observedweaknesses with TAs’ policies and procedures under Rule 17Ad-17, includingwritten procedures that did not require database searches, address unresponsive payee notifications, designate responsibilityfor performing and documenting reviews, or outline the methodology utilized to comply with the rule. The staff also observed TAs that did not maintain records oftheir lost securityholder searches and unresponsive payee notifications. IV.Featuresof Robust Policies,Procedures,and Controls6During these examinations, the staff observed several TAs that appeared to have implemented robustwritten policies,procedures,and controlsrelated to the processing of funds, handling of physical certificates, lost securityholder searches,and unresponsive payee notifications.For example, these TAs engaged in the following practices:Safeguarding Funds.oUsingsegregated and specifically designated accounts for client fund deposits and payments topreventcomminglingof those fundswithfunds in theTAs’ operation accounts.oSegregation of duties among different individuals holding different positions at the TAto limit any one person having too much control or access over the funds and securities.oFrequent bank reconciliations.6This section is not intendedtobe a comprehensive listing of robust safeguarding policies,procedures,and controls.The adequacy of supervisory, compliance, and other risk management policies and procedures can be determined only with reference to the business profile of each specific transfer agent and other facts and circumstances.