21 March, 2019
The European Union’s General Data Protection Regulation (GDPR) has been creating issues for EU-based investments advisers and management that are seeking to register as investment advisers with the US Securities and Exchange Commission (SEC). The SEC has delayed action on a number of such applications out of concern that the GDPR will prevent the SEC from obtaining information about applicants that the SEC deems vital to its job of regulating and supervising SEC-registered investment advisers. Apparently, the SEC staff have not yet gotten comfortable that exceptions built into the GDPR are broad enough to allow the SEC to fulfill its obligations under applicable US law and regulation. It has been reported that efforts by applicants and law firms to find work-arounds have not yet met with success. Concerns have been raised that applicants from other countries that have data privacy rules modelled on the GDPR (or that reflect or otherwise impose similar strict limitations on a regulator’s access to personal data) may also face delays when applying for registration with the SEC.
The SEC staff have been requesting opinions from counsel licensed to practice in the US that the applicant can, as a matter of law, provide the SEC with prompt direct access to its books and records and to submit to onsite inspection and examination by the SEC once registered. Depending on a given firm’s situation, there may be ways under US law to plan around the current log jam in SEC registration.
Hong Kong’s personal data privacy regime has been in place for a number of years and, to date, has not been an impediment to applications for HK-based investment advisers to register as investment advisers with the SEC. Here is a link to an article published by Deacons, providing a comparison between the GDPR and the Hong Kong regime: A closer comparison between the GDPR and the PDPO.
Ethan W. Johnson of Morgan, Lewis & Bockius LLP
For further information, please contact:
