48 Neb. Admin. Code, ch. 7, § 013 - POLICIES AND PROCEDURES
Every investment adviser registered or required to be registered under the Act shall establish, maintain, and enforce written policies and procedures tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser. The written policies and procedures must provide for at least the following:
013.01 Compliance Policies and Procedures. The investment adviser must establish, maintain, and enforce written compliance policies and procedures reasonably designed to prevent violations by the investment adviser of the Act and the rules that the Director has adopted under the Act;
013.02 Supervisory Policies and Procedures. The investment adviser must establish, maintain, and enforce written supervisory policies and procedures reasonably designed to prevent violations by the investment adviser's supervised persons of the Act and the rules that the Director has adopted under the Act;
013.03 Proxy Voting Policies and Procedures.
013.03A If the investment adviser has the authority to vote client securities:
013.03A1 The investment adviser must establish, maintain, and enforce written proxy voting policies and procedures that are reasonably designed to ensure that the investment adviser votes client securities in the best interest of clients. These procedures must include how the investment adviser addresses material conflicts that may arise between its interests and those of the investment adviser's clients;
013.03A2 Disclose to clients how they may obtain information from the investment adviser about how it voted with respect to their securities; and
013.03A3 Describe to clients the investment adviser's proxy voting policies and procedures and, upon request, furnish a copy of the policies and procedures to the requesting client.
013.03B If the investment adviser does not have the authority to vote client securities then this information must be disclosed to clients.
013.04 Physical Security and Cybersecurity Policies and Procedures. The investment adviser must establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information. The policies and procedures must be tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser.
013.04A The physical security and cybersecurity policies and procedures must:
013.04A1 Protect against reasonably anticipated threats or hazards to the security or integrity of client records and information;
013.04A2 Ensure that the investment adviser safeguards confidential client records and information; and
013.04A3 Protect any records and information the release of which could result in harm or inconvenience to any client.
013.04B The physical security and cybersecurity policies and procedures must cover at least five functions:
013.04B1 Identify. Develop the organizational understanding to manage information security risk to systems, assets, data, and capabilities.
013.04B2 Protect. Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
013.04B3 Detect. Develop and implement the appropriate activities to identify the occurrence of an information security event;
013.04B4 Respond. Develop and implement the appropriate activities to take action regarding a detected information security event; and
013.04B5 Recover. Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to an information security event.
013.04C Privacy Policy. The investment adviser must deliver upon the investment adviser's engagement by a client, and on an annual basis thereafter, a privacy policy to each client that is reasonably designed to aid in the client's understanding of how the investment adviser collects and shares, to the extent permitted by state and federal law, non-public personal information. The investment adviser must promptly update and deliver to each client an amended privacy policy if any of the information in the policy becomes inaccurate.
013.05 Code of Ethics.
013.05A The investment adviser must establish, maintain, and enforce a written code of ethics that, at a minimum, includes:
013.05A1 A standard (or standards) of business conduct that the investment adviser requires of its supervised persons, which must reflect the investment adviser's fiduciary obligations and those of its supervised persons;
013.05A2 Provisions requiring the investment adviser's supervised persons to comply with applicable State and Federal securities laws;
013.05A3 Provisions requiring all of the investment adviser's access persons to report, and the investment adviser to review, their personal securities transactions and holdings periodically as provided below;
013.05A4 Provisions requiring supervised persons to report any violations of the investment adviser's code of ethics promptly to its chief compliance officer or, provided the investment adviser's chief compliance officer also receives reports of all violations, to other persons designated in the investment adviser's code of ethics; and
013.05A5 Provisions requiring the investment adviser to provide each of its supervised persons with a copy of the investment adviser's code of ethics and any amendments and requiring the investment adviser's supervised persons to provide it with a written acknowledgment of their receipt of the code and any amendments.
013.05B Reporting Requirements.
013.05B1 Holdings reports. The code of ethics must require the investment adviser's access persons to submit to its chief compliance officer or other persons designated in the investment adviser's code of ethics a report of the access person's current securities holdings that meets the following requirements:
013.05B1a Content of holdings reports. Each holdings report must contain, at a minimum:
013.05B1a1 The title and type of security, and as applicable the exchange ticker symbol or CUSIP number, number of shares, and principal amount of each reportable security in which the access person has any direct or indirect beneficial ownership;
013.05B1a2 The name of any broker, dealer, or bank with which the access person maintains an account in which any securities are held for the access person's direct or indirect benefit; and
013.05B1a3 The date the access person submits the report.
013.05B1b Timing of holdings reports. The investment adviser's access persons must each submit a holdings report:
013.05B1b1 No later than 10 days after the person becomes an access person, and the information must be current as of a date no more than 45 days prior to the date the person becomes an access person.
013.05B1b2 At least once each 12-month period thereafter on a date selected by the investment adviser, and the information must be current as of a date no more than 45 days prior to the date the report was submitted.
013.05B2 Transaction reports. The code of ethics must require access persons to submit to the investment adviser's chief compliance officer or other persons designated in the investment adviser's code of ethics quarterly securities transactions reports that meet the following requirements:
013.05B2a Content of transaction reports. Each transaction report must contain, at minimum, the following information about each transaction involving a reportable security in which the access person had, or as a result of the transaction acquired, any direct or indirect beneficial ownership:
013.05B2a1 The date of the transaction, the title, and as applicable the exchange ticker symbol or CUSIP number, interest rate and maturity date, number of shares, and principal amount of each reportable security involved;
013.05B2a2 The nature of the transaction (i.e., purchase, sale or any other type of acquisition or disposition);
013.05B2a3 The price of the security at which the transaction was effected;
013.05B2a4 The name of the broker, dealer, or bank with or through which the transaction was effected; and
013.05B2a5 The date the access person submits the report.
013.05B2b Timing of transaction reports. Each access person must submit a transaction report no later than 30 days after the end of each calendar quarter, which report must cover, at a minimum, all transactions during the quarter.
013.05B3 Exceptions from reporting requirements. The investment adviser's code of ethics need not require an access person to submit:
013.05B3a Any report with respect to securities held in accounts over which the access person had no direct or indirect influence or control;
013.05B3b A transaction report with respect to transactions effected pursuant to an automatic investment plan in which regular periodic purchases or withdrawals are made automatically in or from investment accounts in accordance with a predetermined schedule and allocation, including a dividend reinvestment plan;
013.05B3c A transaction report if the report would duplicate information contained in broker trade confirmations or account statements that the investment adviser holds in its records so long as the investment adviser receives the confirmations or statements no later than 30 days after the end of the applicable calendar quarter.
013.05B4 Pre-approval of certain investments. The investment adviser's code of ethics must require its access persons to obtain the investment adviser's approval before they directly or indirectly acquire beneficial ownership in any security in an initial public offering or in a limited offering.
013.05B5 Small advisers. If the investment adviser has only one access person, it is not required to submit reports to itself or to obtain its own approval for investments in any security in an initial public offering or in a limited offering, if the investment adviser maintains records of all of its holdings and transactions that this section would otherwise require the investment adviser to report.
013.06 Material Non-Public Information Policy and Procedures. The investment adviser must establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, nonpublic information by the investment adviser or any person associated with the investment adviser.
013.07 Business Continuity and Succession Plan. The investment adviser must establish, maintain, and enforce written policies and procedure relating to a business continuity and succession plan. The plan must provide for at least the following:
013.07A The protection, backup, and recovery of books and records.
013.07B Alternate means of communications with customers, key personnel, employees, vendors, service providers (including third-party custodians), and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.
013.07C Office relocation in the event of temporary or permanent loss of a principal place of business.
013.07D Assignment of duties to qualified responsible persons in the event of the death or unavailability of key personnel
013.07E Otherwise minimizing service disruptions and client harm that could result from a sudden significant business interruption.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
Every investment adviser registered or required to be registered under the
013.01 Compliance Policies and Procedures. The investment adviser must establish, maintain, and enforce written compliance policies and procedures reasonably designed to prevent violations by the investment adviser of the Act and the rules that the Director has adopted under the Act ;
013.02 Supervisory Policies and Procedures. The investment adviser must establish, maintain, and enforce written supervisory policies and procedures reasonably designed to prevent violations by the investment adviser's supervised persons of the Act and the rules that the Director has adopted under the Act ;
013.03 Proxy Voting Policies and Procedures.
013.03A If the investment adviser has the authority to vote client securities:
013.03A1 The investment adviser must establish, maintain, and enforce written proxy voting policies and procedures that are reasonably designed to ensure that the investment adviser votes client securities in the best interest of clients. These procedures must include how the investment adviser addresses material conflicts that may arise between its interests and those of the investment adviser's clients;
013.03A2 Disclose to clients how they may obtain information from the investment adviser about how it voted with respect to their securities; and
013.03A3 Describe to clients the investment adviser's proxy voting policies and procedures and, upon request, furnish a copy of the policies and procedures to the requesting client.
013.03B If the investment adviser does not have the authority to vote client securities then this information must be disclosed to clients.
013.04 Physical Security and Cybersecurity Policies and Procedures. The investment adviser must establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information. The policies and procedures must be tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser.
013.04A The physical security and cybersecurity policies and procedures must:
013.04A1 Protect against reasonably anticipated threats or hazards to the security or integrity of client records and information;
013.04A2 Ensure that the investment adviser safeguards confidential client records and information; and
013.04A3 Protect any records and information the release of which could result in harm or inconvenience to any client.
013.04B The physical security and cybersecurity policies and procedures must cover at least five functions:
013.04B1 Identify. Develop the organizational understanding to manage information security risk to systems, assets, data, and capabilities.
013.04B2 Protect. Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
013.04B3 Detect. Develop and implement the appropriate activities to identify the occurrence of an information security event;
013.04B4 Respond. Develop and implement the appropriate activities to take action regarding a detected information security event; and
013.04B5 Recover. Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to an information security event.
013.04C Privacy Policy. The investment adviser must deliver upon the investment adviser's engagement by a client, and on an annual basis thereafter, a privacy policy to each client that is reasonably designed to aid in the client's understanding of how the investment adviser collects and shares, to the extent permitted by state and federal law, non-public personal information. The investment adviser must promptly update and deliver to each client an amended privacy policy if any of the information in the policy becomes inaccurate.
013.05 Code of Ethics.
013.05A The investment adviser must establish, maintain, and enforce a written code of ethics that, at a minimum, includes:
013.05A1 A standard (or standards) of business conduct that the investment adviser requires of its supervised persons, which must reflect the investment adviser's fiduciary obligations and those of its supervised persons;
013.05A2 Provisions requiring the investment adviser's supervised persons to comply with applicable State and Federal securities laws ;
013.05A3 Provisions requiring all of the investment adviser's access persons to report, and the investment adviser to review, their personal securities transactions and holdings periodically as provided below;
013.05A4 Provisions requiring supervised persons to report any violations of the investment adviser's code of ethics promptly to its chief compliance officer or, provided the investment adviser's chief compliance officer also receives reports of all violations, to other persons designated in the investment adviser's code of ethics; and
013.05A5 Provisions requiring the investment adviser to provide each of its supervised persons with a copy of the investment adviser's code of ethics and any amendments and requiring the investment adviser's supervised persons to provide it with a written acknowledgment of their receipt of the code and any amendments.
013.05B Reporting Requirements.
013.05B1 Holdings reports. The code of ethics must require the investment adviser's access persons to submit to its chief compliance officer or other persons designated in the investment adviser's code of ethics a report of the access person 's current securities holdings that meets the following requirements:
013.05B1a Content of holdings reports. Each holdings report must contain, at a minimum:
013.05B1a1 The title and type of security, and as applicable the exchange ticker symbol or CUSIP number, number of shares, and principal amount of each reportable security in which the access person has any direct or indirect beneficial ownership;
013.05B1a2 The name of any broker, dealer, or bank with which the access person maintains an account in which any securities are held for the access person 's direct or indirect benefit; and
013.05B1a3 The date the access person submits the report.
013.05B1b Timing of holdings reports. The investment adviser's access persons must each submit a holdings report:
013.05B1b1 No later than 10 days after the person becomes an access person , and the information must be current as of a date no more than 45 days prior to the date the person becomes an access person .
013.05B1b2 At least once each 12-month period thereafter on a date selected by the investment adviser, and the information must be current as of a date no more than 45 days prior to the date the report was submitted.
013.05B2 Transaction reports. The code of ethics must require access persons to submit to the investment adviser's chief compliance officer or other persons designated in the investment adviser's code of ethics quarterly securities transactions reports that meet the following requirements:
013.05B2a Content of transaction reports. Each transaction report must contain, at minimum, the following information about each transaction involving a reportable security in which the access person had, or as a result of the transaction acquired, any direct or indirect beneficial ownership:
013.05B2a1 The date of the transaction, the title, and as applicable the exchange ticker symbol or CUSIP number, interest rate and maturity date, number of shares, and principal amount of each reportable security involved;
013.05B2a2 The nature of the transaction (i.e., purchase, sale or any other type of acquisition or disposition);
013.05B2a3 The price of the security at which the transaction was effected;
013.05B2a4 The name of the broker, dealer, or bank with or through which the transaction was effected; and
013.05B2a5 The date the access person submits the report.
013.05B2b Timing of transaction reports. Each access person must submit a transaction report no later than 30 days after the end of each calendar quarter, which report must cover, at a minimum, all transactions during the quarter.
013.05B3 Exceptions from reporting requirements. The investment adviser's code of ethics need not require an access person to submit:
013.05B3a Any report with respect to securities held in accounts over which the access person had no direct or indirect influence or control;
013.05B3b A transaction report with respect to transactions effected pursuant to an automatic investment plan in which regular periodic purchases or withdrawals are made automatically in or from investment accounts in accordance with a predetermined schedule and allocation, including a dividend reinvestment plan;
013.05B3c A transaction report if the report would duplicate information contained in broker trade confirmations or account statements that the investment adviser holds in its records so long as the investment adviser receives the confirmations or statements no later than 30 days after the end of the applicable calendar quarter.
013.05B4 Pre-approval of certain investments. The investment adviser's code of ethics must require its access persons to obtain the investment adviser's approval before they directly or indirectly acquire beneficial ownership in any security in an initial public offering or in a limited offering .
013.05B5 Small advisers. If the investment adviser has only one access person , it is not required to submit reports to itself or to obtain its own approval for investments in any security in an initial public offering or in a limited offering , if the investment adviser maintains records of all of its holdings and transactions that this section would otherwise require the investment adviser to report.
013.06 Material Non-Public Information Policy and Procedures. The investment adviser must establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, nonpublic information by the investment adviser or any person associated with the investment adviser.
013.07 Business Continuity and Succession Plan. The investment adviser must establish, maintain, and enforce written policies and procedure relating to a business continuity and succession plan. The plan must provide for at least the following:
013.07A The protection, backup, and recovery of books and records.
013.07B Alternate means of communications with customers, key personnel, employees, vendors, service providers (including third-party custodians), and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.
013.07C Office relocation in the event of temporary or permanent loss of a principal place of business.
013.07D Assignment of duties to qualified responsible persons in the event of the death or unavailability of key personnel
013.07E Otherwise minimizing service disruptions and client harm that could result from a sudden significant business interruption.