4 key takeaways from the Private Fund Compliance Forum 2019

How ESG climbed the compliance agenda, patchy cybersecurity insurance and better valuations guidance were discussed at length at the San Francisco event.

CFOs, compliance experts, service providers and other business leaders gathered in early October for the 2019 Private Fund Compliance Forum in San Francisco. Panel discussions were under Chatham House rules. Here were some of the top talking points.

Valuation by the book

Valuations is always a hot topic. One main focus was on The American Institute of CPAs’ accounting and valuation guide for the private equity and venture capital industry that was released on August 19. All panelists at the forum agreed that the 600-page guideline wasn’t setting a new standard but instead was solidifying what is best practice when calculating fair value.

“AICPA’s guidelines won’t be used as the Bible by the SEC,” a chief compliance officer said. They went on to explain that the highlight of the guide was the number of case studies included in it. “People appreciate having the case studies,” the person said. “Normally you are waiting for the enforcement cases to understand what to do. Now you don’t have to.”

CFOs also discussed whether they use third parties for their valuations.

“We prefer to do it in house,” one CFO said. “We are not being pushed by LPs to do so, it’s a topic of conversation, but I just don’t see us making that shift.”

Another CFO explained what their firm does instead of outsourcing their valuations: “We go to investment banks who sell our businesses and we have them provide us feedback on each business every six months. So, we get two or three banks for each business.”

The firm also includes two limited partners on its valuation committee. While they are not responsible for the valuations, their feedback is invaluable, the CFO said.

ESG policies are here

The importance of ESG policies in PE was discussed in depth throughout the conference.

“In the past we never had uniformity, but now we’re seeing more of a focus in the industry on ESG, specifically climate change,” one CFO said. This was evidenced by several CFOs discussing how they have internal green initiatives. One CFO spoke about eliminating the use of plastic water bottles by supplying all of the firm’s employees with personal Swell bottles and eliminating the use of paper by supplying all employees with iPads.

It’s important for firms to properly report their ESG policies to their limited partners, because it is something they are looking out for, the first CFO said.

One conversation overheard after various ESG discussions from panelists included one attendee saying, “We have no ESG policies. We should start working on them.”

An SEC inspector calls…repeatedly

One lawyer on a panel explained that the SEC is slowing down its focus on private fund managers, but still has the industry in its sights. “I used to get one call a week from clients getting examined; now it’s about every three to four weeks,” the lawyer said. “It can also depend on which region you are based in. There’s a push to focus on private funds in the New York area.”

All panelists agreed that the SEC is much more sophisticated in its understanding of private equity than it used to be. One way to get ahead of exams is by preparing your “first day deck now” instead of waiting until the SEC calls you for an exam.

Delegates were also urged to look beyond the SEC examiners’ first day letter, which is an initial questionnaire provided to the company being examined.

“First day letters are like mile one of a 26-mile marathon,” the lawyer said. “Know what the issues within your firm are. [For firms that have had] a hairy exam in the past, the SEC has been stopping by soon afterwards, so make sure to look at your most recent deficiency letter.” The SEC returns, on average, 18 months after a shaky exam, a different lawyer added.

The value – or not – of cybersecurity insurance

Cybersecurity continues to be a top concern for CFOs. One way firms prepare for cyberattacks is by investing in cybersecurity insurance. However, one tech and legal expert explained that cybersecurity insurance can end up being “essentially worthless.” It’s important to understand what is actually covered under an insurance policy and how the insurance company defines cyberattacks.

“One of our subsidiaries was paying $100,000 for coverage for a specific event and it turned out their insurance had a loophole that made sure that exact event wasn’t covered,” the expert said.

One audience member contributed by saying their firm invests in cybersecurity insurance and social engineering insurance. The former only covers cyber-breaches and the latter covers breaches caused by an employee being tricked or misled into transferring funds based on fake information, such as phishing emails.