L&C 2017 Meeting Report: Understanding the Rules in a Fast Changing World
(For a print version of the report, click here.)
In a time of social change, high emotions, and global populist political transformations, the need for a thorough and precise understanding of the rules of the road has never been greater. And yet, late in the economic recovery, despite a relatively disciplined commercial real estate market and growing economy, the rules are uncertain. Regulatory bodies such as the SEC, local municipalities, the EPA, or international regulatory bodies continue to be a challenge to comply with, much less understand.
This is a good time for a legal & compliance discussion. In November of 2017, NAREIM members gathered to consider several questions. This report focuses on just three: How is the Economy affecting real estate? How well do our regulators understand real estate? And how should we approach cyber security?
How are changes in the economy affecting real estate?
This late in the economic cycle, it is difficult to see exactly where things might be going. According to Chris Nebenzahl of Yardi Matrix, “There are more unknowns than knowns; specifically, when we’re referring to trade policy and geopolitical tensions that could alter the course of the current economic and real estate cycle. Headline report show slow and styled wage gains, but if you analyze median wages there is faster growth, especially in specific hi wage earning industries. Job growth is strong and the equity markets have accelerated rapidly providing potentially more demand for real estate. However, despite inflation holding steady at 2%, there appears to be significant increases in certain areas such as healthcare and housing affordability which are reasonable causes for concern.”
Mr. Nebenzahl went on to offer his perspective on how real estate is likely to do in the next few years: “We’re holding steady in the middle. There real estate market may not soar as it did a few years ago, but we’re not likely going to crash. There has been a pullback at this point due to uncertainty.” At the same time, there are technology disruptors on the horizon in alternative energy and autonomous vehicles that could fundamentally alter values and ultimately the profitability of current real estate strategies. “We’ll start to see alternative energies like solar pick up in areas where cost of energy is quite high; as soon as solar energy takes off and becomes cheaper, efficient storage for that energy will quickly follow. As this clears a path for autonomous vehicles to make their way into our society, the view on roadways, parking, and the surrounding real estate is certain to change as the values of conveniences and necessities change as well. We’ll go from asking ‘what is the value of that asset’ to ‘what can we do to transform what we currently have?’
Uncertainty in the present only compounds as we look farther out. And though the ascension of solar power and autonomous vehicles will take a few years, an investment made today is unlikely to avoid some level of disruptive change in a typical term of 7 to 10 years. Watch for both present and emerging uncertainty.
The SEC: how have they, and how must we, evolve to better prepare for one another?
An increased number of exams, change in government, and shifting enforcement approaches in the past year all contribute to a level of uncertainty about where the SEC is going. Stephanie Monaco of Mayer Brown reflected on recent actions saying, “Despite hefting up a little bit in their examination capabilities, I think that for the real estate industry – the SEC examiners are still trying to apply the lessons they’ve learned in the private equity space to the real estate space. Which prompts the question: how much do they truly understand real estate?”
Jennifer Cattier of Almanac Realty Investors reflected on the increased sophistication of SEC examination teams. “Ten years ago the SEC was just beginning to include valuation experts in the examination process. These valuation experts seemed to be new to real estate and did not seem to understand nuances relative to real estate; for example it seemed that the SEC understood that cap rates exist and that they should ask about it but weren’t clear on how they were actually used in real estate valuation process. However, there has been change in approach over the last few years. Valuation experts understand the real estate valuation process and are able to have a more thoughtful dialogue with the business people.”
Eva Carman of Ropes & Gray reflected that, “It is clear that the SEC exam teams are increasingly sophisticated about the real estate industry. This stems from the fact that they are doing a lot of real estate exams, and they are diving deep when they do so. They are also doing a lot of interviews in those exams, which enables them to understand the advisers practice better. From my perspective, the increase in sophistication is good for the industry, in that the more the examiners understand, the more likely they are to credit certain practices as being in the best interest of the investors. Moreover, they are less likely to measure the RE practices against the PE practices, which was an issue that early on caused concern when it was potentially unclear why a practice in one space might suggest a self-dealing conflict, and in another was consistent with historic practice and something that investors understand.”
Although signs point to no new regulations, as they learn more about how real estate works, the SEC is pursuing more conflict cases. Investment management firms need to be even more diligent as they prepare for their next SEC exam. Some key thoughts about how to prepare were discussed: Ms. Carman pointed to the two questions that must always be asked when evaluating cases: “Is this a potential conflict? Was it disclosed?” Regarding preparations for allocated fund records, Ms. Monaco advised: “If you have a multiple of funds, and you have different disclosures to account for, it’s not that easy to match up certain expenses. If the expenses should be borne by one fund, you really ought to make sure that you are allocating those expenses evenly among all the funds that benefit from the expense – and NOT in a cherry-picked way, only when the language supports it.” And on top of all of the potential details that come with financial disclosures, both advise, “Even if you generally feel good about your financial disclosures today, look back and ask yourself ‘is it really enough?’”
One note that came out of the discussion was alarming – mock exams, though a good discipline to engage in, might actually be an area of risk for investment managers to consider. In considering who you may ask to perform a mock exam, Ms. Monaco advised, “There are a number of outside firms that will do mock exams, but they aren’t all created equally and they are not all prepared to deal with real estate.” Any written reports that come out of a mock exam are routinely asked for by SEC examiners, and any of the conclusions or comments written in such a report are discoverable as evidence. Ms. Monaco continued, “Some organizations write their findings out in a report; color-coding what they’ve found. Since an outside consultant does not have the privacy of attorney-client privilege, anything they write is fair game. Without attorney-client privilege, you’re delivering the roadmap of a bad score to the SEC! Any written report should focus on the resolutions enacted and not include colorful descriptions of the problems found.” It is important for any compliance team to be very clear with any outside mock audit provider about how they want to discuss any issues that are discovered.
Is it time to get serious about cyber security?
There is news every day of new threats and new breeches of security, whether it’s identity fraud perpetrated on a massive scale, holding building systems ransom, stealing valuable information or outright theft, Cyber security has become a concern for every one and every business, and real estate investment managers have to take this issue seriously in ways they never have before. The SEC already does.
Over the past 3 years, the SEC has engaged in rigorous oversight of cyber security and accountability. Kris Lau of ACA Aponix pointed out that, “Beginning in 2015 and into 2017, the SEC conducted cybersecurity sweeps on 75 separate firms and issued several cybersecurity risk alerts. Enforcement cases were brought against firms that had minimal policies or that lacked effective security controls.” The SEC requires detailed policies around the protection of client data and financial resources and in-depth policies and due diligence on third-party service providers that have access to sensitive client data. Employee education of cyber security guidelines and practices is, of course, also required, as is regular work to ensure they are aware of and are able to respond appropriately to any cyber threats. Firms not only have to understand all the threats to and protect client data in their own systems, they also have to understand the inherent vulnerabilities of systems at the asset level – where even an unprotected HVAC control system has the potential to open up access to a cyber-attack and at the employee level – every smart phone or e-mail account is a potential point of vulnerability.
Even though SEC regulation and compliance always requires dedicated attention, the heart of this conversation is about protecting the integrity and sustainability of the entire enterprise. It needs to be taken seriously as a strategic business imperative As Usman Shakeel of LaSalle Investment Management pointed out, “Cyber security is often seen as an IT problem; when this is actually a business problem with an IT solution.” And even though not everyone in a firm needs to become an IT expert, they do need to have an in-depth understanding of the threat and the best policies to follow. “Third party due-diligence service providers for cybersecurity insurance, ensuring that investments with other adhere to a high standard of industry practice, and ‘working to keep your own house clean’…” were recommended as the most effective ways to manage security within one’s own company – with a strong emphasis on implementing staff security training.
Training needs to go beyond policy, and towards experience. Quite often, hackers are able to gain access to systems, data and even wire transfers of money simply by e-mailing or calling an employee and asking for their passcode. Often posing as someone within the company in an e-mail message, it is surprisingly easy to persuade people who are simply trying to be helpful and do their jobs. It’s also difficult for many people to resist clicking on a link or downloading a file, even if they are not sure who sent the message to them. To a great extent, hackers get into company systems, not with brilliant coding, but with social engineering. The best way to make everyone aware of the threat and to protect against this sort of attack is to regularly perform tests or mock attacks by third party security experts. Nothing helps create cyber security awareness better than a mistake – and all employees, from the CEO to the receptionist, need regular reminders. According to Mr. Shakeel, “New employees presented the highest failure rate on mock attacks,” not because they were any more likely to commit an offense intentionally but rather that they have not been adequately prepared to protect sensitive information and adhere to data guidelines. “Setting the tone from the top creates the best business policies and best operational working relationships to ensure that your systems work for you.”
These are just three areas of the compliance & legal discussion. There is plenty more to consider, whether it’s the rules of global capital raising, deal structuring, fraud prevention, or conflict. The rules may be shifting, but the essence of everyone’s job remains the same: be vigilant. Be vigilant when considering how to engage with clients, how to fulfill the duties of a fiduciary, and how to communicate. Be vigilant when looking for conflict in any act as an investor or manager – even if it’s the way “we always did it before.” Be vigilant when protecting data and systems. Google and Amazon understand that data equals money, it’s time that real estate understand that as well. But most important, be vigilant with yourself. Are you in conflict with the interests of investors? Can you find ways to be more careful? No matter what the rules laid down by governments may be, can you search for conflict? No matter what mistakes you might find, do you have the courage to reveal your mistakes, learn from them, and do better next time?← Slides from 2018 S&I Meeting C&I 2017 Meeting Report: How to Raise Capital in a World of Change? →