On April 26, 2022, the SEC’s Division of Examinations (the “Staff”) issued a risk alert1 (“Risk Alert”) on notable deficiencies it observed in examinations of investment advisers concerning compliance with Section 204A of the Investment Advisers Act of 1940 (“Advisers Act”) and Rule 204A-1 (“Code of Ethics Rule”) thereunder. Section 204A requires advisers to establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material nonpublic information (“MNPI”). The Code of Ethics Rule requires registered advisers to adopt a code of ethics that includes, among other things, provisions requiring “access persons”2 to report their personal securities transactions and holdings to the adviser.
The Risk Alert focused on weaknesses the Staff observed related to alternative data sources, expert networks and consultants, and value-added investors. According to the Risk Alert, “alternative data” (a term not defined by statute, rule, or regulation) refers to “many different types of information used in financial analysis, beyond financial statements, company filings, and press releases,” including “information gleaned from satellite and drone imagery of crop fields and retailers’ parking lots, analyses of aggregate credit card transactions, social media and internet search data, geolocation data from consumers’ mobile phones, and email data obtained from apps and tools that consumers may utilize.” The Risk Alert also detailed common deficiencies the Staff has observed with the respect to the Code of Ethics Rule.
The Staff’s observations in the field concerning advisers’ alternative data policies, procedures, and practices is the headline topic of the Risk Alert. While acknowledging that alternative data “does not necessarily contain MNPI,” the Staff expressed concern that advisers have not adopted or implemented policies and procedures reasonably designed to address the risk that they may receive MNPI through alternative data sources. The Staff noted that advisers did not have adequate policies and procedures in place regarding the assessment of the terms, conditions, or legal obligations related to the collection or provision of alternative data, including when advisers became aware of red flags about the sources of such alternative data.
The Staff expressed concern that advisers who do have alternative data policies in place are not implementing them consistently across all data sources, refreshing their diligence of data providers periodically or in light of changed data collection processes, or documenting their diligence processes.
The Staff noted that certain advisers engaged in ad hoc and inconsistent diligence of alternative data service providers despite having appropriate policies in place. Similarly, the Staff observed certain advisers that did not apply their due diligence process to all sources of alternative data. A common issue was having an onboarding process for alternative data service providers, but not having a system for determining when due diligence needed to be refreshed based on the passage of time or changes in data collection practices.
Expert Network Consultants
The Risk Alert included reminders in connection with value-added investors, expert networks, and expert network consultants.3 Of note is the Staff’s concern with trading in securities of publicly traded companies that are in “similar industries” as the companies that are the subject of expert consultations. In other words, without making explicit reference to the SEC’s recent “shadow trading” enforcement action, it is fair to say the Staff expects advisers to adopt and implement policies and procedures to safeguard against trading in the securities of a company while in possession of confidential, nonpublic information of another, economically linked company.4 Of course, shadow trading concerns may touch on multiple aspects of MNPI compliance, not just the use of expert networks or consultants, including, among other things, value-added investors, meetings with public company management, wall crossings, and management of a firm’s restricted list.
Additionally, when it comes to policies and procedures related to the use of expert networks and consultants, the Risk Alert was more proscriptive than customarily has been the case. Generally, the Staff reminds registrants of the four corners of their compliance obligations and then leaves it to them to determine how best to meet those obligations in light of their business or strategies. Here, the Staff was quite specific about that fact it wants to see advisers’ compliance functions track and log calls with expert consultants, review detailed notes of those calls, and review trading activity in the securities of publicly traded companies that are in the same or similar industries as those discussed during such calls.
The Staff noted that certain advisers did not establish adequate policies and procedures regarding value-added investors, that is, investors and key persons who are more likely to possess MNPI (e.g., officers or directors at a public company, principals or portfolio managers at asset management firms, and investment bankers). Further, once those policies and procedures are in place, the Staff observed, advisers must be sure to correctly identify all value-added investors and track their relationships with potential sources of MNPI.
The Code of Ethics Rule
The Risk Alert highlighted the following examples of deficiencies noted associated with the Code of Ethics Rule:
- Not identifying and supervising certain employees as access persons;
- Not requiring access persons to obtain pre-approval before acquiring interests in initial public offerings or limited offerings;
- Being unable to produce evidence of supervisory reviews of holdings and/or transaction reports;
- Permitting the CCO to self-review their own reports;
- Failure to collect reports from access persons; not requiring access person to submit reports; or reports that were not submitted within the Rule’s timeframes; and
- Not providing supervised persons with a copy of the code and/or not collecting written acknowledgments of receipt of the code or any amendments.
The Staff also shared some examples of practices that advisers should consider in crafting their codes, including incorporating the use of a restricted list as well as procedures to ensure that investment opportunities are offered to clients before the adviser or its employees may act on them.
Risk alerts from the Staff serve to put the industry on notice that the Staff wants to see improvements in certain compliance areas and, if they do not see such improvements, enforcement referrals may follow. We recommend that advisers take this opportunity to review their MNPI policies and procedures pertaining to alternative data, expert networks and consultants, value-added investors, and personal trading. Specifically, we recommend advisers work to design and implement procedures for conducting due diligence and onboarding alternative data providers, document their diligence process, and refresh their diligence on data vendors periodically or as appropriate.
As noted above, where the Risk Alert was more proscriptive with respect to the use of expert networks and consultants, we suggest advisers consider these measures to be the Staff’s view of the baseline for compliance. Additionally, in several places, the Risk Alert referred to inadequate documentation of the implementation of advisers’ policies and procedures. This should serve as a reminder that an important part of compliance is documenting and maintaining records demonstrating the firm’s adherence to its policies and procedures.
Should you have any questions regarding the Risk Alert or any of the information contained herein, please do not hesitate to reach out to your primary contact at Seward & Kissel LLP.