The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert to provide an overview of notable compliance issues of registered investment advisers (“Advisers”) identified by OCIE related to Rule 206(4)-7 (commonly referred to as the “Compliance Rule”) under the Investment Advisers Act of 1940 (the “Advisers Act”).1
Compliance Rule Deficiencies and Weaknesses
- Inadequate Compliance Resources. OCIE staff observed Advisers that failed to devote adequate resources to their compliance programs. Chief Compliance Officers (“CCOs”) with numerous other responsibilities did not dedicate enough time to fulfilling their responsibilities as CCO or develop their knowledge of the Advisers Act. Compliance departments lacked sufficient resources, such as training or staff, to implement an effective compliance program. Advisers that had grown significantly in size or complexity did not hire additional compliance staff or add information technology in keeping with their growth.
- Insufficient Authority of CCOs. CCOs lacked sufficient authority within the Adviser to develop and enforce policies and procedures. For example, Advisers did not give their CCOs full access to critical compliance information, such as trading exception reports and certain client advisory agreements, and failed to consult their CCOs regarding matters with potential compliance implications. Limited interaction between Advisers’ senior management and their CCOs resulted in CCOs having limited knowledge of the firm’s leadership, strategy, transactions, and business operations.
- Annual Review Deficiencies. Advisers were unable to demonstrate that they conducted an annual review. In other cases, Advisers’ annual reviews failed to identify significant compliance or regulatory issues. For example, Advisers claimed to have performed ongoing or annual compliance reviews but could not produce documentation of the reviews; failed to identify key applicable risk areas in the Annual Review; and failed to adequately review significant areas of their business, such as the oversight and review of third-party managers, cybersecurity, and fees and expenses.
- Implementing Actions Required by Written Policies and Procedures. Advisers failed to implement or perform actions required by their written policies and procedures, such as: training employees; implementing compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosure and other requirements; reviewing advertising materials; following compliance checklists and other processes, including back-testing fee calculations and testing business continuity plans; and assessing the consistency of portfolios with client investment objectives.
- Maintaining Accurate and Complete Information in Policies and Procedures. Advisers’ policies and procedures contained outdated or inaccurate information. Some Advisers used off-the-shelf policies that were not applicable to their business.
- Maintaining or Establishing Reasonably Designed Written Policies and Procedures. Advisers did not maintain written policies and procedures or failed to establish, implement, or appropriately tailor written policies and procedures that were reasonably designed to prevent violations of the Advisers Act. For example, Advisers relied on cursory or informal processes instead of maintaining written policies and procedures, or utilized policies of an affiliated entity, such as a broker-dealer, that were not tailored to the business of the Adviser. When Advisers did maintain written policies and procedures, OCIE observed deficiencies or weaknesses in establishing, implementing, or appropriately tailoring written policies and procedures in the areas of portfolio management; marketing; trading practices; disclosures; advisory fees and valuation; safeguards for client privacy; required books and records; safeguarding client assets and custody; and business continuity plans.2
In concluding the Risk Alert, OCIE encouraged Advisers to review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are tailored to the Adviser’s business and adequately reviewed and implemented.
The Risk Alert demonstrates that OCIE is very focused on the empowerment of Advisers’ compliance teams to adopt and implement effective compliance programs as the Adviser’s business and industry evolve. Maintaining a stagnant set of often-ignored compliance procedures will result in regulatory issues.
Seward & Kissel LLP, and our compliance consulting service SKRC (Seward & Kissel Regulatory Compliance), are available to assist Advisers with the issues identified in the Risk Alert.