When the SEC adopted Rules 38a-1 under the Investment Company Act of 1940 (Investment Company Act) and 206(4)-7 under the Investment Advisers Act of 1940 (Advisers Act) in 2003 – which required registered funds and registered advisers to adopt compliance policies and procedures – William Donaldson had just become SEC Chairman in the wake of the Enron and WorldCom scandals, and the fund industry was reeling from the market-timing and late-trading scandals uncovered by New York State Attorney General Elliot Spitzer. Pursuant to these rules, funds and advisers were required to adopt “risk‑based” compliance policies and procedures that are “reasonably designed to comply with federal securities laws.”

Now, almost twelve years later, an investment adviser or fund that relies on the minimalist guidance of that SEC adopting release (Compliance Rule Release)1 to develop a “risk-based” compliance program designed to comply with federal laws would likely find its compliance program viewed by the SEC Staff as insufficient. Those responsible for developing fund and adviser compliance programs need to be cognizant of the new regulatory environment where the Staffs of three different SEC divisions (Enforcement, Investment Management and the Office of Compliance Inspections and Examinations (OCIE)) express their evolving views on compliance issues in a variety of ways that are outside of the traditional rule-making process – including the disclosure comment process, SEC Staff “guidance updates,” sweep exams, statements in SEC rule releases, and Commissioner and Staff speeches.

While concerns have been expressed about certain aspects of the more informal, ad-hoc and, at times, less transparent manner in which regulatory authority has increasingly been exercised (particularly since the 2008 financial crisis), it is still necessary for funds and advisers to understand and adjust to these new realities, and proactively consider their compliance process to account for this guidance. This approach: requires additional vigilance, not just from compliance personnel, but throughout the advisory organization and those involved in fund governance; presents additional challenges and demands to advisers and fund groups; and requires additional resources be devoted to this effort.

A Fresh Look at the Compliance Release

It is helpful to periodically review the December 2003 Compliance Rule Release when considering compliance issues. In some ways, the Release is a reflection of the headline news when it was considered and adopted, and reflects a substantial focus on the market-timing scandals.

At the same time, some of the guidance goes well beyond the imperative of developing compliance policies to address the market-timing concerns in place in 2003. The Compliance Rule Release reminds advisers and funds that not only should procedures be designed to prevent violations, but also to detect and “correct promptly any violations that have occurred.” Besides a litany of common areas for compliance policies – such as portfolio management processes, trading practices, marketing and valuation – the Compliance Rule Release emphasizes “safeguarding client assets from conversion or inappropriate use by advisory personnel.” The Compliance Rule Release also stresses the importance of a good governance process and suggests that policies and procedures should incorporate policies and procedures to guard against: an improperly constituted board; the failure of the board to request and consider matters entrusted to it; and “the failure of the board to request and consider information required by the Investment Company Act from the fund adviser and other service providers.” This guidance anticipates recent enforcement actions against fund boards for failing to do just these things.2

The Compliance Rule Release also anticipated that certain service providers, such as third-party sub-advisers, might not always be as cooperative with the fund CCO as they should be, and provides guidance on the topic:

Arrangements with the service provider should provide the fund’s chief compliance officer with direct access to these personnel, and should provide the compliance officer with periodic reports in the event of compliance problems. In addition, the fund’s contracts with its service providers might also require service providers to certify periodically that they are in compliance with applicable federal securities laws, or could provide for third-party audits arranged by the fund to evaluate the effectiveness of the service provider’s compliance controls.3

This language could be useful to a fund or adviser CCO dealing with a stubborn sub-adviser or administrator who resists fully cooperating, or who insists that its cooperation be subject to a self-defined standard of reasonableness.

While the Compliance Rule Release contains this useful guidance that holds up well today, at the same time, there is also a minimalist tone to the Commission’s expectations:

The rule requires only that the policies and procedures be reasonably designed to prevent violations of the Advisers Act, and thus need only encompass compliance considerations relevant to the operation of the adviser.4

While these statements are not particularly controversial, the repeated use of the modifier “only” and the highlighting of the word “reasonably” suggests that the SEC’s expectations for compliance programs back in 2003 may have anticipated a lower bar for what constitutes an adequate compliance program than current expectations. In fact, it is not uncommon now for SEC enforcement actions that find problems to be coupled with a charge that a fund service provider also violated Rule 38a-1 by not adopting particular policies.5

Similarly, the cost-benefit analysis portion of the Compliance Rule Release states that “[w]e would expect that funds and advisers with substantial commitments to compliance would incur only minimal costs in connection with the adoption of the new rules ... .”6 And, when discussing the annual review requirement for adviser and fund compliance programs, the Compliance Rule Release states, “[w]e anticipate the costs associated with the annual review requirement also will be limited.”7

Our experience after the adoption of the compliance rules was that even firms with strong compliance programs spent significant time and effort on developing a formal 38a-1 and 206(4)-7 compliance program. Nevertheless, these efforts have grown substantially over time.

Notably, the SEC Compliance Rule Release did explicitly contemplate the risk that a fund CCO may not carry out their responsibility in an appropriate manner; however, the remedy that was contemplated in the Release was that the underperforming CCO would be removed by the Fund board and similarly shunned by other fund boards rather than being punished by an SEC enforcement action:

Thus, a chief compliance officer who fails to fully inform the board of a material compliance failure, or who fails to aggressively pursue non-compliance within the service provider, would risk her position. She would also risk her career, because it would be unlikely for another board of directors to approve such a person as chief compliance officer.8

Looking at the tone of the Compliance Rule Release and the modest number of procedures specifically described, it seems clear that the SEC’s expectations of what constitutes a “reasonably designed” compliance program are significantly higher today than they were in 2003.

Further, only a small portion of the added responsibilities actually derive from new rules that have been put in place, such as rules relating to the disclosure of portfolio holdings, redemption fees, fund-of-funds investments, and two sets of new rules for money market funds. Instead, most of the added burden comes from informal SEC guidance arising from Guidance Updates, sweep exam comments, statements from SEC speeches and comments to registration statement disclosure.

Division of Investment Management Guidance Updates

In recent years, the Division of Investment Management has issued “Guidance Updates” to set forth the Division’s views on issues of interest. These Guidance Updates were issued approximately monthly in 2013 and 2014 (less so this year) and are a window into the Staff’s current thinking, both in terms of areas of focus as well as how they view particular issues.

While these Guidance Updates do not carry the same weight as regulations, they provide very useful, often detailed, information about the Division’s current thinking and expectations with respect to key compliance issues. By way of example, recent Guidance Updates – on fixed income risk management, the Testimonial Rule and social media, cybersecurity, compliance with exemptive orders, and gifts and entertainment policies – all address compliance issues that are relevant to many investment advisers and funds. As discussed below, these Guidance Updates are often quite specific about how the Division of Investment Management views compliance with Rules 38a-1 and 206(4)-7 to be tied into the guidance that is being provided.

The discussion below is not intended to provide a complete summary of these Guidance Updates, but rather to highlight certain important compliance issues they address and tie this guidance to the SEC’s more generalized guidance for compliance programs under Rules 38a-1 and 206(4)-7 found in the Compliance Rule Release and elsewhere.

Compliance with Exemptive Orders (February 2013)

Section 6(c) of the Investment Company Act empowers the Commission to grant exemptions from any statutory provisions of that Act or rules promulgated thereunder. This flexibility has allowed the 75-year-old law to adapt and evolve to modern financial markets, accommodate new products such as funds-of-funds and exchange-traded funds, and allow for certain types of transactions that may be beneficial to fund investors. Exemptive orders issued by the Commission typically contain a number of representations and conditions that are intended to provide appropriate safeguards in connection with the exemptive relief granted by the Commission.

In its May 2013 Guidance Update, “Compliance with Exemptive Orders,”9 the Staff cited to a 2011 report by the SEC’s Office of the Inspector General that detailed examples of firms that did not abide by the conditions and representations of their exemptive orders. This Guidance Update also observed that if a firm is not complying with the representations and conditions upon which the exemptive relief is predicated, the firm risks committing violations of federal securities laws. Consequently, a fund that relies on any exemptive order that contains conditions and representations should consider adopting policies and procedures specifically designed to facilitate compliance with the representations and conditions in these orders.

These policies and procedures need not be complex and cumbersome. For example, a check-list highlighting the relevant representations and conditions may suffice. Similarly, a fund or adviser that relies on no-action letters to engage in certain activities may wish to add the conditions and representations relating to these no-action letters to its compliance program as well. In our experience, SEC sweep exams that relate to areas where exemptive relief has been traditionally granted, such as securities lending, do focus specifically on compliance with the conditions of these orders and no-action letters.

Risk Management in Changing Fixed Income Market Conditions (January 2014)

After the 2008 financial crisis and the 2010 enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), the SEC has become more focused on proactively addressing potential systemic risks in the financial markets as they can impact regulated entities, particularly with respect to fixed income funds. In early 2014, the SEC Staff released a Guidance Update entitled “Risk Management in Changing Fixed Income Market Conditions”10 that was addressed to registered fund advisers and their boards. While the phrase “risk management” does not appear in the Compliance Rule Release and there is no specific discussion regarding liquidity, Section 22(e) of the Investment Company Act provides that an investment company may not suspend the shareholder’s right to receive a redemption within seven days.

This Guidance Update discussed actions that fixed income managers should consider taking to “stress test” their portfolios and monitor liquidity in market conditions where there are fewer market makers, communicate with fund boards and appropriately disclose these risks to investors.

Since the publication of this Guidance Update, we have seen additional presentations on this topic to fund boards and the codification of practices that many managers had already been taking with respect to liquidity risk management.

Risk management is clearly an area where a one size fits all approach to compliance policies is not appropriate. While there are substantial differences in the types of risk management programs used by advisers depending on their resources and types of investments, fixed income managers advising registered funds and their boards should be cognizant of this Guidance Update.

Guidance on the Testimonial Rule and Social Media (April 2014)

An investment adviser that utilizes social media, or whose employees do so (which includes most advisers), should be aware of positions that are taken in this March 2014 Guidance Update.11 In particular, the interactive nature of social media raises concerns as to whether comments about an investment adviser on its website or through social media sites would constitute an impermissible “testimonial” in violation of Rule 206(4)-1(a)(1). The Guidance Update reminds advisers that the SEC considers testimonials to be inherently misleading in advertisements due to the fact that they generally only include positive testimonials and disregard negative ones, which may give rise to the mistaken inference that the person giving the testimonial is a typical client of the investment adviser.

This Guidance Update follows up an OCIE exam on social media and provides some rules of the road on an adviser’s ability to rely on ratings of the adviser’s services on social media sites. While this Guidance Update focuses on the specific prohibition found in the “Testimonial Rule,” the Compliance Rule Release specifically mentions the marketing of advisory services as an area that should be covered by an adviser’s compliance policies and procedures. Advisers, particularly, those with retail clients, typically include a discussion of social media in these compliance procedures. Accordingly, this Guidance Update should be considered in connection with the review of these procedures.

Cybersecurity Guidance (February 2015)

While cybersecurity was not addressed in the Compliance Rule Adopting Release, that Release did highlight five specific areas for advisers and funds that are relevant to cybersecurity: (i) safeguarding of client assets from conversion or inappropriate use by advisory personnel; (ii) maintenance of required records in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction; (iii) safeguards for the privacy protection of client records and information; (iv) business continuity plans; and (v) processing of shareholder transactions. In fact, the Cybersecurity Guidance Update12 specifically notes the connection between cybersecurity and compliance with federal securities laws:

Funds and advisers could also mitigate exposure to any compliance risk associated with cyber threats through compliance policies and procedures that are reasonably designed to prevent violations of the federal securities laws. For example, the compliance program of a fund or an adviser could address cybersecurity risk as it relates to identity theft and data protection, fraud, and business continuity, as well as other disruptions in service that could affect, for instance, a fund’s ability to process shareholder transactions.13

Thus, while cybersecurity is a relatively recent area of focus for advisers and funds, the SEC Staff is reminding the industry of the clear tie between these policies and compliance with federal securities laws.

Acceptance of Gifts and Entertainment by Fund Advisory Personnel – Section 17(e)(1) of the Investment Company Act; Code of Ethics Guidance for Investment Advisers (February 2015)

While broker-dealers are subject to specific rules regarding gifts and entertainment,14 most investment advisers also have adopted policies and procedures regarding gifts and entertainment in their own code of ethics and/or as stand-alone policies, to ensure that advisers meet their fiduciary obligations to clients and in response to recent high-profile enforcement actions against advisers and advisory personnel who accepted lavish gifts and entertainment from broker-dealers doing business with the adviser.15

The recent Guidance Update16 reminds advisers and funds that the prohibitions in Section 17(e)(1) of the Investment Company Act against fund affiliates receiving compensation in connection with the purchase or sale of property could be applicable to gifts and entertainment that are received by investment advisers from broker-dealers who transact business with funds. While many firms remain satisfied that their current gift and entertainment policies remain reasonably designed to protect against violations of federal securities laws, including Section 17(e), advisers and fund CCOs should understand how this guidance could impact their current practices regarding gifts and entertainment and make an informed decision on how to address the Staff’s concerns.

The foregoing is just a sample of over 25 Guidance Updates that have been issued since 2013, and is not intended to be an exhaustive review of all of those that have ramifications under Rules 38a-1 and 206(4)-7. These Guidance Updates should be reviewed by fund and adviser compliance teams on an ongoing basis, and there should be ongoing communications with fund counsel and other service providers to address the SEC Staff’s guidance and positions. In addition, while some of these Guidance Updates received significant attention when released, it is a good idea to go back and check whether the Staff has issued a Guidance Update in the course of reviewing a compliance policy, as there may have been an Guidance Update a few years ago that has faded from current focus.

Certain of these Guidance Updates reflect positions that may be subject to reasonable alternative interpretations that have been articulated by industry participants. Nevertheless, funds and advisers should be aware of the positions that are articulated in these Guidance Updates and make informed decisions that consider current Staff views when drafting or reviewing their compliance programs.

SEC Speeches

While one step removed from the Guidance Updates in providing specific actionable guidance for compliance programs, advisers and funds also should keep a watchful eye on speeches by SEC Commissioners and Staff to get a sense of tone, regulatory focus, and particular areas of interest or concern.

Broken Windows

One speech that garnered significant attention in the asset management industry was Chair White’s October 2013 remarks at the Securities Enforcement Forum, where she analogized the SEC’s focus on smaller violations to the New York City Police Department’s “broken windows” theory of policing.17 Chair White’s speech made several points: the SEC has enhanced its reach with improved data analysis tools and expertise and other surveillance capabilities; the SEC would focus on deficient “gatekeepers,” including fund boards and auditors who, in the Commission’s view, fail to carry out their responsibility to protect investors; and the SEC would focus on “fixing broken windows,” which includes pursuing smaller violations and acting quickly and decisively to attack wrongdoing.

While this speech was given after the SEC had already pursued mutual fund directors, subsequent actions against fund directors, auditors, and compliance officers indicate that Chair White’s statement about pursuing deficient gatekeepers reflects an area of enforcement focus by the Commission.

Alternative Funds and Liquidity

A recent speech that provides a good window into the thinking of the SEC is Commissioner Stein’s speech to the Brookings Institution this June in connection with the 75th anniversary of the Investment Company Act.18 Commissioner Stein discussed the importance of the Act in the U.S. economy and the current ways that the Commission is working to maintain the Act’s relevance and effectiveness in today’s financial marketplace.

Commissioner Stein highlighted the important protections built into the Investment Company Act and the emphasis on the Act’s protection of retail investors. She expressed concerns that certain financial products might be engaging in undue risks, particularly in the areas of liquidity and leverage, and she observed that the current patchwork of ad hoc guidance interpreting the restrictions in Section 18 of the Investment Company Act on the issuance of senior securities and the use of leverage has not kept up with the proliferation of derivative-centric investment strategies used by registered funds. She indicated that the Commission is taking a close look at these issues. In her speech, Commissioner Stein also identified the disconnect between the SEC’s definition of an illiquid security and the long settlement periods for certain instruments (such as bank loans) that meet this liquidity definition, and she expressed concerns regarding the disconnect. The speech is consistent with other recent informal guidance and telegraphs current SEC initiatives that are expected to formally address these issues.

Conflicts, Conflicts Everywhere

A February 2015 speech to the IA Compliance Conference, Julie Riewe, the Co-Chief of the Asset Management Unit of the SEC’s Division of Enforcement, highlighted the emergence of this Unit in recent years.19 Ms. Riewe began with a review of the Unit’s capabilities history and close working relationship with OCIE and the Division of Investment Management. She discussed the Unit’s 2015 priorities which, for registered funds, includes a close look at the 15(c) process and compliance with issues regarding fund distribution, including compliance with Rule 12b-1. Ms. Riewe discussed the issue of conflicts by investment advisers and the Unit’s recent cases relating to adviser conflicts and breaches of fiduciary duty. Ms. Riewe highlighted the necessity of identifying potential conflicts, disclosing them to clients, including fund boards, and taking steps to either eliminate or mitigate the conflicts.

The conflicts theme is an important one in the Compliance Rule Release, and the Enforcement Division’s focus on this issue in cases against fund advisers is an apt reminder that this remains an important focal point of any compliance program. In addition, recent cases by the SEC alleging deficiencies in the 15(c) process20 again show the connection between speeches and enforcement priorities.

While reviewing speeches by the Commissioners and senior Staff members is unlikely to result in a massive overhaul of a compliance program, it can be a useful exercise in establishing priorities and considering whether there are particular policies and procedures that need to be refocused on a particular area of concern or perhaps need to be made stricter.

SEC Disclosure Staff Comment Letters

When reviewing registration statements for new funds as well as annual updates, the Division of Investment Management’s Disclosure Staff has, on occasion, used the comment process to reflect Staff positions on certain substantive issues that have compliance ramifications. For example, the disclosure Staff regularly comments that funds that write credit default swaps (that is, sell protection) are expected to cover the “notional amount” of these instruments rather than the “mark to market” amount to meet with obligations under Section 18 of the Investment Company Act, notwithstanding the fact that the SEC’s 2011 Concept Release on the Use of Derivatives did not take a position on this issue.21 The Disclosure Staff also has provided comments with respect to: compliance with the “Names Rule” (Rule 35d-1); investments in private funds (requesting confirmation that they should be treated as illiquid investments); and what constitutes appropriate industry classifications for certain investments.

As a result, reviewing SEC Disclosure Staff comment letters (which are now publicly available) can provide an investment adviser with a sense of Staff views on certain compliance issues.

Rule Releases

Another area of guidance is found in SEC rule releases. While earlier proposing and adopting releases often merely introduced the text of new rules and provided little or no gloss on these rule-makings, SEC rule releases have become increasingly detailed and complex, often totaling hundreds of pages and sometimes over a thousand footnotes.

While these releases provide additional guidance with respect to interpretation and compliance with these rules, in one notable instance last year, the SEC’s adopting release as to the new money market fund rules (893 pages and 2,530 footnotes)22 also contained guidance relating to valuation that went beyond money market funds – with respect to the use of amortized cost for instruments that mature in less than 60 days, and with respect to SEC expectations relating to the use of pricing services that provide evaluated prices for fixed income funds. This additional language was not part of the rules that were the subject of the release and impacted numerous funds that were not subject to the rule-making. In response to this guidance, we have observed that many fixed income fund managers are providing fund boards with additional information about the “inputs, methods, models, and assumptions used by the pricing service to determine its evaluated prices, and how those inputs, methods, models, and assumptions are affected (if at all) as market conditions change.”23 There also has been an increase in presentations by the pricing services themselves to fund boards.

Responding to this Informal Guidance

In response to the increased level of this less formal guidance, firms need to be proactive in staying abreast of developments, including making frequent visits to the SEC’s website. However, while certain information (such as Guidance Updates) is available to everyone who checks the SEC’s website, other information (such as comments from sweep exams) requires that an adviser or fund be directly subject to SEC inquiry. There are a number of ways to address these informational gaps, both formal and informal. These include participation in industry groups such as the Investment Company Institute or the Investment Adviser Association, informal round-tables, and networking with other firms. Ongoing conversations with legal counsel, accountants and compliance consultants also can help alert the adviser’s compliance team with respect to current developments, areas of SEC inquiry and different approaches to issues in the industry.

While everyone should take these actions, there are some other steps that advisers and funds may wish to consider to minimize the risk of “broken windows” in their compliance structure. A few suggestions along these lines follow.

Focus on Governance at Both the Fund and Adviser Level

It has become axiomatic that it is essential for funds to have a strong governance structure. This is emphasized by the SEC and industry commentators in numerous places, and is being tested by the SEC as its exam process increasingly includes questioning independent fund directors. In addition, as noted, the SEC will not shrink from bringing an enforcement action against fund directors whom they believe are failing to carry out their oversight responsibilities.

While fund governance has received a great deal of attention, the governance structures of the fund’s other service providers – particularly the investment adviser – is a less discussed area, but also important. This does not necessarily mean that adviser boards need to play the same role as fund boards. For one thing, the types of entities and organizations that serve as investment advisers are too varied for a one size fits all approach. Nevertheless, all advisers can take actions to establish an appropriate tone at the top with respect to compliance. This could mean that the adviser’s board would play an oversight role with respect to compliance, or it could be through an executive committee of senior management. The key is that there be some type of governance structure so that the adviser CCO has direct access to senior leadership of the organization and that the organization is directly invested in compliance beyond delegating matters to the CCO.

Another important step is to see to it that the CCO not be siloed in the organization, but instead have a strong understanding of the business. The compliance program should not only address the issues that are keeping the CCO up at night, but the CCO should also know what is keeping the other members of the firm’s “C Suite” up at night, as well as issues causing concern to the chief investment officer, the head of trading, the chief information officer, the general counsel, and the head of human resources. At a smaller firm, these roles may be shared or outsourced, but the point is that the CCO must have her finger on the pulse of the business and not be isolated from the operations of the firm.

Rarely do these types of quasi-rulemaking require wholesale changes in compliance policies. Instead, it is more a matter of making fine-tuning adjustments to policies, on an as needed basis, in response to these informal regulatory pronouncements. That being said, small adjustments to policies and procedures are not always easy to carry out. In some cases, systems and/or desk procedures will need to be tweaked to ensure consistency with these procedural changes. In addition, proper education and training may need to be carried out to make sure that appropriate personnel are properly addressing these changes. If an adviser changes its written policies to respond to SEC guidance, but these changes are not carried out in day-to-day operations, the adviser may be worse off than if it had not made the changes to its policies.24

Taking a Fresh Look at Your Procedures

Politicians periodically tout the benefits of “zero-based budgeting” whereby all cost components of a budget need to be justified on an annual basis. In a similar vein, fund and adviser compliance teams may want to consider implementing a variant of this concept whereby compliance policies are reviewed de novo with a skeptical eye. Instead of starting with the baseline of the current policies and procedures, ask why the actions are being taken, re-read the relevant statutes, rules and other guidance (for example, SEC releases and no-action letters) to confirm that the language in the policies and procedures is accurate, precise, and comprehensive, and consider whether there are other means to achieve the compliance goals.

It is likely not practical to undertake a “zero-based compliance review” on an annual basis, but a process-based ongoing review of compliance policies and procedures – with particular focus on the highest risk areas and changes in the organization’s structure, operational capabilities and product mix – is a sensible way to avoid outgrowing your compliance program, as well as capturing any policies and procedures that were poorly designed, based on incorrect information or have otherwise outlived their usefulness.

Conclusion

Since the 2003 adoption of Rules 38a-1 and 206(4)-7, the SEC has become increasingly active and prescriptive in reviewing fund and adviser compliance, and commenting on the types of policies and procedures that should exist and how they should operate. This guidance is largely informal and dynamic, as the Commission and SEC Staff’s views evolve in response to market events, regulatory and political pressure, and the development of new financial products.

In response to these developments, adviser and fund compliance programs cannot be static, and funds and advisers must stay abreast of changes in the regulatory climate, as well as their business, and promptly respond to current developments.

This article originally appeared in the September 2015 issue of The Investment Lawyer.