Full and fair disclosure. The Staff stated that inadequate information made up “nearly half of the disclosure-related deficiencies.” Examples cited included: missing material information “often” based solely on self-reporting by supervised persons of their disciplinary history; “incomplete, confusing, or misleading information regarding disciplinary events” (including the number of events, dates, allegations and any findings); and untimely updating and delivery of client disclosure necessitated by a new disciplinary event. Effective compliance programs. The Staff identified compliance programs that were not reasonably designed to address risks associated with supervised persons with disciplinary histories (e.g., reportable events, bankruptcies). Examples cited included failure to adopt processes to identify whether self-attestations were complete, accurate and up-to-date. The staff of the SEC’s Office of Compliance Inspections and Examinations (Staff) issued a Risk Alert on July 23, 2019, in which the Staff shared observations from its “Supervision Initiative” that “assess[ed] the oversight practices of SEC-registered investment advisers” (advisers) involving persons “with a history of disciplinary events” and other legal actions.1 According to the Risk Alert, OCIE identified advisers to examine in part through the advisers’ public disclosures in Form ADV, and the Staff examined more than 50 advisers in 2017, where the “vast majority” of clients were retail investors. Of interest to all advisers, the Supervision Initiative did not focus just on disciplinary issues, but also considered “firm-wide” supervisory practices because of their importance in setting “tone at the top” and the culture of compliance.
The Risk Alert aims to “raise awareness of certain compliance issues” and encourages advisers to review their policies and procedures in light of the risks inherent in hiring or supervising persons with a disciplinary history, and to evaluate their related disclosure obligations. In particular, the Staff discussed the adoption of policies and procedures meant to enhance the verification of supervised persons’ histories and the supervision of their conduct. The Risk Alert will be instructive to advisers considering the robustness of their supervisory procedures more generally, even for advisers that do not have staff with a disciplinary history.
The Advisers Act defines a “supervised person” as “any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee ..., or other person who provides investment advice on behalf” of the adviser that “is subject to the supervision and control” of the adviser.2 The Risk Alert notes this term covers independent contractors as well as employees. In considering supervision, key concepts identified by the Staff include whether an adviser’s:
- Compliance program is reasonably designed to prevent violations of the Advisers Act, including by supervised persons, under Rule 206(4)-7 (compliance rule);
- Disclosure is “full and fair” and not misleading, including all material facts (e.g., disclosure of “previously-disciplined individuals and their prior disciplinary events”) under Section 206, Rule 206(4)-1 thereunder (advertising rule), and Section 207; and
- Conflicts of interest relevant to the advisory relationship (e.g., compensation arrangements and account management) are “identified, addressed” and disclosed in accordance with Section 206 and the instructions to Form ADV.
The Risk Alert states that the Supervision Initiative resulted in “[n]early all” of the advisers examined receiving deficiency letters, with the “vast majority” related to compliance issues but many related to disclosure. In summarizing the additional Staff observations unrelated to supervised persons with a disciplinary history, the Risk Alert highlights common deficiencies in firm-wide practices that were “frequently identified” during the Supervision Initiative.
Staff Observations Specific to Disciplinary Histories
- Full and fair disclosure. The Staff stated that inadequate information made up “nearly half of the disclosure-related deficiencies.” Examples cited included: missing material information “often” based solely on self-reporting by supervised persons of their disciplinary history; “incomplete, confusing, or misleading information regarding disciplinary events” (including the number of events, dates, allegations and any findings); and untimely updating and delivery of client disclosure necessitated by a new disciplinary event.
- Effective compliance programs. The Staff identified compliance programs that were not reasonably designed to address risks associated with supervised persons with disciplinary histories (e.g., reportable events, bankruptcies). Examples cited included failure to adopt processes to identify whether self-attestations were complete, accurate and up-to-date.
Additional Staff Observations
- Supervision. The Staff observed instances where advisers did not set clear expectations, document standards for supervised persons or supervise such standards; examples identified included verifying that: services paid for were performed; fees were appropriately disclosed; supervision occurred in remote locations; and sufficiently specific guidance was provided to enable supervised persons to comply with applicable rules.
- Oversight. The Staff observed that “many” advisers did not confirm that individuals (including those with clear responsibilities) were performing their duties and appropriately documenting such performance in accordance with the policies and procedures, including with respect to: monitoring of client account type; and maintenance of books and records (e.g., accurate client lists, complete firm financial information, current lists of persons with access to sensitive information).
- Compliance policies and procedures. The Staff observed instances where actual practices were inconsistent with advisers’ policies and procedures or disclosures, including with respect to: commissions; solicitation fees; management fees and expenses; and oversight of certain practices with respect to compensation and branch offices.
- Annual compliance reviews. The Staff observed instances where advisers did not identify or “appropriately assess” risk, or document the review.
- Compensation arrangements. The Staff observed “several” instances of “undisclosed compensation arrangements” for supervised personnel that could have influenced the “impartiality of the advice” 1 2 provided to a client; examples identified included loan forgiveness aligned with “certain client-based incentives” and payment of transaction-based charges that could dissuade supervised persons from executing client trades.
Staff Observations on Ways to Improve Compliance
The Risk Alert describes certain practices observed by the Staff that could “help other firms address the weaknesses” described in the Risk Alert. These include:
- Adopting written policies and procedures that address hiring of supervised persons with a selfreported disciplinary event. The Staff stated that “almost all” such policies “required investigation” into the disciplinary event, and “several” determined whether a barred individual was eligible for licensure.
- Enhancing due diligence when hiring supervised persons to identify disciplinary events. The Staff described how written procedures “more consistently” contained requirements to: verify education; run background checks (e.g., employment, disciplinary, financial, credit histories); search social media and the web; fingerprint; contact references; and engage a third-party researcher. Further, some advisers included practices related to: requesting new hires’ Form U5s; reviewing later filings to account for the period where reporting of termination notices could be recorded (i.e., 30 days or more after hire); and monitoring of CRD/IARD for new information (e.g., after 3 months).
- Establishing heightened supervision to oversee supervised persons with certain disciplinary events. The Staff stated that the presence of written policies made it “far more likely” that an adviser could identify misconduct by a supervised person. Here, the Staff appeared most concerned with disciplinary histories that were potentially related to fraud or the financial industry, including “misappropriation, unauthorized trading, forgery, bribery, and making unsuitable recommendations.”
- Adopting written policies and procedures to address client complaints related to supervised persons. The Staff described how the presence of written policies made it “more likely” that advisers would report receipt of a complaint related to their supervised persons, and advisers were “consistently more likely to escalate” complaints that included “matters of concern.”
- Including oversight of persons working in branch or remote offices in compliance and supervisory programs.
The Risk Alert indicates that the Supervision Initiative led to a “range of actions” by OCIE, and that advisers responded to the Supervision Initiative in numerous ways, including by amending their policies, disclosures and practices. The Risk Alert concludes with a focus on supervised persons with a disciplinary history, indicating that advisers should address the risks associated with the hiring and supervision of such persons in their policies and procedures and the “trigger[s]” for required disclosure.
Implications for Advisers
In focusing on supervised persons with disciplinary histories, the Risk Alert promotes the importance of disclosure and supervision, and emphasizes the role of verification processes in both hiring and supervision of such persons. Nonetheless, many of the lessons of the Risk Alert apply whether or not an adviser currently employs any supervised persons with disciplinary histories. In particular, the Risk Alert encourages advisers to consider whether their written policies provide adequate supervision of their directors, officers and non-clerical staff, and whether their policies are specific enough to guide the standards of conduct they seek to promote. The Risk Alert also indicates that advisers might consider not only whether they have a well-designed and tailored compliance program, but also whether the program is being followed and applied, such as in business functions like human resources and in offices that are considered “remote” or branch offices. As always, the Staff emphasizes that advisers should consider how to document such compliance. The Risk Alert serves as a timely reminder that compliance manuals and the Advisers Act obligations that they are meant to distill are only as effective as the people they guide