SEC recently brought an administrative proceeding that should put Investment Advisers on notice that the agency continues to assess the quality of a firm’s compliance program and the performance of its Chief Compliance Officer (CCO). In IMC Asset Management, Inc. (IMC), the SEC, after finding serious overall compliance program failures, required the firm’s CCO to complete comprehensive compliance training by December 31, 2013, required the firm to retain a consultant to render compliance advice and reviews for at least two years, and fined the firm $30,000. This matter follows several other settled cases, which were resolved in late 2011, in which the SEC alleged serious overall compliance program deficiencies and found that the CCOs at those firms did not devote enough time to compliance responsibilities. (Link 1) (Link 2)

The SEC found that IMC disregarded its compliance obligations over a number of years in a number of ways. With respect to compliance staffing, in April 2009 and July 2012, IMC appointed two different CCOs who had little formal compliance experience or training. The CCO appointed in April 2009 had been hired as a portfolio manager, and the SEC found that this individual performed no meaningful compliance functions until June 2010.

The SEC also found that the IMC’s written compliance policies and procedures were not adequately tailored to the firm’s risks and were not designed to prevent violations of the Advisers Act. IMC was, until May 30, 2009, a dually-registered investment adviser and broker-dealer. Prior to May 30, 2009, IMC’s compliance policies and procedures addressed only IMC’s broker-dealer business and did not meaningfully address the firm’s advisory business. On that date, IMC withdrew its broker-dealer registration and, thereafter, was an investment adviser only, but it did not modify its compliance policies and procedures to address its investment adviser compliance risks. Although IMC had been registered with the SEC as an investment adviser since October 2007, it had not conducted any annual review of its compliance policies and procedures, as required by the Adviser’s Act. While the firm purported to conduct a "compliance visit" in May 2009 (some 20 months after it became registered with the SEC), IMC’s then-CCO did not know about or participate in the compliance visit and further did not know the results of the event.

The SEC also found that IMC did not respond properly to SEC findings from a prior examination conducted by the SEC in November 2010. After the SEC notified IMC of numerous compliance program deficiencies in December 2010, IMC performed an internal compliance review and, with the assistance of an outside compliance consultant, revised the firm’s written compliance program policies and procedures to address IMC’s investment adviser risks and activities. By February 2011, IMC had begun implementing recommendations from the internal compliance review, which included hiring a new CCO. However, in July 2012, IMC terminated the CCO it had just hired and replaced that person with an existing employee who had minimal compliance experience or training.

As a result of these various failures, the SEC found that IMC had willfully failed to adopt and implement appropriate written procedures to prevent violations of the Adviser’s Act.

In light of this SEC case, investment advisers should consider the following:

  • Firms should ensure that their compliance department personnel, including but not limited to CCOs, have the appropriate training and experience to perform their assigned compliance functions. In evaluating whether compliance personnel are fit to perform their responsibilities, the SEC is likely to focus on the person’s prior investment adviser compliance experience and training. The SEC is also likely to evaluate the perceived competence of the compliance department as a whole. In conducting these evaluations, the SEC will likely look to the business and compliance risks created by the investment adviser’s business model, which includes the types of services the adviser provides, the types of products it recommends (complicated structured products on one hand versus mutual funds on the other) and its types of customers (i.e., higher net worths, heightened sophistication, predominately elderly, etc.).
  • Firms should also evaluate whether they have the appropriate number of compliance personnel. For instance, the SEC will view differently the perceived compliance needs of a firm with $125 million in assets under management (AUM) and six employees as opposed to a firm with $20 billion in AUM. A particular risk is presented when the CCO wears "multiple hats" at the firm. In that instance, the SEC is likely to focus on how much time, in a given work week, the individual spends on compliance functions as opposed to other assigned responsibilities. Again, the SEC will likely look at the nature of the firm’s business model in assessing whether there are enough compliance personnel.
  • It is not enough to create policies and procedures -- they have to be evaluated periodically (at a minimum annually) to ensure that the procedures remain appropriate for the firm’s existing business model and compliance risks. Such procedures similarly need to be tested periodically to ensure that they are performing as designed. Testing a procedure for particular function or subject matter should be performed by a person other than the individual identified in the procedures as responsible for the function.
  • Finally, a firm should pay particular heed to SEC findings made in any prior examination, and such findings should be addressed promptly and comprehensively. Any revisions to the compliance policies and procedures, and changes in compliance personnel responsibilities, should appropriately address such findings.