The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) issued a National Exam Program Risk Alert on February 7, 2017 (Risk Alert), highlighting the “five compliance topics most frequently identified in deficiency letters that were sent to SEC-registered investment advisers” in a sample of over 1,000 examinations during the prior two years. The deficiencies or weaknesses concerned requirements of the Investment Advisers Act of 1940 (Advisers Act) and rules thereunder related to: compliance; regulatory filings; custody; codes of ethics; and books and records.1 After identifying the topics, the Risk Alert provides examples of typical issues identified by examiners. The Risk Alert encourages advisers to review their compliance programs and states that “where appropriate, the staff referred examinations to the Division of Enforcement for further action.”
The registered entities within OCIE’s oversight include more than 12,000 advisers with nearly $67 trillion in assets under management.2 In late 2016, OCIE’s then-Director indicated that OCIE had bolstered its examination staff for advisers and investment companies by about 20 percent for fiscal 2017, and he referred to advisers as a fast-growing group of registrants that were not subject to a self-regulatory organization.3
Compliance Rule – Rule 206(4)-7
The Compliance Rule requires advisers to: adopt and implement written policies and procedures reasonably designed to prevent Advisers Act violations; annually review their policies and procedures for adequacy and effectiveness; and designate a Chief Compliance Officer to administer the compliance program. In the Risk Alert, OCIE staff found the following issues:
- Compliance manual not reasonably tailored to the adviser. The staff found examples of distinct business practices that were not taken into account by some firms’ compliance programs, including “particular investment strategies, types of clients, trading practices, valuation procedures and advisory fees.” Further, “off-the-shelf” compliance manuals, long criticized by the staff, were still found to be in use.
- Annual reviews not performed or insufficient. Examples of deficiencies included failure to: conduct an annual review; appropriately review compliance manuals for adequacy and effective implementation; and properly remedy identified problems.
- Failure to follow compliance policies and procedures. Examples included failure to: perform internal reviews of business practices as prescribed by the adviser’s compliance manual; and adhere to the manual’s policies related to marketing, expenses and employee conduct.
- Compliance manuals no longer current. Examples included compliance manuals describing, and containing policies and procedures related to: terminated investment strategies; departed personnel; and outdated information regarding the firm.
Advisers are required to comply with certain obligations to make accurate and timely regulatory filings with the SEC, including: Forms ADV and PF pursuant to Advisers Act Rule 204-1 and Rule 204(b)-1, respectively; and Form D (on behalf of private fund clients) pursuant to Rule 503 under Regulation D of the Securities Act of 1933.4 The staff found the following issues:
- Inaccurate or untimely Form ADV filings and amendments. Examples of inaccurate disclosures related to: custody; regulatory assets under management; disciplinary history; client types; and conflicts. Further, certain advisers failed to amend Form ADV promptly to reflect changed information, or to timely file annual updating amendments.
- Inaccurate or untimely Form PF filings.
- Inaccurate or untimely Form D filings.
Custody Rule – Rule 206(4)-2
The Custody Rule sets forth requirements for advisers (or their “related persons”) that (1) hold, directly or indirectly, client cash or securities or (2) have any authority to obtain possession thereof. The Custody Rule is designed to protect client assets from unlawful activities or financial troubles of an adviser. The staff found the following issues:
- Failure to recognize custody where adviser has online access to accounts. Examples included situations where the adviser had withdrawal access to client accounts (e.g., client usernames and passwords).
- Surprise examinations not in compliance with Custody Rule. Examples included: failure to provide sufficient information (e.g., a complete list of accounts subject to custody) to independent public accountants performing surprise examinations; failure to provide appropriate information to enable accountants to file Form ADV-Es; and “surprise” examinations conducted at the same time each year.
- Failure to recognize custody where adviser has certain authority over accounts. Examples included advisers (or their related persons): having power of attorney authorizing withdrawal of client cash and securities; serving as trustees of clients’ trusts; or serving as general partner, managing member or similar position to a pooled investment vehicle.
Code of Ethics Rule – Rule 204A-1
The Code of Ethics Rule requires advisers to adopt and maintain a code of ethics that: subjects all supervised persons to a required standard of business conduct; requires “access persons” to make periodic reports of their personal securities holdings and transactions, and to obtain pre-approval for certain investments; and requires advisers to provide each supervised person with, and obtain an acknowledgment of receipt of, the adviser’s code of ethics. Further, advisers must provide certain disclosures related to the code of ethics in their Form ADV Part 2A (brochure). The staff found the following issues:
- Incomplete list of access persons. Examples included failure to identify certain employees, partners and directors.
- Incomplete information in the code of ethics. Examples included failure to specify requirements pertaining to review of, and timeframes for submission of, personal holdings and transaction reports.
- Untimely submission of personal holdings and transaction reports by all access persons.
- Failure to disclose all information required in the brochure. Examples included failure to: describe the code of ethics; and explain to current and prospective clients that the code of ethics is available upon request.
Books and Records Rule – Rule 204-2
The Books and Records Rule requires advisers to make and maintain certain books and records. Staff specified the following issues:
- Failure to maintain required records. Examples included trade records, advisory agreements and general ledgers.
- Inaccurate or outdated records. Examples included fee schedules, client records and client lists.
- Inconsistent recordkeeping. Examples included contradictory information in separate sets of records.
Implications for Advisers
The Risk Alert notes remedial measures taken by advisers include further improvements to their written compliance programs, alterations to their practices to correspond with their compliance manuals and dedication of additional resources to the compliance function. The Risk Alert also notes that some of these deficiencies resulted in referrals to the Division of Enforcement. The Risk Alert serves as a reminder that investment advisers’ compliance programs are evergreen and require constant attention and review, and that the foundational elements and the details matter.