The staff of the SEC's Division of Examinations (Exam) recently issued a Risk Alert that detailed certain rules registered investment advisers must comply with to prevent the misuse of material nonpublic information (MNPI), along with certain purported deficiencies Exam has observed in this area. The Risk Alert comes on the heels of multiple SEC enforcement actions against registered investment advisers for alleged failures to comply with pertinent MNPI provisions under the Investment Advisers Act of 1940 (IAA) and rules thereunder. In this post, we give a brief overview of the relevant rules, highlight some of the key aspects of the Risk Alert and offer some key takeaways.
Section 204A of the IAA requires that each registered investment adviser establish, maintain and enforce written policies and procedures reasonably designed to prevent the misuse of MNPI by the adviser and any person associated with the adviser. Rule 206(4)-7 of the IAA (Compliance Rule) requires investment advisers to adopt and implement written policies and procedures reasonably designed to prevent violations of the IAA and associated rules. Rule 204A-1 of the IAA (Code of Ethics Rule) requires investment advisers to adopt a code that sets forth standards of conduct expected from the adviser's "supervised persons."1 The Code of Ethics Rule requires adoption of the following:
- standard(s) of business conduct that the adviser requires of all its supervised persons that reflect the adviser's fiduciary obligations and those of its supervised persons
- provisions requiring supervised persons' compliance with applicable federal securities laws
- provisions requiring access persons2 to report – and the adviser to review – their personal securities transactions and holdings periodically
- provisions requiring supervised persons to report any violations of the code of ethics promptly to the chief compliance officer or another designated person
- provisions requiring 1) the adviser to provide each supervised person a copy of the code of ethics and any amendments, and 2) the supervised persons to provide the adviser a written acknowledgment of their receipt of the code and any amendments
Risk Alert Highlights Deficiencies
On April 26, 2022, Exam released the Risk Alert that detailed certain deficiencies that it observed in its examinations of investment advisers concerning Section 204A and the Code of Ethics Rule. Concerning investment adviser Section 204A policies and procedures, Exam highlighted three main areas of concern:
- advisers who use "alternative data" sources – such as geolocation data from consumers' mobile phones, analyses of credit card transactions, and satellite and drone imagery information – may not adopt or implement reasonably designed written policies and procedures to address potential receipt and dissemination of MNPI3
- advisers may have relationships with "value add" investors – such as clients or fund investors who are corporate executives or financial professional investors – who may be more likely to have access to MNPI; Exam claimed that advisers may be failing to adopt and implement policies regarding these investors
- advisers who have relationships with "expert networks" – hired professionals who provide specialized information and research services – did not appear to have or implement policies and procedures concerning discussions with these parties; Exam claimed that these individuals may have access to MNPI and that advisers may be failing to track interactions with these professionals
Concerning the Code of Ethics Rule, Exam identified four additional areas of concern: 1) advisers failing to identify and supervise certain employees as access persons; 2) advisers not preapproving transactions for certain access persons and a corresponding lack of requirement in their policies to obtain preapproval; 3) several purported deficiencies concerning reporting of access person transactions, such as lack of support for supervisory review of access person securities holdings and failure by access persons to submit holdings and transaction reports; and 4) instances where supervised persons may not be providing written acknowledgement of a code of ethics.
Further, the staff provided two areas for consideration by advisers on a going-forward basis: 1) including provisions in their codes concerning "restricted lists" of issuers where the adviser has MNPI, then prohibiting trading in those securities; and 2) incorporating procedures where advisers ensure investment opportunities are first offered to clients before the adviser and employees may act.
Example of Enforcement Action
Exam's Risk Alert comes amid a heightened enforcement environment and covers a subject area where the SEC's Division of Enforcement has penalized companies who have allegedly failed to comply with these provisions. For example, the SEC last year charged a registered investment adviser, a wholly owned subsidiary of an international consulting firm, with violating Sections 204A and 206(4) of the IAA and the Compliance Rule. The SEC's actions were based on the adviser allegedly failing to establish, maintain and enforce written policies and procedures to prevent the misuse of MNPI in connection with the parent-subsidiary relationship. Employees of the parent company were also members of the adviser's investment committee and allegedly had access to and obtained MNPI. Additionally, parent employees purportedly had access to MNPI related to companies where the parent was providing consulting services. Although the SEC's order did not allege that any actual insider trading occurred, the agency alleged that the adviser did not have policies and procedures reasonably designed to address these risks. Without admitting or denying the findings in the SEC's order, the adviser agreed to pay an $18 million penalty.
As the SEC's Division of Enforcement continues to push the boundaries of what constitutes MNPI, this presents challenges for advisers when it comes to the implementation and enforcement of policies and procedures to protect against misuse of such information.
For advisers who utilize alternative data providers, deal with expert networks or have value-add investors, the SEC's Risk Alert – as is typical – emphasizes deficiency areas but offers little in the way of guideposts. Instead, advisers must utilize the listed deficiency areas to identify practices the staff deemed problematic and adjust accordingly. For example, for alternative data providers, advisers should consider including certain triggers for updated or enhanced due diligence. For value-add investors, advisers should consider adopting and implementing procedures that identify and track these investors.
More broadly, however, the Risk Alert should be cause for some concern. First, in light of several enforcement actions related to alleged 204A deficiencies, it is possible – or even likely – that the Risk Alert will be a harbinger of additional enforcement activity to come. Second, the staff's statements about expert networks offered an implicit nod to the SEC's Panuwat insider trading action by encouraging advisers to monitor trading in "similar industries" to those discussed with experts. As courts consider seemingly novel theories on what exactly constitutes MNPI, this puts advisers in a difficult spot when it comes to determining how exactly they should establish, maintain and enforce policies and procedures to prevent misuse. Third, although the staff couched its points about restricted lists and allocation of investment opportunities as those advisers should "consider," it's difficult to not read those items as not-so-subtle expectations for advisers going forward.