The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) recently published a Risk Alert listing five compliance topics most frequently identified in deficiency letters to investment advisers following exams. The five most frequently identified areas involved: (1) compliance policies and procedures deficiencies; (2) inaccurate or late regulatory filings; (3) custody rule violations; (4) code of ethics deficiencies and violations and (5) inaccurate or missing books and records. The Risk Alert is available here.
Compliance Policies and Procedures Deficiencies
Rule 206(4)-7 under the Investment Advisers Act of 1940 (the “Advisers Act”) requires advisers to adopt and implement written policies and procedures reasonably designed to prevent violations, by the adviser and its supervised persons, of the Advisers Act and the rules adopted thereunder, review the adequacy of these policies and procedures and the effectiveness of their implementation at least annually, and designate a chief compliance officer responsible for administering these policies and procedures. The staff noted several examples of deficiencies and weaknesses in advisers’ compliance policies and procedures, including:
- overly generic policies and procedures—Advisers using “off-the-shelf” compliance manuals not reasonably tailored to the adviser’s business practices, such as its particular investment strategies, clients, trading practices, valuation procedures and advisory fees,
- old policies—Advisers using compliance manuals containing stale information or old policies,
- failure to conduct annual reviews,
- failure to correct identified problems, and
- failure to follow procedures.
Inaccurate or Late Regulatory Filings
Advisers are required to file certain regulatory filings with the SEC in an accurate and timely manner. The staff identified several deficiencies and weaknesses in this area such as making inaccurate disclosures or untimely amendments for filings of Form ADV, Form PF and Form D. On Form ADV, the staff observed many instances of inaccurately reported custody information, regulatory assets under management, disciplinary history, types of clients and conflicts.
Custody Rule Violations
Rule 206(4)-2 under the Advisers Act requires an adviser with custody of client cash or securities to comply with several requirements designed to enhance the safety of client assets from unlawful activities or financial problems of the adviser. The staff observed some advisers did not recognize that they may have custody as a result of certain authority or online access to client accounts (i.e. clients’ usernames and passwords). Another deficiency in this area involved inadequate surprise examinations that did not meet the requirements of the custody rule, such as exams that were not conducted on a “surprise” basis.
Code of Ethics Deficiencies and Violations
Rule 204A-1 under the Advisers Act requires advisers to adopt and maintain a code of ethics that establishes a standard of business conduct that the adviser requires of all its supervised persons, requires an adviser’s access persons to periodically report their personal securities transactions and holdings and requires access persons to obtain the adviser’s pre-approval before investing in an initial public offering or private placement. The staff noted several examples of deficiencies and weaknesses in connection with this rule, including:
- advisers failing to identify all of their access persons,
- access persons submitting transactions and holdings less frequently than required,
- advisers’ codes of ethics failing to include all required information, and
- missing or inadequate descriptions of codes of ethics in advisers’ Form ADVs.
Inaccurate or Missing Books and Records
Rule 204-2 under the Advisers Act requires advisers to make and maintain certain books and records relating to their investment advisory business. The staff observed that certain advisers did not maintain all required records, had inaccurate or inconsistent records, or did not update their books and records.
Advisers should consider reviewing their compliance practices, policies and procedures in light of the deficiencies and weaknesses identified in the Risk Alert. Where advisers observe deficiencies in their own practices adjustments should be made.