Conducting a Risk Assessment of an Investment Adviser

October 23, 2012

Under Rule 206(4)-7 of the Investment Advisers Act of 1940 (“Investment Advisers Act”), investment advisers registered with the U.S. Securities and Exchange Commission (“SEC”) are required to adopt and implement written policies and procedures reasonably designed to prevent violations of the Investment Advisers Act and the rules that the SEC has adopted under the Investment Advisers Act.  Well-designed policies and procedures should also be able to detect violations that have occurred and to promptly correct any violations that have occurred. Most state securities regulators have adopted similar rules requiring investment advisers to develop and implement written compliance policies and procedures. As an investment adviser, the first step in developing written policies and procedures should be to identify the areas of risk related to the investment adviser’s practice and business model. This process of identifying risks that make the investment adviser vulnerable to violations of the Investment Advisers Act is often referred to as a “Risk Assessment,” a “Gap Analysis,” or the compilation of a “Risk Inventory.”

When conducting a risk assessment, an investment adviser should identify and prepare a comprehensive list of all operational and compliance risks associated with the investment adviser’s business model, practices, and ongoing compliance responsibilities. When preparing this list the investment adviser should consider any conflicts of interest or other unique matters regarding the investment adviser’s operations or business model that create risks to the investment adviser or its clients. An investment adviser needs to make sure to include risks that are present  in the investment adviser’s everyday operations. Some examples of these would be failure to provide clients with a copy of the Form ADV, not maintaining required books and records, failure to include required information on a trade ticket, incorrect fee calculations, or unsubstantiated marketing claims. After determining applicable risks, investment advisers must develop policies and procedures designed to address those risks with a focus on preventing and detecting violations of the Investment Advisers Act.

The risk assessment process is not something that simply needs to be done at the time the policies and procedures are developed.  It is something that should be reviewed and updated as necessary but at least annually.  According to Rule 206(4)-7, SEC registered investment advisers are required to perform an annual review of their written policies and procedures. Investment advisers should begin the annual review process by reviewing identified risks and making any revisions or updates as necessary.  Investment advisers must then conduct an assessment of its written compliance policies and procedures to ensure that it has the adequate controls in place to mitigate the risks identified.

During a routine examination, SEC staff will typically request information about the compliance risks identified by the investment adviser. The SEC staff will perform a review and assessment of the investment adviser’s written policies and procedures to determine if the investment adviser has adequate procedures in place to address all areas of risks.

RIA Compliance consultants is hosting a FREE webinar, “Conducting an Annual Compliance Review,” on November 8, 2012, at 12:00 Central.   During this webinar, RIA Compliance Consultants will discuss the requirement of Rule 206(4)-7 under the Investment Advisers Act for an investment adviser to conduct a review at least annually of the adequacy of the investment adviser’s written compliance policies and procedures.  To register for this event click here. RIA Compliance Consultants can assist you with a risk assessment, an annual compliance review, or any of your other compliance needs.  If you are an existing client, please contact your consultant.  If you have not previously worked with RIA Compliance Consultants, please click here to schedule a time to speak to one of our consultants.

Posted by Bryan Hill
Labels: Compliance Program, Compliance Training, Conducting Risk Assessment, SEC, Webinar, Written Policies and Procedures