According to Rule 206(4)-7 of the Investment Advisers Act of 1940 (“Investment Advisers Act”), investment advisers registered with the U.S. Securities and Exchange Commission (“SEC”) are required to adopt and implement written policies and procedures reasonably designed to prevent violations of the Investment Advisers Act and the rules that the SEC has adopted under the Investment Advisers Act. An investment adviser’s written policies and procedures must also be designed to detect and promptly correct violations that have occurred. Most state securities regulators have adopted similar rules requiring investment advisers to develop and implement written compliance policies and procedures. Identifying the areas of risk related to the investment adviser’s practice and business model is the first critical step an investment adviser should take to develop strong written policies and procedures. This process of identifying risks that make the investment adviser vulnerable to violations of the Investment Advisers Act is often referred to as a “Risk Assessment,” a “Gap Analysis,” or the compilation of a “Risk Inventory.”
A risk assessment should serve as a mechanism for an investment adviser to identify its unique set of risks based on the investment adviser’s business model, affiliations, conflicts of interests, etc. An effective risk assessment will evaluate what risks are present and how such risks affect the investment adviser and its business operations. During the risk assessment process, an investment adviser should identify and prepare a comprehensive list of all operational and compliance risks associated with the investment adviser’s business model, practices, and ongoing compliance responsibilities. When preparing this list the investment adviser should consider any conflicts of interest or other unique matters regarding the investment adviser’s operations or business model that create risks to the investment adviser or its clients. An investment adviser needs to make sure to include risks that are present in the investment adviser’s everyday operations. Some examples of these risks would include failure to provide clients with a copy of the Form ADV, not maintaining required books and records, failure to include required information on a trade ticket, making incorrect fee calculations, or using unsubstantiated marketing claims.
Once an investment adviser has identified all risks, the investment adviser must develop policies and procedures to address the identified areas of risk with a focus on preventing and detecting violations of the Investment Advisers Act. When developing these policies and procedures, an investment adviser must assess whether the appropriate controls are in place to mitigate, manage or control such risks and their potential harm to the investment adviser or its clients.
An investment adviser’s initial risk assessment should be performed prior to developing its written policies and procedures but the risk assessment process is not something that simply needs to be done at the time the policies and procedures are developed. An investment adviser should review and update the risk assessment as necessary, but no less than annually when the investment adviser performs its annual assessment. According to Rule 206(4)-7, SEC registered investment advisers are required to perform an annual review of their written policies and procedures. An investment adviser should begin the annual review process by reviewing identified risks and making any revisions or updates as necessary. An investment adviser must then conduct an assessment of its written compliance policies and procedures to ensure that it has the adequate controls in place to mitigate the risks identified. Additionally, an investment adviser should consider conducting a risk assessment after changes to the investment adviser’s business model, post regulatory events, or in light of industry policy changes. As an investment adviser identifies new risks, such risks should be addressed and handled and the investment adviser’s written policies and procedures should be updated to reflect such changes.
An investment adviser should prepare and maintain documentation to support conducting risk assessments/risk inventory and should be prepared to present such documentation to regulators upon request. During a routine examination, SEC staff will typically request information about the compliance risks identified by the investment adviser. The SEC staff will perform a review and assessment of the investment adviser’s written policies and procedures to determine if the investment adviser has adequate procedures in place to address all areas of risks. An effective risk assessment can enhance the efficiency of an investment adviser’s ongoing compliance program while demonstrating to the SEC or state securities regulators that the investment adviser’s compliance program is reasonably designed to prevent violations of the Investment Advisers Act or similar state regulations.
RIA Compliance Consultants is hosting a webinar that will provide a review of the risk assessment/risk inventory process. Our webinar, “Conducting a Risk Assessment/Risk Inventory,” will be hosted on July 25, 2013, at 12:00 p.m. CDT. During this webinar RIA Compliance Consultants will highlight the importance of the risk assessment process while providing insight into the types of questions investment advisers should be asking during this process. We will also provide tips for documenting the risk assessment/risk inventory conducted. To learn more or to register for this webinar, please click here.
Posted by Bryan Hill