On November 19th 2020, the Office of Compliance Inspections and Examinations (“OCIE”) of the U.S. Securities and Exchange Commission (“SEC”) released a Risk Alert about its assessment of the compliance practices of SEC-registered investment advisers with regard to SEC Rule 206(4)-7 (the “Compliance Rule”) under the Investment Advisers Act of 1940. In its Risk Alert, the SEC noted that Compliance Rule deficiencies are among the most common discovered by OCIE during SEC registered investment adviser examinations. Click here to read the SEC’s Risk Alert for Investment Adviser Compliance Programs.
All SEC registered investment advisers must adopt compliance policies and procedures that are designed to prevent violation of the Investment Advisers Act of 1940 as amended from occurring, detect violations that have occurred, and correct promptly any violations that have occurred. Although SEC Rule 206(4)-7 does not specify everything that must be covered in a SEC registered investment adviser’s policies and procedures, it does require that an investment adviser’s supervisory and compliance policies and procedures be tailored to the investment adviser firm. Investment advisers must conduct initial and ongoing reviews to identify conflicts and other compliance factors creating risk exposure for the investment adviser and its clients in light of the firm’s particular operations.
Below is a discussion of SEC’s findings linked to resources available from RIA Compliance Consultants to help identify and mitigate potential deficiencies at your investment adviser firm.
|Common Compliance Deficiencies Identified by the SEC||Tools and Resources At RIA Compliance Consultants, Inc.|
|Inadequate Compliance Resources/Failure to Implement Compliance Policies & Procedures
The SEC found investment adviser firms that did not devote adequate resources to compliance, including insufficient IT, compliance staff and training resources.
The SEC also observed that certain investment adviser firms failed to implement their compliance policies and procedures, including training.
|Compliance Training Programs for CCOs and Supervised Persons
Additional Compliance Resources
Third Party Resources
Note: While the suggested tools can assist an investment adviser firm in implementing a robust compliance program, no tool is a substitute for having a culture of compliance and dedicating sufficient staff and resources to the investment adviser’s compliance program. Investment adviser firms must dedicate adequate compliance staff, capital, and other internal resources to the compliance program on an ongoing basis.
|Insufficient Authority of CCOs
The SEC observed investment adviser firms where the CCO did not have authority to view certain reports or investment advisory agreements, which limited the CCO’s ability to supervise the firm’s compliance program. The SEC also noted instances where the CCO had little interaction with senior firm management or where key personnel failed to consult with the CCO on actions with potential compliance implications, limiting the CCO’s understanding of the investment adviser firm’s business practices and risks.
Compliance Training Programs for CCOs and Supervised Persons
Recent SEC Guidance/Speech – The Role of the CCO – Empowered, Senior and With Authority (Nov. 19, 2020)
|Annual Review Deficiencies
The SEC noted that certain investment adviser firms failed to conduct or failed to adequately document their annual compliance review. The SEC also identified investment adviser firms that conducted the required review, but failed to identify significant risks and issues at the firm that needed to be addressed.
|RIA Express – Compliance Review Tool
The RIA Express – Compliance Review Tool is an online tool that assists in assessing the effectiveness of an investment adviser’s compliance program. RIA Express – Compliance Review takes the user through a series of questions about the investment adviser’s disclosures, policies/procedures and actual practices. Based upon the answers provided and the SEC’s published rules for a federally registered investment adviser, RIA Express – Compliance Review automatically generates a written findings report and allows the investment adviser firm to create and track the status of any corrective actions.
The RIA Express – Compliance Review Tool is only available through one of our Annual Compliance Program Packages.
Consultant Led Compliance Review/Mock Regulatory Review
RIA Compliance also offers compliance reviews and/or mock regulatory reviews led by a senior compliance consultant. Click here for more details.
|Maintaining Accurate and Complete Information in Policies and Procedures
The SEC observed investment adviser firms that used off the shelf or otherwise outdated compliance manuals that were not tailored to the investment adviser firm’s current practices.
Maintaining or Establishing Reasonably Designed Written Policies and Procedures
The SEC observed investment adviser firms that claimed to rely on informal processes instead of written policies and procedures, or that utilized the compliance policies and procedures of an affiliated entity that were not adequately tailored to the investment adviser firm.
|RIA Express – Compliance Manual Drafter
For investment adviser firms interested in drafting a model manual for self-directed customization by the firm, consider the RIA Express – Compliance Manual Drafter.
RIA Compliance Consultants also offers a consultant-led, customized version of RIA Express – Compliance Manual Drafter for firms that would like a senior compliance consultant to assist in tailoring the manual.
Also available are stand-alone Sample Compliance Manual Section Updates, each tailored to a specific topic to update or supplement an existing compliance manual.
For other assistance developing, revising or updating your registered investment adviser’s code of ethics, compliance policies and supervisory procedures, click here to set up an introductory call with our Business Development Team or, if you are an existing client, contact your senior compliance consultant.
In its Risk Alert, the SEC specifically noted the following common areas of deficiency in compliance policy and procedure manuals. RIA Compliance Consultants encourages all registered investment adviser firms to review their own compliance manuals in light of this list.
Common Areas of Deficiency in Compliance Policies and Procedures Manuals
- Due diligence and oversight of outside managers.
- Monitoring compliance with client investment and tax planning strategies.
- Oversight of third-party service providers.
- Due diligence and oversight of investments, including alternative assets.
- Oversight of branch offices and investment advisory representatives to ensure they are complying with the adviser’s policies and procedures.
- Compliance with regulatory and client investment restrictions.
- Adherence with investment advisory agreements.
- Oversight of solicitation arrangements.
- Prevention of the use of misleading marketing presentations, including on websites.
- Oversight of the use and accuracy of performance advertising.
- Allocation of soft dollars.
- Best execution.
- Trade errors.
- Restricted securities.
- Accuracy of Form ADV.
- Accuracy of client communications.
Advisory fees and valuation.
- Fee billing processes, including how fees are calculated, tested, or monitored for accuracy.
- Expense reimbursement policies and procedures.
- Valuation of advisory client assets.
Safeguards for client privacy.
- Regulation S-P.
- Regulation S-ID.
- Physical security of client information.
- Electronic security of client information, including encryption policies.
- General cybersecurity, including access rights and controls, data loss prevention, penetration testing and/or vulnerability scans, vendor management, employee training or incident response plans.
Required books and records.
- Written policies and procedures to make and keep accurate books and records as required under Rule 204-2 under the Advisers Act.
Safeguarding of client assets.
- Written policies and procedures regarding custody and safety of client assets.
Business continuity plans.
- The maintenance of adequate disaster recovery plans because the business continuity plans were not tested or did not contain contact information or designate responsibility for business continuity plan actions.
If your investment adviser firm is an existing client of RIA Compliance Consultants and would like assistance in reviewing your compliance policies and procedures, we encourage you to speak with your compliance consultant. Or, if you are not an existing client of RIA Compliance Consultants, click here to set up an introductory call with our Business Development Team.