OCIE Observations: Investment Adviser Compliance Programs

November 23rd | 2020

The SEC’s Compliance Inspections and Examinations (“OCIE”) recently issued a risk alert related to Rule 206(4)-7 (the “Compliance Rule”) under the Investment Advisers Act of 1940. The Compliance Rule does not enumerate specific elements that advisers must include in their policies and procedures. Instead, each adviser should adopt policies and procedures that take into consideration the nature of that firm's operations. The policies and procedures should be designed to prevent violations from occurring, detect violations that have occurred, and correct promptly any violations that have occurred. Below are examples of notable deficiencies or weaknesses identified by OCIE staff in connection with the Compliance Rule:

1. Inadequate Compliance Resources

  • CCOs with too many other responsibilities

  • Insufficient staff training and resources

  • Failure for compliance resources to scale with the business

2. Insufficient Authority of CCOs

  • CCOs lacking access to critical compliance information

  • CCOs lacking access to senior management

  • CCO’s not being consulted in compliance related matters

3. Annual Review Deficiencies

  • a) Lack of evidence an annual review was performed

  • b) Failure to cover critical areas - Recommended third-party managers - Cybersecurity - Calculation of fees and allocation of expenses

4. Not Conducting Actions Required by Written Policies and Procedures (WSPs)

5. Inaccurate Written Policies and Procedures

6. Failure to Maintain or Establish Reasonably Designed WSPs

The Compliance Rule requires each adviser to review its WSPs no less frequently than annually to determine their adequacy and the effectiveness of their implementation. The review should consider any compliance matters that arose during the previous year, any changes in the business activities of the adviser or its affiliates, and any changes in the Advisers Act or applicable regulations that might suggest a need to revise the policies or procedures. OCIE’s risk alert also identified nine common areas of deficiencies they have observed in investment advisers’ WSPs:

  1. Portfolio management

  2. Marketing

  3. Trading practices

  4. Disclosures

  5. Advisory fees and valuations

  6. Safeguards for client privacy

  7. Making and keeping required books and records

  8. Safeguarding of clients’ assets

  9. Business continuity plans

OCIE concludes by encouraging advisers to review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are tailored to the advisers’ business and adequately reviewed and implemented. OCIE’s alert almost reads like a roadmap of an examination, so it may be helpful to advisers to have their WSPs reviewed and tested externally to ensure all of issues in this alert are adequately covered.

34 views0 comments