In a recent exam request letter of a PE firm ($600M in AUM), examiners requested any cybersecurity policies, risk assessments and a “summary of any cybersecurity events impacting the firm and their effect on the firm, its clients, and/or its vendors and affiliates.” It is well-recognized that small firms have significant cybersecurity risk primarily because cyber attackers see them as easy targets. The SEC expects all firms, regardless of size, to have cybersecurity policies and procedures and appropriate controls in place to mitigate the risk of a cyber breach.
What to do: Retain ICSGroup to help you assess the current state of your cybersecurity program, conduct a risk assessment and develop policies and procedures and cyber controls appropriate for your firm’s size. ICSGroup partners with a well-respected IT Consulting firm that can assess the quality of your IT resources and conduct penetration testing of your systems.
A pending SEC regulation will soon require investment advisors to develop Anti-Money Laundering (“AML”) and Know Your Customer (“KYC”) compliance programs. Advisors will be required to know much more about their individual and corporate investors and the source of their capital, pierce the corporate veil to identify the individual owners, and alert Financial Crimes Enforcement Network (“FinCen”) of suspicious activity.
What to do: Retain a Certified Anti-Money Laundering Specialist (“CAMS”) to develop your AML/KYC Program. ICSGroup’s consultants are CAMS certified.
Financial reports of advisors to private funds are being closely examined by regulators to identify instances of fees and expenses improperly charged to funds. The latest posterchild for fees and expenses violations is the Illinois-based private fund adviser, Cranshire Capital Advisors ($94M in AUM). Cranshire charged certain compliance and legal expenses to its funds when those expenses were not disclosed in the fund’s PPM or LPA. The SEC notes in its November 23, 2015 settlement with Cranshire that from 2012 through 2014 the firm breached its fiduciary duty by improperly charging expenses to the fund and failed to adopt policies and procedures for allocating fund expenses.
What to do: Retain ICSGroup to develop policies and procedures that are crystal clear on the allocation of fund expenses and provide employee training so they adhere to them.
Venture capital firms that have enjoyed a “report only” status under Rule 204-4 will now be subject to SEC scrutiny. In December, the SEC announced that it will begin examining Exempt Reporting Advisors (“ERAs”) in 2016.
What to do: Retain ICSGroup to develop and implement compliance policies and procedures, train your staff and help ensure that your staff adheres to your policies and procedures. The SEC is coming.
Rule 206(4)-7 requires registered investment advisers to designate a CCO who is competent and knowledgeable regarding the Advisers Act. The SEC has noted that often compliance personnel lack the resources and knowledge to do their jobs effectively which has led to actions brought against CCOs for enabling compliance violations. Recent cases brought by the SEC against CCOs have involved the failure to adopt policies and procedures to address known compliance risks.
What to do: CCOs can protect themselves by retaining ICSGroup to provide valuable compliance assistance, particularly where resources or specific subject matter expertise are limited. ICSGroup can also provide information about best practices gained from working with other PE firms who have successfully completed SEC exams.
SEC Chairwoman, Mary Jo White, recently stated to Congress that SEC staffers are “preparing a recommendation to the Commission for proposed rules requiring third-party compliance reviews” of investment advisers. As the number of investment advisers continues to grow and the OCIE struggles to visit only about 10% of RIAs annually, this initiative will allow the SEC to enlist compliance consulting firms to conduct examinations of investment advisors.
What to do: Be proactive. Ensure that you will be ready for an examination by the SEC or a compliance consultant by retaining ICSGroup to conduct a mock SEC exam.