On February 7, 2017, the Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released a risk alert identifying the five compliance areas most commonly cited in deficiency letters sent to SEC-registered investment advisers (“RIA”). The risk alert focuses on deficiency letters from more than 1,000 RIA audits conducted over the past two years. This list of top deficiencies can help investment advisers develop a stronger compliance program as well as prepare for a regulatory examination.
The OCIE’s top five compliance deficiencies fall under five categories:
1. Compliance Policies and Procedures
Rule 206(4)-7 (the “Compliance Rule”) requires that RIAs have written policies and procedures that are “reasonably designed to prevent violations of the Advisers Act”.
For a compliance manual to be “reasonably designed to prevent violations of the Investment Advisers Act”, it must be more than just an “off-the-shelf” manual. An adviser may start with an “off-the-shelf” manual but the manual 1) must be customized to fit the business model of the adviser and 2) must be routinely updated as new regulations become effective. The OCIE staff cited many instances where advisors’ compliance manuals were not reasonably tailored to the advisers’ business or the compliance manual was outdated.
Also cited were firms with sufficient compliance manuals but whose employees failed to follow the compliance policies and procedures. In many instances this occurred because the adviser conducted an insufficient annual review that did not address the adequacy of the advisers’ policies and procedures to determine if they were being implemented effectively.
Compliance Tip: To be in compliance with Rule 206(4)-7 an adviser must invest sufficient internal or external resources into its compliance program so that it can effectively oversee the implementation and monitoring of the compliance policies and procedures.
2. Required Regulatory Filings
Advisers are obligated to accurately complete and timely file certain regulatory filings with the SEC. Among other filing requirements, Rule 204-1 under the Advisers Act requires advisers to amend their Form ADV at least annually, within 90 days of the end of their fiscal year and more frequently upon material changes.
The OCIE staff observed that certain advisers made inaccurate disclosures on Form ADV Part 1A or in Form ADV Part 2A brochures, such as inaccurately reporting custody information, regulatory assets under management, disciplinary history, types of clients, and conflicts. Additionally, many firms failed to promptly amend their Form ADVs when certain material information became inaccurate.
Compliance Tip: Every adviser should know the information required to be disclosed on the Form ADV as well as the type of information that triggers the need to update the Form ADV within 30 days. Changes to the following categories will trigger the requirement to promptly update your Form ADV:
For more specific instructions, refer to the SECs general instructions to Form ADV, sections two and four of its instructions for Form ADV Part 2A, and its IARD FAQs. Always err on the side of caution and refer to an expert in the event more clarity is needed.
Rule 206(4)-2 (the “Custody Rule”) requires advisors with custody of client cash or securities to comply with the Custody Rule. The OCIE staff observed that many RIAs were not complying with the Custody Rule because they did not recognize that they actually have custody of client’s cash or securities. Additionally, for RIAs with custody who were required to have a surprise examinations, the surprise exams did not meet the requirements of the Custody Rule. Advisors to private funds are generally thought to have custody of the private fund’s assets. Private fund managers are exempt from the Custody Rule requirements if they have an annual audit of the fund conducted by an independent public accountant registered with, and subject to regular inspection by, the Public Company Accounting Oversight Board and that the audited financial statements be provided to investors within 120 days after the end of the fiscal year.
Compliance Tip: Advisors to private funds must be sure to properly indicate that they have custody on Form ADV. Also, audited financial statements must be distributed to all beneficial owners, meaning the limited partners, in a timely manner.
4. Code of Ethics
Rule 204A-1 (the “Code of Ethics” rule) requires an adviser to adopt and maintain a Code of Ethics that sets forth standards of conduct and requires compliance with federal securities laws. It must also address insider trading and personal trading requirements.
The OCIE staff observed that certain advisers did not identify all access persons (e.g., certain employees, partners or directors) for purposes of reviewing personal securities transactions. Also, certain advisers’ Code of Ethics did not specify a timeframe for when disclosures of personal securities transaction would be due or that they would be reviewed. Certain access persons submitted transactions and holdings less frequently then required by the Code of Ethics rule. The staff also observed that certain advisers did not describe their Code of Ethics in their Part 2A of Form ADVs and did not indicate that their Code of Ethics are available to any client or prospective client upon request.
Compliance Tip: First, ensure that your Code of Ethics addresses all the SEC requirements. Then, develop or enhance the firm’s internal procedures to ensure compliance with the firm’s Code of Ethics. Employees must submit personal securities transactions in a timely manner and should be aware of any personal trading restrictions. Employees are also required to read the Code of Ethics at least once annually and sign an Acknowledgement Form.
5. Books and Records
Rule 204(2) (the “Books and Records Rule”) requires advisers to make and keep certain books and records relating to their investment advisory business, including typical accounting and other business records as required by the Commission.
The staff observed that:
Compliance Tip: Advisors should develop a books and records retention log that lists every item required to be maintained by the books and records rule, where that record will be maintained, who is responsible for maintaining the log, and the period of time that the document must be maintained. Books and records must generally be maintained and preserved in an easily accessible place for a period of not less than five years.
If you need assistance customizing your compliance policies and procedures, with your regulatory filings, or simply need a compliance tool such as a books and records retention log, give us a call. ICSGroup offers a variety of compliance services ranging from a la carte services to fully outsourced compliance support. We are a high-quality and cost-effective compliance solution. As always, we’re here to help.