On November 19, 2020, the Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released a new risk alert regarding registered investment adviser ("RIA") compliance deficiencies related to Rule 206(4)-7, also known as the "Compliance Rule", under the Investment Advisers Act of 1940 ("Advisers Act"). Many of the deficiencies center around inadequate policies and procedures which is the primary document that RIA firms should design, implement, and regularly revise to avoid violating the Compliance Rule.
In this latest SEC RIA risk alert, the SEC staff notes:
The Compliance Rule does not enumerate specific elements that advisers must include in their policies and procedures. Each adviser should adopt policies and procedures that take into consideration the nature of that firm's operations. The policies and procedures should be designed to prevent violations from occurring, detect violations that have occurred, and correct promptly any violations that have occurred.
The Compliance Rule also requires each adviser to review its policies and procedures no less frequently than annually to determine their adequacy and the effectiveness of their implementation. The review should consider any compliance matters that arose during the previous year, any changes in the business activities of the adviser or its affiliates, and any changes in the Advisers Act or applicable regulations that might suggest a need to revise the policies or procedures. Although the Compliance Rule requires only annual reviews, advisers should consider the need for interim reviews in response to significant compliance events, changes in business arrangements, and regulatory developments.
Finally, the Compliance Rule requires each adviser to designate a chief compliance officer (“CCO”) to administer its compliance policies and procedures. An adviser's CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. The CCO should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.
In particular the SEC staff notes three key requirements of the Compliance Rule:
- The need to adopt policies and procedures that are tailored to the firm's operations;
- The need to conduct an annual compliance program review; and
- The need to designate a CCO to administer the firm's compliance program who is competent and knowledgeable regarding the Advisers Act and empower with full responsibility and authority.
While the Compliance Rule is less than 150 words in length, it is frequently cited in enforcement actions and forms the building blocks of establishing the proper culture of compliance.
In particular, the risk alert lists a number of Compliance Rule-related compliance deficiencies observed during recent SEC investment adviser examinations including:
- Inadequate Compliance Resources: OCIE staff observed advisers that did not devote
adequate resources, such as information technology, staff and training, to their
- Insufficient Authority of CCOs: OCIE staff observed CCOs who lacked sufficient
authority within the adviser to develop and enforce appropriate policies and procedures
for the adviser.
- Annual Review Deficiencies: OCIE staff observed advisers that were unable to
demonstrate that they performed an annual review or whose annual reviews failed to
identify significant existing compliance or regulatory problems.
- Implementing Actions Required by Written Policies and Procedures: OCIE staff
observed advisers that did not implement or perform actions required by their written
policies and procedures.
- Maintaining Accurate and Complete Information in Policies and Procedures: The staff
observed advisers’ policies and procedures that contained outdated or inaccurate
information about the adviser, including off-the-shelf policies that contained unrelated or
- Maintaining or Establishing Reasonably Designed Written Policies and Procedures: OCIE staff observed advisers that did not maintain written policies and procedures or that failed to establish, implement, or appropriately tailor written policies and procedures that were reasonably designed to prevent violations of the Advisers Act. For example, staff observed advisers that claimed to rely on cursory or informal processes instead of maintaining written policies and procedures. In addition, staff observed advisers that utilized policies of an affiliated entity, such as a broker-dealer, that were not tailored to the business of the advisers. Where firms maintained written policies and procedures, OCIE staff observed deficiencies or weaknesses with establishing, implementing or appropriately tailoring their written policies and procedures in the following areas:
- Portfolio Management
- Trading Practices
- Advisory Fees and Valuation
- Safeguards for Client Privacy
- Required Books and Records
- Safeguarding of Client Assets
- Business Continuity Plans
In conclusion, the SEC staff "encourages advisers to review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are tailored to the advisers' business and adequately reviewed and implemented."
Be sure to check back soon as we continue to provide updates on relevant RIA regulatory compliance focus areas.