On July 23, 2019, the Securities and Exchange Commission ("SEC") Office of Compliance Inspections and Examinations ("OCIE") released a risk alert reminding registered investment adviser (“RIA”) firms to consider the risks associated with hiring and employing staff members with disciplinary histories and to design policies and procedures that will properly address those risks. This risk alert is a result of a series of examinations conducted in 2017 that, according to OCIE, “assess the oversight practices of SEC-registered investment advisers (‘advisers’) that previously employed, or currently employ, any individual with a history of disciplinary events (‘Supervision Initiative’ or ‘Initiative’).” This series of examinations resulted in numerous observations of deficiencies primarily related to compliance and disclosure issues including undisclosed conflicts of interest.
Specific to Disciplinary History
OCIE’s observations of deficiencies specific to disciplinary history primarily fell into two categories: full and fair disclosures and effective compliance programs. Deficiencies cited related to disclosure were primarily due to the inadequate disclosure of disciplinary events. OCIE examiners noted that RIA firms commonly:
1) Omitted material disclosures regarding disciplinary histories of certain supervised persons or the adviser itself.
2) Included incomplete, confusing, or misleading information regarding disciplinary events.
3) Did not timely update and deliver disclosure documents to clients, such as updating Form ADV for new disciplinary events of supervised persons reported on CRD (e.g., Form U5s).
Furthermore, the staff observed that firm’s policies and procedures were not designed in a way that properly addressed the risks associated with hiring and employing individuals with disciplinary histories. As stated in the risk alert:
For example, advisers did not have processes reasonably designed to identify:
1) Whether the supervised persons’ self-attestations regarding disciplinary events completely and accurately described those events. For example, some self-attestations contained information that did not fully or clearly describe the disciplinary events.
2) Whether the supervised persons’ self-attestations that they were not the subject of reportable events or recent bankruptcies was in fact the case. For example, some supervised persons reported incorrectly to the adviser that they were not the subject of any reportable events during the reporting period or did not report information regarding recent bankruptcies.
Compliance and Supervision
The OCIE staff found that many advisers were not properly documenting the responsibilities of or outlining the expectations of the firm’s supervised persons. OCIE gave examples of observed non-compliant practices by advisors including failing to:
1) Oversee whether fees charged by supervised persons were disclosed or assess whether the services clients paid for were performed.
2) Have advertising policies and procedures that provided sufficiently specific guidance to supervised persons who prepared their own advertising materials and websites.
3) Include reviewing activities of supervised persons, including supervised persons with disciplinary histories, working from remote locations as part of its monitoring activities.
In regards to deficiencies found related to oversight, although certain supervised persons were assigned certain responsibilities as part of firms' compliance policies and procedures, often RIA firms did not confirm that they were executed as outlined. On the other hand, if these duties were performed as described, often they were not documented according to firms' policies and procedures. These responsibilities included key compliance duties such as monitoring the appropriateness of client types and maintaining accurate books and records. “For example, although outlined within the advisers’ policies and procedures, the firms did not review whether at account opening the type of account selected was appropriate (e.g., wrap fee versus separately managed account), document that an assessment of the type of account took place, or document the factors considered in making these assessments,” OCIE states.
Further related to policies and procedures, advisers often had written policies and procedures that were inconsistent with their actual business practices. The risk alert states that, “Areas of inconsistent compliance practices most frequently cited by the staff involved those addressing commissions, fees, and expenses (e.g., solicitation fees, management fees, compensation related to hiring personnel, and oversight of firm compensation practices, including such practices within branch offices).” In addition, annual compliance reviews were found to be insufficient due to improper documentation and the failure to conduct a sufficient risk assessment.
Disclosure of Conflicts of Interests
Undisclosed compensation arrangements resulted in conflicts of interests that, "could have impacted the impartiality of the advice the supervised persons gave to their clients. For example,
1) Forgivable loans were made to the advisers or their supervised persons, the terms of which were contingent upon certain client-based incentives that may have unduly influenced the investment decision-making process, resulted in higher fees and expenses for the affected clients, or both.
2) Supervised persons were required to incur all transaction-based charges associated with executing client transactions, which created incentives for the supervised persons to trade less frequently on behalf of their clients.
Ways to Improve Compliance
OCIE concludes the risk alert by offering compliance considerations that firms should take into account when hiring employing persons with a disciplinary history. Among other things, those considerations include properly designed policies and procedures, due diligence practices when hiring, heightened supervision practices, and oversight of remote employees. While this risk alert was primarily focused on firms employing staff members with past disciplinary issues, all RIA firm principals and Chief Compliance Officers should review the risk alert in more detail as it applies to common employee supervision issues across all types of advisory firms.