By Amy Leisinger, J.D.
The SEC’s Office of Compliance Inspections and Examinations has issued a risk alert to provide an overview of notable compliance issues related to Advisers Act Rule 206(4)-7 (the "Compliance Rule"). Times have changed, but the need for investor protection remains the same, according the staff.
Compliance rule. Under Rule 206(4)-7, it is unlawful for a registered investment adviser to provide advice unless the adviser has adopted and implemented written policies and procedures reasonably designed to prevent violations; an adviser must consider fiduciary and regulatory obligations, as well its specific operations, and formalize policies and procedures to address them. The rule also requires each adviser to conduct a review of its policies and procedures at least every year and consider the need for interim reviews in response to significant compliance events and developments, according to OCIE.
A chief compliance officer must administer a firm’s compliance policies and procedures and should be empowered to develop and enforce them. The CCO should have a position of sufficient seniority and authority within the organization to compel others to adhere, the alert states.
Notable deficiencies and weaknesses. In its alert, OCIE identified multiple examples of deficiencies related to the Compliance Rule. OCIE staff observed advisers that did not devote adequate resources to information technology and staff training regarding compliance. Further, CCOs did not appear to devote sufficient time to fulfilling their responsibilities, and compliance staff did not have sufficient resources to implement an effective compliance program. Some advisers that had significantly grown but did not add compliance staff saw failures in implementing or tailoring their compliance policies and procedures, the staff explains.
According to the alert, OCIE staff also observed CCOs who lacked sufficient authority within the advisory firm to develop and enforce appropriate policies and procedures. Advisers where senior management appeared to have limited interaction with their CCOs led to limited knowledge about the firm’s leadership, transactions, and business operations.
OCIE staff also saw advisers that did not implement or perform actions required by their written policies and procedures, the report states. Some advisers did not train their employees, implement compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosure and other requirements, according to OCIE staff.
Where firms maintained written policies and procedures, OCIE staff observed deficiencies or weaknesses with establishing, implementing, or appropriately tailoring written policies and procedures regarding portfolio management, marketing, trading practices, disclosures, fees, and privacy safeguards.
OCIE encourages each adviser to review its policies and procedures to ensure that they are tailored to the adviser’s business.
COVID-19. In recent remarks, OCIE Director Peter Driscoll noted that OCIE continues to be fully operational, finding alternative ways to complete exams without the benefit of on-site interactions. The staff has engaged in outreach efforts with many advisers and investment company complexes to assess the impacts of COVID-19, he explained, including challenges with operational resiliency and fund liquidity. Issues with implementing business continuity and pandemic plans have been minor and were addressed quickly, according to the director. New needs during the pandemic may bring risks that need to be evaluated by knowledgeable compliance departments, Driscoll said.
CCOs. Compliance staff faces numerous difficulties that have only increased because of COVID-19, the director stated. A firm’s compliance program is critical to the protection of investors, and OCIE tries to assist by being as transparent as possible about common deficiencies. Internal conflicts have played a role in creating conflicts, but we do see good practices where CCOs are included in business planning and strategy discussions for their meaningful input, Driscoll stated.
"A good CCO can be a true ‘value-add’ to the business; by keeping up with regulatory expectations and new rules, CCOs can assist in positioning their firms not only to avoid costly compliance failures, but also provide pro-active compliance guidance on new or amended rules that may provide advisers with additional business options," he said.
When an adviser has changed CCOs recently or frequently, OCIE staff is likely to question the change, the director explained. The cause or blame for compliance problems should not land only on the CCO, according to Driscoll, and it is crucial to provide sufficient resources for compliance with applicable laws and regulations.
"CCOs should not and cannot do it alone and should not and cannot be responsible for all compliance failures," he concluded.