On November 19, 2020, the Securities and Exchange’s Commission Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert outlining notable compliance issues related to Rule 206(4)-7 (the “Compliance Rule”) of the Investment Advisers Act of 1940 (“Advisers Act”). Among the deficiencies and weaknesses OCIE identified:
- Inadequate Compliance Resources. Staffers described multiple instances of insufficient resources dedicated to compliance efforts. Examples included a chief compliance officers (“CCO”) that either had duties outside of compliance, or otherwise did not have enough time for their compliance responsibilities; advisers providing insufficient training and/or hiring insufficient staff for compliance functions; and advisers not hiring additional compliance staff even as their businesses grew.
- Insufficient CCO Authority. Staffers observed issues such as CCOs being kept from accessing critical compliance information, senior management having limited interaction with their CCOs, and management not consulting CCOs about matters with potential compliance implications.
- Annual Review Deficiencies. Staffers observed advisers claiming to engage in ongoing or annual compliance reviews of policies and procedures, but failing to produce evidence this actually occurred; advisers failing to identify risk areas applicable to the adviser despite claiming they had performed limited annual reviews; and advisers failing to review significant areas of their business.
- Implementing Actions Required by Written Policies and Procedures. Staffers also observed advisers failing to implement actions required by their own policies and procedures, including training employees, reviewing advertising materials, following compliance checklists and reviewing client accounts to assess consistency of portfolios with investment objectives.
- Maintaining or Establishing Reasonable Designed Written Policies and Procedures. Staffers observed advisers with deficiencies or weaknesses in various areas:
- Portfolio management, including oversight of outside managers and other third-party service providers, compliance with client investment restrictions and adherence with advisory agreements;
- Marketing including solicitation arrangements, misleading marketing presentations and oversight of the accuracy of performance advertising;
- Trading practices, including allocation of soft dollars, best execution and trade errors;
- Advisory fees and valuation, including the fee billing process, expense reimbursement policies and procedures and valuation of advisory client assets;
- Safeguards for client privacy, including physical and electronic security of client information and encryption policies; and
- General cybersecurity, including access rights and controls, data loss prevention penetration testing and/or vulnerability scans, vendor management, employee training or incident response plans.
The full Risk Alert with all of the relevant OCIE observations can be viewed at SEC.gov.