On February 7, the Office of Compliance Inspections and Examinations (“OCIE”) of the U.S. Securities and Exchange Commission (“SEC”) published a Risk Alert highlighting the “five compliance topics most frequently identified in deficiency letters that were sent to SEC-registered investment advisers” in a sample of over 1,000 examinations during the past two years. OCIE functions as the “eyes and ears” of the SEC and is grounded on “Four Pillars:” (1) improving compliance, (2) preventing fraud, (3) monitoring risk, and (4) informing policy. The key takeaway according to the SEC is that “advisers should review their compliance programs and practices in light of the topics noted in the Risk Alert.” The five compliance topics involved violations of the Investment Advisers Act of 1940 (the “Advisers Act”), specifically:
- Rule 206(4)-7 (the “Compliance Rule”)
- Various required regulatory filings
- Rule 206(4)-2 (the “Custody Rule”)
- Rule 204A-1 (the “Code of Ethics Rule”)
- Rule 204-2 (the “Books and Records Rule”)
Rule 206(4)-7 (the “Compliance Rule”)
The Compliance Rule in the Advisers Act appears relatively straightforward and states that it shall be unlawful to provide investment advice to clients unless the adviser:
- Policies and Procedures – adopts and implements written policies and procedures reasonably designed to prevent violation, by the adviser and its supervised persons, of the Advisers Act and the rules that the SEC has adopted under the Advisers Act,
- Annual Review – reviews, no less frequently than annually, the adequacy of its policies and procedures and the effectiveness of their implementation; and
- Chief Compliance Officer – designates an individual (who is a supervised person) as the chief compliance officer (“CCO”) responsible for administering the compliance policies and procedures that the adviser adapts.
Despite its relative simplicity, violations of the Compliance Rule continue to persist. In the Risk Alert, the SEC noted the following typical examples of deficiencies or weaknesses in connection with the Compliance Rule:
- Compliance manuals are not reasonably tailored to the adviser’s business practices. For instance, the SEC staff noted that certain compliance programs did not take into account important individualized business practices such as particular investment strategies, types of clients, trading practices, valuation procedures and advisory fees. In addition, the SEC mentioned that examiners continue to see some advisers utilize “off-the-shelf” compliance manuals that have not been tailored to the adviser’s individual business practices. In adopting the release for the rule, the SEC identified several areas that it expects an adviser’s policies and procedures to address at a minimum; these areas included: (1) portfolio management processes including the allocation of investment opportunities among clients and consistency of portfolios with clients’ investment objectives, disclosures, and regulatory restrictions, (2) trading practices, including satisfying the duty of best execution and the use of client commissions to obtain execution, research, or other services, (3) proprietary trading of the adviser and personal trading by employees, (4) accuracy of disclosures made to investors, clients and regulators, including account statements and advertisements, (5) safeguarding of client assets from conversion or misuse, (6) accuracy of books and records, (7) marketing advisory services, including the use of solicitors, (8) valuing client holdings and assessing fees, (9) protecting the privacy of client records and information, and (10) business continuity and recovery plans.
- Annual reviews were not performed or did not address the adequacy of the adviser’s policies and procedures. The exam staff observed that some advisers did not conduct annual reviews of their compliance policies and procedures. Additionally, exam staff found advisers that conducted annual reviews but did not address the adequacy of their policies and procedures and the effectiveness of their implementation. Exam staff also observed that advisers did not address or correct problems identified in their annual reviews.
- Adviser does not follow compliance policies and procedures. Exam staff observed that certain advisers appeared to not be following their compliance policies and procedures as required by the Compliance Rule. Examples included: 1) Advisers not performing certain internal reviews of their practices required by their compliance manual and 2) Advisers not adhering to certain practices relating to marketing, expenses, or employee behavior as required by their compliance manual.
- Compliance manuals are not current. Exam staff noted that certain compliance manuals contained information or policies that are no longer current, such as investment strategies that were no longer pursued or personnel no longer associated with the adviser and stale information about the firm. In adopting the release of the rule, the SEC noted that the annual review should consider (1) any compliance matters that arose during the previous year, (2) any changes in the business activities of the adviser or its affiliates, and (3) any changes in the Advisers Act of applicable regulations that might suggest a need to update the policies and/or procedures.
Advisers are required to comply with certain obligations to make accurate and timely filings with the SEC. The Risk Alert references Form ADV filings under Rule 204-1, Form PF filings under Rule 204(b)-1, and Form D filings under Regulation D of the Securities Exchange Act of 1933 (“Securities Act”). The Risk Alert lists typical examples of deficiencies or weaknesses with respect to adviser regulatory filing obligations seen by exam staff:
- Inaccurate disclosures. Exam staff observed that certain advisers made inaccurate disclosures on Form ADV Part 1A or in Form ADV Part 2A brochures. As examples, the SEC cited instances of inaccurately reporting custody information, regulatory assets under management, disciplinary history, and types of clients and conflicts.
- Untimely amendments to Form ADVs. Exam staff observed that certain advisers did not promptly amend their Form ADVs when certain information became inaccurate or timely file their annual updating amendments.
- Incorrect and untimely Form PF filings. Exam staff observed that certain advisers with an obligation to file Form PF did not complete the filing accurately or completely.
- Incorrect and untimely Form D filings. Exam staff observed that certain advisers did not accurately complete and timely file Form D on behalf of their private fund clients.
OCIE issued a Risk Alert regarding the Custody Rule in March 2013. In the Risk Alert, they called the custody rule “one of the most critical rules under the Advisers Act.” As a general overview, the rule is “designed to protect advisory clients from the misuse or misappropriation of their funds and securities” and “unlawful activities or financial problems of the adviser.” An adviser is deemed to have custody if “it or its related person holds, directly or indirectly, client funds or securities or has any authority to obtain possession of them…”
Rule 206(4)-2 requires a registered adviser with custody of client funds or securities to take a number of steps designed to safeguard those assets. These steps include:
- Qualified Custodians. An adviser with custody must maintain client funds and securities with “qualified custodians” either under the clients’ name or under the adviser’s name as agent or trustee for its clients.
- Quarterly Account Statements. The adviser must have a reasonable basis, after due inquiry, for believing that the qualified custodian sends quarterly account statements directly to the client.
- Notification. The adviser must notify the client as to where and how the funds or securities will be maintained, promptly after opening an account for the client and following any changes to this information. If the adviser also sends its own account statements to clients, this notice and subsequent account statements from the adviser must contain a statement urging the client to compare account statements from the custodian with those statements from the adviser.
- Independent Verification / Surprise Examinations. An adviser that is deemed to have custody of client assets generally must undergo an annual surprise examination by an independent accountant to verify the client’s funds and securities.
The Risk Alert lists typical examples of deficiencies or weaknesses with respect to adviser regulatory filing obligations seen by exam staff:
- Advisers did not recognize that they may have custody due to online access to client accounts. The SEC notes that an adviser’s online access to client accounts may meet the definition of custody when such access provides the adviser with the ability to withdraw funds and securities from the client accounts. During the course of exams, staff observed that certain advisers may not have properly identified custody as a result of them having access to online accounts using clients’ personal usernames and passwords.
- Advisers with custody obtained surprise examinations that did not meet the requirements of the Custody Rule. Exam staff observed that some advisers did not provide the independent public accountants performing surprise examinations with a complete list of accounts over which the adviser has custody or otherwise provide information to accountants to permit the accountants to timely file accurate Form ADV-Es. Exam staff also noted in the Risk Alert that some surprise examinations may not have been conducted on a “surprise” basis, such as exams being conducted at the same time each year.
- Advisers did not recognize that they may have custody as a result of certain authority over client accounts. Examples included advisers or their related persons having power of attorney authorizing withdrawal of client cash or securities, serving as trustees of clients’ trusts, or serving as general partner, managing member, or a similar position to a pooled investment vehicle.
Code of Ethics Rule
The Code of Ethics Rule requires advisers to adopt and maintain a code of ethics that: subjects all supervised persons to a required standard of business conduct, requires “access persons” to make periodic reports of their personal account securities holdings and transactions as well as obtaining pre-approval for certain investments, and requires advisers to provide each supervised person with, and obtain an acknowledgment of receipt of and compliance with, the adviser’s code of ethics. In addition, advisers must provide certain disclosures related to the code of ethics in their Form ADV filing. Exam staff found the following issues:
- Access persons not identified. Examples included the failure to identify certain employees, partners, and directors, for purposes of reviewing personal securities transactions.
- Code of ethics missing required information. Examples included the failure to specify requirements pertaining to review of, and timeframes for submission of, personal account holdings and transaction reports.
- Untimely submission of transactions and holdings. Exam staff observed that certain access persons submitted personal account transactions and holdings less frequently than required.
- No description of code of ethics in Form ADVs. Exam staff observed that certain advisers did not describe their code of ethics in their Part 2A of Form ADV filings and did not indicate that their code of ethics are available to any client or prospective client upon request.
Books and Records Rule
Rule 204-2, more commonly known as the “Books and Records Rule,” requires advisers to make and maintain certain books and records relating to their investment advisory business, including accounting and other business records. Exam staff noted the following typical examples of deficiencies or weaknesses relating to the rule:
- Did not maintain all required records. Examples included not maintaining all the books and records for trading, advisory agreements, and general ledgers.
- Books and records are inaccurate or not updated. Examples included having errors and omissions in their books and records such as inaccurate fee schedules and client records or stale client lists.
- Inconsistent recordkeeping. Examples included certain advisers maintaining contradictory information in separate sets of records.
 Advisers Act Rule 206(4)-7
 As a general overview, Form ADV is the uniform form used by investment advisers to register with the SEC and state securities regulators. Form ADV provides information about the adviser and its practices. For more information, see Securities and Exchange Commission, “Form ADV,” March 11, 2011, https://www.sec.gov/fast-answers/answersformadvhtm.html (Accessed February 12, 2017).
 Form PF must be filed by all advisers that are registered or required to be registered under the Advisers Act, advise one or more “private funds” (i.e., issuers exempt from registration under the Investment Company Act of 1940 Sections 3(c)(1) or Section 3(c)(7)), and manage at least $150 million in “regulatory assets under management” attributable to private funds as of the end of the most recent fiscal year. The rationale behind the filing requirements is that the information is partly meant to assist the Financial Stability Oversight Council (“FSOC”) in assessing systemic risk in the financial markets. Supra, note 1.
 Form D filing requirements may arise when a company is relying on Regulation D under the Securities Exchange Act of 1933 to conduct an offering of securities and does not want to register such offering with the SEC. Form D is a brief notice filed electronically with the SEC that includes information about the securities offering. For more information, see Securities and Exchange Commission, “Regulation D Offerings,” October 28, 2014, https://www.sec.gov/answers/regd.htm (Accessed February 12, 2017).
 Advisers Act Rule 206(4)-2(d)(2).
 Advisers Act Rule 204A-1.
 Advisers Act Rule 204-2.
*Disclaimer: The views and opinions expressed herein are those solely of the author and do not necessarily reflect the views and opinions of any current or past employer.