The areas highlighted in the Risk Alert dated February 7, 2017, include: (1) Rule 206(4)-7 (the “Compliance Rule”) under the Investment Advisers Act of 1940 (the “Advisers Act”); (2) required regulatory filings; (3) Rule 206(4)-2 under the Advisers Act (the “Custody Rule”); (4) Rule 204A-1 under the Advisers Act (the “Code of Ethics”); and (5) Rule 204-2 under the Advisers Act (the “Books and Records Rule”).
The Compliance Rule, a broad and somewhat all-encompassing regulation, generally requires investment advisers to ensure that they adopt, implement and review, on an annual basis, written policies and procedures designed to prevent violations of the Advisers Act and other SEC regulations. The specific deficiencies identified by the OCIE Staff appeared to be generally indicative of advisers using “off-the-shelf” compliance manuals or compliance manuals that have otherwise not been properly tailored to an adviser’s individual business practices. In particular, the deficiencies included: (i) not taking into account important individualized business practices such as the adviser’s particular investment strategies, types of clients, trading practices, valuation procedures and advisory fees; (ii) not addressing or correcting problems identified in annual reviews; and (iii) not following the adviser’s compliance policies and procedures and/or not updating them.
Another area of major deficiencies involved advisers’ failure to accurately complete and timely file certain required regulatory filings. The SEC highlighted: (i) inaccurate disclosures on Form ADV, including with respect to reporting custody information, regulatory assets under management, disciplinary history, types of clients and conflicts; (ii) a failure to promptly amend advisers’ Form ADVs when certain information became inaccurate or timely file the annual updating amendments; and (iii) a failure to complete Forms PF and D filings on behalf of the adviser’s private fund clients.
The Custody Rule was highlighted by the SEC as the third area of identified deficiencies. The SEC observed that certain advisers did not recognize that they may have custody due to: (i) online access to client accounts (particularly, where they had the ability to withdraw funds and securities from client accounts including through clients’ personal usernames and passwords); (ii) powers of attorney authorizing them to withdraw client cash and securities; or (iii) advisers serving as trustees of clients’ trusts or general partners of client private investment vehicles. Other custody-related deficiencies included adviser’s failure to provide independent public accountants that perform surprise examinations, with a complete list of accounts over which the adviser had custody and indications suggesting that surprise examinations may not have been conducted on a “surprise” basis (e.g., exams were conducted at the same time each year).
The fourth identified area included deficiencies in advisers’ Codes of Ethics. These deficiencies included failures to: (i) list all of the adviser’s access persons (e.g., certain employees, partners or directors) for purposes of reviewing personal securities transactions; (ii) describe the Code of Ethics in the advisers’ Form ADV; (iii) specify review of the holdings and transactions reports; (iv) identify the specific submission timeframes, as required by the Code of Ethics Rule; or (v) submit the reports on time.
Finally, the SEC cited compliance with the Books and Records Rule as an area of concern. The deficiencies in this area included: (i) not maintaining all the required books and records, such as trade records, advisory agreements and general ledgers; (ii) errors and omissions in books and records, such as inaccurate fee schedules and client records or stale client lists; and (iii) inconsistent recordkeeping.
The SEC notes that the examinations within the scope of this review resulted in a range of actions from remedial measures (such as requiring advisers to enhance their written compliance procedures, policies or processes; change their business practices; or devote more resources or attention to the area of compliance) to, in some cases, referrals to the Division of Enforcement for further action. Overall, however, it appears that the identified deficiencies (also occasionally referred to by the SEC as “weaknesses”) were generally of a technical nature, with many of them potentially correctable through annual or other updates to Form ADV, and compliance and operating policies and procedures, as well through annual compliance reviews and similar steps.
The Risk Alert, by highlighting deficiencies in prior SEC examinations, not only provides advisers with helpful reminders, but also creates an expectation that advisers will address any applicable deficiencies in the future. Accordingly, advisers should consider reviewing their Form ADV, compliance practices, policies and procedures, and Codes of Ethics to determine if the deficiencies identified in the Alert might be applicable to them. This review can be undertaken as a part of an annual review, but can also be done at any time in between the annual reviews to demonstrate to the SEC that an adviser has considered the Alert and how it applies to the adviser’s business, and made relevant improvements.