OCIE Observations: Investment Adviser Compliance Programs
Notable Compliance Issues Identified by OCIE
OCIE has issued a Risk Alert1 that provides an overview of notable compliance issues identified during recent adviser examinations related to Rule 206(4)-7 (the “Compliance Rule”) under the Investment Advisers Act of 1940. Deficiencies related to the Compliance Rule have been among the most common cited by OCIE.
Under Rule 206(4)-7 of the Investment Advisers Act of 1940 (“Advisers Act”), SEC registered investment advisers (“Advisers”) are required to have in place the following:
Written compliance policies and procedures that are “reasonably” designed to prevent violations of the Advisers Act.
Designation of a knowledgeable and competent Chief Compliance Officer (“CCO”) with the authority to administer and enforce the compliance policies and procedures.
Annual reviews of the compliance policies and procedures to ensure the effectiveness of its implementation (collectively the “Compliance Program”).
Compliance Rule Deficiencies and Weaknesses Identified by OCIE
OCIE observed advisers with inadequate resources including staff, information technology and training to support their compliance programs. OCIE also observed the following:
Instances where the CCOs had insufficient authority to develop and enforce the appropriate compliance policies and procedures.
Advisers unable to demonstrate that they had performed an annual review, or whose annual reviews failed to identify significant existing compliance or regulatory problems.
Weaknesses regarding policies and procedures, including failure of the advisers to implement or perform actions required by their written policies and procedures.
Failure to maintain accurate and complete information in the policies and procedures and to maintain or establish reasonably designed written policies and procedures.
Inadequate Compliance Resources
Compliance staff were found to be without sufficient resources including people, compliance training or technology to implement an effective compliance program.
Advisers experiencing significant growth in size or complexity did not hire sufficient compliance staff or neglected to increase their use of information technology resulting in failures in implementing policies and procedures.
Insufficient Authority of CCOs
CCOs were restricted from accessing critical compliance information, such as trading exception reports and investment advisory agreements with key clients.
Senior management had insufficient interaction with their CCOs, resulting in the CCOs having limited knowledge of the firm’s business activities, transactions, and business operations.
CCOs had not been consulted by senior management or the employees of the firm regarding matters that had potential compliance implications.
Annual Review Deficiencies
Advisers were unable to demonstrate that they had performed an annual review.
Advisers performing limited reviews failed to identify risks, or review key risk areas applicable to the adviser.
Significant aspects of the adviser’s business, such as policies and procedures surrounding the oversight and review of cybersecurity, the calculation of fees and allocation of expenses, and recommended third-party managers were not reviewed.
Weaknesses were identified in the implementation or performing of the actions required by the written policies and procedures.
Some CCOs with multiple professional responsibilities did not appear to be devoting sufficient time to fulfilling their responsibilities as CCOs.
Policies and procedures were found to be outdated, inaccurate, and not customized (off-the-shelf) to the business activities and operations of the adviser.
Advisers had failed to establish, implement or appropriately tailor written policies and procedures that were reasonable designed to prevent violations of the Advisers Act.
OCIE examinations of registered investment advisers have identified notable areas of weakness related to the Compliance Rule. Advisers should review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are tailored to the advisers’ business and are adequately reviewed and implemented. Although the Compliance Rule requires only annual reviews, advisers should consider the need for interim reviews in response to significant compliance events, changes in business arrangements and regulatory developments. Finally, the Compliance rule requires each adviser to designate a CCO to administer its compliance polices and procedures. The CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. The CCO should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.
What sets Alaric Compliance apart?
As an industry leader with nearly 275 years of cumulative financial services compliance experience, we have the expertise to help you.
Alaric’s team members have managed over 100 regulatory examinations as Chief Compliance Officers. We have also conducted hundreds of mock SEC audits, focused reviews, and other compliance-related consulting projects. Leveraging this experience, we are in the unique position of both understanding the current regulatory trends and hot topics and having the practical, hands on experience that enables us to offer our clients an approach to regulatory compliance programs that is founded on a deep knowledge and every-day application of industry best practices.
Contact us for an appointment to learn more about how we can help you with your compliance needs, 1-888-243-2448, firstname.lastname@example.org, or visit our website, www.alariccompliance.com.
1 OCIE Observations: Investment Adviser Compliance Programs, November 19, 2020.