The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert listing the five most frequent compliance topics identified on investment adviser examinations completed within the past two years (the “Risk Alert”). The five compliance topics include deficiencies or weaknesses under the Investment Advisers Act of 1940, as amended (the “Advisers Act”) and violations relating to: (1) the Compliance Rule (Rule 206(4)-7); (2) required regulatory filings; (3) the Custody Rule (Rule 206(4)-2); (4) the Code of Ethics Rule (Rule 204A-1); and (5) the required Books and Records Rule (Rule 204-2).
It comes as no surprise that the issues identified in OCIE’s Risk Alert overlap with those violations successfully pursued by the SEC in 2016 and that remain in the SEC’s crosshairs for 2017. In fact, fiscal year 2016 saw a record number of SEC enforcement actions involving investment advisers or investment companies (160 in total) and the most ever standalone cases involving investment advisers or investment companies (98 in total).1 Among the range of common violations pursued by the SEC in 2016 were allegations concerning advisers’ failures to comply with the custody requirement over client assets, failures to establish and enforce policies and procedures designed to detect compliance violations, and failures to properly maintain books and records. Against this backdrop, OCIE announced last month its 2017 Examination Priorities to aid advisers in evaluating their own compliance programs in the identified areas of priority and make necessary changes and enhancements. The 2017 Examination Priorities demonstrate the SEC’s continuing focus on a wide range of issues from traditional areas such as market-wide risks to new forms of technology, such as automated investment advice.
In its February 7 Risk Alert, OCIE also encouraged advisers to review their compliance programs and practices in light of the topics previously noted in the 2017 Examination Priorities. As part of their review, advisers should consider the following examples of typical deficiencies and weaknesses emphasized by OCIE in these publications and that remain a frequent problem:
- Compliance Rule Violations: Typical examples of Compliance Rule deficiencies identified by the staff include failing to tailor compliance manuals to individualized business practices—an issue previously identified in a November 9, 2015 OCIE risk alert. Similarly, the staff noted that certain manuals were no longer current, containing out-of-date information about the firm that had become obsolete. The staff also found that certain advisers did not review their compliance policies and procedures on an annual basis. Those registrants that did complete an annual review did not fully consider the adequacy or effectiveness of those policies and procedures. Notwithstanding these shortcomings, the staff also found that many advisers were simply not following their policies and procedures—even if they were current and would have otherwise been operating effectively.
- Regulatory Filings Violations: The staff highlighted a series of deficiencies regarding advisers’ obligation to accurately complete and timely submit their regulatory filings, including inaccurate Form ADV disclosures, untimely Form ADV amendments, incomplete Form PF filings, and incorrect Form D filings.
- Custody Rule Violations: As initially discussed in a March 4, 2013 risk alert, compliance with the Custody Rule remains a common issue. The staff observed violations of the Custody Rule stemming from situations in which advisers did not recognize that their online access to client accounts—including the ability to withdraw funds and securities—fell within the definition of custody. Correspondingly, certain advisers did not provide independent CPAs performing “surprise” examinations with complete lists of accounts over which the advisers had custody. Similar deficiencies included the advisers’ failure to procure their accountants with the information necessary to timely file correct Form ADV-Es. Other instances suggested that surprise examinations were being conducted at the same time each year, eliminating any element of surprise and defeating the purpose of the examination altogether.
- Code of Ethics Rule Violations: Representative violations of the Code of Ethics Rule centered on the advisers’ failure to satisfactorily provide information about the advisers’ codes of ethics. Among other things, the staff observed that advisers failed to comprehensively identify their “access persons,” neglected to timely disclose information pertaining to holdings and transactions reports, and failed to properly describe their codes of ethics in Form ADV filings.
- Required Books and Records Rule Violations: Finally, the staff emphasized a series of common books and records violations, including the failure to maintain all required books and records, inaccurate or incomplete books and records, and inconsistent recordkeeping resulting in contradictory information held in separate sets of records.
The examinations reviewed by OCIE containing these common violations resulted in a range of outcomes, the most severe being referrals to the SEC’s Division of Enforcement for further investigation. With these five key topics in mind—and in light of the SEC’s continued focus in these areas—we recommend that advisers review their compliance programs and practices to ensure that any existing and potential deficiencies are detected, and that proper remedial actions are taken. Our attorneys are available to assist with facilitating compliance reviews and implementing client-specific updates to their compliance programs. Please contact us for further information.