On November 19, 2020, the Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert (the “Alert”) on observed deficiencies related to Rule 206(4)-7 (the “Compliance Rule”). In the Alert, OCIE cites notable deficiencies or weaknesses culled from a sample of deficiency letters following recent investment adviser exams. Compliance Rule deficiencies have been among the most common cited by OCIE and below are examples observed by the Staff that touch on several aspects of adviser compliance programs.
Examples of Deficiencies Described by OCIE
Inadequate Compliance Resources. OCIE found advisers failed to devote adequate resources, such as technology, staff and training, to their compliance program. “Part-time” CCOs wearing “multiple hats” are also cited as an example of inadequate resources. OCIE also noted insufficient compliance staffing, which prevented completion of annual reviews, proper filing and accurate Form ADVs, or timely responses to OCIE requests for required books and records. Firms that had significantly grown in size or complexity, were also found to have failed to increase their compliance resources appropriately.
Insufficient Authority of CCOs. OCIE observed that CCOs had insufficient authority granted to them by senior management of the adviser, limiting their ability to develop and enforce appropriate policies and procedures. Examples included advisers restricting their CCOs from accessing critical compliance information such as trading exception reports; limited CCO interaction with senior management; and CCOs not being consulted about matters having potential compliance implications.
Annual Review Deficiencies. OCIE found advisers were unable to demonstrate that they had actually performed an annual review required by the Compliance Rule, or whose annual reviews failed to review significant business areas and identify existing compliance or regulatory problems. OCIE also found firms claimed to have conducted an annual review, but failed to produce evidence of a written record, such as a report or other document, memorializing that one took place.
Failure to Implement Actions Required by Written Policies and Procedures. OCIE identified firms that failed to implement or perform actions required by their policies or procedures. Contrary to their policies and procedures, OCIE found advisers failed to train their employees; implement compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosures, and other requirements; review advertising materials; follow compliance checklists and other processes; and review client accounts.
Lack of Accurate and Complete Information in Policies and Procedures. OCIE cited firms that failed to maintain accurate and complete policies and procedures, or that maintained policies and procedures containing outdated or inaccurate information about the adviser. This included firms with off-the-shelf policies having unrelated or incomplete information.
Missing or Poorly Written Policies and Procedures. OCIE observed advisers not maintaining written policies or procedures, or failing to establish, implement, or appropriately tailor written policies and procedures that were designed to prevent violations of the Advisers Act. Where firms did maintain policies and procedures, deficiencies in them were found in the following areas: portfolio management, marketing, trading practices, disclosures, advisory fees and valuation, safeguards for client privacy, required books and records, safeguarding of client assets, and business continuity plans.
CCOs and compliance personnel should review their compliance program in light of the Alert, take steps to modify or enhance it accordingly, and seek to engage senior management of their firm, as necessary.