OCIE Issues Risk Alert Regarding Investment Adviser Compliance


OCIE Issues Risk Alert Regarding Investment Adviser Compliance Programs November 23, 2020 Contributor(s) David E. Wohl Posted on: Features, Funds, Insights, What's New on the Watch? The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently issued a Risk Alert that provides an overview of notable compliance issues identified by OCIE related to Rule 206(4)-7 (the Rule) under the Investment Advisers Act of 1940 (the Advisers Act).^[1] Under the Rule, an investment adviser registered with the SEC must implement written policies and procedures reasonably designed to prevent violation of the Advisers Act by the adviser and its supervised persons.^[2] The Rule also requires an adviser to review its policies and procedures at least annually to determine their adequacy and the effectiveness of their implementation and to consider any compliance matters that arose during the previous year, any changes in the business activities of the adviser and any changes in the Advisers Act or applicable regulations that require revisions to policies and procedures. Finally, the Rule requires an adviser to designate a chief compliance officer (CCO) to administer its compliance policies and procedures.^[3] Below are examples of notable deficiencies or weaknesses identified by OCIE staff in connection with the Rule: Inadequate Compliance Resources – OCIE staff observed advisers that did not devote adequate resources, such as information technology, staff and training, to their compliance programs. For example: CCOs who had numerous other professional responsibilities, either elsewhere with the adviser or with outside firms, and who did not appear to devote sufficient time to fulfilling their responsibilities as CCO. While CCOs may have multiple responsibilities, OCIE observed instances where such CCOs did not appear to have time to develop their knowledge of the Advisers Act or fulfill their responsibilities as CCO. Compliance staff that did not have sufficient resources to implement an effective compliance program. OCIE staff observed advisers that did not appear to devote sufficient resources, such as a lack of adequate training or insufficient staff, to their compliance functions. This affected the implementation of the compliance policies and procedures the adviser had adopted and compliance with fundamental regulatory requirements. Advisers that had significantly grown in size or complexity, but had not hired additional compliance staff or added adequate information technology, leading to failures in implementing or tailoring their compliance policies and procedures. Insufficient Authority of CCOs – OCIE staff observed CCOs who lacked sufficient authority within the adviser to develop and enforce appropriate policies and procedures. For example: Advisers that restricted their CCOs from accessing critical compliance information. Advisers where senior management appeared to have limited interaction with their CCOs, which led to CCOs having limited knowledge about the firm’s leadership, strategy, transactions, and business operations. Instances where CCOs were not consulted by senior management and employees of the adviser regarding matters that had potential compliance implications. Annual Review Deficiencies – OCIE staff observed advisers that were unable to demonstrate that they performed an annual review or whose annual reviews failed to identify significant existing compliance or regulatory problems. For example: Evidence of annual review. Advisers that claimed to engage in ongoing or annual compliance reviews of their policies and procedures to determine their adequacy and effectiveness of their implementation, but could not provide evidence that one occurred. Identification of risks. Advisers that claimed to have performed limited annual reviews but failed to identify or review key risk areas applicable to the adviser, such as conflicts and protection of client assets. Review of significant aspects of adviser’s business. Advisers that failed to review significant areas of their business, such as policies and procedures surrounding the oversight and review of cybersecurity and the calculation of fees and allocation of expenses. Implementing Actions Required by Written Policies and Procedures – OCIE staff observed advisers that did not implement or perform actions required by their written policies and procedures. For example, staff observed advisers that did not: Train their employees. Implement compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosure and other requirements. Review advertising materials. Follow compliance checklists and other processes, including backtesting fee calculations and testing business continuity plans. Review client accounts, e.g., to assess consistency of portfolios with clients’ investment objectives, on a periodic basis or on a schedule required in the adviser’s policies. Maintaining Accurate and Complete Information in Policies and Procedures – The staff observed advisers’ policies and procedures that contained outdated or inaccurate information about the adviser, including off-the-shelf policies that contained unrelated or incomplete information. Maintaining or Establishing Reasonably Designed Written Policies and Procedures – OCIE staff observed advisers that did not maintain written policies and procedures or that failed to establish, implement, or appropriately tailor written policies and procedures that were reasonably designed to prevent violations of the Advisers Act. For example, staff observed advisers that claimed to rely on cursory or informal processes instead of maintaining written policies and procedures. Where firms maintained written policies and procedures, OCIE staff observed deficiencies or weaknesses with establishing, implementing or appropriately tailoring their written policies and procedures in the following areas, among others: (i) monitoring compliance with client investment strategies, (ii) oversight of service providers and branch offices, (iii) compliance with regulatory and client investment restrictions and investment advisory agreements, (iv) oversight of the use and accuracy of performance advertising, (v) accuracy of Form ADV and client communications, (vi) fee billing processes, including how fees are calculated, tested, or monitored for accuracy, (vii) expense reimbursement policies and procedures, (viii) valuation of client assets, (ix) privacy and cybersecurity, (x) maintenance of required books and records, (xi) custody of client assets and (xii) business continuity plans. ********** In light of this Risk Alert, private fund advisers should review their written policies and procedures to ensure that they are tailored to the advisers’ business and adequately reviewed and implemented. In addition, advisers should ensure that their CCOs have adequate resources and authority to implement and oversee an effective compliance program. Endnotes (↵ returns to text) The Risk Alert is available here.↵ The Rule does not apply to exempt reporting advisers.↵ The SEC staff has stated that the CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. The CCO should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.↵ Contributor(s) David E. Wohl Partner +1 212 310 8933 david.wohl@weil.com Bio on Weil.com More from the Private Equity Blog Insights, Legal Developments, What's New on the Watch? Heightened Antitrust Scrutiny and its Impact on Debt Financing Costs and Commitments Dec 2023 Contributor(s) Andrew J. Colao Sachin Kohli Brianne Kucerik Jacqueline Oveissi Kelly McCubrey Christina Ramos Nick Swan Glenn West Musings, Insights, Legal Developments, What's New on the Watch? Surprise: Target Company May Not Be Entitled to Expectancy Damages Based Upon the Lost Premium for an Acquirer’s Wrongful Failure to Close a Merger Nov 2023 Contributor(s) Glenn D. West Energy, Features, Insights, Legal Developments, What's New on the Watch? Inflation Reduction Act: New Monetization Techniques Are Helpful, But May Be Limited For Partnerships with Tax-Exempt Investors Nov 2023 Contributor(s) Jonathan J. Macke Greg Williamson Ben Oklan Andrew Lawson Copyright © 2024 Weil, Gotshal & Manges LLP, All Rights Reserved. The contents of this website may contain attorney advertising under the laws of various states. Prior results do not guarantee a similar outcome. Weil, Gotshal & Manges LLP is headquartered in New York and has office locations in Boston, Brussels, Dallas, Frankfurt, Hong Kong, Houston, London, Miami, Munich, New York, Paris, Shanghai, Silicon Valley and Washington, D.C.

OCIE Issues Risk Alert Regarding Investment Adviser Compliance Programs

Contributor(s)

Posted on:

Features, Funds, Insights, What's New on the Watch?

The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently issued a Risk Alert that provides an overview of notable compliance issues identified by OCIE related to Rule 206(4)-7 (the Rule) under the Investment Advisers Act of 1940 (the Advisers Act).^[1]

Under the Rule, an investment adviser registered with the SEC must implement written policies and procedures reasonably designed to prevent violation of the Advisers Act by the adviser and its supervised persons.^[2] The Rule also requires an adviser to review its policies and procedures at least annually to determine their adequacy and the effectiveness of their implementation and to consider any compliance matters that arose during the previous year, any changes in the business activities of the adviser and any changes in the Advisers Act or applicable regulations that require revisions to policies and procedures. Finally, the Rule requires an adviser to designate a chief compliance officer (CCO) to administer its compliance policies and procedures.^[3]

Below are examples of notable deficiencies or weaknesses identified by OCIE staff in connection with the Rule:

Inadequate Compliance Resources – OCIE staff observed advisers that did not devote adequate resources, such as information technology, staff and training, to their compliance programs. For example:

CCOs who had numerous other professional responsibilities, either elsewhere with the adviser or with outside firms, and who did not appear to devote sufficient time to fulfilling their responsibilities as CCO. While CCOs may have multiple responsibilities, OCIE observed instances where such CCOs did not appear to have time to develop their knowledge of the Advisers Act or fulfill their responsibilities as CCO.

Compliance staff that did not have sufficient resources to implement an effective compliance program. OCIE staff observed advisers that did not appear to devote sufficient resources, such as a lack of adequate training or insufficient staff, to their compliance functions. This affected the implementation of the compliance policies and procedures the adviser had adopted and compliance with fundamental regulatory requirements.
Advisers that had significantly grown in size or complexity, but had not hired additional compliance staff or added adequate information technology, leading to failures in implementing or tailoring their compliance policies and procedures.

Insufficient Authority of CCOs – OCIE staff observed CCOs who lacked sufficient authority within the adviser to develop and enforce appropriate policies and procedures. For example:

Advisers that restricted their CCOs from accessing critical compliance information.

Advisers where senior management appeared to have limited interaction with their CCOs, which led to CCOs having limited knowledge about the firm’s leadership, strategy, transactions, and business operations.

Instances where CCOs were not consulted by senior management and employees of the adviser regarding matters that had potential compliance implications.

Annual Review Deficiencies – OCIE staff observed advisers that were unable to demonstrate that they performed an annual review or whose annual reviews failed to identify significant existing compliance or regulatory problems. For example:

Evidence of annual review. Advisers that claimed to engage in ongoing or annual compliance reviews of their policies and procedures to determine their adequacy and effectiveness of their implementation, but could not provide evidence that one occurred.

Identification of risks. Advisers that claimed to have performed limited annual reviews but failed to identify or review key risk areas applicable to the adviser, such as conflicts and protection of client assets.

Review of significant aspects of adviser’s business. Advisers that failed to review significant areas of their business, such as policies and procedures surrounding the oversight and review of cybersecurity and the calculation of fees and allocation of expenses.

Implementing Actions Required by Written Policies and Procedures – OCIE staff observed advisers that did not implement or perform actions required by their written policies and procedures. For example, staff observed advisers that did not:

Train their employees.

Implement compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosure and other requirements.

Review advertising materials.

Follow compliance checklists and other processes, including backtesting fee calculations and testing business continuity plans.

Review client accounts, e.g., to assess consistency of portfolios with clients’ investment objectives, on a periodic basis or on a schedule required in the adviser’s policies.

Maintaining Accurate and Complete Information in Policies and Procedures – The staff observed advisers’ policies and procedures that contained outdated or inaccurate information about the adviser, including off-the-shelf policies that contained unrelated or incomplete information.

Maintaining or Establishing Reasonably Designed Written Policies and Procedures – OCIE staff observed advisers that did not maintain written policies and procedures or that failed to establish, implement, or appropriately tailor written policies and procedures that were reasonably designed to prevent violations of the Advisers Act. For example, staff observed advisers that claimed to rely on cursory or informal processes instead of maintaining written policies and procedures.

Where firms maintained written policies and procedures, OCIE staff observed deficiencies or weaknesses with establishing, implementing or appropriately tailoring their written policies and procedures in the following areas, among others: (i) monitoring compliance with client investment strategies, (ii) oversight of service providers and branch offices, (iii) compliance with regulatory and client investment restrictions and investment advisory agreements, (iv) oversight of the use and accuracy of performance advertising, (v) accuracy of Form ADV and client communications, (vi) fee billing processes, including how fees are calculated, tested, or monitored for accuracy, (vii) expense reimbursement policies and procedures, (viii) valuation of client assets, (ix) privacy and cybersecurity, (x) maintenance of required books and records, (xi) custody of client assets and (xii) business continuity plans.

**********

In light of this Risk Alert, private fund advisers should review their written policies and procedures to ensure that they are tailored to the advisers’ business and adequately reviewed and implemented. In addition, advisers should ensure that their CCOs have adequate resources and authority to implement and oversee an effective compliance program.

Endnotes (↵ returns to text)

The Risk Alert is available here.↵
The Rule does not apply to exempt reporting advisers.↵
The SEC staff has stated that the CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. The CCO should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.↵

Contributor(s)

David E. Wohl

Partner

+1 212 310 8933

david.wohl@weil.com

Bio on Weil.com

More from the Private Equity Blog

Insights, Legal Developments, What's New on the Watch?

Heightened Antitrust Scrutiny and its Impact on Debt Financing Costs and Commitments

Contributor(s)

Andrew J.
Colao

Sachin
Kohli

Brianne
Kucerik

Jacqueline
Oveissi

Kelly
McCubrey

Christina
Ramos

Nick
Swan

Glenn West Musings, Insights, Legal Developments, What's New on the Watch?

Surprise: Target Company May Not Be Entitled to Expectancy Damages Based Upon the Lost Premium for an Acquirer’s Wrongful Failure to Close a Merger

Contributor(s)

Glenn D.
West

Energy, Features, Insights, Legal Developments, What's New on the Watch?

Inflation Reduction Act: New Monetization Techniques Are Helpful, But May Be Limited For Partnerships with Tax-Exempt Investors

Contributor(s)

Jonathan J.
Macke

Greg
Williamson

Ben
Oklan

Andrew
Lawson

Copyright © 2024 Weil, Gotshal & Manges LLP, All Rights Reserved. The contents of this website may contain attorney advertising under the laws of various states. Prior results do not guarantee a similar outcome. Weil, Gotshal & Manges LLP is headquartered in New York and has office locations in Boston, Brussels, Dallas, Frankfurt, Hong Kong, Houston, London, Miami, Munich, New York, Paris, Shanghai, Silicon Valley and Washington, D.C.

Global

Private Equity

Watch

Posted on:

Contributor(s)

More from the Private Equity Blog

The Blog

Features

Watch Your Inbox!

Editors