The annual review is one of the three (3) pillars of Rule 206(4)-7 (“the Compliance Rule”) of the Investment Advisers Act of 1940 (“the Advisers Act”).
The rule requires SEC-registered investment advisers (“RIAs”) to annually review “the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation.”[i]
Annual reviews have been cited by the Office of Compliance Inspections & Examinations (“OCIE”) as one of the top five (5) “most frequent compliance topics” during SEC exams.
Among their observations, OCIE has found that RIAs have failed to perform annual reviews outright; sufficiently reviewed and tested the adequacy of their policies and procedures (“P&Ps”); and, failed to implement changes or make updates to their P&Ps based on their annual reviews. [ii]
In fact, the SEC has brought enforcement actions against RIAs that failed to conduct annual reviews, including cease-and-desist orders, censure, and civil-monetary penalties, such as the case of Hudson Housing Capital, LLC, wherein the adviser failed to both implement and review their P&Ps as required by the Compliance Rule.[iii]
In consideration of the importance of the Compliance Rule’s requirement for conducting an annual review of your P&Ps, we believe RIAs should evaluate their Books and records when conducting their annual reviews.
Books and Records
Your books and records are one of the most important aspects of your business and must be considered a foundational component of your annual review. They are essential not only for testing other areas of your compliance program, but also must be reviewed in and of themselves given the specific requirements for maintaining books and records under the Advisers’ Act.
Under Rule 204-2, RIAs are expected to maintain certain books and records that are deemed essential to the business of the RIA. Those books and records need to be maintained for a minimum of five years and for at least two of those years, the RIA is required to maintain books onsite in an “appropriate” office
When reviewing your books and records during your annual review it is important to review certain aspects of your books and records including (1) the location of your books and records, (2) how the books and records are maintained, (3) the controls in place to protect the integrity of the books and records, and (4) who is responsible for maintenance of the books and records.
Lastly, it is just as important to review the destruction P&Ps for your books and records as it is to review their preservation. While SEC RIAs are required to ensure that their books and records are maintained in such a way as to preserve and protect them, RIAs also need to consider the manner in which books and records are destroyed so as to protect the records from inadvertent access by an unauthorized person.
As you can see there are several areas of your RIA’s compliance program that need to be taken into consideration when conducting an annual review.
While the task of testing all of the different areas of your firm, analyzing your results, and recording findings and recommendations based on your review might seem difficult, it is not insurmountable. Good planning, working with stakeholders and key employees, and employing a strategic approach to testing your P&Ps will allow you to approach your annual review with confidence.
Core Compliance can help your business with your annual reviews, including providing guidance on how to conduct an annual review, assisting with testing different areas of your compliance program, or conducting the annual review in its entirety on behalf of your firm.
Our team will use our extensive experience to assist you with your annual review in order to ensure the successful fulfillment of your annual review obligation under the Compliance Rule.
[ii] Office of Compliance Inspections and Examinations. “Risk Alert: The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers.” SEC.Gov, U.S. Securities and Exchange Commission, 7 Feb. 2017, www.sec.gov/ocie/Article/risk-alert-5-most-frequent-ia-compliance-topics.pdf.