Episode 78: Compliance Program Requirements for Registered Investment Companies

On episode 78 of the CCO Buzz, our Senior Compliance Consultant discusses Rule 38a-1 under the Investment Company Act of 1940 and the requirements within compliance programs for Registered Investment Companies.


CCO Buzz: Hello and welcome back to the CCO Buzz. We are back from our brief summer break ready to keep those episodes rolling. To kick things off, we have our Senior Compliance Consultant. He’s here to discuss Rule 38a-1 under the Investment Company Act of 1940 and the requirements within compliance programs for Registered Investment Companies, otherwise known as, RICs.

If you did or didn’t know, this rule requires all registered investment companies to adopt and implement a compliance program that is based on an understanding of the requirements outlined under federal and state securities law. With that, let’s begin!

Within the rule there are various requirements that these compliance programs must have. Can you share what those are?

Sr. Compliance Consultant: Of course. I can think of a few off the top of my head such as…

  • The firm’s written policies and procedures must be customized to the business activities of the RIC and should be reasonably designed to prevent violations of applicable securities Laws. These procedures must include oversight protocols and a framework for compliance by each service provider to the RIC.
  • The policies and procedures must also be approved by the RIC’s board of trustees, along with those of each service provider. These approvals are based on a finding by the Board that the policies and procedures are reasonably designed to prevent violation of applicable securities laws.
  • The policies and procedures must also be reviewed no less frequently than annually and the review must address the adequacy of the RICs policies and procedures and those of each service provider. This review must also include a determination of the effectiveness of their implementation and must culminate in a written report that is provided to the Board.
  • And lastly, the RIC must also designate a Chief Compliance Officer who is responsible for administering the RIC’s compliance program. This CCO must be approved by the RIC’s Board and can only be removed, as well, by the RIC’s Board

CCO Buzz: Wow, they sure did load a lot into the rule. But in relation, back in November 2019, the SEC’s Office of Inspections and Examinations (“OCIE”) issued a Risk Alert on the Top Compliance Topics Observed in Examinations of Investment Companies. Are there some observations and considerations firms should also be aware of from the risk alert?

Sr. Compliance Consultant: Yes, there are. Some of these observations include:

  • Compliance programs that did not consider the nature of the RICs’ business activities;
  • Policies and procedures that were not followed or enforced;
  • Inadequate service provider oversight;
  • Annual reviews that were not performed or did not address the adequacy of the RICs’ policies and procedures;
  • Reasonably necessary information not requested or considered by the Board;
  • Failure to implement a code of ethics; and
  • Failure to follow or enforce the code of ethics.

CCO Buzz: So, understanding all these considerations, what steps would you recommend that RIC’s CCOs take to design and enhance their own compliance programs?

Sr. Compliance Consultant: When trying to design or enhance one’s compliance program, CCOs should do the following:

  • They should review the SEC Risk Alerts to remain aware of areas of regulatory concern and ensure that all possible deficiencies are addressed.
  • Audit the RIC’s books and records to confirm that all required records are being retained and are complete and accurate.
  • Review all regulatory filings to confirm they up to date.
  • Review offering documents, including marketing materials, websites, and social media of the RIC and its Service Providers, to confirm that all information appears accurate and appropriate disclosures are included.
  • Perform and document annual risk assessments to ensure all associated [risks] have been properly identified, addressed, and disclosed (when necessary).
  • Review all reporting provided to the Board and confirm that all copies of written materials the Board considered in approving advisory contracts have been retained.
  • Confirm that the RIC Service Providers have their own robust compliance programs and make sure that any gaps have been identified and remediated and should be included in any reports to the RICs Board.
  • And finally, have a mock regulatory audit performed by an independent consultant or law firm.

But that really only scratches the surface. There is always more to consider dependent on the RIC’s size and their business model.

CCO Buzz: Well that’s a great starting off point you’ve provided. Understanding that it is a lot to take on, some firms may consider utilizing or enhancing their compliance program with technology and software. For RICs and their service providers that are either already or planning to utilize technology in their compliance programs; how have you seen computer and compliance technology used effectively?

Sr. Compliance Consultant: That’s a great question. I actually touch on this in Core Compliance’s latest Risk Management Update, which goes into further detail, (click here for the Risk Management Update), but firms and their service partners can, and they should, utilize compliance technology by…

  • Design[ing] your platform to monitor and facilitate the Code of Ethics, including personal trading, gifts and entertainment and political contribution reporting, and compliance requirements.
  • Building out a comprehensive compliance calendar, as well as triggers for deliverables that can also be set-up and automated.
  • Creating workflows and automation for the distribution of compliance manuals and attestations.
  • And, establishing efficient inter-departmental communication among senior management reporting to RIC Boards, which should enhance the Board’s oversight.

Understanding that each firm’s goals, objectives and success models are different will differentiate how a RIC would enhance use of compliance technology. The team at Core Compliance is always ready to discuss with RICs and their CCOs the best route and enhancements for their organization.

CCO Buzz: Wow, this has been a great episode to start back-up with the CCO Buzz. Before we sign-off is there anything else you’d like to add for the listeners to consider?

Sr. Compliance Consultant: Yes, it would be that being prepared is key to having a sound compliance program. It’s imperative that RIC senior management, board members, and compliance personnel remain continuously aware of regulatory requirements and changes to regulations in order to make appropriate updates when necessary. And the use of compliance technology may be integral to your program to ensure a strong and robust compliance program.

CCO Buzz: Well, thank you again for joining us today. It was a pleasure having you.

Well that’s it for this week’s episode. If you’d like additional information, please check out our website at www.corecls.com. You can also follow us on Facebook, LinkedIn, or Twitter @CoreCls. Thank you, and we hope you tune-in to next week’s episode of the CCO Buzz.


Leave a Reply

Your email address will not be published. Required fields are marked *