It’s the time of year again where Chief Compliance Officers start thinking about the compliance tasks that need to be completed by year-end, and there’s a lot to think about this year. Importantly, 2022 carries compliance deadlines for two major regulations affecting investment advisers that were adopted in 2020. The first one is the ERISA PTE 2020-02 exemption that contains requirements that must be followed by certain qualifying investment advisers when making recommendations to retirement investors, and had tiered compliance dates of January 31, 2022, and July 1, 2022. The second regulation is the revisions to Rule 206(4)-1 of the Investment Advisers Act of 1940 (referred to herein as the new “Marketing Rule”), applicable to federally registered advisers, which has a compliance date of November 4, 2022.
In addition, during the first half of 2022, the Securities and Exchange Commission (“SEC”) proposed some new regulations that apply to investment advisers. The areas addressed in the proposed rules include, cybersecurity risk management programs, regulatory reporting by private funds, disclosures pertaining to ESG investing, and enhanced regulation of private fund advisers,
The SEC also issued a Staff Bulletin in August 2022 that discusses standards of conduct for investment advisers and broker-dealers regarding conflicts of interest. The bulletin is set up in the form of Q&As and covers: (i) identifying conflicts of interest, (ii) eliminating conflicts of interest, (iii) mitigating conflicts of interest, (iv) addressing conflicts of interest through product menus, and (v) disclosing conflicts of interest.
To assist Chief Compliance Officers with ensuring that all required compliance tasks get completed, we are providing a detailed compliance checklist, along with compliance steps to consider.
- Determine whether your policies and procedures properly address the areas outlined above that are applicable to the firm’s business practices.
- Compliance Steps: Also consider other high-risk areas outlined in SEC Risk Alerts and their exam priorities list that have been issued since beginning of the year.
- Ensure completion of implementation of the SEC’s new Marketing Rule, which carries a compliance date of November 4, 2022.
- Compliance Steps: In addition to revising advertising and marketing policies and procedures, be sure to review and update policies and procedures that address solicitors, books and records, gifts and entertainment, and social media. Also have legal counsel review any solicitor’s agreement(s) to determine whether revisions are needed.
- Confirm that all marketing and advertising materials, including websites and social media sites, comply with the new Marketing Rule, contain all required and necessary disclosures, have been reviewed by compliance, and are retained as part of the firm’s required books and records.
- Compliance Steps: Consider having a review performed by compliance consulting firm or legal counsel to ensure compliance. Also ensure that new required books and records, such as backup documentation are being maintained.
- Complete a risk assessment and conflicts inventory to confirm all risks and conflicts have been adequately identified, addressed, and disclosed.
- Compliance Steps: Each identified risk and conflict should be mapped to applicable policies and procedures that are designed to mitigate or eliminate the risk/conflict. Also, review Form ADV and standard investment advisory agreement to make sure all material risks and conflicts are being disclosed.
- Review all maintenance and safeguarding controls for required books and records, including client, corporate and financial records, as well as consideration for the revised performance advertising books and records requirements.
- Compliance Steps: Perform and document a review of your firm’s required books and records and ensure that employees understand what they are responsible to maintain and for how long.
- Perform an assessment of the risks surrounding your cybersecurity policies, procedures, and prevention controls to determine adequacy and effectiveness.
- Compliance Steps: Make sure the firm’s incident response plan is customized, comprehensive, and outlines roles and responsibilities, preventative measures, and response priorities. Also, confirm that vulnerability assessments and penetration testing are performed before year-end.
- Review your Compliance Calendar to make sure all compliance steps outlined in your firm’s policies and procedures have been/will be performed.
- Compliance Steps: Consider implementing compliance technology software to prioritize, track, and document all compliance tasks. Also start preparing your 2023 compliance calendar.
- Audit the firm’s billing process during 3rd quarter billing to ensure advisory fees are calculated correctly and are in line with client agreement and disclosures.
- Review the IARD Renewal Calendarand schedule all applicable deadlines to ensure timely filings and renewal payments.
- Compliance Steps: Review current investment adviser representative registrations to determine if any post-dated U-5 filings should be made to remove state registrations. Post-dated forms filings can be made beginning October 17th.
- Perform business continuity plan testing, which addresses both localized business disruptions and widespread business disruptions.
- Compliance Steps: The testing should be fully documented and any necessary updates to the plan be implemented by year-end. Also, as part of the testing, you should confirm that due diligence has been performed on key service providers regarding testing of their business continuity plans.
- Pull the IARD Preliminary Renewal Statement on or after November 7thand pay the annual required filing fees within the required deadline.
- Compliance Steps: This year’s deadline for payment is December 12, 2022. Payment instructions can be found at https://iard.com/accounting#Renewal_Account. Be sure to deposit the full amount reflected on the statement. Reconciliation is performed by FINRA at the end of the year and any credits will be reflected on the Final Renewal Statement posted in January 2023.
- Look at current registration forms and client disclosure documents (,Form BD, Form N1-A, Form ADV, client agreements, prospectus and statement of additional information, and private placement memorandums) to ensure they are current and contain required and applicable disclosures.
- Compliance Steps: Read the SEC-issued instructions for the applicable documentation to ensure you are including all required information. Also, consider recent SEC enforcement actions to better understand the types of disclosures the SEC requires.
- Ensure that all registered personnel have reviewed their current Form U-4 and Form ADV Part 2Bs, as applicable, and confirmed the information within is correct and up to date.
- Compliance Steps: Have each representative provide a written certification that disclosures are accurate and there are no (or no new) disciplinary or legal issues to disclose.
- Confirm that all applicable required federal and/or state filings are made. Examples include Form 13F, Form 13H (Large Trader), Schedule 13D/G, Form PF, and Form D (private funds), NFA filings, state net capital filings, state registrations and/or notice filings for firm and representatives, and state blue sky filings.
- Compliance Steps: Use an automated system to program and track all filing deadlines and investigate third-party outsourcing solutions to assist with the filings.
- Ensure that an annual surprise custody audit is performed, when applicable, by a third-party accounting firm and the Form ADV-E has been filed with the SEC via the firm’s IARD account.
- Compliance Steps: Perform an internal audit to confirm all clients’ assets where the firm has custody (other than just the ability to debit fees) have been identified and are included in the audit. Also, if any clients have Standing Letters of Authorization (“SLOAs”) in place with custodians to allow the firm to transfer client assets to a third-party, be sure that they are either identified and included in the surprise audit, or the firm has controls in place for ensuring adherence of the SEC’s No Action Letter issued to the Investment Adviser Association in 2017.
- Make sure all recommendations from your last annual review have been/are being addressed and the annual review for 2022 is or will be completed by year-end.
- Compliance Steps:Analyze your current annual review process to help ensure it remains appropriately designed to determine whether the firm’s compliance program is adequate to prevent violations of applicable federal and state regulations. Also, confirm that any prior regulatory exam deficiencies have been addressed.
- Confirm that due diligence reviews have been performed on your firm’s service providers.
- Compliance Steps: Utilize compliance technology to maintain your due diligence calendar, monitor reviews, and maintain supporting documentation.
- Confirm the annual audit of affiliated private fund financials is scheduled and/or completed and internal controls are in place to ensure timely mailing of the audited financial statements to investors within the required period.
- Compliance Steps: Coordinate with each fund’s third-party service providers and employees to allow enough time to prepare for and facilitate the audit.
- Have legal counsel review standard client agreement(s) for required and necessary provisions and consistency with disclosures in Form ADV.
- Compliance Steps: Have the agreement(s) reviewed by legal counsel that is experienced with federal and state securities laws and ensure you discuss any new or contemplated business changes.
- Provide training to firm personnel that covers the firm’s compliance policies and procedures, cybersecurity, business continuity, identity theft, and privacy safeguards.
- Compliance Steps: Training can be delivered in several ways throughout each year, including through compliance emails (i.e., friendly reminders of compliance requirements), live or recorded webinars hosted by legal or compliance consultation firms, in-person compliance meetings, and third-party educational videos.
With each passing year, the number of SEC enforcement cases for compliance violations continue to grow, along with the penalty amounts. To give a bit of perspective, in 2021 the SEC levied penalties totaling in aggregate approximately $1.4 billion. In September 2022, the SEC charged 16 financial firms with books and records retention violations that carried aggregate penalties of over $1.1 billion. The moral of this story is that while administering a robust compliance program may seem expensive, the ultimate cost of not having one is much, much worse.
The Core Compliance consulting team can assist with year-end compliance planning and implementation of required steps. We also offer compliance technology solutions, which are crucial for ensuring adherence to the voluminous amount of regulations that are applicable to investment advisers. For more information, please contact us at firstname.lastname@example.org, at (619) 278- 0020 or visit us at www.corecls.com.
Author: Tina Mitchell, Managing Director, Consultation Services; Editor: Janice Powell, Sr. Compliance Consultant, Core Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, and private fund managers on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer and/or tax professional.
 The list provided is not inclusive of all compliance areas that CCOs should be considering and is provided as guidance only.