Investment Adviser | Risk Management Updates (RMU) | Securities and Exchange Commission (SEC)

2023 Investment Adviser Compliance Checklist in Preparation for Year-End and Beyond

October 20, 2023 by

In October, The U.S. Securities and Exchange Commission (“SEC”) issued their 2024 exam priorities list,[1] which is only the second time in 10 years that they have released the list prior to year-end. Prior release dates have usually been in the first quarter of each calendar year.  However, the SEC opined in the release that they are aligning the publication with the beginning of their fiscal year “with the hope that it will better inform investors and registrants of the key risks, trends, and examination topics that we plan to focus on in the upcoming year.”

The SEC continues to focus on an adviser’s duty of care and loyalty[2], which includes a review of: (i) investment advice provided and processes for determining such advice is in a client’s best interest, (ii) economic incentives received by the firm and its financial professionals, and (iii) disclosures provided to clients and investors.  They are also examining a firm’s compliance policies and procedures to ensure they address all applicable required areas, including those outlined in the adopting release of Rule 206(4)-7 of the Investment Advisers Act of 1940 (as amended), along with assessing whether they are “sufficient to support compliance with advisers’ fiduciary obligations.”.

According to the SEC, private fund advisers continue to be a “signification portion” of SEC registered advisers, so there are additional specific areas of focus for these advisers, which include: (i) portfolio management risks due to recent market volatility and higher interest rates, (ii) adhering to requirements under limited partnership agreements, (iii) accurately allocating and calculating private fund fees and expenses, (iv) due diligence practices, (v) disclosure and controls regarding conflicts of interest when managing side by side with registered investment companies, (vi) use of affiliated service providers, (vii) compliance with custody rule requirements, and (viii) Form PF reporting.

Outlined below is an extensive checklist that is geared to help Chief Compliance Officers and senior management ensure that their firm has a strong compliance program in place and all required compliance tasks are completed.

 

Compliance Checklist[3]

Early Q4- Focus on Assessing and Strengthening Your Compliance Program

  • Complete a risk assessment and conflicts inventory to confirm that all material risks and conflicts have been adequately identified, addressed, and disclosed.
    • Compliance Steps: It’s important to map each risk and conflict to applicable policies and procedures to ensure appropriate elimination or mitigation steps are being taken. Also review Form ADV and standard investment advisory agreements to make sure all material risks and conflicts are being disclosed.
  • Ensure that your annual review is performed and documented[4] as required under Rule 206(4)-7 of the Investment Advisers Act of 1940 (“Advisers Act”).
    • Compliance Steps: Confirm compliance testing protocols are working properly and set up to detect both gaps in processes and trends and patterns that show potential systemic risk. Also make sure all recommendations from your prior annual review have been addressed.
  • Perform and document a detailed review of your firm’s required books and records.
    • Compliance Steps: Review maintenance controls for required books and records, including how business communications made through any “off-channel” programs such Microsoft Teams, Zoom Chat, WhatsApp, and Skype are being retained. Also provide training to employees to ensure they understand what books and records they are responsible for maintaining and for how long, along with the firm’s requirements for disposing of any required books and records.
  • Perform an assessment of your cybersecurity and privacy policies, procedures, and safeguarding controls to determine adequacy and effectiveness and ensure risk areas have been addressed.
    • Compliance Steps: Make sure the firm’s incident response plan is customized, comprehensive, and outlines roles and responsibilities, preventative measures, and response priorities. Also, confirm that vulnerability assessments and penetration testing are performed before year-end. Lastly, ensure testing is being performed to detect any compliance gaps applicable to employees working remotely.
  • Look at current registration forms and client disclosure documents (g.,Form ADV, Form CRS, client agreements, prospectus and statement of additional information, and private placement memorandums) to ensure they are current and contain required and applicable disclosures.
    • Compliance Steps: Review the SEC-issued instructions for the applicable documents to ensure you include all required information. Also, consider recent SEC enforcement actions to better understand the types of disclosures the SEC requires.
  • Perform business continuity plan testing, which addresses both localized business disruptions and widespread business disruptions.
    • Compliance Steps:All testing should be documented and any necessary updates to the plan should be implemented by year-end.
  • Confirm that due diligence reviews are performed on your firm’s key service providers.
    • Compliance Steps: Utilize compliance technology to maintain your due diligence calendar, monitor reviews, and maintain supporting documentation. Be sure important areas were reviewed, including cybersecurity, privacy, and business continuity.
  • Ensure that the required annual retrospective review required under ERISA PTE 2020-02 is completed and an executed certification from a senior manager obtained.
    • Compliance Steps: Review the documentation that is provided to clients when recommending a rollover to determine whether it is efficient in showing the rollover is in the client’s best interest. Confirm investment adviser representatives understand all requirements.
  • Perform an annual assessment of the firm’s identity theft program, as required under Regulation S-ID.
    • Compliance Steps: Review the SEC Risk Alert issued in December 2022.[5] Also consider providing clients (especially seniors) with materials on how to protect against identity theft.
  • Ensure that an annual surprise custody audit is performed, when applicable, by a third-party accounting firm and the Form ADV-E is filed with the SEC via the firm’s IARD account within the required deadline.
    • Compliance Steps: Perform an internal audit to confirm all clients’ assets where the firm has custody (other than just the ability to debit fees) have been identified and are included in the audit. Also, if any clients have Standing Letters of Authorization (“SLOAs”) in place with custodians to allow the firm to transfer client assets to a third-party, be sure that they are either identified and included in the surprise audit, or the firm has controls in place for ensuring adherence of the SEC’s No Action Letter issued to the Investment Adviser Association in 2017.[6]
  • Confirm an annual audit of affiliated private fund(s) financials is scheduled and/or completed and internal controls are in place to ensure timely mailing of the audited financial statements to investors within the required period.
    • Compliance Steps: Coordinate with each fund’s third-party service providers and employees to allow enough time to prepare for and facilitate the audit.
  • Review the IARD Renewal Calendar[7]and schedule all applicable deadlines to ensure timely filings and renewal payments.
    • Compliance Steps:Review current investment adviser representative registrations to determine if any post-dated U-5 filings should be made to remove state registrations. Post-dated forms filings can be made beginning October 16th.  Payments are due by December 11th and be sure to deposit the full amount reflected in the statement. Reconciliation is performed by FINRA at the end of the year and any credits will be reflected on the Final Renewal Statement posted in January 2024.
  • Provide training to firm personnel that covers the firm’s compliance policies and procedures, cybersecurity, business continuity, privacy safeguards, identity theft red flags, dealing with senior investors (required Senior Safe Act training), and marketing and advertising requirements (just to name a few).
    • Compliance Steps: Training can be delivered in several ways throughout each year, including through compliance emails (i.e., friendly reminders of compliance requirements), compliance technology, live or recorded webinars hosted by legal or compliance consultation firms, in-person compliance meetings, and third-party educational videos. Determine whether any can be applied toward required continuing education.
  • Take steps to ensure the firm is ready for an SEC regulatory examination.
    • Compliance Steps: Review recent SEC Risk Alert on SEC exams[8] and confirm that you can provide requested documents and information. Train employees on what to expect during an exam and perform “mock” interviews.

December – Complete Year-End Regulatory Filings and Prepare for 2024

  • Confirm that all registered advisory personnel have reviewed their current Form U-4 and Form ADV Part 2Bs and confirmed the information within is correct and up to date.
    • Compliance Steps: Have each representative provide a written certification that disclosures are accurate and there are no (or no new) disciplinary or legal issues to disclose.
  • Make sure that all investment adviser representatives have completed all appliable state required continuing education.
    • Compliance Steps: Review the list of states requiring CE via the NASAA website.[9] Remind the IARs that it is their responsibility to ensure that the states have received notification of completion of CE, which can be done via FINRA’s FinPro system.[10]
  • Ensure that all applicable required federal and/or state filings are made. Examples include Form 13F, Form 13H (Large Trader), Schedule 13D/G, Form PF and Form D (private funds), NFA filings, state net capital filings, state registrations and/or notice filings for firm and representatives, and state blue sky filings (private funds).
    • Compliance Steps: Use an automated system to program and track all filing deadlines and investigate third-party outsourcing solutions to assist with the filings. If you file Form 13Fs, be sure to calendar for filing the newly required Form N-PX in 2024.[11]
  • Review your Compliance Calendar to make sure all compliance steps outlined in your firm’s policies and procedures have been/will be performed and start preparing your 2024 compliance calendar.
    • Compliance Steps: Confirm that new regulations applicable to your firm have been included in your calendar.  If you haven’t already, implement compliance technology software to prioritize, track, and document all compliance tasks.
  • Have legal counsel review standard client agreement(s) for required and necessary provisions and consistency with disclosures in Form ADV.
    • Compliance Steps: Have the agreement(s) reviewed by legal counsel that is experienced with federal and state securities laws and be sure to discuss any new or contemplated business changes.

 

Conclusion

If there is ever a time to delegate more focus and resources to compliance, it is now, and here is why.  In fiscal year 2023, the SEC filed 784 total enforcement actions – a three precent increase from 2022[12]. Fiscal year 2023 was also the second highest year on record for the amount of money ordered to be paid in enforcement actions, with orders obtained for $4.949 billion in financial remedies.[13]

They also continue to adopt new and revised regulations that pertain to investment advisers, among others.  For example, to date in 2023, they adopted rules covering: (i) revisions to Form PF, (ii) additional compliance for private fund advisers, (iii) timing for filing Section 13D/G filings, and (iv) reporting of short sale activities.

Also worth mentioning is the new rule adopted in November 2022 requiring investment advisers that file Form 13F to make annual filings regarding certain proxy votes on Form N-PX.  In addition, there are several proposed rules that are expected to be finalized soon that address cybersecurity, privacy, outsourcing to service providers, and conflicts pertaining to predictive data analytics.

It’s important for senior management and the CCO to meet and discuss how these new and proposed rules will affect your firm and what resources are needed to ensure compliance.

The Core Compliance consulting team can assist with year-end compliance planning and implementation of required steps.  We also offer compliance technology solutions, which are crucial for ensuring adherence to the voluminous amount of regulations that are applicable to investment advisers. For more information, please contact us at info@corecls.com, at (619) 278- 0020 or visit us at www.corecls.com.

 

Author:  Tina Mitchell, Managing Director, Consultation Services; Editor: Maggie Tavares, Sr. Compliance Consultant, Core Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, and private fund managers on regulatory compliance issues.

This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer and/or tax professional.

 

[1] See 2024 Examination Priorities Report (sec.gov)

[2] See https://www.corecls.com/risk-management-updates-rmu/duty-of-care-and-loyalty-what-investment-advisers-need-to-know/

[3] The list provided is not inclusive of all compliance areas that CCOs should be considering and is provided as guidance only.

[4] The SEC adopted revisions to Rule 206(4)-7 requiring all SEC investment advisers to document in writing the required annual review.  The compliance date for this requirement is November 14, 2023.

[5] See Risk Alert: Observations From Broker-Dealer and Investment Adviser Compliance Examinations Related to Prevention of Identity Theft Under Regulation S-ID (sec.gov)

[6] See https://www.sec.gov/divisions/investment/noaction/2017/investment-adviser-association-022117-206-4.htm

[7] See https://iard.com/renewal-program

[8] See Investment Advisers: Assessing Risks, Scoping Examinations, and Requesting Documents (sec.gov)

[9] See https://www.nasaa.org/industry-resources/investment-advisers/investment-adviser-representative-continuing-education/iar-ce-map/

[10] See https://www.nasaa.org/industry-resources/signing-up-for-a-finpro-account/

[11] See https://www.sec.gov/rules/2022/11/enhanced-reporting-proxy-votes-registered-management-investment-companies-reporting#33-11131

[12] See https://www.sec.gov/news/press-release/2023-234

[13] Id