Rule 38a-1 Compliance Programs for Registered Investment Companies


Registered investment companies (“RIC”) are regulated entities subject to various securities laws. One main regulation is Rule 38a-1 under the Investment Company Act of 1940, as amended (“40 Act”), which requires a RIC to adopt and implement a compliance program (“Compliance Program Rule”).[1] In order to have a solid compliance program, it is essential that RICs understand the federal and state securities laws (“Securities Laws”) that apply to them.

In this Risk Management Update, we outline the components of the Compliance Program Rule, discuss top areas of deficiencies found by the SEC during recent examinations of RICs, and provide compliance steps, including the implementation of technology that will help strengthen RIC compliance programs.



The Compliance Program Rule

The first component of the Compliance Program Rule mandates that RICs have written policies and procedures that are customized to its business activities and reasonably designed to prevent violation of applicable Securities Laws. These policies and procedures must include, among other things, oversight protocols for compliance by each investment adviser, principal underwriter, administrator, and transfer agent of the RIC (“Service Providers”).

The next component is that RICs must obtain approval by the RIC’s board of trustees (the “Board”), of their required policies and procedures, along with those of each Service Provider. This approval must be based on a finding by the Board that the policies and procedures are reasonably designed to prevent violation of applicable Securities Laws by the RIC, and by each Service Provider.

Another component of the Compliance Program Rule is that a RIC must review, no less frequently than annually, the adequacy of their written policies and procedures and those of each Service Provider and determine the effectiveness of their implementation. This review must culminate in a written report that is provided to the RIC’s Board.

The last component requires an RIC to designate one individual as Chief Compliance Officer (“CCO”), who is responsible for administering the RIC’s compliance program. This CCO must be approved by the RIC’s Board and can only be removed by the RIC’s Board.


Top Areas of Deficiencies

In November 2019, the SEC’s Office of Inspections and Examinations (“OCIE”) issued a Risk Alert, titled “Top Compliance Topics Observed in Examinations of Investment Companies and Observations from Money Market RIC and Target Date RIC Initiatives”.[2]

The alert highlighted the most often cited deficiencies and weaknesses observed in over 300 RIC examinations performed over a two-year period. The deficiencies included the following:

Deficiencies or weaknesses observed in connection with the RIC compliance rule

Compliance programs that did not consider the nature of RICs’ business activities. This observation included RICs’ compliance programs that did not take into account business activities or risks specific to the RIC, or they did not have policies and procedures reasonably designed to prevent the RICs from violating their own investment limitations and guidelines.

Policies and procedures not followed or enforced. Observations were that the RICs did not follow or enforce their compliance policies and procedures. For example, even where RICs’ policies and procedures required the RIC’s board to approve or ratify the fair valuations determined by the valuation committee, certain RICs did not follow or enforce these policies and procedures.

Inadequate service provider oversight. RICs did not adopt and implement policies and procedures that were reasonably designed to oversee compliance by service providers. Examples included policies and procedures that did not provide for any ongoing monitoring or due diligence of providers’ services relating to pricing of portfolio securities and RIC shares.

Annual reviews were not performed or did not address the adequacy of the RICs’ policies and procedures. Some of the observations included that certain RICs did not conduct annual reviews of their policies and procedures, or the lack of supporting documentation was such that it was unclear if these annual reviews were completed. Additionally, there were RICs that conducted annual reviews of their policies and procedures, but the reviews did not address the adequacy of the RICs’ policies and procedures and the effectiveness of their implementation.

Deficiencies in Disclosures to Investors

Observations included RICs that did not disclose the payment of fees made to service providers or disclose a change to an investment strategy. Additionally, RICs’ disclosures identified strategies as principal investment strategies even though the RICs had not implemented (or did not expect to implement) these strategies.

Annual Renewal Deficiencies

Observations were also made in connection with the Section 15(c) (annual renewal) process. These deficiencies included:

Reasonably necessary information not requested or considered. Certain RIC boards had not requested or considered information reasonably necessary to evaluate the RIC’s investment advisory agreement. The staff also observed RIC boards that received incomplete materials, but had not requested additional information, such as performance data for the RIC and other accounts managed by the adviser and profitability reports.

Inadequate discussion forming the basis of board approval. It was observed that some RICs’ shareholder reports did not appear to discuss adequately the material factors and conclusions that formed the basis for the board’s approval of an investment advisory contract. There were also instances in which the boards’ advisory contract review process may not have complied with Section 15(c). In other instances, because of the lack of supporting documentation, such as board minutes, it was unclear what information RIC boards requested and considered.

Deficiencies in connection with the Code of Ethics Requirement

Failure to implement code of ethics. There were RICs that failed to implement procedures reasonably necessary to prevent violations of their codes of ethics, including codes of ethics that lacked procedures adequate to prevent access persons from misusing material non-public information, procedures designating a separate individual to review the CCO’s personal securities holdings and transactions reports, or procedures for determining and documenting that an access person was eligible for an exception. Some RICs had implemented codes of ethics but had not designated the proper individuals as access persons.

Failure to follow or enforce code of ethics. Observations in this area included failure to use reasonable diligence to prevent violations of RICs codes of ethics. For example, some RICs did not collect or review personal securities holdings and transactions reports of its access persons or did not enforce the pre-clearance and holdings period restrictions outlined in its code of ethics.

Code of ethics approval and reporting. Some of the staff observations included RICs that failed to comply with their approval and reporting obligations outlined in their codes of ethics. There were also codes of ethics that had not been initially approved by the RIC’s board or had not provided RIC boards with the required annual report regarding code of ethics violations and sanctions.


Compliance Program Next Steps

As outlined in the examples above, RICs need to have adequate policies, procedures, and controls that are reasonably designed to prevent violation of applicable securities laws. These policies and procedures must include oversight of compliance of the RIC’s Service Providers. Additionally, these policies and procedures need to be customized to the business practices and investment products of the RIC and not just off the shelf.

Additional steps that RIC CCOs should take include:

  1. Review SEC Risk Alerts to remain aware of areas of regulatory concern and ensure that possible deficiencies in these areas are addressed.
  2. Audit the RIC’s books and records to confirm that all required ones are being retained and are complete and accurate.
  3. Review all regulatory filings to confirm they up to date.
  4. Review offering documents, marketing materials, websites, and social media of the RIC and its Service Providers to confirm that all information appears accurate and appropriate disclosures are included.
  5. Perform and document annual risk assessments to ensure all associated risks have been properly identified, addressed, and disclosed (when necessary).
  6. Review all reporting provided to the Board and confirm that all copies of written materials the board considered in approving advisory contracts have been retained.
  7. Confirm that RIC Service Providers have their own robust compliance programs and make sure that any gaps have been identified and remediated.

Additionally, RICs should consider having a mock regulatory audit performed by an independent consultant or law firm. These types of audits can be invaluable and a good tool to support the annual review process.

Finally, RICs also should consider utilizing technology to assist in the administration and monitoring of their compliance programs (“Compliance Technology). For example, Compliance Technology can be used to:

  • Perform pre-trade checks to confirm compliance with portfolio restrictions.
  • Track and vote proxies on behalf of the RIC.
  • Administer Code of Ethics reporting and review requirements.
  • Automate compliance calendars to ensure filing deadlines are met.
  • Distribute Compliance Manuals and other policies and procedures to employees and collect acknowledgments.
  • Provide customized reports to the RIC Board of Trustees to enhance oversight.
  • Facilitate, track, and document due diligence of RIC Service Providers.

Utilization of Compliance Technology to perform these, and other tasks gives the CCO more time to be proactive in preventing violations of securities laws, rather than reacting after a violation has occurred.



Being prepared is key to having a sound compliance program. RIC senior management, board members, and compliance personnel need to remain continually aware of regulatory requirements and changes to these regulations in order to make appropriate updates when necessary and ensure a strong, robust compliance program.

The Core Compliance team has many years of experience in assisting firms in strengthening their compliance programs and we also offer a compliance technology solution. For assistance or more information, please contact us at (619) 278-0020 or visit us at for more information.

Author: Core Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, municipal advisers, broker-dealers, registered investment companies, and private investment funds, on regulatory compliance issues.


This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer and/or tax professional.



Leave a Reply

Your email address will not be published. Required fields are marked *