With another year winding down, compliance personnel needs to begin evaluating the status of compliance projects and schedule any remaining tasks to ensure completion. Consideration of any regulatory changes, guidance, and risk alerts issued during the year, emerging best practices and enforcement cases are important. To that end, this month’s Risk Management Update outlines some of the Securities and Exchange Commission’s (“SEC”) more notable activities and provides an extensive checklist with compliance tips to help expedite each process.
Regulatory Actions
2019 to date has not been a quiet year for the SEC, as their Division of Enforcement has brought hundreds of administrative proceedings, with a large number being against investment advisers. The flipside (for better or worse) is that the orders provide a good roadmap of the SEC’s stance on various compliance areas. Below is a short list of some of the more noteworthy ones:
- In the Matter of Ascension Asset Management and Grenville Gooder, Jr. (Administrative Proceeding File No. 3-19024, March 7, 2019) – SEC filed an administrative and cease-and-desist order for compliance rule, custody, and books and records failures.[1]
- In the Matter of First Citizens Asset Management, Inc. (Administrative Proceeding File No. 3-19026, March 11, 2019) – SEC filed an administrative and cease-and-desist order for improper mutual fund share class selection and disclosure failures.[2]
- In the Matter of Account Management, LLC, Christopher De Roetth, and Peter De Roetth (Administrative Proceeding File No. 3-19259, July 19, 2019) – SEC filed an administrative and cease-and-desist order for breach of fiduciary duty against an elder client.[3]
- In the Matter of MPV Manager, LLC (Administrative Proceeding File No. 3-19334, August 13, 2019) – SEC filed an administrative and cease-and-desist order for receipt of undisclosed compensation pertaining to their private fund clients and the funds’ investors.[4]
The above is only a sampling of the SEC’s continued focus on compliance program strength and adequacy of disclosures, regardless of whether there is client harm. An important takeaway in the case of MPV Manager, LLC, is that the firm is an exempt reporting adviser, so it should not be assumed that claiming this exemption means you don’t have to adhere to any regulations under the Investment Advisers Act of 1940.
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has also been busy this year with, among other things, issuing a number of Risk Alerts.[5] There have been 3 to date pertaining to investment advisers, which cover the following topics:
- Regulation S-P and Safeguarding Policies
- Network Storage of Client Records
- Supervision, Conflicts of Interest, and Disclosures
These publications are the SEC’s way of alerting firms of the deficiency patterns they are seeing during examinations and can be very helpful tools in determining whether your firm is compliant in these areas.
Last but not least, the SEC issued an important interpretive release on the standard of conduct for investment advisers, which outlines that a firm’s fiduciary responsibility includes a duty of care and loyalty and provides meaningful guidance on both.[6]
Compliance Checklist[7]
October 2019
Look at the Condition of Your Compliance Program and Assess Your Annual Review Process
- Complete a risk assessment and conflicts inventory to confirm all identified risks and conflicts have been adequately addressed and disclosed.
- Compliance Tip: Be sure to document and map each risk and conflict to applicable policies and procedures that ensure appropriate mitigation or elimination steps are being taken. Also, review Form ADV and standard investment advisory agreement to make sure all material risks and conflicts are being disclosed.
- Confirm compliance testing protocols are working properly and set up to detect both gaps in processes and trends and patterns that show potential systemic risk.
- Compliance Tip: Review the SEC’s “Forensic Measures for Funds and Advisers”[8] article for a list of various tests to consider.
- Determine whether firm policies and procedures are addressing the high-risk areas outlined in SEC’s Risk Alerts and exam priorities list that are applicable to the firm’s business practices.
- Compliance Tip: Also consider any regulatory changes that have taken place during the year on both the state and federal levels.[9]
- Ensure all recommendations from your last annual review have been/are being addressed and the annual review for 2019 is underway.
- Compliance Tip: Take some time to assess your current annual review process to determine whether it remains adequately designed to prevent violations of applicable federal and state regulations. Also, make sure that any prior exam deficiencies have been addressed and are in compliance.
- Review your Compliance Calendar to make sure all compliance steps outlined in your firm’s policies and procedures have been/will be performed
- Compliance Tip: If you don’t have a compliance tracking system in place, look at utilizing product management software to prioritize, track and document all compliance tasks.[10]
- Look at maintenance and safeguarding controls for required books and records, including client, corporate and financial records, as well as consideration for the revised performance advertising books and records requirements.[11]
- Compliance Tip: Ensure employees understand the requirements on what they are responsible to maintain – and how.
Assess the Strength of Your Cybersecurity Program
- Perform a risk assessment of your cybersecurity policies, procedures, and prevention controls to ensure adequacy and effectiveness.
- Ensure that your Incident Response Plan is customized, comprehensive, and outlines roles and responsibilities, preventative measures, and response priorities.
- Compliance Tip: Review your plan annually and any time there are changes in firm technology.
- Confirm that vulnerability assessments and penetration testing are performed before year-end.
- Compliance Tip: Consider using an unaffiliated third-party firm that specializes in this area to provide an independent evaluation.
November 2019
Begin Preparation of Year-End Regulatory Filings
- Review the IARD Renewal Calendar[14] and schedule all deadlines to ensure timely filings and payments.
- Compliance Tip: Review current investment adviser representative registrations to determine if any post-dated U-5 filings should be made to remove state registrations.
- Pull the IARD Preliminary Renewal Statement on or after November 11th and pay the annual required filing fees within the required deadline.
- Compliance Tip: This year’s deadline for payment is December 16, 201 The method of payment instructions can be found at https://www.iard.com/accounting#Renewal_Account
- Confirm that all applicable required federal and/or state filings are made. Examples include Form 13F, Form 13H (Large Trader), Schedule 13D/G, Form PF, and Form D (private funds), NFA filings, state net capital filings, state registrations, and state notice filings, and state blue sky filings.
- Compliance Tip: Program all deadlines in your Compliance Calendar and consider software and third-party outsourcing solutions to assist with these filings.
- Look at current registration forms and client disclosure documents (g., Form BD, Form N1-A, Form ADV, client agreements, prospectus and statement of additional information, and private placement memorandums) to ensure they are current and contain required and applicable disclosures.
- Compliance Tip: Read the SEC-issued instructions for the applicable documentation to ensure you are including all required information. Also, consider recent SEC enforcement actions to better understand the types of disclosures the SEC requires.
- Ensure that all registered personnel have reviewed their current Form U-4 and Form ADV Part 2Bs, as applicable, and confirmed that information is
- Compliance Tip: Have each representative provide written certifications that they have no new disciplinary or legal issues to disclose.
Schedule Financial and Custody Audits and Review Billing Process
- Confirm the annual audit of affiliated private fund financials is scheduled and internal controls are in place to ensure timely mailing of the audited financial statements to investors within the required per
- Compliance Tip: Coordinate with each fund’s third-party service providers and employees to allow enough time to prepare for and facilitate the a
- Ensure that an annual surprise custody audit is performed, when applicable, and the Form ADV-E gets filed with the SEC via the firm’s IARD account.
- Compliance Tip: CCOs should be familiar with SEC guidance issued in 2017[15] and ensure that all required assets are being included in the audits.
- Check that the accounting firm hired to perform an annual financial audit or surprise exam is registered with, and subject to, the Public Company Accounting Oversight Board (PCAOB), as required by Rule 206(4)-2 of the Investment Advisers Act of 1940.
- Compliance Tip: Perform an independent search on the PCAOB website at https://pcaobus.org/Registration/Firms/Pages/RegisteredFirms.aspx
- Audit the firm’s billing process to ensure advisory fees are calculated correctly and are in line with client agreement and disclosures.
- Compliance Tip: Review the SEC’s Risk Alert on deficiencies of assessment and disclosures of advisory fees.[16]
December 2018
Analyze Service Provider and Solicitor Arrangements
- Review solicitor arrangements to confirm that agreements are up-to-date and in compliance with Rule 206(4)-3 of the Advisers Act. Also verify that solicited clients have received and signed a copy of the solicitor’s disclosure statement.
- Compliance Tip: Have solicitors provide written certifications that they continue to remain in compliance with applicable regulations and are adhering to all requirements outlined in the agreement.
- Ensure that due diligence reviews of service providers have been performed and documented.
- Compliance Tip: Implement an automated due diligence calendar and monitoring system for tracking purposes.[17]
Determine Whether Firm Documents Require Updating
- Confirm that business presentations, commentaries, websites, social media sites, and other marketing materials are up to date, contain all necessary disclosures, have been reviewed by compliance, and are retained as part of the firm’s required books and records.
- Compliance Tip: Perform email reviews to help confirm that employees are only using currently approved marketing and promotional materials.
- Have legal counsel review standard client agreement(s) for required and necessary provisions and consistency with disclosures in Form ADV
- Compliance Tip: Have the agreement(s) reviewed by legal counsel that is experienced with federal and state securities laws.
Provide Training to All Employees
- Ensure compliance training has been provided to firm personnel covering firm policies and procedures, cybersecurity, business continuity, and privacy safeguards.
- Compliance Tip: Training can be delivered in several ways throughout each year, including webinars, in-person compliance meetings, conferences, and sending periodic compliance emails.
Conclusion
In addition to year-end preparations, Chief Compliance Officers should begin to plan for next year, especially in light of recently adopted regulations, such as Regulation Best Interest and Form CRS, that have 2020 compliance deadlines.
The regulatory landscape continues to advance and so should an investment adviser’s compliance program. Appropriate resources should be applied to compliance technology and employee education, as they play a significant role in preventing violations of applicable securities laws.
For additional information, or for assistance with your year-end compliance projects or other compliance tasks, please contact us at (619) 278-0020 or visit us at www.corecls.com for more information.
Author: Tina Mitchell, Managing Director, Consultation Services; Editor: Core Compliance & Legal Services, Inc. (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, hedge funds, private equity firms and banks on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer and/or tax professional.
[1] See https://www.sec.gov/litigation/admin/2019/ia-5121.pdf
[2] See https://www.sec.gov/litigation/admin/2019/ia-5123.pdf
[3] See https://www.sec.gov/litigation/admin/2019/ia-5305.pdf
[4] See https://www.sec.gov/litigation/admin/2019/ia-5319.pdf
[5] See https://www.sec.gov/ocie
[6] See https://www.sec.gov/rules/interp/2019/ia-5248.pdf
[7] This list is not all-inclusive. It is meant only to provide guidance on what CCOs should be thinking about.
[8] See https://www.sec.gov/info/cco/forensictesting.pdf
[9] Two new recent regulations are Regulation Best Interest (https://www.sec.gov/rules/final/2019/34-86031.pdf) and California Consumer Privacy Act of 2019 (https://oag.ca.gov/privacy/ccpa)
[10] A couple of economical choices are Trello (www.trello.com) and Kerika (www.kerika.com).
[11] Effective October 1, 2017, the books and records rule was amended relating to the maintenance of certain records supporting performance advertisements and communications; see IA Rel. No. IA-4509 available at https://www.sec.gov/rules/final/2016/ia-4509.pdf.
[12] See https://www.finra.org/industry/cybersecurity#checklist
[13] See https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity
[14] See https://www.iard.com/sites/default/files/2020_renewal_calendar.pdf
[15] See https://www.sec.gov/divisions/investment/noaction/2017/investment-adviser-association-022117-206-4.htm and
https://www.sec.gov/investment/im-guidance-2017-01.pdf
[16] See https://www.sec.gov/ocie/announcement/ocie-risk-alert-advisory-fee-expense-compliance.pdf
[17] Consider using project management software, such as Trello (www.trello.com) or Kerika (www.kerika.com).