Under Rule 206(4)-7 (“Compliance Rule”) of the Investment Advisers Act of 1940 (“Advisers Act”), Investment Advisers (“RIAs”) that are registered with the Securities and Exchange Commission (“SEC”) must perform an annual review of the RIA’s policies and procedures (“P&Ps) to “test their adequacy and the effectiveness of their implementation.”[i]
Annual reviews are cited by the Office of Compliance Inspections & Examinations (“OCIE”) as one of the top five (5) most common deficiencies during SEC exams.[ii] Moreover, the SEC has brought enforcement actions against RIAs that failed to conduct annual reviews, including cease-and-desist orders, censure, and civil-monetary penalties.[iii]
In consideration of the Compliance Rule’s requirement for conducting an annual review, here are the top three (3) suggestions that we believe are important for RIAs to consider as they plan for their annual review.
Consideration #1: Identify Risks and Conflicts of Interest
An RIA’s P&Ps are only as good as their ability to identify and mitigate risks and conflicts of interest. In preparing for and conducting an annual review, RIAs should consider two useful methods of identifying risks and conflicts of interest, which are conducting a risk assessment and completing a conflict of interest inventory.
While not required by the Compliance Rule, risk assessments can be extremely valuable in identifying those areas of an RIA’s compliance program that are at highest risk thereby focusing their energy on testing the adequacy of their P&Ps with respect to those areas and, if necessary, implementing additional controls to mitigate those risks going forward.
Just as risk assessments can be helpful in identifying high-risk areas and assisting with implementing additional controls, conflicts of interest inventories can help identify areas of an RIA’s business that may require additional disclosures as well as implement additional controls to mitigate risks that can arise from those conflicts.
Consideration #2: Testing
An RIA must test its P&Ps and current controls to determine if they remain adequate and efficient. It is not enough to assume that the P&Ps remain sufficient because without testing, how will an RIA determine if everything is working properly?
For example, if the RIA is charging different fee structures for different clients, and a client is inadvertently charged incorrectly, this could create significant civil and regulatory liability for the RIA, including the aforementioned penalties from the SEC, as well as possible legal action from the client.
To identify whether the RIA’s advisory billing function is working properly, the RIA should be testing its advisory billing on a rolling basis and documenting the tests throughout the year. This way the RIA is ensuring that its P&Ps are either continuing to remain adequate or identifying issues with the P&Ps so that they can be amended, and additional controls can be implemented in a timely manner.
Consideration #3: Documentation and Implementation
While the Compliance Rule doesn’t require RIAs to write a report documenting their findings from the annual review, the use of a report can be helpful for an RIA to not only document and compare reviews from year to year, but also to provide a roadmap for the RIA to implement recommendations from the annual review.
Regardless of the form of the report, it should outline the areas reviewed, documents reviewed, tests conducted, findings, and recommendations. Additionally, senior management should review the documentation with the Chief Compliance Officer (“CCO”) to ensure they are aware of any compliance issues as well as understand and accept the CCO’s recommendations.
Once the review has been completed, it will be contingent upon the RIA’s CCO and their designee(s) to plan the implementation of the annual review’s recommendations. An annual review is only effective if the recommendations are implemented and only through the implementation of recommendations can an RIA’s compliance program continue to evolve to mitigate new risks and regulatory requirements.
Should you or your firm have questions regarding the annual review process, testing, risk assessments, or conflicts of interest inventories, or if you require any assistance or guidance with conducting an annual review, please contact us at (619) 278-0020 to schedule a consultation. Our legal and compliance experts are standing by to help you.
[ii] Office of Compliance Inspections and Examinations. “Risk Alert: The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers.” SEC.Gov, U.S. Securities and Exchange Commission, 7 Feb. 2017, www.sec.gov/ocie/Article/risk-alert-5-most-frequent-ia-compliance-topics.pdf.