The Securities and Exchange Commission (SEC) has issued a Risk Alert that reflects issues identified in a sample of deficiency letters from recent adviser exams and warned the registered investment advisor (RIA) community to step up its game.

Historically, the SEC’s Compliance Rule requires each adviser to review its policies and procedures – at minimum – annually for adequacy and effectiveness. The Commission expects Chief Compliance Officers to adjust those policies and procedures in light of any compliance matters that arose during the previous year, any changes in the adviser’s business activities or those of its affiliates, and any impactful changes in the Advisers Act or applicable regulations.

Should you engage a chief compliance officer?

Yes, according to the SEC. Its Compliance Rule requires each adviser to designate a chief compliance officer (CCO) to administer its compliance policies and procedures. Moreover, the SEC specifies that CCO should be competent and knowledgeable regarding the Advisers Act and be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm.

Why is the SEC taking this stand on RIA compliance?

Because the SEC’s Office Compliance Inspections and Examinations (OCIE) saw numerous and notable deficiencies or weaknesses. Among them were:

• Inadequate Compliance Resources. OCIE staff saw insufficient resources applied to areas including information technology, staffing. It noted that many CCOs juggled multiple responsibilities unrelated to compliance that caused them to push off their CCO responsibilities. In other instances, compliance staff lacked the resources to implement effective compliance programs, including the performance of annual reviews, accurately completing and filing Form ADVs, or timely responding to OCIE requests for required books and In other instances, the advisers had grown but failed to hire additional compliance staff or add sufficient technology to ensure compliance.
• Insufficient Authority. OCIE staff observed CCOs who lacked sufficient authority within the adviser to develop and enforce appropriate policies and procedures. In some instances, advisers restricted their CCOs’ access to critical compliance information, such as trading exception reports and investment advisory agreements with key clients. In other cases, senior management and CCOs rarely interacted, leaving CCOs under-informed about firm leadership, strategy, transactions, and business The OCIE staff also saw instances where senior management failed to consult their CCOs regarding matters that had potential compliance implications.
• Annual Review Deficiencies. Some advisers could not prove they performed an annual review, or their reviews failed to identify significant existing compliance or regulatory problems, including conflicts and protection of client Others failed to review policies and procedures surrounding the oversight and review of recommended third-party managers, cybersecurity, and the calculation of fees and allocation of expenses.
• Failure to Implement Actions Required by Written Policies and Procedures (WSPs). These included failures to:
  • train employees;
  • implement compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosures, and other requirements;
  • review advertising materials;
  • follow compliance checklists and other processes, including backtesting fee calculations and testing business continuity plans; or
  • review client accounts, g., to assess the consistency of portfolios with clients’ investment objectives, periodically or on a schedule required in the adviser’s policies.

 Inaccurate and Incomplete Information in Policies and Procedures. The OCIE saw policies and procedures that contained outdated or erroneous information about the adviser, including off-the-shelf policies that included unrelated or incomplete

• Failure to Maintain or Even Establish Reasonably Designed Written Policies and Procedures. Advisers observed failed to maintain written policies and procedures or establish, implement, or appropriately tailor written policies and procedures that were reasonably designed to prevent Advisers Act violations. Some, the OCIE staff observed, relied on cursory or informal processes instead of maintaining written policies and procedures. Others relied on an affiliated entity’s policies, such as a broker-dealer, that were not tailored to the advisers’ business.

In these instances, the OCIE said, “we expect that an adviser’s policies and procedures, at a minimum, should address the following issues to the extent that they are relevant to that adviser: Portfolio management processes, including allocation of investment opportunities among clients and consistency of portfolios with clients’ investment objectives, disclosures by the adviser, and applicable regulatory restrictions; Trading practices, including procedures by which the adviser satisfies its best execution obligation, uses client brokerage to obtain research and other services (“soft dollar arrangements”), and allocates aggregated trades among clients; The accuracy of disclosures made to investors, clients, and regulators, including account statements and advertisements; Safeguarding of client assets from conversion or inappropriate use by advisory personnel; The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction; Marketing advisory services, including the use of solicitors; Processes to value client holdings and assess fees based on those valuations; Safeguards for the privacy, protection of client records and information; Business continuity plans.”

Deficiencies in WSPs were observed in:

• Portfolio
• Marketing.
• Oversight of the use and accuracy of performance
• Trading
• Allocation of soft dollars
• Best execution.
• Trade
• Restricted
• Advisory fees and
• Safeguards for client

While many of the advisers identified did modify their written policies and procedures to address the issues identified by OCIE staff, not all were equally compliant. Which begs the question:

Does the SEC believe chief compliance officers need more support?

Yes, it does. That’s where Patrina could have helped. For more than 25 years, Patrina has been helping compliance professionals like you stay on the “straight and narrow” efficiently and cost-effectively. So, let’s talk. Call 212-233-1155 to ask about Patrina’s cost-effective, designated third-party services, comprehensive, 8-module compliance solution, compliant data capture, file storage, and records archiving specifically designed for the financial services community. Be smart. Be covered. Let’s talk.