by Michael Osnato, Jr., David Blass, Allison Scher Bernbach, Meaghan A. Kelly, Meredith J. Abrams, and Manny M. Halberstam

Last month, the Office of Compliance Inspections and Examinations (“OCIE”) of the U.S. Securities and Exchange Commission (“SEC”) published a Risk Alert (the “Risk Alert”)[1] providing an overview of registered investment adviser compliance issues identified by OCIE related to Rule 206(4)-7 (the “Compliance Rule”) under the Investment Advisers Act of 1940 (the “Advisers Act”).[2]

The Risk Alert identified a number of Compliance Rule deficiencies that OCIE staff observed in its recent adviser exams. One type of deficiency it discusses is failures by advisers to devote adequate resources, such as information technology, staff and training, to their compliance programs. OCIE staff also observed chief compliance officers (“CCOs”) who lacked sufficient authority within the adviser to develop and enforce appropriate policies and procedures. In addition, OCIE staff observed certain deficiencies pertaining to advisers’ annual compliance program reviews.

The Risk Alert flagged various issues concerning advisers’ policies and procedures. As a threshold issue, some advisers failed to establish, implement or appropriately tailor written policies and procedures that were reasonably designed to prevent Advisers Act violations. Advisers also failed to implement or perform actions required by their written policies and procedures, and some policies and procedures contained outdated or inaccurate information about the adviser and its business.

Key Takeaways

• CCOs should take stock of their roles. The policy battles at the SEC over the propriety of imposing CCO liability for securities law violations are unresolved and may, in the incoming administration, tilt towards a willingness to more readily entertain CCO “gatekeeper” liability.[3] The Risk Alert is thus a particularly timely roadmap, as it offers CCOs a chance to take stock of their internal function, the amount of time they devote to fulfilling their responsibilities, and their seniority and authority within their organizations before the next wave of scrutiny arrives with the new administration.
• Cost cutting should not imperil the adequacy of compliance programs. The Risk Alert provides examples of failures by advisers to devote adequate resources to their compliance programs. With many advisers looking for ways to cut costs in the face of budget constraints induced by COVID-19, OCIE’s focus on this topic serves as a timely reminder that cost-cutting measures should not come at the expense of maintaining an adequately staffed and adequately resourced compliance program.
• Operational changes call for corresponding compliance program changes. A recurring theme in recent OCIE risk alerts is that operational changes at an adviser call for corresponding changes in the adviser’s compliance program. For example, the Risk Alert suggested that advisers that have grown significantly in size or complexity may need to consider hiring additional compliance staff or adding additional compliance resources in order to avoid failures in implementing or tailoring their compliance policies and procedures. The Risk Alert also discussed how advisers’ policies and procedures contained outdated information. Nearly all advisers have experienced unprecedented operational changes over the past several months, and their CCOs should assess whether compliance policies and procedures need to be amended accordingly.
• Advisers should review their policies and procedures on fees, expenses and valuation. OCIE staff observed policy deficiencies and weaknesses relating to advisers’ processes for fee billing (including how fees are monitored for accuracy), expense reimbursement and valuation of advisory client assets, among other areas. In light of the SEC’s continuing focus on fees and expenses and the increased scrutiny around investment valuation determinations made amid the COVID-19 market dislocation, advisers should verify that their policies and procedures in these particular areas have been adequately implemented and are appropriately tailored to their businesses.
• Off-the-shelf compliance policies should be appropriately tailored. The Risk Alert underscores that off-the-shelf compliance policy language is only a starting point when it comes to crafting reasonably designed compliance manuals. It is critical that an adviser tailors its written policies and procedures to address the particular compliance risks and conflicts of interests that apply to its business.

Footnotes

[1] OCIE Observations: Investment Adviser Compliance Programs, Risk Alert, SEC OCIE (Nov. 19, 2020).

[2] Rule 206(4)-7 requires registered investment advisers to adopt and implement written policies and procedures reasonably designed to prevent violation of the Advisers Act and the rules thereunder by the adviser or any of its supervised persons. Advisers must also review their policies and procedures no less frequently than annually to determine their adequacy and the effectiveness of their implementation. Additionally, advisers must designate a chief compliance officer responsible for administering compliance policies and procedures.

[3] Some have speculated that the prospect of individual compliance officer liability may have negative effects, including that it may cause some individuals to avoid compliance careers. See Commissioner Hester M. Peirce, Remarks Before the National Society of Compliance Professionals (Oct. 19, 2020).

Michael Osnato, Jr. and David Blass are partners, Allison Scher Bernbach is senior counsel, Meaghan A. Kelly is counsel, and Meredith J. Abrams and Manny M. Halberstam are associates, at Simpson Thacher & Bartlett LLP. 

Disclaimer

The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.