Roadmap to an Effective Annual Review

by Michael C. Neus

As the year ends, SEC registered investment advisers to private funds start considering how to assess their firm’s compliance culture.  The Advisers Act of 1940 requires a formal annual review of the adequacy of “written policies and procedures reasonably designed to prevent violation of securities laws.”[1]  In other words, every year Chief Compliance Officers ask themselves how they can actually demonstrate their effectiveness.

Rather than viewing this process as a comprehensive narrative report identifying all deficiencies, perhaps a more useful construct is to think of the annual review as a way of collating and assessing activity throughout the year.  Paradoxically, assembling information used throughout the year makes the process easier than attempting a comprehensive one-shot evaluation.[2]   Effective annual reviews are more like a movie than a photograph.

The following game plan is an effective way to satisfy the annual report requirement. Start by thinking of the clearest way to categorize your overall compliance program.  The categories and multiple subcategories form the table of contents of your annual review report.  Second, get yourself a series of three ring binders and start assembling your work product throughout the year.   Next, create a schedule of specific risk items to review and test.  Then, assemble the materials in an easy-to-follow order.  Lastly, schedule a meeting of the firm’s leaders to present the key findings of the annual review and suggest changes to the firm’s compliance policies.  The multi-volume binders visually demonstrate the comprehensiveness of both the compliance program and the annual review.

  1. Review and Update all Documents. At least annually, a conscientious CCO should review and update all principal compliance documents (e.g., Compliance Manual, Code of Ethics, Form ADV, etc.) and all offering documents (e.g., advisory agreements, limited partnership agreements, quarterly due diligence questionnaires, etc.)   There are two critical practice points.  First, ensure that the firm’s written compliance policies are consistent with both the firm’s actual practices and ALL investor and regulator disclosure.  A key SEC deficiency finding is when a firm’s disclosure to investors in offering documents, or to the SEC in Form ADV, is not consistent across all documents and/or with the firm’s current practice.  Second, make sure you get any necessary consents before changing procedures or disclosure.  Certain changes (for example allocating a new expense to investors) may only be permissible with investor consent or perhaps by negative consent if disclosed with prospective effect.  Print out copies of any documents changed during the annual review with corresponding evidence that the changes have been communicated to investors or employees, as relevant.  Include copies of any principal documents updated throughout the year.  In separate tabs in your binders, print out copies of all amended documents, which clearly demonstrates the firm’s commitment to updating disclosure as well as firm policies.
  2. Periodic Compliance Reports. Assemble all compliance reviews conducted throughout the year.  Behind separate tabs, print the following: a list of all employee personal accounts, a spreadsheet of all approved personal trades, employee approval requests for political contributions, trade allocation reports, trade error logs, compliance breach logs, securities filings, BEA forms, etc.  Having a year’s worth of tests in your binder visually demonstrates a culture of compliance; the sheer volume of reports tells a story in and of itself.
  3. Forensic Tests. The SEC expects to see forensic procedures that test the efficacy of a firm’s policies. These reports should be tailored to the firm’s compliance risk assessment.  Tests, such as the ones that follow, can be done regularly throughout the year rather than crammed in during the annual review and still be included in the annual review binders.
    1. Investment Strategy-Specific Tests. For a fundamental research driven firm, the CCO may conduct a monthly analysis of the most profitable trades.  This review should be coupled with a public search of market-moving news, expert network research, and a review of portfolio managers’ emails to check for front running and insider trading. A quantitative trading firm may have software independently backtested to confirm it functions as marketed to investors.
    2. SEC Hot button issues. Check the SEC website for the current issues of focus for the SEC’s Office of Compliance Inspection and Examination and the Division of Investment Management.  For example, a firm could generate a report of all adviser expenses allocated to clients mapped to the specific authorizing expense disclosure.  A firm with significant governmental investors could run covered employee names through public websites of political contributors to confirm compliance with pay-to-play policies.
    3. Pattern Recognition Tests. For multiple product firms, a CCO could conduct a post mortem on trade allocations to ensure no patterns of unfairness emerge over an extended review period.
    4. Demonstrable Post Trade Analytics. A firm with illiquid investments could confirm adherence to the firm’s valuation policy.  To demonstrate the effectiveness of the policy, the CCO could analyze how the carrying values of “fair valued” securities compares to their actual sales prices when sold.
  4. Training. CCOs should arrange for every employee to sit through a physical training session at least once a year.  Prepare an outline for the training sessions.  For larger firms, tailor the outline to the department: include AML for marketing, new research techniques for portfolio management, FCPA for accounting, etc.  Have everyone sign in, including the compliance department and senior management.  Include the training outline and the sign in sheets in your binder.  If training sessions for individual groups have been held at other times of the year, or online training sessions, include those outlines and sign in sheets.
  5. Certifications. Annually, each employee should confirm their individual compliance with the firm’s policies.  As a best practice, have the employees confirm the accuracy of all their disclosed individual securities accounts and all personal securities trades even if the firm receives electronic trading feeds.  If relevant, you can also have them confirm political contributions, or other required preapprovals.  Another practice tip:  require every employee to hand sign their certification—studies show people take the physical act of signing their name more seriously than a digital click box.
  6. Risk Assessment Report. Create a spreadsheet identifying the firm’s compliance risk factors (e.g., insider trading for a fundamental research firm).  Map each risk factor, including conflicts of interest, to specific sections of the compliance manual and code of ethics identifying procedures designed to mitigate those risks.  Then add a column with an evaluation methodology to assess the effectiveness of the specific risk mitigating procedures.  Finally, include suggested changes to policies to reflect any gaps in effectiveness.

Conclusion 

An annual review consisting of a set of multiple binders serves many functions.  It satisfies the SEC’s technical annual review requirements.  When examiners from the SEC (or National Futures Association) come calling, the creation of the binders allows for a tremendous head start on satisfying their ever-growing document production list.  You can refer to the binders in due diligence meetings to answer virtually any compliance question.  The binders become an often consulted resource for the compliance team (and the accounting and marketing departments will often be over as well).  This process even helps you prepare your own employee self-evaluation form and identify your year’s accomplishments when discussing your annual performance review with your boss!  If you adopt this method, you can start printing reports and putting them in binders during the year so the annual review becomes much more streamlined and less anxiety-provoking.

Footnotes

[1] Rule 206(4)-7 promulgated under the Investment Advisers Act of 1940 provides:

§275.206(4)-7 Compliance procedures and practices.

If you are an investment adviser registered or required to be registered under section 203 of the Investment Advisers Act of 1940 (15 U.S.C. 80b-3), it shall be unlawful within the meaning of section 206 of the Act (15 U.S.C. 80b-6) for you to provide investment advice to clients unless you:

(a) Policies and procedures. Adopt and implement written policies and procedures reasonably designed to prevent violation, by you and your supervised persons, of the Act and the rules that the Commission has adopted under the Act;

(b) Annual review. Review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation; and

(c) Chief compliance officer. Designate an individual (who is a supervised person) responsible for administering the policies and procedures that you adopt under paragraph (a) of this section.

[2] Many advisers find it easiest to conduct the annual review in the first quarter so that they have full calendar year reports to review and evaluate.

Michael C. Neus is a Senior Fellow with the Program on Corporate Compliance and Enforcement at New York University School of Law.  In addition, Mike teaches a course entitled “Investment Management Regulation and Compliance” at Fordham Law School.   He has been General Counsel and Chief Compliance Officer of a number if investment advisory firms, including Perry Capital, Andor Capital Management, and Soros Private Funds Management.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.