OCIE Observations - Investment Adviser Compliance Programs

On November 19, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) provided an overview of notable compliance issues identified under Rule 206(4)-7 of the Investment Advisers Act of 1940 (Adviser’s Act). This risk alert highlights commonly cited deficiencies related to the rule. 

Rule 206(4)-7 Requirements

 
• Under the rule, advisers are required to adopt and implement written policies and procedures that:
• Are reasonably designed to prevent, detect and correct promptly any violations that have occurred; 
• Are well tailored to the firm's operations;
• Are reviewed at least annually to determine their adequacy and the effectiveness; and
• Designates a chief compliance officer (CCO) to administer compliance policies and procedures. 

Common Deficiencies Observed

 
• Inadequate compliance resources: Advisers did not dedicate sufficient staff, training or technology to the compliance team.
• Insufficient authority of CCOs: CCOs had limited knowledge or authority to appropriately administer the compliance program.
• Annual review deficiencies: Advisers failed to identify key risk areas, review significant areas of their business or provide evidence of reviews that were conducted.
• Implementing actions required by written policies and procedures: Advisers did not follow their policies and procedures or their business practices were inconsistent with the policies and procedures.
• Maintaining accurate and complete information: Advisers’ policies and procedures were generic and unrelated to their business or contained outdated or inaccurate information.
• Maintaining or establishing reasonably designed written policies and procedures: Advisers did not maintain written policies and procedures for certain practices, relied on an affiliate’s policies and procedures or did not have policies and procedures to address certain risk areas (e.g., portfolio management, marketing, trading practices, disclosures, advisory fees and valuation, safeguards for client privacy, required books and records, safeguards for client assets or business continuity plans).

For further information, including examples of deficiencies observed by OCIE staff, please see the entire report here.