Compliance rule deficiencies and weaknesses identified by the OCIE

Published on November 27, 2020 by Manish Mohan Raj

The latest risk alert published by SEC points out the compliance issues highlighted by OCIE (Office of Compliance Inspections and Examinations) with regards to the Compliance Rule (206(4)-7) under the Investment Advisers Act of 1940. Below is a summary of the key notable deficiencies.

• Inadequate compliance resources: Staff of the Office of Compliance Inspections and Examinations (OCIE) observed advisers that did not devote adequate resources, such as information technology, staff and training, to their compliance programmes. For example, advisers that had grown significantly in size or complexity but had not hired additional compliance staff or added adequate information technology, leading to failures in implementing or tailoring their compliance policies and procedures.

• Insufficient authority of CCOs: OCIE staff observed CCOs at the advisers who lacked sufficient authority to develop and enforce appropriate policies and procedures for the advisers. For example, advisers where senior management appeared to have limited interaction with their CCOs, leading to CCOs having limited knowledge about the firm’s leadership, strategy, transactions, and business operations.

• Annual review deficiencies: OCIE staff observed advisers that were unable to demonstrate that they performed an annual review or whose annual reviews failed to identify significant existing compliance or regulatory problems. For example, review of significant aspects of the adviser’s business. In addition, they observed advisers that failed to review significant areas of their business, such as policies and procedures surrounding the oversight and review of recommended third-party managers, cyber security, and the calculation of fees and allocation of expenses.

• Implementing actions required by written policies and procedures: OCIE staff observed advisers that did not implement or perform actions required by their written policies and procedures. For example, staff observed advisers that did not

  • Train their employees

  • Implement compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosure and other requirements

  • Review advertising material

  • Follow compliance checklists and other processes, including back testing fee calculations and testing business continuity plans

  • Review client accounts, e.g., to assess consistency of portfolios with clients’ investment objectives, on a periodic basis or according to a schedule specified in the adviser’s policies

• Maintaining accurate and complete information in policies and procedures: The staff observed advisers’ policies and procedures that contained outdated or inaccurate information about the adviser, including off-the-shelf policies that contained unrelated or incomplete information.

• Maintaining or establishing reasonably designed written policies and procedures: OCIE staff observed advisers that did not maintain written policies and procedures or that failed to establish, implement, or appropriately tailor written policies and procedures that were reasonably designed to prevent violations of the Advisers Act. For example, staff observed advisers that claimed to rely on cursory or informal processes instead of maintaining written policies and procedures. In addition, staff observed advisers that utilised policies of an affiliated entity, such as a broker-dealer, that were not tailored to the business of the advisers.

Link: https://www.sec.gov/files/Risk%20Alert%20IA%20Compliance%20Programs_0.pdf

---

---