On November 19, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a risk alert (the Risk Alert) identifying common compliance issues related to Rule 206(4)-7 (the Compliance Rule) under the Investment Advisers Act of 1940 (the Advisers Act). The Compliance Rule prohibits a registered investment adviser from providing investment advice unless the investment adviser has adopted and implemented written policies and procedures reasonably designed to prevent investment advisers from violating the Advisers Act and the rules thereunder. 

The Compliance Rule requires investment advisers to designate a chief compliance officer (CCO) to administer their compliance policies and procedures. An investment adviser’s CCO should be knowledgeable about the Advisers Act and should be empowered with responsibility and authority to create and enforce appropriate policies and procedures for the investment adviser.

The Risk Alert reflects a broader government effort to use effective compliance programs to control market and national security risks applicable to investment advisers and international commerce. The common deficiencies identified by OCIE are consistent with deficiencies recognized by other regulators overseeing investment advisers, including, without limitation, the U.S. Departments of the Treasury and Justice. As a result, investment advisers with the identified deficiencies also risk violating U.S. anti-corruption, export, and sanctions regulations when dealing with international transactions or non-U.S. investors.

SEC-Identified Compliance Deficiencies Expose Investment Advisers to Significant Risk

OCIE identified these six common deficiencies and weaknesses among investment advisers.

  1. Inadequate Compliance Resources: Investment advisers failed to allocate adequate resources (e.g., IT, staff, and training) to their compliance programs. CCOs had other responsibilities and failed to devote sufficient time to their CCO roles or to develop their knowledge of the Advisers Act. Compliance staff did not have sufficient resources to implement programs preventing, detecting, or correcting violations.
  2. Insufficient Authority of CCOs: CCOs lacked sufficient authority to develop and enforce compliance programs. Senior management also limited interactions with CCOs, causing CCOs to have limited knowledge about firm leadership, strategy, transactions, and business operations.
  3. Annual Review Deficiencies: Investment advisers failed to provide evidence of any ongoing or annual compliance reviews or of identifying key risk areas, despite claiming to have performed such reviews.
  4. Implementing Actions Required by Written Policies and Procedures: Investment advisers did not develop or enforce actions mandated by their policies and procedures. Investment advisers failed to (i) train their employees, (ii) implement compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosure, and other requirements, (iii) review advertising materials, (iv) follow compliance checklists and other processes, or (v) review client accounts on either a periodic or policy-mandated basis.
  5. Maintaining Accurate and Complete Information in Policies and Procedures: Investment advisers’ policies and procedures contained outdated or inaccurate information, including off-the-shelf policies that contained unrelated or incomplete information.
  6. Maintaining or Establishing Reasonably Designed Written Policies and Procedures: Some investment advisers did not maintain written policies and procedures or failed to execute or tailor written policies and procedures that were reasonably designed to prevent Advisers Act violations. Some investment advisers that maintained written policies and procedures retained deficiencies in Portfolio Management, Marketing, Trading Practices, Disclosures, Advisory Fees and Violations, Safeguards for Client Privacy, Required Books and Records, Safeguarding of Client Assets, and Business Continuity Plans.

Existing Anti-corruption and Sanctions Standards Have Identified Consistent Compliance Deficiencies  

In addition to the Advisers Act risks, the deficiencies invite U.S. anti-corruption and sanctions violations for entities engaging in cross-border transactions. As shown below, the SEC compliance observations follow both the existing sanctions compliance framework issued by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) and the U.S. Department of Justice guidance on corporate compliance evaluation, which compounds the need for more effective compliance programs.

  1. Inadequate Compliance Resources: The OFAC framework identifies lack of compliance resources as a vulnerability. While sanctions programs should be tailored to the needs of the company, OFAC has declared that every program should incorporate sufficient assessment, internal controls, auditing, and training capabilities. Moreover, OFAC settlement negotiations frequently incorporate the effectiveness and resources of a company’s compliance program as mitigating or aggravating factors when assessing sanctions violation penalties.
  2. Insufficient Authority of CCOs: Similar to OCIE’s observation, a successful sanctions or anti-corruption compliance program requires a culture of compliance throughout the organization, with centralized compliance functions, and management commitment and support to the program.
  3. Implementing Actions Required by Written Policies and Procedures: As with OCIE, OFAC has found that sanctions compliance deficiencies have resulted from inconsistent application of compliance programs.
  4. Maintaining or Establishing Reasonably Designed Written Policies and Procedures: The U.S. Department of Justice guidance on evaluation of corporate compliance programs explicitly instructs prosecutors to probe whether a compliance program is a “paper program” or one implemented, reviewed, and revised in an effective manner.

Takeaways

The Risk Alert warns that current compliance practices among investment advisers may expose them to violations of the Advisers Act. The Risk Alert is also the latest in a series of government notices and advisories, such as the OFAC and U.S. Department of Justice compliance guidance documents, recognizing risks for investment advisers. Investment advisers should expect increased government enforcement of these compliance regimes and work to address the deficiencies described above. Specifically, investment advisers must not only establish compliance policies and programs and engage a CCO to perform an annual review, but must also integrate their compliance departments into their regular business operations. In particular, investment advisers should ensure CCOs are empowered with sufficient seniority and authority to implement compliance programs tailored to an investment adviser’s size and specialty. Doing so will also help reduce corruption and sanctions risks. 

Investment advisers can improve their compliance programs by allocating sufficient resources to their compliance departments. Budgetary concerns affect both large and small investment advisers, and as with sanctions and anti-corruption compliance matters, a program should be tailored to address a business’ particular risk profile. Specifically, each investment adviser should:

  • Properly assess its business model, size, sophistication, and specialties to design a compliance department appropriately tailored to the investment adviser. 
  • Establish sufficient compliance staff to effectively administer all compliance activities relevant to the investment adviser’s business. 
  • Work with the CCO to revise written compliance policies and procedures and integrate the compliance department in all transactions and business decision-making areas. 
  • Mandate that employees actively consult the CCO before initiating activity.
  • Require conflict of interest and disclosure checks, as well as restricted party and end-user due diligence. 
  • Include the CCO in leadership and business strategy meetings, and support the compliance program by providing the CCO with access to all information associated with business strategies, work teams, and transactions in order to allow compliance departments to provide ongoing advice and maintain up-to-date policies and procedures in preparation for annual and regulatory reviews

Investment advisers that empower their CCO by taking the above steps and addressing the deficiencies identified by the SEC will not only reduce their risk of violating the Adviser’s Act, but will also simultaneously be implementing compliance safeguards and best practices that can minimize risk of sanctions, anti-corruption, and other regulatory compliance vulnerabilities.

Next Steps

Please contact one of the listed authors of this Client Alert or another Lowenstein Sandler contact if you have any questions with respect to the Risk Alert or would like assistance with your compliance policies and procedures, monitoring programs, or training.

For additional information regarding the Risk Alert and the importance of compliance in international business, please use the following links: