On November 19, 2020, the  Securities and Exchange Commission (“SEC”) issued a Risk Alert noting deficiencies in Investment Adviser Compliance Programs with regard to Rule 206(4)-7 under the Investment Adviser Act of 1940 (“Advisers Act”). Rule 206(4)-7 makes it unlawful for an investment adviser registered with the SEC to provide investment advice unless the adviser adopted and implemented written policies and procedures reasonably designed to prevent violations of the Advisers Act by the adviser or any of its supervised persons.

The Office of Compliance Inspections and Examinations (“OCIE”) identified the following weaknesses in investment advisers’ compliance programs in connection with Rule 206(4)-7:

  • Inadequate Compliance Resources: OCIE staff observed advisers did not provide proper resources, whether information technology, staffing and training, to their compliance programs;
  • Insufficient Authority of Chief Compliance Officer (“CCO”): The OCIE staff noted scenarios where the CCO lacked sufficient authority by the adviser to enforce appropriate policies and procedures;
  • Annual Review Deficiencies: The OCIE staff observed investment advisers that failed to perform an annual review, provide evidence of an annual review, properly identify key risk areas applicable to the adviser and review significant aspects of the adviser’s business;
  • Implementing Actions Required by Written Policies and Procedures: The OCIE staff identified advisers that did not implement or perform actions required by their written policies and procedures;
  • Maintaining Accurate and Complete Information in Policies and Procedures: The OCIE staff noted advisers’ policies and procedures that included outdated or inaccurate information about the adviser;
  • Maintaining or Establishing Reasonably Designed Written Policies and Procedures: The OCIE staff observed advisers that did not establish, implement and maintain written policies and procedures that were reasonably designed to prevent violations of the Advisers Act.

The OCIE staff noted how evaluated programs failed to give the designated CCO sufficient authority and resources to properly carry out the role. An adviser’s CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the adviser. The OCIE staff identified scenarios where the designated CCO had numerous professional responsibilities, either elsewhere with the adviser or with outside firms; therefore the individual did not appear to devote sufficient time to the responsibilities of CCO. The OCIE staff found instances where the CCO had limited interaction with senior management, thereby hindering their ability to understand the firm’s leadership, strategy and business operations.

The OCIE staff encourages all advisers to review their written policies and procedures to ensure compliance with the Advisers Act. The OCIE recommends testing the implementation of the written policies and procedures and to ensure that the procedures are tailored to the advisers’ business activities.

To see full OCIE Risk Alert click here.