This is a summary of the five most common SEC deficiency letter citations across 1,000 RIAs that have been examined over the past two years.
Back in my ACA Compliance Group consulting days, I used to joke that from a small RIA to a the Blackstone’s of the world, you could describe a firm’s investment strategy and business structure to me and before I looked at a single document I could probably tell you at least three deficiencies that I was sure to find at that firm. It’s what I like to refer to as “low hanging fruit.”
In February 2017, when the SEC published their list of the five most common deficiency letter citations across 1,000 RIAs examined over the past two years, I was unsurprised by the results. Whether you’re just starting out in the industry or are a seasoned pro, these are simply common deficiencies tripping up advisers at all stages of growth and yet, all of them so simple to address with dedicated compliance resources.
Think you’ve got a handle on compliance? Let’s see if you’re guilty of any of the pitfalls below.
The Compliance Program Rule
The "Compliance Program Rule" requires of investment advisers to:
Adopt and implement written policies and procedures that are designed to ensure operational conformity with the Investment Advisers Act;
Review their policies and procedures at least annually to ensure their effectiveness; and
Designate a Chief Compliance Officer to serve as an administrator of the policies and procedures.
There are many ways to violate the Compliance Program Rule but the most common deficiencies essentially boil down to a lack of ongoing effort to maintain regulatory compliance in general. Here are a few examples:
Using ‘boilerplate’ or off-the-shelf- compliance manuals that are not tailored to the adviser's business practices;
Not performing a compliance program review at least annually or taking corrective action to address weaknesses found in the program;
Failure to follow the policies and procedures; and
Letting compliance manuals become outdated or irrelevant.
SEC registered investment advisers are required to submit certain regulatory filings in and accurate and timely manner. Some of the more common filings deficiencies that the SEC finds are:
Inaccurate disclosures, particularly within the Form ADV Part 1A and Part 2A (e.g. incorrectly reporting custody information, regulatory assets under management, disciplinary history, types of clients, and conflicts of interest);
Untimely filings of amendments to the Form ADV or the annual filing update;
Inaccurate and untimely filings of the Form PF; and
Inaccurate and untimely filings of the Form D.
The Custody Rule
The Custody Rule sets forth certain requirements designed to protect investors from advisers having "custody" of client assets and being able to misappropriating those funds. Many advisers are unaware of the various operational practices they have in place that may be deemed to give them custody over client assets.
A few examples of custody most advisers disregard include:
Online access to client accounts (e.g. usernames and passwords, PINs, and any other ability to access and withdraw funds from client accounts);
Independent public accounting of advisers who have custody of client assets do not meet the "surprise examination" requirement because they did not cover all accounts with which they are deemed to have custody or the audits were scheduled instead of a surprise; and
Having certain authority over client accounts (e.g. power of attorney, trustee, general partner, etc.) may cause them to have custody.
The Code of Ethics Rule
Every SEC registered investment adviser must adopt and maintain a code of ethics. The "Code" must meet three primary criteria:
Establishes a standard of business conduct for all its supervised persons;
People with access to nonpublic information regarding clients' purchase or sale of securities, is involved in making securities recommendations to clients, or who has access to such recommendations that are nonpublic need to report their personal securities transactions (i.e. "access persons");
Requires those same individuals to receive pre-approval from the adviser prior to investing in IPO’s or private offerings;
All supervised persons must be provided with a copy of the Code and any amendments along with written acknowledgement of their receipt of the Code; and
The Code must be described to in the Form ADV Part 2A brochure and should be made available to any client or prospective client upon request.
Common Code of Ethics violations include:
Not identifying all "access persons" correctly;
Missing required information like the review of holdings and transactions reports and their requisite submission deadlines as required by the Code;
Untimely submission of transactions and holdings by access persons; and
Failure to describe the Code of Ethics in the Form ADV Part 2A.
The Books & Records Rule
Generally, certain books and records are required to be maintained and preserved in an easily accessible place for no less than five years, with the first two years in an appropriate office of the investment adviser. Here are examples of how missteps happen:
Not maintaining all required records (e.g. general ledgers, trade records, and advisory agreements);
Books and records are not accurate or updated (e.g. inaccurate fee schedules or client records); and
Inconsistent recordkeeping or contradictory sets of records.
So how would you fare if the SEC came knocking today?