The SEC recently imposed sanctions on a Registered Investment Adviser (RIA) in Lexington, Kentucky, because it failed to conduct the required annual review of the firm’s policies and procedures. The firm also ignored its compliance manual, which stipulated that the RIA would conduct those annual reviews.
Rule 206(4)-7 under the Investment Advisers Act, better known as the Compliance Program Rule, obligates federally registered RIAs to conduct an annual audit of their policies and procedures. The rule also requires RIAs to designate a Chief Compliance Officer (CCO) to develop and enforce its policies and procedures.
RIAs may not just draw straws to determine who will serve as the firm’s CCO. A firm’s CCO must be competent and knowledgeable regarding the Investment Advisers Act and should be empowered to develop and enforce robust policies and procedures. The CCO should be a senior member of the RIA and must possess the authority to enforce compliance with the firm’s policies and procedures.
From its inception in June 2010, the Kentucky RIA made several costly mistakes. Instead of hiring an experienced CCO, the RIA appointed the firm’s administrative assistant to handle the job. Despite her new responsibilities as CCO, she did not give up her administrative duties, which took up much of her time. The CCO/administrative assistant never received any formal training regarding compliance or the requirements of the Investment Advisers Act.
According to Kenneth Corbin’s article posted on FinancialPlanning.com on October 7, 2016, the RIA engaged a “compliance-in-a-box type” firm to create its compliance manual. The owner of the publication was quoted as saying that the compliance manual was generic. The manual did, however, require the RIA to conduct an annual review of its policies and procedures. Nevertheless, the owner of the RIA and the CCO were unaware of their obligation to conduct an annual review of the firm’s policies and procedures.
The firm replaced its CCO with an experienced individual in May 2015. The RIA also engaged an experienced outside consulting firm to assist with its compliance program. In March 2016, the RIA conducted its first annual review of the firm’s policies and procedures to satisfy its Rule 206(4)-7 compliance obligations for the year 2015.
Despite its remedial efforts, the SEC censured the RIA and fined it $25,000. The enforcement action can be found at the following link.
One lesson learned from this enforcement action is that having boilerplate policies and procedures will not impress examiners. Policies and procedures must be tailored to an RIA’s business model. Furthermore, they must be thorough, effective, and designed to prevent violations of the securities laws. RIAs must ensure that all advisory personnel are adhering strictly to the firm’s policies and procedures.
A second lesson learned is that examiners may not give RIAs the opportunity to correct egregious compliance deficiencies. When an RIA has engaged in willful violations of the Investment Advisers Act, examiners may refer the matter directly to the enforcement division instead of sending a deficiency letter.
Although some states do not expressly require RIAs to conduct annual reviews of their policies and procedures, RIAs in those states should conduct reviews at least annually to measure the effectiveness of their implementation. RIAs, whether they are SEC or state-registered, will also benefit by conducting interim reviews of their policies and procedures. Ineffective policies and procedures are likely to lead to compliance problems.
About RIA Compliance Group: RIA Compliance Group is an investment adviser compliance consulting firm based in Boca Raton, Florida. The firm’s mission is to provide affordable, timely, practical, and cost-effective compliance advice. We help investment advisers to comply with the myriad of state and SEC regulations and compliance obligations facing their firms. RIA Compliance Group takes pride in giving personal service and real world compliance advice, not theoretical concepts and legalese. The firm interacts on a daily basis with SEC and state securities regulators.
RIA Compliance Group, LLC – 5301 North Federal Highway, Suite 380, Boca Raton, FL 33487 – Tel: 561-600-0564 – firstname.lastname@example.org.