On February 7, 2017, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a list of the five compliance topics most frequently identified in deficiency letters sent to SEC-registered investment advisers. After reviewing more than 1,000 deficiency letters, examiners frequently found weaknesses in these five areas:

  • Compliance Rule – Rule 206(4)-7 under the Investment Advisers Act of 1940
  • Required regulatory filings;
  • Custody Rule – Rule 206(4)-2 under the Investment Advisers Act;
  • Code of Ethics Rule – Rule 204A-1 under the Investment Advisers Act; and
  • Books and Records Rule – Rule 204-2 under the Investment Advisers Act.

The Risk Alert did not discuss other deficiencies or weaknesses that were unearthed during examinations.

Registered Investment Advisers (RIAs) receiving deficiency letters are typically instructed to:

  • Enhance their written compliance procedures, policies or processes;
  • Change their business practices; or
  • Dedicate more resources or attention to the compliance area.

In some instances, OCIE refers the results of examinations to the Division of Enforcement for further action.

Compliance Rule deficiencies

The Risk Alert reported many of the same Compliance Rule deficiencies that examiners have observed since it was enacted years ago. Compliance manuals were not reasonably tailored to the RIA’s business practices and were not current. Annual reviews were not performed by certain firms. Some of the firms that did conduct annual reviews failed to determine if the RIA’s policies and procedures were achieving their intended purpose. Even worse, firms and advisory personnel were not complying with their policies and procedures. Certain RIAs did not revise their policies and procedures after identifying weaknesses.

Required regulatory filings

OCIE examiners observed that regulatory filings were deficient in many respects. Certain RIAs made inaccurate disclosures on Form ADV Part 1A and Part 2A. They provided inaccurate information regarding custody, regulatory assets under management, disciplinary history, conflicts of interest, and types of clients. Firms failed to amend Form ADV in a timely manner. Examiners also found incorrect and untimely Form D and Form PF filings.

Custody Rule

Examiners are particularly concerned about weaknesses and deficiencies in the custody area, because they put clients’ assets at risk. Examiners found that certain RIAs were not aware that their online access to clients’ accounts triggered custody of those assets. Having access to clients’ user names and passwords gave the adviser the ability to withdraw funds and securities from the account. In addition, certain RIAs did not realize they had custody as a result of having authority over a client’s account, such as a situation where the adviser acts as a trustee.

Although certain advisers were aware that they had custody, they did not fully satisfy the requirement that there be a surprise examination by an independent public accountant. These RIAs did not supply the independent public accountant with every account over which the firm had custody. They also did not provide sufficient information, so the accountant could file an accurate Form ADV-E.

Examiners learned that the surprise examinations by an independent public accountant were not always a surprise to the RIA. The accountant showed up every year at the same time.

Code of Ethics Rule

Examiners frequently observed deficiencies or weaknesses related to the Code of Ethics Rule. RIAs failed to identify access persons or their code of ethics omitted required information. Access persons failed to submit reports detailing transactions and holdings in a timely manner. In addition, some RIAs failed to describe their code of ethics in their Form ADV. The Form ADV did not advise clients and prospects that they could request a copy of the adviser’s code of ethics.

Books and Records Rule

Examiners discovered that certain RIAs failed to keep all of the required books and records, such as trade records, general ledgers, and advisory contracts. Some records contained errors and omissions, such as inaccurate fee schedules. Examiners also uncovered situations where RIAs kept contradictory information in separate sets of records.

Books and records deficiencies often go hand-in-hand with violations of other rules. For example, a failure to conduct an annual review of the firm’s policies and procedures violates the Compliance Rule, as well as the Books and Records Rule. Rule 204-2 requires RIAs to maintain records documenting that an annual review has been conducted.

Bottom Line

OCIE’s Risk Alerts can help RIAs to prepare for their own examinations. It is quite likely that examiners will focus on these areas, since they are found so frequently at other firms. State-registered investment advisers can also bolster their compliance program by avoiding the mistakes pointed out in OCIE’s Risk Alert, which can be found at https://www.sec.gov/ocie/Article/risk-alert-5-most-frequent-ia-compliance-topics.pdf.