The most overlooked compliance failures
Advisers and compliance officers alike were surprised when the SEC’s Office of Compliance and Examinations on Feb. 7 issued a Risk Alert listing the five most frequently identified deficiencies arising from over 1000 examinations over the last 2 years. The alert came without much explanation or introduction.
The surprises continued. Rather than focus on more substantive issues such as breach of fiduciary duty or fraud, OCIE fixed on more administrative compliance failures such as “off-the-shelf” compliance manuals, failed Code of Ethics reporting, and books and records weaknesses.
This Risk Alert signals a continued broken windows approach to compliance and enforcement, where the chief securities regulator seeks to prevent smaller infractions, which in turn creates a peaceful regulatory neighborhood which is seen as less hospitable to bigger violations.
According to the alert, OCIE intends the information “to assist advisers during their compliance reviews,” many of which occur during the first quarter of the year.
The SEC has seen several issues involving compliance program administration. For example, the OCIE staff continues to see off-the-shelf compliance manuals that fail to address “individualized business practices” such as client type, investment approach, and trading practices. OCIE also finds many firms failing to conduct the required annual compliance review, conducting cursory reviews, or failing to remedy problems previously identified.
Additionally, the staff has seen many firms failing to comply with their compliance policies and procedures in areas such as marketing, expenses or employee behavior.
RULES THAT ‘BEDEVIL’ ADVISERS
The OCIE has called advisers to task for their filing and disclosure practices, especially related to Forms ADV, PF and D. Many advisers failed to file required amendments upon the occurrence of material events, and others simply failed to file their annual Form ADV amendment within the required 90-day time frame. Private fund managers had challenges filing accurate and timely Form PFs about the funds they manage.
"Many advisers did not even realize they were deemed to have custody."
The SEC did not like seeing widespread failures to comply with the complicated Custody Rule. Many advisers did not even realize they were deemed to have custody by virtue of having online access to client accounts, obtaining a power of attorney or acting as a general partner to a private fund. If an adviser has this constructive custody, it must engage a PCAOB auditor to perform a surprise annual exam. However, many firms failed to conduct the exam, engaged an unqualified firm, unlawfully limited scope, and/or failed to file the necessary forms.
Compliance with the Code of Ethics rules also continues to bedevil advisers. Many firms still have trouble identifying who should be a designated access person subject to review of brokerage accounts and preclearance. At the same time, access persons fail to submit required statements and certifications in a timely manner. Finally, advisers are failing to review the reports delivered.
The OCIE staff also cited failures to maintain proper books and records. Many firms did not maintain the required categories including trading records, advisory agreements, and general ledgers. Others had many recordkeeping errors, including incorrect fee schedules or client lists. Some firms had inconsistent or conflicting documents.
It is unclear why the OCIE staff issued this Risk Alert at this time. The SEC Enforcement Division has brought many widely-reported cases alleging weak compliance programs including off-the-shelf manuals (see e.g. In re Biscayne Capital), Code of Ethics problems (see e.g. Federated Global Investment Management), and Form ADV failures (see e.g. In re Riverfront). Problems with the custody rule are also not new. Four years ago, OCIE reported on widespread failures to comply (see Custody Risk Alert). Notably, only a few weeks ago, OCIE released its exam priorities, although none of these topics was mentioned (see OCIE Exam Priorities).
"We believe that the SEC staff is reinforcing its commitment to Mary Jo White’s broken windows examinations and enforcement philosophy."
What does this all mean? We believe that the SEC staff is reinforcing its commitment to Mary Jo White’s broken windows examinations and enforcement philosophy. In a 2013 speech, then Chairwoman White described her approach as pursuing “all types of wrongdoing” including smaller violations “such as control failures, negligence-based offenses, and even violations of prophylactic rules with no intent requirement.” She declared support for a policy where “no infraction was too small to be uncovered and punished.” White added said that “minor violations that are overlooked or ignored can feed bigger ones, and, perhaps more importantly, can foster a culture where laws are increasingly treated as toothless guidelines.”
Even though the five areas OCIE lists may not seem significant as compared to bigger violations that affect investors directly, the SEC staff appears to continue to focus on the technical requirements such as compliance manuals and the custody rule.
To understand and comply with these rules requires more than good intent or an intuitive understanding of what’s right and wrong. These esoteric rules require in-depth knowledge of the Advisers Act that only experienced compliance professionals can provide. We recommend hiring an experienced compliance professional or firm immediately. Otherwise, as the Risk Alert ominously warns, the staff may refer examinations “to the Division of Enforcement for further action.”
That’s our take.