Each year, the Securities and Exchange Commission and the state securities authorities conduct routine and “for cause” examinations of registered investment advisers within their jurisdiction to determine compliance with Investment Adviser Act and Investment Company Act regulations.
Often, the SEC and North American Securities Administrators Association (“NASAA”), which is the consortium of state securities regulators, will publish reports and notices to the industry identifying certain common deficiencies in compliance. The following represent ten areas that have been routinely identified in recent reports and notices from the SEC and NASAA.
- Compliance manuals are not reasonably tailored to the adviser’s business practices.
The compliance programs for advisers often do not take into account important individualized business practices such as the firm’s particular investment strategies, types of clients, trading practices, valuation procedures and advisory fees. The use of “off-the-shelf” compliance manuals not specifically tailored to the firm’s individual business practices are most commonly seen as compliance violations.
- Annual reviews are not performed or did not address the adequacy of the adviser’s policies and procedures.
Advisers are obligated to review compliance manuals and procedures at least annually. Those who fail to conduct reviews or inadequately review their procedures at least annually fail to address and correct compliance problems, which cause minor issues to become material or even systemic failures.
- Inaccurate and Untimely Disclosures.
Advisers often make inaccurate disclosures on brochures and Form ADV, such as failing to report custody information, regulatory assets under management, disciplinary history, types of clients, conflicts, investment strategies and risks associated with particular investments (e.g., inverse ETFs). Advisers also too often fail to update their filings promptly upon material change.
- Non-Compliant Advisory Agreements.
Many advisers examined recent years maintained deficient advisory contracts. The deficiencies ranged from inadequate fee disclosures, improper capital gains and performance fees, and missing clauses for discretionary authority and refund of fees.
Nearly one-fifth of all advisers in the survey were cited for deficient, misleading or unlawful advertising practices. The most common deficiencies included false or misleading statements or omissions, unlawful customer testimonials, insufficient disclaimers, and improper performance disclosures.
- Incorrect and untimely Form PF, Form 13F/H and Form D filings.
Advisers are obligated to file form PF when any private fund over which they exercise management discretion exceeds $150 million in AUM. Similarly, advisers are obligated to file under Rule 13(f) and 13(h) when they reach certain securities holdings (institutional investment manager) or trade a certain amount of securities in a particular period of time (large trader reporting). Finally, Form D must be filed timely when a manager issues unregistered securities in a private pool under Regulation D, Rule 506. These reports are often overlooked or improperly completed.
- Advisers did not recognize that they may have custody.
States and the SEC may deem an adviser’s online access to client accounts as custody over the client’s assets when such access provides the adviser with the ability to withdraw funds and securities from the client’s accounts. Advisers may also be deemed custodians of client assets as a result of having (or related persons having) powers of attorney authorizing them to withdraw client cash and securities, or by serving as trustees of clients’ trusts or general partners of clients’ pooled investment vehicle.
- Access persons not identified and holdings and transaction information not collected.
Advisers often do not identify all of their access persons (e.g., certain employees, partners or directors who have access to customer account information) for purposes of reviewing personal securities transactions. Advisers also often fail to collect holdings and transactions information from these access persons timely (at the beginning of employment and each quarter thereafter).
- SEC and States’ advisories on cybersecurity.
The SEC interprets Rule 30(a) of Regulation S-P, the so-called Safeguards Rule, as requiring advisers to implement written supervisory policies to guard against unauthorized access to customer account information. States are also beginning to require written policies, and have notification requirements for the unauthorized release of Personally Identifiable Information.
- SEC rules on Robo-Adviser platforms and disclosures.
In February 2017, the SEC issued guidance on robo-advisers’ disclosures and business practices, as well as other advisers with automated or algorithm-based investment practices. The notice requires enhanced disclosures as to the algorithm to be used; risks to and assumptions of the algorithm; whether human interaction is necessary for the service; how information is collected and whether the information is adequate; and whether the platform provides comprehensive financial planning or limited investment advice.