The alert details five such instances, but the cited examples are not important in and of themselves; what is important is actually implementing your policies and procedures. While not noted in this particular Risk Alert, OCIE has said on other occasions that if policies or procedures cannot be followed because of situational changes, then the firm should review their procedures, amend as necessary, and document the changes and the circumstances.
For example, many adjustments to firm processes and procedures were required in order to continue operations in light of the COVID pandemic. The nine areas that OCIE calls out in their observations of deficiencies are all areas that have been regulatory hot buttons in recent years. These include: portfolio management, marketing, trading practices, disclosures, advisory fees and evaluations, client privacy safeguards, books and records, safeguarding client assets, and business continuity plans.
Further, advisers should ensure that they are fully implementing the written compliance program and addressing any identified deficiencies. Once an adviser has done the hard work of developing and implementing their compliance program, it is important to undertake reviews to ensure that business or regulatory changes are evaluated and the program appropriately updated.
Under Rule 4 -7, advisers are required to undertake an annual review. Compliance is not a profit center. Although reviews are only required on an annual basis, more frequent reviews, whether periodically at the end of shorter time periods or on a rolling basis, may be appropriate if the advisor changes its operations through the introduction of new investment products, personnel, service providers, or manner of doing business.
High-risk areas require greater attention for appropriate testing of effectiveness and validation of procedures. The review of the program must address not only identifying those aspects of the program that have become deficient, it must also include mechanisms for remedying the deficiencies in the program that are discovered. The review should end after the initiation of appropriate action to make any changes that are required.
Is the record keeping for your compliance program appropriate? Record keeping is one of the more problematic areas for compliance programs. The regulatory purpose of the compliance program is to prevent violations. Problems arise for investment advisors when a review detects the possibility that a violation has occurred and, instead of creating appropriate documentation to help prevent similar future occurrences, they create incomplete or ambiguous records about past events that may be used by third parties to assert liability against the advisor.
This is not to say an advisor should use its compliance program to hide or excuse past violations. Nevertheless, those issues should be addressed in an analysis of the appropriate steps to remedy a past or existing situation that will not be compromised by the existance of unnecessary documentation prepared for other purposes.
Depending on their situations, different advisors have concluded that it is appropriate to keep differing levels of records of their compliance program reviews. Some prepare and maintain formal written reports of the outcomes of their reviews, while others keep short memoranda, work papers, or informal notes.
The purpose of each of these kinds of records is to assist the advisor in continuing to prevent violations of the Advisors Act. Note that if any of these records is created, the record-keeping rule requires that the record must be maintained for five years and be available for examination by the SEC.
The requirement to maintain any records made suggests that care should be exercised in assuring that records made are accurate and contain only information that is appropriate to their purpose. Some helpful resources. Advisers performing limited reviews failed to identify risks, or review key risk areas applicable to the adviser.
Weaknesses were identified in the implementation or performing of the actions required by the written policies and procedures.
Some CCOs with multiple professional responsibilities did not appear to be devoting sufficient time to fulfilling their responsibilities as CCOs. Policies and procedures were found to be outdated, inaccurate, and not customized off-the-shelf to the business activities and operations of the adviser. Advisers had failed to establish, implement or appropriately tailor written policies and procedures that were reasonable designed to prevent violations of the Advisers Act. OCIE examinations of registered investment advisers have identified notable areas of weakness related to the Compliance Rule.
Although the Compliance Rule requires only annual reviews, advisers should consider the need for interim reviews in response to significant compliance events, changes in business arrangements and regulatory developments.
Finally, the Compliance rule requires each adviser to designate a CCO to administer its compliance polices and procedures. The CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm.
0コメント