Risk Alert

OCIE publishes top five investment adviser compliance issues found during examinations

Originally published in the February 2017 issue

The Office of Compliance Inspections and Examinations (OCIE) of the US Securities and Exchange Commission (SEC) issued a National Exam Program Risk Alert on 7 February 2017 (Risk Alert), highlighting the “five compliance topics most frequently identified in deficiency letters that were sent to SEC-registered investment advisers” in a sample of over 1,000 examinations during the prior two years. The deficiencies or weaknesses concerned requirements of the Investment Advisers Act of 1940 (Advisers Act) and rules thereunder related to: compliance, regulatory filings, custody, codes of ethics, and books and records.1 After identifying the topics, the Risk Alert provides examples of typical issues identified by examiners. The Risk Alert encourages advisers to review their compliance programs and states that “where appropriate, the staff referred examinations to the Division of Enforcement for further action.” The registered entities within OCIE’s oversight include more than 12,000 advisers with nearly $67 trillion in assets under management.2 In late 2016, OCIE’s then-director indicated that OCIE had bolstered its examination staff for advisers and investment companies by about 20% for fiscal 2017, and he referred to advisers as a fast-growing group of registrants that were not subject to a self-regulatory organization.3

Compliance Rule: Rule 206(4)-7
The Compliance Rule requires advisers to: adopt and implement written policies and procedures reasonably designed to prevent Advisers Act violations; annually review their policies and procedures for adequacy and effectiveness; and designate a Chief Compliance Officer to administer the compliance programme. In the Risk Alert, OCIE staff found the following issues:

  • Compliance manual not reasonably tailored to the adviser: The staff found examples of distinct business practices that were not taken into account by some firms’ compliance programmes, including “particular investment strategies, types of clients, trading practices, valuation procedures and advisory fees”. Further, “off-the-shelf” compliance manuals, long criticised by the staff, were still found to be in use.
  • Annual reviews not performed or insufficient: Examples of deficiencies included failure to conduct an annual review, to appropriately review compliance manuals for adequacy and effective implementation, and to properly remedy identified problems.
  • Failure to follow compliance policies and procedures: Examples included failure to perform internal reviews of business practices as prescribed by the adviser’s compliance manual, and failure to adhere to the manual’s policies related to marketing, expenses and employee conduct.
  • Compliance manuals are not current: The staff noted that certain compliance manuals contained information or policies that are no longer current, such as investment strategies that were no longer pursued or personnel no longer associated with the adviser and stale information about the firm.

Regulatory filings
Advisers are required to comply with certain obligations to make accurate and timely regulatory filings with the SEC, including: Forms ADV and PF, pursuant to Advisers Act Rule 204-1 and Rule 204(b)-1, respectively, and Form D (on behalf of private fund clients) pursuant to Rule 503 under Regulation D of the Securities Act of 1933.4 The staff found the following issues:

  • Inaccurate or untimely Form ADV filings and amendments: Examples of inaccurate disclosures related to: custody; regulatory assets under management; disciplinary history; client types; and conflicts. Further, certain advisers failed to amend Form ADV promptly to reflect changed information, or to file annual updating amendments in a timely manner.
  • Inaccurate or untimely Form PF filings.
  • Inaccurate or untimely Form D filings.

Custody Rule: Rule 206(4)-2
The Custody Rule sets forth requirements for advisers (or their “related persons”) that (1) hold, directly or indirectly, client cash or securities, or (2) have any authority to obtain possession thereof. The Custody Rule is designed to protect client assets from unlawful activities or financial troubles of an adviser. The staff found the following issues:

  • Failure to recognise custody where adviser has online access to accounts: Examples included situations in which the adviser had withdrawal access to client accounts (e.g. client usernames and passwords).
  • Surprise examinations not in compliance with Custody Rule: Examples included: failure to provide sufficient information (e.g. a complete list of accounts subject to custody) to independent public accountants performing surprise examinations; failure to provide appropriate information to enable accountants to file Form ADV-Es; and “surprise” examinations conducted at the same time each year.
  • Failure to recognise custody where adviser has certain authority over accounts: Examples included: advisers (or their related persons) having power of attorney authorising withdrawal of client cash and securities, serving as trustees of clients’ trusts, or serving as general partner, managing member, or a similar position, to a pooled investment vehicle.

Code of Ethics Rule: Rule 204A-1
The Code of Ethics Rule requires advisers to adopt and maintain a code of ethics that subjects all supervised persons to a required standard of business conduct; requires “access persons” to make periodic reports of their personal securities holdings and transactions, and to obtain pre-approval for certain investments; and requires advisers to provide each supervised person with, and obtain an acknowledgment of receipt of, the adviser’s code of ethics. Further, advisers must provide certain disclosures related to the code of ethics in their Form ADV Part 2A (brochure). The staff found the following issues:

  • Incomplete list of access persons: Examples included failure to identify certain employees, partners and directors.
  • Incomplete information in the code of ethics: Examples included failure to specify requirements pertaining to review of, and timeframes for submission of, personal holdings and transaction reports.
  • Untimely submission of personal holdings and transaction reports by all access persons.
  • Failure to disclose all information required in the brochure: Examples included failure to describe the code of ethics, and explain to current and prospective clients that the code of ethics is available upon request.

Books and Records Rule: Rule 204-2
The Books and Records Rule requires advisers to make and maintain certain books and records. Staff specified the following issues:

  • Failure to maintain required records: Examples included trade records, advisory agreements and general ledgers.
  • Inaccurate or outdated records: Examples included fee schedules, client records and client lists.
  • Inconsistent recordkeeping: Examples included contradictory information in separate sets of records.

Implications for advisers
The Risk Alert notes remedial measures taken by advisers, including further improvements to their written compliance programs, alterations to their practices to correspond with their compliance manuals, and dedication of additional resources to the compliance function. The Risk Alert also notes that some of these deficiencies resulted in referrals to the Division of Enforcement. The Risk Alert serves as a reminder that investment advisers’ compliance programmes are evergreen and require constant attention and review, and that the foundational elements and the details matter.


1. The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers
2. Examination Priorities for 2017 (12 January 2017)
3. OCIE Director Marc Wyatt, Inside the National Exam Program in 2016 (17 October 2016)
4. Form ADV is the form pursuant to which advisers register with the SEC; it must be updated at least annually (within 90 days of the end of an adviser’s fiscal year) and amended more frequently upon changes to certain information. Form PF must be filed by registered advisers that manage one or more private funds, and that have at least $150 million of private fund assets under management (with filing dates dependent on the adviser’s business and size). Form D is typically filed by advisers on behalf of their private fund clients (generally no later than 15 calendar days after the first sale of securities in the offering of a private fund).