OCIE Issues Observations on Investment Adviser Compliance Programs
In late November 2020, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”)1 issued a Risk Alert setting forth notable compliance issues identified by OCIE related to the Compliance Rule under the Investment Advisers Act of 1940 (“Advisers Act”). The Compliance Rule requires a registered investment adviser to (1) adopt and implement policies and procedures reasonably designed to prevent violation of the Advisers Act in light of the nature of the adviser’s business, (2) review such policies and procedures annually, and (3) appoint a chief compliance officer (“CCO”) to administer such policies and procedures. Compliance Rule deficiencies are one of the most commonly cited items noted in OCIE examinations.
OCIE’s observations included the following:
Inadequate Compliance Resources
- Advisers that did not devote adequate resources to their compliance programs.
- CCOs who did not appear to devote sufficient time to fulfilling their responsibilities as CCO (e.g., due to having “numerous” other responsibilities) and compliance staff that did not have sufficient resources to implement an effective compliance program, including a lack of adequate training or adequate staffing support.
- Kirkland Observations: While it is not prohibited for a CCO to serve multiple roles within an adviser’s business and is common in small or mid-size sponsors, it is important that sufficient time is devoted to fulfilling the responsibilities of being a CCO. This includes having sufficient resources and ample time to adequately implement policies and procedures notwithstanding other responsibilities.
Insufficient Authority of CCOs2
- CCOs lacking authority to develop and enforce policies and procedures.
- Advisers restricting CCO access to critical compliance information as well as limited interaction between senior management and the CCO, including CCOs not being consulted on matters with potential compliance implications.
- Kirkland Observations: Deficiency findings from OCIE staff tend to arise when a CCO cannot demonstrate that CCO is sufficiently integrated into the adviser’s decision making as well as other key business operations of the firm. Exhibiting active participation in meetings with senior management, including meetings and conference calls related to key compliance issues, can help to mitigate this risk and will also help to keep the CCO informed of and assisting with resolution of key compliance related issues.
Annual Review Deficiencies
- Advisers unable to provide evidence that they conducted ongoing or annual compliance reviews.
- Advisers failing to identify or review key risk areas, such as conflicts of interest and protection of client assets, as well as other significant business areas such as the oversight of third-party managers, cybersecurity, and the calculation of fees and allocation of expenses.
- Kirkland Observations: It is important for advisers to cover all material areas of a compliance program during its annual review process. If it is too burdensome to cover each material compliance area in a single review, the CCO could consider breaking up its annual review into several smaller reviews throughout the year to ensure each facet of the adviser’s business is properly examined. Moreover, it is critical that the CCO appropriately document what was done, including the review of certain systems, even if there are no adverse findings.
Implementing Actions Required by Written Policies and Procedures
- Advisers failing to implement or comply with their existing written policies and procedures, including, employee training, trade errors, best execution, conflicts of interest, disclosure, review of advertising materials, back-testing fee calculations, testing business continuity plans and periodically reviewing client accounts.
- Kirkland Observations: Advisers can be cited for deficiencies by OCIE staff for failing to comply with their existing written policies and procedures, even if a requirement under the policy is not necessarily required by the Advisers Act. Consequently, advisers must regularly review their policies and procedures to ensure they are being followed as written, or alternatively revise existing policies to reflect existing practices. CCOs should consider periodic in-person meetings with business operations personnel to review policies with the persons responsible for implementation.
Maintaining Accurate and Complete Information in Policies and Procedures
- Advisers having outdated or inaccurate information in policies and procedures, such as off-the-shelf policies that contained unrelated or incomplete information.
- Kirkland Observations: It is important for an adviser to regularly review its policies and procedures to ensure they are appropriately tailored to the business and current practices of the firm.
Maintaining or Establishing Reasonably Designed Written Policies and Procedures
- Advisers failing to establish, implement, or appropriately tailor written policies and procedures that were reasonably designed to prevent violations of the Advisers Act, but instead relying on cursory or informal processes (i.e., using policies of an affiliated entity that were not tailored to the adviser’s business).
- Deficiencies or weaknesses in connection with establishing, implementing or appropriately tailoring policies and procedures in the following areas: (1) portfolio management, including allocation of investment opportunities, compliance with regulatory and client investment restrictions and oversight over areas such as use of third-party service providers, branch offices and investments; (2) marketing; (3) trading practices; (4) disclosures to investors; (5) advisory fees and valuation, including fee billing and expense reimbursement processes; (6) privacy safeguards, including cybersecurity; (7) maintaining books and records; (8) custody and safeguarding client assets; and (9) business continuity plans.
- Kirkland Observations: As noted above, it is important for an adviser to regularly review its policies and procedures to ensure each policy is appropriately tailored to the firm’s business. For example, OCIE staff has previously cited advisers for deficiencies for the following: (i) co-investment and/or investment allocation policies that do not match the adviser’s actual business practices; (ii) not implementing a best execution policy for advisers that engage in public market securities purchases; (iii) advertising and marketing procedures that do not follow the firm’s current practices; (iv) a lack of branch office supervisory procedures when branch offices exist; and (v) ineffective business continuity plans that have not been monitored or tested.
OCIE’s Risk Alert continues its longstanding focus on the fundamentals of investment adviser compliance, seeking to ensure that investment advisers’ compliance programs cover the primary risk areas posed by their businesses, and that investment advisers follow the requirements set forth in their written procedures.
Changes to Private Offering Rules under Regulation D
In November 2020, the SEC adopted a number of rule changes3 related to securities offering registration exemptions, including Regulation D under the Securities Act of 1933. While many of these rule changes relate only to operating companies, the Regulation D changes also apply to private fund offerings using Rule 506. These changes address when two or more securities offerings will be treated as a single offering under the exemption rules, which is referred to as “integration” of offerings. If offerings are integrated, the combined offering must continue to meet the requirements of an exemption, such as Rule 506(b) (private offering without general advertising or solicitation) under Regulation D. The rule changes will not be effective until 60 days after publication in the Federal Register.
- Regulation D Six-Month Non-Integration Safe Harbor Eliminated. The SEC has eliminated the Regulation D six-month non-integration safe harbor and has adopted a new uniform Rule 152, which applies across exempt offerings. Generally, this will result in a shorter time period for non-integration of offerings.
- Rule 152 Non-Integration Safe Harbors. New Rule 152 has new non-integration safe harbor provisions and generally provides private Regulation D offerings will not be integrated with other offerings, including other Regulation D offerings, under the following situations:
- offerings separated by 30 days,
- employee offerings under Rule 701 or offshore offerings under Regulation S (largely a restatement of current law), and
- a completed offering made under Rule 506(b) with no general advertising or solicitation followed (without a 30-day separation) by an offering under Rule 506(c) with general advertising or solicitation.
- Non-Accredited Investors — Number of Investors. Sales to non-accredited investors under Rule 506(b) are currently limited to 35 in any offering with a 6 month non-integration rule. Since Rule 152 decreases the non-integration rule to 30 days, the SEC decided to limit sales to 35 non-accredited investors during any 90-day period. Non-accredited investors are not permitted in a Rule 506(c) offering. Many private fund offerings do not permit non-accredited investors since there is the requirement to disclose more extensive information in the private placement memorandum given to non-accredited investors.
- Investor Verification in Rule 506(c). Rule 506(c) permits general advertising and solicitation but limits sales to “verified” accredited investors. The Regulation D amendments allow an issuer that has verified the accredited investor status of an investor to continue to rely on such verification for a five-year period so long as the investor gives an updated representation.4
These rule changes continue the recent SEC trend in relaxing the private offering exemption requirements under Regulation D.
1. Following release of the Risk Alert, the SEC changed the name of OCIE to the Division of Examinations.↩
2. On the same day that OCIE issued the Risk Alert, Peter Driscoll, the Director of OCIE, gave a CCO outreach speech focusing on the role of the CCO, and noted three key words: empowerment, seniority and authority. In his remarks, he stated, “the Compliance Rule touches on all of the critical areas of being an adviser. The CCO is not there to fill out irrelevant paperwork or serve as a scapegoat for the firm’s failings. A firm’s compliance department should be fully integrated into the business of the adviser for it to be effective. Compliance regarding conflicts of interest, disclosures to clients, calculation of fees and protection of client assets should not be done from the sidelines. The CCO needs a meaningful seat at the table.”↩
4. Regulation D financial statement requirements for offerings to non-accredited investors were also amended.↩