Be aware of your weaknesses and deficiencies

The latest risk alert published by SEC points out the compliance issues highlighted by OCIE (Office of Compliance Inspections and Examinations) with regards to the Compliance Rule (206(4)-7) under the Investment Advisers Act of 1940. Below is a summary of the key notable deficiencies.

• Inadequate compliance resources: Staff of the Office of Compliance Inspections and Examinations (OCIE) observed advisers that did not devote adequate resources, such as information technology, staff, and training, to their compliance programmes. For example, advisers that had grown significantly in size or complexity but had not hired additional compliance staff or added adequate information technology, leading to failures in implementing or tailoring their compliance policies and procedures.
• Insufficient authority of CCOs: OCIE staff observed CCOs at the advisers who lacked sufficient authority to develop and enforce appropriate policies and procedures for the advisers. For example, advisers where senior management appeared to have limited interaction with their CCOs, leading to CCOs having limited knowledge about the firm’s leadership, strategy, transactions, and business operations.
• Annual review deficiencies: OCIE staff observed advisers that were unable to demonstrate that they performed an annual review or whose annual reviews failed to identify significant existing compliance or regulatory problems. For example, review of significant aspects of the adviser’s business. In addition, they observed advisers that failed to review significant areas of their business, such as policies and procedures surrounding the oversight and review of recommended third-party managers, cyber security, and the calculation of fees and allocation of expenses.
• Implementing actions required by written policies and procedures: OCIE staff observed advisers that did not implement or perform actions required by their written policies and procedures. For example, staff observed advisers that did not
• Train their employees
• Implement compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosure and other requirements
• Review advertising material
• Follow compliance checklists and other processes, including back testing fee calculations and testing business continuity plans
• Review client accounts, e.g., to assess consistency of portfolios with clients’ investment objectives, on a periodic basis or according to a schedule specified in the adviser’s policies
• Maintaining accurate and complete information in policies and procedures: The staff observed advisers’ policies and procedures that contained outdated or inaccurate information about the adviser, including off-the-shelf policies that contained unrelated or incomplete information.
• Maintaining or establishing reasonably designed written policies and procedures: OCIE staff observed advisers that did not maintain written policies and procedures or that failed to establish, implement, or appropriately tailor written policies and procedures that were reasonably designed to prevent violations of the Advisers Act. For example, staff observed advisers that claimed to rely on cursory or informal processes instead of maintaining written policies and procedures. In addition, staff observed advisers that utilised policies of an affiliated entity, such as a broker-dealer, that were not tailored to the business of the advisers.

Link: https://bit.ly/3g6LNhz

Originally published at https://www.acuitykp.com.

About the Author

Manish Mohan Raj is the delivery manager in Forensic Compliance team and subject matter expert for the forensic compliance practice. He has over 8 years of experience in the financial services industry. Prior to joining Acuity Knowledge Partners he worked as an associate with Goldman Sachs — GSAM Compliance. He was part of the global forensics team and was part of the marketing and portfolio management compliance team. Manish was also part of the controls management team for the asset & wealth management team at JP Morgan and was part of the HSBC KYC remediation team for multiple lines of business.