Note: This article first appeared in the Financial Markets Association Markets Solutions Newsletter, September 2017, Volume 26, Number 3.
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) is upfront about the areas it will be testing during its examinations of investment advisers. In January, OCIE publishes its Examination Priorities for the National Examination Program (“NEP”). Every year there are new areas of focus, as well as the standard priorities such as conflicts of interest (e.g., dual registrants, compensation arrangements, allocation of investment opportunities, recommending higher-paying products or strategies), performance advertising, custody, supervision of branch offices, fraud detection, and fees charged to clients. Additionally, OCIE has expanded its examinations to review to cybersecurity controls, allocation of fees and expenses by private equity funds, protections for retirement investors, and sales practices for investment products that OCIE feels pose greater risks to retail investors, such as variable annuities, ETFs, illiquid or high risk alternative investment funds.
Advisers have a good idea what OCIE is looking for, but the more burning question for most is what does OCIE find? Post-Dodd Frank, OCIE has made a concerted effort to provide more information to registrants about its findings and concerns by issuing 26 Risk Alerts discussing deficiencies found during the examination process. One of most illuminating was a Risk Alert[i] published in February 2017, where OCIE identified the five most common compliance issues found during exams.
Not surprisingly, the big five deficiencies included problems with Custody Rule (Rule 206(4)-2) compliance, inaccurate and late regulatory filings, Code of Ethics rule (Rule 204A-1) violations, incomplete and inadequate recordkeeping (Rule 204-2), and violations of the Compliance Rule (Rule 206(4)-7).
To prepare for an exam, it is important to know where OCIE has found weaknesses. It is also helpful to understand how the general issues might play out during an actual SEC examination. Over the past six years, Hardin Compliance Consulting has been involved in at least 32 different SEC investment adviser examinations, with SEC branch offices in Philadelphia, Chicago, New York, Los Angeles and Washington, D.C. The purpose of this article is to provide an in-depth view of how the general categories of issues translate into specific deficiencies.
The most common deficiencies cited during the exams fell into seven categories:
- Custody Rule Violations
- Form ADV and Disclosure Issues
- Code of Ethics Rule Violations
- Compliance Rule Issues
- Fees and Billing Procedures
- Advertising and Marketing Issues
- Best Execution Concerns
Our experience is consistent, for the most part, with OCIE’s findings. Mistakes will continue to be made as regulations get more complex and compliance burdens increase. Disclosures are a prime example. The Form ADV might include a statement that clients who terminate the advisory relationship will promptly receive pre-paid advisory fees, where in practice it takes a couple of months to determine that a client has terminated the relationship and process the refund. Another example can occur where the firm has a trading error policy that states that clients retain any gains that result as a correction of an error. The custodian, however, may deal with trade errors differently, and donate gains to charity. These are situations where aspirational policies do not reflect the operational realities.
The more troubling aspect of our exam participation, however, is the way OCIE uses its examination findings to create new compliance obligations for advisers. This is especially true in areas like the Custody Rule and the Compliance Program Rule. With the custody rule, there seems to be a lot of confusion about what constitutes “custody” that could be alleviated by the Commission providing additional guidance under the rule itself. For example, in 2016, a number of examiners started citing advisers for failing to comply with the Custody Rule as a result of common arrangements between custodians and investment advisers that allow advisers to transfer funds among a client’s accounts. Many custodians have provisions in their agreements with advisory clients that give investment advisers the authority to transfer funds between same-registered accounts at different custodians. In 2016, the SEC started examining these arrangements, and began citing advisers for failing to comply with the Custody Rule’s “surprise examination” requirement.
In February 2017, the SEC issued a no-action letter[ii] to the Investment Advisers Association (the “IAA No-Action Letter”) clarifying the requirements, and custodians are working on changes to their operations and procedures to help advisers avoid having custody, per the SEC’s requirements as set forth in the IAA No-Action letter.
Another example is OCIE’s widespread findings of inadequacies in advisers’ compliance programs in violation of Rule 206(4)-7. In a number of situations, the staff appears to be imposing a strict liability standard. The logic seems to be that since the firm did not discover a weakness in the compliance program, missed a deadline or failed to perform a required review, the program is inadequate. SEC staff does not discuss whether the policies and procedures were reasonable. Instead, the analysis is perfunctory – your firm did not catch the issue, therefore your program must be inadequate.
Aside from these bigger picture issues, one of the goals of this article is to provide some context to the general categories of issues. The following is a summary of more specific findings from examinations we’ve participated in over the past five years.
Custody Rule Violations
Common findings in the more recent exams reflected the SEC’s concern with “Standing Letters of Authorization” (“SLOA”), requesting that advisers either (i) comply with the independent verification requirements of Rule 206(4)-2 for assets subject to the SLOAs or (ii) require specific client instruction before transferring any funds.
The SEC also cited advisers for failure to comply with the surprise examination requirements for situations of the Custody Rule where the adviser had user names and passwords to client’s 401(k) accounts. Another common deficiency resulted from firms receiving checks from clients and then forwarding them to the appropriate custodian. The SEC had made it clear that the advisers that forward clients’ funds and securities have custody.[iii] The checks should have been returned to the client, per the Rule and per firm policy.
Form ADV and Disclosure Issues
The Form ADV is a constant source of deficiencies. Many of the following examples are based on a firm’s specific business and operations, but may help advisers re-think their current disclosures.
- Failure to include disclosures regarding the disadvantages of directed brokerage, as set forth in the Matter of Mark Bailey & Co[iv]. The adviser should have disclosed in Form ADV Part 2A that directed brokerage arrangements can have a detrimental effect on the amount a client pays for commission, since the adviser does not negotiate commissions on directed trades, and is not in a position to negotiate commissions in bunched transactions for non-directed trades.
- Inaccurate disclosure regarding reimbursement of prepaid fees. Form ADV stated that clients who terminate the advisory relationship will promptly receive pre-paid advisory fees. In practice, however, it took a couple of months to determine that a client has terminated the relationship and process the refund.
- Failure to disclose conflict of interests.
- Affiliated broker dealer: Firm failed to disclose in Form ADV Part 2A that its affiliated broker dealer received a portion of the ticket charge for each trade. The SEC found that although clients were made aware that they paid a specific ticket charge, there should have been disclosure stating that a specific portion of that charge went to the affiliated broker-dealer.
- Firm used a broker dealer to execute transactions that also provided research on the securities. Firm had a conflict since it might otherwise have had to pay for that research.
- Failure to disclose mark-ups/downs on fixed income transactions: Firm failed to disclose that there was an additional fee charged on fixed income securities transactions (the markup and/or mark down), and that the custodian charged an additional fee for “trading away.”
- Failure to disclose how gains were distributed as a result of a trading error. Adviser had a trade error policy that stated clients would get to keep any gains as a result of trading error corrections, however, the custodian had a different policy. The custodian actually donated gains to charity in these situations. SEC required the firm to disclose this practice in the Form ADV Part 2A.
- Failure to accurately count assets under management. A number of firms were cited for counting non-discretionary assets as assets under management. The SEC stated that the non-discretionary assets could not be included in Regulatory Assets Under Management since the firm was not responsible for “arranging or effecting securities transactions” with respect to the accounts at issue.
Code of Ethics Rule Violations
Common violations cited include failure to enforce the firm’s code of ethics, including:
- Failure to request quarterly transaction reports, initial and annual holdings reports;
- Failure to review personal securities transaction reporting;
- Failure to enforce the Code of Ethics by not taking action against Access Persons who fail to submit required reports or submit reports late;
- Failure to maintain records showing that personal securities transaction reports were reviewed as required under the Code;
- Failure to include definitions and deadlines specified in the Code of Ethics Rule[v] in the code itself;
- Failure to specify who is responsible for reviewing the Chief Compliance Officer’s trading activity and personal securities transaction reports;
- Failure to update the “Access Persons” list in a timely manner; and
- Failure to report material violations of the Code of Ethics to the mutual fund board.
- Failure to disclose a relative in the securities industry, as required under the Firm’s conflict of interest questionnaire.
Code of Ethics rule violations are one of the most common deficiencies cited by the SEC.
Compliance Rule Issues
This is another incredibly common deficiency noted by OCIE. These types of deficiencies are often very specific to the firm’s business and operations. The lesson learned is to review the compliance manual critically, and engage all areas of the firm in the review process. The SEC does not grant any slack for firms that do not follow their policies and procedures, or fail to address the firm’s core business activities. A few examples are included below.
A private equity firm was required to expand on its portfolio management procedures, including the investment selection process, the allocation of investment opportunities among the funds it advised, and due diligence reviews to ensure compliance with fund offering documents.
A firm that served ERISA clients was required to develop procedures for monitor its compliance with ERISA, including reporting gifts on DOL’s Form LM-10.
Another firm had a fairly extensive compliance manual, but was cited for various failures to implement the policies and procedures, including those related to annual review of the compliance program, advertising and marketing procedures, oversight of solicitor arrangements, email review, trade reconciliation and best execution.
A firm that served retail clients using asset allocation models was cited for failure to develop portfolio management procedures addressing model creation and oversight, assignment of clients to models, and monitoring of client accounts to ensure that they are properly managed and assigned to an appropriate model. The staff also recommended that the firm adopt policies and procedures to regarding uninvested cash to set thresholds and document any deviations from such thresholds.
Fees and Billing Procedures
The SEC is laser focused on fee billing. As discussed in some of the previous sections, SEC examiners are going to closely scrutinize the process for valuing assets, billing clients and providing refunds. Examples of deficiencies in this area include:
- Failure to include in the compliance manual the processes used to value client holdings and assess fees based on those valuations;
- Failure to refund prepaid fees promptly as promised in Form ADV;
- Failure to verify whether disclosures related to fees are accurate, such as the statement that the highest asset-based fee tier is X.X% without confirming that this is true.
The SEC always asks about the process for valuing assets in order to determine what to bill clients, so make sure that the firm has policies and procedures describing this process.
Advertising and Marketing Issues
The staff’s War on Adjectives continues. Here are a few examples from actual exams:
- Firm cited for using a third-party ranking because it failed to disclose the criteria on which the rating was based, the category for which the rating was calculated, the number of advisers surveyed in that category and the percentage of advisers that received the rating or designation, and for failing to state that ranking is not indicative of future performance.
- Firm cited for claiming a third-party, independent certification, because it failed to provide meaningful disclosures about the minimum qualifications for the certification and more specifics about the “best practices” used by the third party.
- SEC staff extended the requirements of the testimonial rule in a situation where an adviser had included industry references for its employees.
- SEC staff objected to the following adjectives used in adviser marketing materials: “leading advisors”, “deep and extensive” experience, and “best in class.”
Best Execution Concerns
For advisers dealing with retail clients, SEC staff is going to look closely at how the firm determines the appropriate share class when purchasing mutual funds for its clients. There should be a process for selecting the appropriate share classes for the client, and testing after-the-fact to ensure that the right share classes are in client accounts.
Another issue cited by SEC staff is the requirement to perform periodic due diligence on custodians that provide execution services. For example, a retail adviser was cited for failing to negotiate commission transaction rates since the relationship with its custodian was entered into a number of years ago. SEC staff expects advisers to conduct periodic due diligence of other service providers to ensure that the fees being paid are competitive.
Hopefully the examples provided can give you some insight into what an SEC examiner might look for at your firm. The best strategy to deal with an SEC exam is to be prepared. Review the firm’s compliance manual critically, and make sure that all areas of the firm have read the procedures that apply to their duties. Make sure the manual does not contain any promises that cannot be kept or policies that are not being followed. The same goes for the Form ADV. Have other members of the firm read it and confirm its accuracy.
It is important to be truthful with the SEC. In preparing for an exam, many firms discover problems. Generally it’s best to discuss your findings with the SEC, along with a proposal for addressing the issue. By being upfront, you will establish credibility with the staff. This is important because if the SEC believes you are being open and honest, they will be more willing to work with you on a solution.
Be prepared for the staff to find deficiencies. Although we have seen a few situations where an adviser received a “no deficiency” letter, this is not the norm. Prepare firm management by providing updates regarding exam progress, especially areas where the staff is taking a deeper dive. This usually signals potential issues.
When responding to a deficiency letter, address the SEC’s findings point by point. It is good practice to copy the issue cited directly from the SEC’s letter, and include the firm response. Provide specifics so the staff understands that the firm has a plan to address the issue. If an issue cannot be resolved quickly, include a timeline outlining the steps being taken and the expected completion date. Finally, keep track of promises made to the SEC. Firms with more significant deficiencies generally experience a follow up examination within two years.
Jaqueline Hummel (IACCP®) is Managing Director and Partner at Hardin Compliance Consulting LLC. Jaqi is a securities attorney and regulatory compliance consultant with extensive experience in investment adviser regulation and compliance. She can be reached at (216) 965-0062 or firstname.lastname@example.org.
[iv] See https://www.sec.gov/litigation/admin/ia-1105.pdf
[v] See Rule 204A-1 at https://www.law.cornell.edu/cfr/text/17/275.204A-1.