The Securities and Exchange Commission recently announced the filing of an administrative proceeding against a registered investment adviser and the investment advisers owner/CCO for failing to adopt compliance policies and procedures, a Code of Ethics, and for failing to conduct annual reviews of the same. The advisory firm is Two Point Investment Management, Inc., based in Pittsford, New York. The SEC found that the violations occurred over a 10-year period starting when the adviser first registered with the SEC in 2012.
Articles Posted in CCOs
Growing RIAs Beware: SEC Issues Risk Alert Relating to Compliance Rule Failures
In conjunction with a speech delivered by its Director last month, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert discussing significant compliance deficiencies its examination staff had identified relating to Investment Advisers Act Rule 206(4)-7 (the “Compliance Rule”). The alert followed on the heels of prior Risk Alerts that addressed Compliance Rule deficiencies, among others, as having been the frequent subject of compliance-related findings by OCIE staff. Many of the deficiencies discussed in the Risk Alert are particularly relevant to growing RIAs who are attempting to assure that their compliance programs evolve and improve as they continue their growth.
The Compliance Rule requires, among other things, that RIAs must design, adopt and put into place written procedures and policies designed to prevent and detect violation of the Advisers Act and its rules. The Compliance Rule also requires the RIA to review the adequacy of those procedures annually. It also requires the RIA to appoint a competent Chief Compliance Officer who is empowered with the responsibility to develop and enforce policies that are appropriate to the firm.
The Risk Alert listed many examples of the types of deficiencies noted during examinations, including inadequate allocation of compliance resources. As we have discussed before, an RIA must assure that the CCO has sufficient time and resources to do the job. This means, for many small and growing RIAs, that the CCO’s compliance role should be exclusive and noncompliance tasks should be reallocated to other employees. There is no prohibition on the CCO having other roles within the organization, but where there are compliance deficiencies, the inability of a CCO to commit sufficient time to compliance will usually be cited as a structural deficiency. The CCO must be permitted, if not encouraged, to obtain additional training and to hire extra compliance staff when needed. Outside consultants or law firms are encouraged when necessary to enable the firm to meet its compliance obligations.
SEC Examination Director Discusses Importance of Empowering the CCO
In a speech last month, Peter Driscoll, the director of the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE), stressed that registered investment advisers must take steps to grant authority to their Chief Compliance Officers, pointing out that the failure to do so is often cited as a deficiency following RIA audits. Driscoll explained that CCOs must be supported and empowered by an RIA’s upper management and that OCIE examiners are looking closely to determine whether that is or is not happening at a particular firm.
Driscoll’s speech comes on the heels of the SEC’s upholding a FINRA enforcement action against the CCO of a broker-dealer who was fined $45,000 and given a 90-day suspension for failing to follow up on “red flags” that the broker-dealer was making payments to a firm owned by a barred broker. A federal appellate court recently affirmed that decision. The speech seemed designed, in part, to allay concerns by CCOs that they are at risk of becoming frequent enforcement targets. Consistent with prior SEC guidance, Driscoll’s speech highlighted that compliance failures are more often the result of other senior firm officers not sufficiently fulfilling their roles to assure that the compliance function is adequately staffed and complied with. Compliance should not fall entirely “on the shoulders of the CCO,” he said.
Too often, says Driscoll, OCIE sees firms take a “check-the-box” approach to their CCO position, meaning they are given just enough authority to complete the bare minimum compliance tasks but aren’t fully integrated into the ongoing operations, direction, or major decisions of the company. He notes that in many examination meetings, the CCO stays quiet as the company’s other senior executives dominate answers to core compliance questions. In other instances, he says, firms try to use the CCO as a “scapegoat” to cover failings by other firm personnel to follow clear policies or guidance. When OCIE notices that the CCO is turned into a target for every compliance problem identified, while CEOs take no responsibility, it is an indication that the firm has not set the proper tone and the top that is critical to all good compliance programs.