Articles Tagged with OCIE

In conjunction with a speech delivered by its Director last month, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert discussing significant compliance deficiencies its examination staff had identified relating to Investment Advisers Act Rule 206(4)-7 (the “Compliance Rule”). The alert followed on the heels of prior Risk Alerts that addressed Compliance Rule deficiencies, among others, as having been the frequent subject of compliance-related findings by OCIE staff. Many of the deficiencies discussed in the Risk Alert are particularly relevant to growing RIAs who are attempting to assure that their compliance programs evolve and improve as they continue their growth.

The Compliance Rule requires, among other things, that RIAs must design, adopt and put into place written procedures and policies designed to prevent and detect violation of the Advisers Act and its rules. The Compliance Rule also requires the RIA to review the adequacy of those procedures annually. It also requires the RIA to appoint a competent Chief Compliance Officer who is empowered with the responsibility to develop and enforce policies that are appropriate to the firm.

The Risk Alert listed many examples of the types of deficiencies noted during examinations, including inadequate allocation of compliance resources. As we have discussed before, an RIA must assure that the CCO has sufficient time and resources to do the job. This means, for many small and growing RIAs, that the CCO’s compliance role should be exclusive and noncompliance tasks should be reallocated to other employees. There is no prohibition on the CCO having other roles within the organization, but where there are compliance deficiencies, the inability of a CCO to commit sufficient time to compliance will usually be cited as a structural deficiency. The CCO must be permitted, if not encouraged, to obtain additional training and to hire extra compliance staff when needed. Outside consultants or law firms are encouraged when necessary to enable the firm to meet its compliance obligations.

In a speech last month, Peter Driscoll, the director of the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE), stressed that registered investment advisers must take steps to grant authority to their Chief Compliance Officers, pointing out that the failure to do so is often cited as a deficiency following RIA audits. Driscoll explained that CCOs must be supported and empowered by an RIA’s upper management and that OCIE examiners are looking closely to determine whether that is or is not happening at a particular firm.

Driscoll’s speech comes on the heels of the SEC’s upholding a FINRA enforcement action against the CCO of a broker-dealer who was fined $45,000 and given a 90-day suspension for failing to follow up on “red flags” that the broker-dealer was making payments to a firm owned by a barred broker. A federal appellate court recently affirmed that decision. The speech seemed designed, in part, to allay concerns by CCOs that they are at risk of becoming frequent enforcement targets. Consistent with prior SEC guidance, Driscoll’s speech highlighted that compliance failures are more often the result of other senior firm officers not sufficiently fulfilling their roles to assure that the compliance function is adequately staffed and complied with. Compliance should not fall entirely “on the shoulders of the CCO,” he said.

Too often, says Driscoll, OCIE sees firms take a “check-the-box” approach to their CCO position, meaning they are given just enough authority to complete the bare minimum compliance tasks but aren’t fully integrated into the ongoing operations, direction, or major decisions of the company. He notes that in many examination meetings, the CCO stays quiet as the company’s other senior executives dominate answers to core compliance questions. In other instances, he says, firms try to use the CCO as a “scapegoat” to cover failings by other firm personnel to follow clear policies or guidance. When OCIE notices that the CCO is turned into a target for every compliance problem identified, while CEOs take no responsibility, it is an indication that the firm has not set the proper tone and the top that is critical to all good compliance programs.

The Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert highlighting the need for investment advisers to prevent unauthorized access to client data stored on websites.

Recently, cyber attackers have used “credential stuffing” and other methods to breach web-based user accounts. Credential stuffing is when a hacker combines lists of stolen account information from the dark web and customized scripts to compromise user names and passwords to other sites. Hackers prefer this method because it seems to be more efficient and successful than more traditional methods of hacking, like a brute force attack.

OCIE has the following recommendations for Investment Advisers to consider in protecting themselves and their websites against credential stuffing attacks: Continue reading ›

SEC Issues Risk Alert to Private Fund Advisers, Part 2

This supplements our previous post relating to a Risk Alert issued by the SEC’s Office of Compliance Inspections and Examinations on June 23. The Risk Alert was directed at investment advisers to private investment funds. While the prior post discussed the portion of the Risk Alert dealing with fees and expenses, this post discusses the SEC’s findings relating to failure to disclose conflicts of interest.

By way of background, the Risk Alert reminds private fund advisers that they owe duties of care and loyalty to the investors in private funds. In order to fulfill the duty of loyalty, the adviser may not prefer his own interests to those of the investors and must disclose to its clients, in a full and fair manner, all material facts relating to the advisory relationship. The scope of the investment adviser’s duties is discussed at length in IA-5248, issued in June 2019, which we have discussed in a previous post.

Continue reading ›

Earlier this week, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert in which it discussed ongoing deficiencies identified during compliance examinations of investment advisers that advise private funds. This risk alert follows on the heels of other SEC activity relating to private fund advisers, including enforcement referrals, deficiency letters, and informal guidance.

The deficiencies discussed in the risk alert fall into three broad categories: disclosures relating to fees; disclosures relating to conflicts of interests; and sufficiency of a firm’s policies relating to nonpublic material information and its internal enforcement of such policies. The purpose of this risk alert was to provide guidance to private fund advisers regarding steps they should take to improve their compliance policies and program, while simultaneously advising investors in private funds of the types of issues to be aware of when dealing with private fund advisers. Many investors in private funds are pensions or other qualified retirement plans, charities and endowments, and families who have family offices.

This blog post focuses on the portion of the risk alert relating to fees and expenses. Continue reading ›

As we mentioned in an earlier post, in April of this year the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued separate risk alerts on the subjects of Form CRS and Regulation Best Interest (Reg BI). The risk alerts were designed to provide investment advisers and broker-dealers information regarding the anticipated scope and content of the examinations OCIE will conduct following the filing deadline for Form ADV, Part 3 and following the compliance date for Regulation Best Interest. In this post we examine the new requirements regarding Form ADV, Part 3, which we will refer to as “Form CRS,” and then review the SEC’s Risk Alert relating to Form CRS. Firms seeking to comply with the new requirements should carefully review the 17-page instructions to Form CRS. The SEC has also published a helpful Small Entity Compliance Guide.

Under the new requirements, federally registered RIAs must electronically file Form CRS via the IARD system and must deliver a Form CRS to all retail investors, regardless of net worth or sophistication. Currently registered RIAs or entities who currently have pending applications to become RIAs may file their form CRS at any time, but they must file the initial CRS on or before June 30, 2020. The Form CRS may be filed as part of an initial application to register under Rule 203-1, or as an other-than-annual amendment to the Form ADV under Rule 204-1. Beginning June 30, 3020, any new application will be considered incomplete and will be rejected if it does not contain a Form CRS. Every RIA’s firm must post its Form CRS on its public website, but there is no requirement that a firm without a public-facing website must create one. Continue reading ›

In our previous post, we described the SEC’s announcement of examination priorities in 2020 for the Commission’s Office of Compliance Inspections and Examinations (OCIE).  In that post, we discussed areas of examination that will apply to a large percentage of registered investment advisors and other regulated entities.  In this post, we focus on another priority, namely robo-advisers.

Otherwise known as automated investment platforms, “robo-advisers” have come under increased scrutiny by OCIE.  The number of these advisers has increased substantially over the last four years.  OCIE intends to focus on issues such as the eligibility of the robo-adviser to register with the SEC, marketing practices engaged in by robo-advisers, the ability to comply with fiduciary duty, the adequacy of the adviser’s disclosures, the effectiveness of the adviser’s compliance program, and the firm’s cybersecurity policies, procedures and practices.

Advisers Act Rule 203A-2(e) permits “internet only advisers” to register with the SEC, provided certain conditions are met and maintained.  Specifically, the adviser must provide investment advice to all clients exclusively through an interactive website and maintain records demonstrating that it does so.  Under the rule, an adviser may provide investment advice through means other than the internet to up to fourteen clients during any twelve-month period. Undoubtedly there are some firms that registered on this basis who were either not eligible at the time or, through the evolution of their business, have strayed from the conditions required to remain eligible for registration.

Continue reading ›

Earlier this month, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced its examination priorities for 2020.  Many of the priorities listed are similar to those identified in previous years’ priorities lists. The SEC’s approach in addressing them, however, continues to evolve to keep pace with the changing landscape of financial markets, market participants, products, technologies and risks. This post will address some of the areas that should be of concern to a large percentage of registered investment advisers (RIAs), broker-dealers and other regulated entities.

OCIE reiterated that a significant underpinning of any effective compliance program is the “tone at the top” set by C-level executives and owners. Those firms that prioritize compliance and effectively create a “culture of compliance” tend to be more successful in designing and implementing compliance plans than firms that view compliance as an afterthought or business hindrance. One of the “hallmarks” of a firm’s commitment to compliance is the presence of an “empowered” CCO who is routinely consulted regarding most facets of the firm’s operations. There is nothing new to these concepts, but it is worth noting that OCIE continues to emphasize them year after year. Although not stated in the priorities release, the degree to which a firm demonstrates a commitment to compliance often weighs heavily on decisions OCIE examiners must make regarding how deficiencies will be addressed by the Commission. All other things being equal, firms that have made mistakes but demonstrate the ability to make effective corrections will often be provided an opportunity to implement those corrections and are less likely to become the subject of an enforcement referral.

Not surprisingly, OCIE will continue to prioritize examining RIAs to assess compliance with their fiduciary duty to clients. For examinations of RIAs occurring during the second half of 2020, this will undoubtedly include the proper use of Form ADV Part 3, which RIAs are required to complete, file, and place into use with clients by June 30, 2020. Additionally, broker-dealers will be expected to implement compliance with new Regulation BI, requiring adherence to a best interest standard. The priorities list reiterates that advisers and broker-dealers must eliminate, or at least fully and fairly disclose, all conflicts of interest, as more fully explained in Investment Advisor Release 5248, issued in June of last year.

Among other priorities relevant to RIAs, OCIE also listed the protection of retail investors saving for retirement, information security, anti-money laundering programs and financial technology.

Continue reading ›

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a new Risk Alert on September 4th urging RIAs to review their compliance policies and procedures addressing principal trading and agency cross trading transactions.

We pay close attention to OCIE’s periodic Risk Alerts as these publications provide RIAs with not only a view of the results of recent OCIE exam, but also an insight into future exam priorities. This blog has provided commentary on all three of OCIE’s Risk Alerts for RIAs published thus far in 2019.Those alerts have focused on topics as diverse as hiring practices, customer record storage, and privacy notices.

This new Risk Alert encourages RIAs to revisit their policies and procedures designed to prevent violations of Advisers Act Section 206(3) and Rule 206(3)-2. Section 206(3) of the Advisers Act prohibits an adviser from engaging in the following trading activities, unless done with the consent of a client after receipt of written notice: (i) buying or selling a security from a client while acting as “principal for his own account” (“principal trading”); and (ii) acting as a broker for a person other than the client in order to effect a securities transaction between the client and the other person (“agency cross trading”).

Continue reading ›

A new Risk Alert released by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) reminds advisers of the added compliance obligations that arise when hiring representatives carrying the baggage of reportable disciplinary histories. While by no means exhorting advisers not to hire such persons, the Risk Alert nonetheless encourages advisers to properly consider the obvious compliance risks presented by such hiring practices, and, in turn, to adopt prudent policies and procedures to address those risks.

We follow OCIE’s periodic Risk Alerts closely as they not only provide insights regarding the focus of recent OCIE examinations, but also provide insights as to what OCIE management will be directing the staff to focus on in the future. This particular Risk Alert is a read-out of the results of a recent series of OCIE exams from 2017 specifically targeting advisory firms that (i) previously employed, or currently employ, any individual with a history of disciplinary events and (ii) for the most part serve retail clients. Indeed, OCIE makes special notation of its “focus on protecting retail investors” as a genesis for both the targeted exam initiative (the “Initiative”) as well as this new Risk Alert. Accordingly, advisers with a large retail customer base should pay especially close attention to the new Risk Alert.

In conducting the Initiative, OCIE’s staff focused on three areas of interest: (i) the compliance policies and procedures put into place to specifically cover the activities of previously-disciplined individuals; (ii) the disclosures relating to previously-disciplined individuals required to be made in filings and other public documents (including advertising); and (iii) conflicts of interest implicated by the hiring of previously-disciplined individuals. With this roadmap in place, the Initiative identified a variety of observed deficiencies across a range of topics, including:

Contact Information