In conjunction with a speech delivered by its Director last month, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert discussing significant compliance deficiencies its examination staff had identified relating to Investment Advisers Act Rule 206(4)-7 (the “Compliance Rule”). The alert followed on the heels of prior Risk Alerts that addressed Compliance Rule deficiencies, among others, as having been the frequent subject of compliance-related findings by OCIE staff. Many of the deficiencies discussed in the Risk Alert are particularly relevant to growing RIAs who are attempting to assure that their compliance programs evolve and improve as they continue their growth.
The Compliance Rule requires, among other things, that RIAs must design, adopt and put into place written procedures and policies designed to prevent and detect violation of the Advisers Act and its rules. The Compliance Rule also requires the RIA to review the adequacy of those procedures annually. It also requires the RIA to appoint a competent Chief Compliance Officer who is empowered with the responsibility to develop and enforce policies that are appropriate to the firm.
The Risk Alert listed many examples of the types of deficiencies noted during examinations, including inadequate allocation of compliance resources. As we have discussed before, an RIA must assure that the CCO has sufficient time and resources to do the job. This means, for many small and growing RIAs, that the CCO’s compliance role should be exclusive and noncompliance tasks should be reallocated to other employees. There is no prohibition on the CCO having other roles within the organization, but where there are compliance deficiencies, the inability of a CCO to commit sufficient time to compliance will usually be cited as a structural deficiency. The CCO must be permitted, if not encouraged, to obtain additional training and to hire extra compliance staff when needed. Outside consultants or law firms are encouraged when necessary to enable the firm to meet its compliance obligations.