Compliance Solutions for Investment Advisers

FAQs — Compliance Program


Are SEC-registered investment advisers required to implement compliance policies and procedures?

Under Advisers Act Rule 206(4)-7 (commonly known as the Compliance Rule) it is unlawful for an investment adviser registered with SEC to provide investment advice unless the adviser has adopted and implemented written policies and procedures reasonably designed to prevent violation of the Advisers Act by the adviser or any of its supervised persons. The rule requires advisers to consider their fiduciary and regulatory obligations under the Advisers Act and to formalize policies and procedures to address them.

Are state-registered investment advisers required to implement compliance policies and procedures?

While the requirement to develop and implement compliance policies and procedures varies from state to state, some states have incorporated the provisions of the Compliance Rule into their state regulations. Those states that have not done so, most likely have some regulation or “best practice” that calls for written supervisory/compliance procedures. In any event, all states have some form of books and records requirements that would necessitate the need for certain compliance policies and procedures. Regardless of the specific requirements of the state or states in which an advisory firm is registered, it is a good business practice and a necessary part of fulfilling an adviser’s fiduciary duty to its clients to implement compliance policies and procedures.

If I have a single-person advisory firm do I need to implement compliance policies and procedures?

Yes.  However, the Compliance Rule requires only that the policies and procedures be reasonably designed to prevent violation of the Advisers Act, and thus need only encompass compliance considerations relevant to the operations of your advisory firm. The SEC expects smaller advisory firms without conflicting business interests to require much simpler policies and procedures than larger firms that, for example, have multiple potential conflicts as a result of their other lines of business or their affiliations with other financial service firms.

Is an adviser required to appoint a chief compliance officer (CCO)?

Yes. Each adviser registered with the SEC is required to designate a CCO to administer its compliance policies and procedures. An adviser’s CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm.

What specific elements must investment advisers include in their compliance policies and procedures?

The Compliance Rule does not enumerate any specific elements that must be included in an adviser’s compliance policies and procedures.  The Compliance Rule does require, however, that an investment adviser’s policies and procedures be designed to prevent violations from occurring, detect violations that have occurred, and correct promptly any violations that have occurred.

If the Compliance Rule does not enumerate specific requirements, how does an adviser know if their compliance policies and procedures are sufficient?

While the Compliance Rule is indeed short on specifics, it does suggest a process that an adviser should use when designing their policies and procedures. Each adviser should first identify conflicts and other compliance factors creating risk exposure for the advisory firm and its clients in light of the firm’s particular operations, and then design policies and procedures that address those risks.

Are there any minimum requirements?

The SEC expects that an adviser’s policies and procedures, at a minimum, should address the following issues to the extent that they are relevant to that adviser:

  • Portfolio management processes, including allocation of investment opportunities among clients and consistency of portfolios with clients’ investment objectives, disclosures by the adviser, and applicable regulatory restrictions;
  • Trading practices, including procedures by which the adviser satisfies its best execution obligation, uses client brokerage to obtain research and other services (“soft dollar arrangements”), and allocates aggregated trades among clients;
  • Proprietary trading of the adviser and personal trading activities of supervised persons;
  • The accuracy of disclosures made to investors, clients, and regulators, including account statements and advertisements;
  • Safeguarding of client assets from conversion or inappropriate use by advisory personnel;
  • The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;
  • Marketing advisory services, including the use of solicitors;
  • Processes to value client holdings and assess fees based on those valuations;
  • Safeguards for the privacy protection of client records and information; and
  • Business continuity plans.

How is a risk assessment conducted?

An adviser should first identify conflicts of interest, business practices, arrangements, and other compliance factors creating risk exposure for the advisory firm and its clients in relation to its operations. Once this has been completed, the adviser should begin developing written supervisory and compliance policies and procedures that specifically address those risks and conflicts of interests and the controls that the advisory firm will put in place to supervise and mitigate those areas of concern.

What happens if an investment adviser does not conduct a risk assessment?

Officials associated with the SEC’s Office of Inspections and Examinations (“OCIE”) have stated in numerous speeches that no compliance manual could accurately reflect the adviser’s business without such a prior assessment. Without a prior risk assessment, the assumption would be that the adviser had not determined how its clients could be harmed by conflicts of interests and compliance risks and therefore, was probably in breach of its fiduciary duty to its clients.

Can an investment adviser just purchase an off-the-shelf manual that covers all these areas?

An adviser can purchase an off-the-shelf manual if – repeat if – the adviser goes through the necessary steps to fully customize the manual. The problem is that few advisers take the necessary steps and end up with policies and procedures that are not appropriate to the specifics of their advisory business.

Is an investment adviser required to periodically review their policies and procedures?

Yes. The Compliance Rule requires each SEC-registered investment adviser to review its policies and procedures annually and periodically as needed.

What are some “best practices” associated with developing and implementing compliance policies and procedures?

An SEC-registered adviser should make sure that for each area covered, there is an explanation of the applicable rule (or at least some reference), a clear policy, attendant procedures and a party responsible for ensuring that the policy is adhered to and that the procedures are implemented as written (this is usually the CCO).  Advisers should also make certain that they are actually doing everything that their compliance manual requires them to do. Even the most highly customized policies and procedures can be rendered obsolete or insufficient by changing advisory practices, investment adviser regulations or industry best practices.

What are the record keeping requirements associated with an investment adviser’s compliance program?

Advisers must keep a copy of their policies and procedures that are in effect, or at any time within the past five years were in effect. In addition, they must keep any records documenting the investment adviser’s annual review of those policies and procedures.

Besides an investment adviser’s policies and procedures manual, what are some of the things that the SEC will ask for prior to a regulatory examination?

The SEC’s core initial request list may include all or some of the following:

  • A sample copy of each exception report, compliance check list, management report, etc. that is produced in accordance with the compliance policies and procedures.
  • A description of your firm’s overall process for and commitment to establishing and maintaining an effective compliance culture (its “tone at the top”).
  • A current list of and a corresponding copy of any compliance policies and procedures and a list of corresponding compliance documents (e.g., exception reports, compliance checklists, management reports, etc.) that are produced in accordance with the compliance policies and procedures.
  • The standard operating procedures covering the process used to create and maintain your firm’s compliance policies and procedures.
  • Information about the oversight process your firm uses for any remote offices and/or independent advisory contractors and any policies and procedures with respect to such oversight.
  • A list of forensic compliance test performed, the dates of the forensic test(s) performed and the corresponding objectives and results of each forensic test.
  • Information relating to your firm’s compliance testing, including any compliance reviews, quality control analyses, surveillance and/or forensic or transactional tests performed by your firm.
  • Information regarding ay significant findings, both positive and negative, of any compliance testing and any information about corrective or remedial actions taken regarding these findings.
  • A copy of exception reports completed during the examination period to demonstrate the effectiveness of your firm’s compliance program in that area.


Important Information

The information contained in this Frequently Asked Questions is only a summary and is not intended to be a comprehensive analysis of the rules and regulations applicable to registered investment advisers. It is not intended to constitute legal or compliance consulting advice or apply to any one investment adviser’s particular situation. For more information, please see our Terms of Use.