Dear Compliance Professional,
Advisers Act Rule 206(4)-7 (commonly referred to as the Compliance Rule) requires SEC-registered investment advisers to conduct an annual review of the adequacy and effectiveness of their policies and procedures. Many states have also, either expressly or implicitly, adopted some variation of the SEC annual review requirement. Failure to conduct an annual review or failure to conduct the annual review adequately always rates high on the list of most common regulatory deficiencies. Having been through a number of regulatory exams in the past year, we can assure you that both state and SEC examiners pay particular attention to the review process.
So what exactly do the regulators expect of an adviser when conducting the annual review? Because regulators are a shifty bunch and forever changing their expectations, there is no one absolute path to annual review enlightenment. There are, however, certain best practices an adviser can implement that will go a long way in satisfying the regulators.
This post, the first of a series, will discuss the primary goals of the annual review process. The next installment will suggest a methodology for conducting the annual review. Subsequent newsletters will offer insight on how to assess the three broad categories of a typical investment adviser’s advisory business:
- Seeking Clients
- Providing Investment Advice
- Administering Your Advisory Business
Adequacy & Effectiveness
The primary goals of the annual review are to determine theadequacy and effectiveness of your policies and procedures in light of your firm’s businesses, advisory services, and regulatory requirements. But what does this really mean in practical terms?
Determining whether your firm’s policies and procedures are adequate involves asking the following basic questions:
1. Do your procedures address all applicable areas of your firm’s advisory business, such as:
- Portfolio management;
- Business Continuity;
- Personal and Proprietary Trading;
- Record Keeping; and
2. Have all applicable laws and regulations been cited?
3. Do your procedures require your firm and its supervised persons to actually do what the rules require?
Adequacy deals more with the big picture. In other words, determining adequacy can be considered a “macro” level analysis of your compliance program as you are not yet looking at individual policies and procedures.
Determining how effective each of your policies and procedures are requires answering these questions:
1. Is the procedure reasonably designed to detect violations and promptly correct any violations that have occurred?
2. Does the procedure include sufficient:
- Employee training;
- Forensic testing; and
- Problem detection and correction?
Effectiveness shifts from the compliance program as a whole to each individual component (i.e., procedure) of the program.
How you go about determining the answers to these questions will be addressed in the next newsletter on proper methodology for conducting the annual review.