The past few years have seen quite a bit of regulatory activity. The SEC’s Office of Compliance Inspections and Examination (now known as the “Office of Examinations”) issued nine Risk Alerts in 2020, five in 2019 and five more in 2018. Add to this the usual 2020 and 2019 versions of SEC’s Examination Priorities (with the 2021 edition soon to be issued), one monumental Final Rule (Investment Adviser Marketing) and you have a massive amount of information to digest. So . . . once again it seems wise to take this opportunity to summarize the most relevant of those SEC releases and give you the opportunity to review what is of pressing concern to the regulators:
OCIE Observations : Investment Adviser Compliance Programs (November 19, 2020)
Key takeaway: Each adviser should adopt policies and procedures that take into consideration the nature of that firm’s operations. The policies and procedures should be designed to prevent violations from occurring, detect violations that have occurred, and correct promptly any violations that have occurred. The Compliance Rule requires each adviser to review its policies and procedures no less frequently than annually to determine their adequacy and the effectiveness of their implementation. Although the Compliance Rule requires only annual reviews, advisers should consider the need for interim reviews in response to significant compliance events, changes in business arrangements, and regulatory developments.
View the Risk Alert: OCIE Observations: Investment Adviser Compliance Programs
OCIE Observations from Examinations of Investment Advisers: Supervision, Compliance and Multiple Branch Offices (November 9, 2020)
Key takeaway: The staff observed that the branch office model may pose certain risk factors that advisers should consider in designing and implementing their compliance programs and in supervising personnel and processes occurring in branch offices. These risks may be heightened when the main and branch offices have different practices. For example, advisers that do not monitor, review, and/or test their branch office activities may not be aware that the compliance controls they have adopted are not effectively implemented or do not appropriately address the intended risks and conflicts in these remote locations. While many of the issues are not unique to advisers that use the branch office model, such entities may be more susceptible to the issues discussed herein because, among other things, geographically dispersed personnel may develop different practices or disparate ways of communicating.
Cybersecurity: Safeguarding Client Accounts against Credential Compromise (September 15, 2020)
Key takeaway: “Credential stuffing” is a method of cyber-attack to client accounts that uses compromised client login credentials, resulting in the possible loss of customer assets and unauthorized disclosure of sensitive personal information. Credential stuffing is emerging as a more effective way for attackers to gain unauthorized access to customer accounts and/or firm systems than traditional brute force password attacks.
View the Risk Alert: Cybersecurity: Safeguarding Client Accounts against Credential Compromise
Cybersecurity: Ransomware Alert (July 10, 2020)
Key takeaway: SEC has observed an increase in sophistication of ransomware attacks on SEC registrants. The perpetrators behind these attacks typically demand compensation (ransom) to maintain the integrity and/or confidentiality of customer data or for the return of control over registrant systems. In light of these threats, SEC encourages registrants to monitor the cybersecurity alerts published by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency.
View the Risk Alert: Cybersecurity: Ransomware Alert
Examinations that Focus on Compliance with Form CRS (April 7, 2020)
Key takeaway: he Office of Compliance Inspections and Examinations (“OCIE”) is issuing this Risk Alert to provide SEC-registered broker-dealers and investment advisers (“firms”) with information about the scope and content of initial examinations after the compliance date for Form CRS. Initial examinations of firms with retail investors conducted after June 30, 2020 may include an assessment relating to Form CRS. Examples of the areas the staff may focus on during examinations are (i) Delivery and Filing; (ii) Content; (iii) Formatting; (iv) Updates; and (v) Recordkeeping.
View the Risk Alert: Examinations that Focus on Compliance with Form CRS
Observations from Examinations of Investment Advisers: Compliance, Supervision, and Disclosure of Conflicts of Interest (July 23, 2019)
Key takeaway: OCIE encourages advisers, when designing and implementing their compliance and supervision frameworks, to consider the risks presented by hiring and employing supervised persons with disciplinary histories and adopt policies and procedures to address those risks.
Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies (April 16, 2019)
Key takeaways: Registrants should review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are in compliance with the relevant regulatory requirements.
Observations from Investment Adviser Examinations Relating to Electronic Messaging (December 14, 2018)
Key takeaway: OCIE encourages advisers to review their risks, practices, policies and procedures regarding electronic messaging and to consider any improvements to their compliance programs that would help them comply with applicable regulatory requirements.
View the Risk Alert: Observations from Investment Adviser Examinations Relating to Electronic Messaging (PDF)
Investment Adviser Compliance Issues Related to the Cash Solicitation Rule (October 31, 2018)
Key takeaways: Advisers should review their practices and policies to ensure compliance with the Cash Solicitation Rule
View the Risk Alert: Investment Adviser Compliance Issues Related to the Cash Solicitation Rule
Most Frequent Best Execution Issues Cited in Adviser Exams (July 11, 2018)
Key takeaways: Advisers should reflect upon their practices, policies and procedures in light of their best execution obligations under the Investment Advisers Act of 1940 and make improvements in their adviser compliance programs.
View the Risk Alert: Most Frequent Best Execution Issues Cited in Adviser Exams
Most Frequent Advisory Fee and Expense Compliance Issues Identified in Examinations of Investment Advisers (April 12, 2018)
Key takeaways: Advisers should review their practices, policies, and procedures to ensure compliance with their advisory agreements and representations to clients in light of the fee and expense issues noted in this Risk Alert.
SEC Final Rule
Investment Adviser Marketing
Summary: On December 22, 2020, SEC finalized changes to the Investment Advisers Act of 1940 to adopt a modernized registered investment adviser marketing rule. The new rule creates a single rule to replace the current Advertising (Rule 206(4)-1)) and Cash Solicitation (Rule 206(4)-3) rules. New related amendments to the Books and Records Rule (Rule 204-2) and Form ADV were also finalized. The Form ADV will now require investment advisory firms to provide additional information related to their marketing practices to assist the facilitation of the SEC’s examination and enforcement capabilities.
View the Final Rule: Investment Adviser Marketing