Hire better service providers. Not every lawyer knows the Investment Company Act Board approval, disclosure, and reporting rules. Not every compliance person understands Rule 38a-1 and how to implement fund procedures and testing. Not all administrator/distributors understand the differences between private funds and registered funds. You wouldn’t hire a neurologist to perform surgery. You shouldn’t hire just any lawyer or compliance consultant to implement your registered fund regulatory program.
This is an example of what we call compliance alchemy i.e. the appearance of compliance without actually complying. The firm had the correct procedures and filed the right forms. However, there was no substance behind the due diligence or the certifications. The regulators have become wise to firms that simply check the box without actually doing the underlying compliance work.
The staff of the SEC’s Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert reporting significant compliance and supervision deficiencies. Based on data collected from a 2017 sweep of over 50 advisers, OCIE found significant weaknesses in how firms hired, supervised, and disclosed information about employees with disciplinary histories. The OCIE staff also cited frequent compliance deficiencies including failures to supervise how fees are charged, what marketing materials are distributed, and whether remote workers complied with firm policies. OCIE also discovered that many advisers allocated compliance responsibilities but failed to assign those responsibilities or neglected to require documentation. The OCIE staff recommends that advisers “reflect on their practices” and implement such best practices as enhanced hiring due diligence, background checks, heightened supervision, and remote-office monitoring.
How many times must OCIE warn the industry about compliance, and how many enforcement actions will it take, before firms implement a legitimate compliance program? An investment adviser should spend at least 5% of revenue on compliance, hire a dedicated Chief Compliance Officer, adopt tailored policies and procedures, test the program every year, and prepare a written compliance report of deficiencies and remediation.
The SEC fined a hedge fund $5 Million, and its Chief Investment Officer another $250,000, for failing to properly value portfolio securities. The SEC maintains that the firm over-relied on the discretion of traders to value Level 3 mortgage-backed securities rather than use required observable market inputs. The SEC contends that the firm consistently undervalued bonds to maximize profit upon sale. The SEC faults the CIO for failing to properly review valuation decisions and ensure that the traders followed the firm’s valuation procedures. The SEC asserts violations of the compliance rule (206(4)-7) because the firm failed to implement reasonable policies and procedures to ensure fair valuation of portfolio securities. As part of the settlement, the firm hired an experienced Chief Compliance Officer rather than rely on its prior Risk Committee comprised of executives with limited regulatory and valuation experience.
Valuation is about process. Firms that buy Level 3 securities must create a consistent, documented and contemporaneous process based on objective criteria in order to defend pricing decisions. For compli-pros, one way to test valuation is to sample whether liquidation prices vary consistently (either always higher or lower) than the firm’s internal valuations before liquidation.
The SEC charged an investment adviser’s principal, who also served as the firm’s Chief Compliance Officer, with multiple compliance violations. The SEC charges the respondent with (i) overcharging his client, (ii) overstating his assets under management, (iii) failing to disclose two client lawsuits, (iv) misrepresenting the reason he switched custodians, and (v) neglecting to maintain required books and records. The SEC also alleges that the principal aided and abetted violations of the compliance rule (206(4)-7) by purchasing a template compliance manual, omitting required policies and procedures, and failing to implement required procedures. The firm ultimately ceased operations, and the respondent agreed to pay over $500,000 in fines, disgorgement and interest.
The dual hat CCO model (i.e. a senior executive also serving as the Chief Compliance Officer) doesn’t work. The dual-hat CCO usually does not have the time, expertise, or interest to do the job properly. Also, a CCO must have enough independence from the business to properly enforce the applicable regulatory and compliance obligations.
The SEC will offer no quarter to RIAs who ignore their basic compliance responsibilities. At a bare minimum, firms must appoint a dedicated and qualified CCO, adopt tailored policies and procedures, annually test the program, and generally attempt to comply with the Advisers Act. The initiation of proceedings, rather than a settled order, suggests that the SEC intends to pursue aggressive penalties.
A BDC manager’s compliance failures led to nearly $4 Million in fines, disgorgement and penalties and the loss of its advisory business. The SEC charges the firm with misallocating overhead expenses to the registered Business Development Companies it managed and with overvaluing portfolio companies. The SEC maintains that the registrant used material nonpublic information about BDC portfolio companies to benefit affiliated hedge funds that it managed. In 2014, the firm had over $2.6 Billion in assets under management but withdrew its adviser registration in 2017 following the SEC enforcement action. The SEC asserts violations of the compliance rule (206(4)-7) in addition to a laundry list of other securities laws violations.
Failure to implement an effective compliance program has consequences beyond penalties and fines. The negative impact to a firm’s and its principals’ reputations could ultimately bring down the entire franchise.
OUR TAKE: Failure to implement an adequate compliance program can have real-world implications for the viability of your firm. A tight compliance program will support a more coherent operating environment that will prevent sloppy business practices that will lose clients and attract regulators.
OUR TAKE: Having policies and procedures, but taking no significant action against those who violate them, eviscerates their purpose. This compliance voodoo – the mere appearance of a compliance program – will draw the ire of the regulators.