The staff of the SEC’s Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert reporting significant compliance and supervision deficiencies. Based on data collected from a 2017 sweep of over 50 advisers, OCIE found significant weaknesses in how firms hired, supervised, and disclosed information about employees with disciplinary histories. The OCIE staff also cited frequent compliance deficiencies including failures to supervise how fees are charged, what marketing materials are distributed, and whether remote workers complied with firm policies. OCIE also discovered that many advisers allocated compliance responsibilities but failed to assign those responsibilities or neglected to require documentation. The OCIE staff recommends that advisers “reflect on their practices” and implement such best practices as enhanced hiring due diligence, background checks, heightened supervision, and remote-office monitoring.
How many times must OCIE warn the industry about compliance, and how many enforcement actions will it take, before firms implement a legitimate compliance program? An investment adviser should spend at least 5% of revenue on compliance, hire a dedicated Chief Compliance Officer, adopt tailored policies and procedures, test the program every year, and prepare a written compliance report of deficiencies and remediation.
The SEC fined a hedge fund $5 Million, and its Chief Investment Officer another $250,000, for failing to properly value portfolio securities. The SEC maintains that the firm over-relied on the discretion of traders to value Level 3 mortgage-backed securities rather than use required observable market inputs. The SEC contends that the firm consistently undervalued bonds to maximize profit upon sale. The SEC faults the CIO for failing to properly review valuation decisions and ensure that the traders followed the firm’s valuation procedures. The SEC asserts violations of the compliance rule (206(4)-7) because the firm failed to implement reasonable policies and procedures to ensure fair valuation of portfolio securities. As part of the settlement, the firm hired an experienced Chief Compliance Officer rather than rely on its prior Risk Committee comprised of executives with limited regulatory and valuation experience.
Valuation is about process. Firms that buy Level 3 securities must create a consistent, documented and contemporaneous process based on objective criteria in order to defend pricing decisions. For compli-pros, one way to test valuation is to sample whether liquidation prices vary consistently (either always higher or lower) than the firm’s internal valuations before liquidation.
We have observed OCIE staff specifically ask about compliance resources and spending during examinations. Based on various research studies and our own empirical experience, firms should benchmark to spend at least 5% of revenue on compliance resources including personnel and technology. Of course, the actual spending should vary depending on the complexity and size of the business.
Today, we offer our “Friday List,” an occasional feature
summarizing a topic significant to investment management professionals
interested in regulatory issues. Our
Friday Lists are an expanded “Our Take” on a particular subject, offering our
unique (and sometimes controversial) perspective on an industry topic.
Over the last several years, an increasing number of investment
management firms have chosen to outsource the Chief Compliance Officer role and
associated compliance function. In our
experience, these firms make this decision for rational business reasons based
on an assessment that outsourcing the compliance function is better than hiring
a full-time employee. Usually, firms
consider outsourcing because of an external event such as a less-than-perfect
SEC exam or an institutional due diligence process that suggests unknown weaknesses. Some firms decide to outsource after yet
another internal CCO changes jobs. Other
times, firm management simply gets frustrated with the inherent limitations of
the one internal compliance person.
Regardless, we list below the top 10 reasons investment firms should outsource
the CCO role and compliance function rather than hire an in-house employee.
10 Reasons Outsourcing Compliance Beats Hiring an In-House
Experience: A team of professionals can draw on decades of aggregate compliance experience to address a firm’s regulatory challenges.
Knowledge: No one person can provide the depth of knowledge of several compliance professionals working collaboratively.
Independence: A third party firm offers investors and other stakeholders an independent assessment of a firm’s compliance strengths and weaknesses.
Industry best practices: A multi-person team working with multiple clients across the country has the industry vision to inform the compliance program.
Accountability: A compliance firm stands behind its work and advice with a service level agreement and professional liability insurance.
24/7/365 support: A person may take PTO, but a team of professionals is available at all times for any emergency including unplanned client due diligence and SEC exams.
Personal liability: Serving as CCO involves significant personal liability, which is better left to professionals that understand and accept the regulatory and career implications.
Frees up internal resources: Internal personnel can focus on core activities such as portfolio management and fund-raising.
Management: Senior managers can avoid the confusing and time-consuming process of hiring, retaining, and managing an internal CCO, only to start the process anew in the event the CCO leaves.
Cost savings: Because of program efficiencies, outsourcing generally costs less than hiring a full-time employee.
As firms implement FinTech and RegTech, they cannot simply set it and forget it. Compliance, operations, and IT personnel must work together in real time to ensure that systems reflect current regulatory requirements. Technology is a great tool, but it is not the complete answer to regulatory compliance.
The SEC will offer no quarter to RIAs who ignore their basic compliance responsibilities. At a bare minimum, firms must appoint a dedicated and qualified CCO, adopt tailored policies and procedures, annually test the program, and generally attempt to comply with the Advisers Act. The initiation of proceedings, rather than a settled order, suggests that the SEC intends to pursue aggressive penalties.
Welcome to the February 2019 edition of the Best of the Law
Firms. In this feature, we recommend
some of the best recent articles and analyses authored by top investment
management lawyers. These articles offer
a more comprehensive review of the issues that we address in our daily “Our
The best law firms cranked out some great articles during
the last several weeks, perhaps feeling a post-holiday burst of energy. Paul Hastings offers a great overview of the
esoteric world of Section 13 and Section 16 filings. Morgan Lewis addresses best execution issues
when recommending mutual fund share classes.
Dechert tries to discern the future of Brexit. There were also some great pieces on
co-investments from Pepper Hamilton, political and lobbying activities from
K&L Gates, and a CFTC survey from WilmerHale.
“We’ve always done it this way” is not a legitimate excuse for failing to comply with regulatory requirements. The firm engaged in the undisclosed revenue sharing for nearly 20 years before the SEC uncovered the conflict of interest. Perhaps, the firm never considered that its longstanding practice violated the securities laws. This is why we recommend retaining a fully-dedicated and experienced chief compliance officer either as a full-time employee or through a compliance services firm.