SEC Office of Compliance Inspections and Examinations
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has announced its examination priorities for 2020. Below is a summary of those priorities most relevant to STRAIT’s private fund adviser clients.
Frequency of Exams
OCIE’s examination coverage of registered investment advisers (“RIA”) has trended upward in the last several years - 10% of RIAs in 2014, with a high of 17% in 2018. There was a mild dip to 15% in 2019, which is likely a temporary dip due to a government and appropriations shutdown during the year.
OCIE will continue to conduct risk-based examinations of RIAs that have never been examined, including new RIAs and RIAs registered for several years that have yet to be examined. STRAIT has seen consistent and early examinations of newly registered RIAs, as well as long-established RIAs exhibiting recent, material changes in their operations, which likely feed into OCIE’s risk-based approach.
Common risk factors include: products and services offered, including certain products identified as higher risk; compensation and funding arrangements; prior examination observations and conduct; disciplinary history of associated individuals and affiliates of a registered firm; changes in firm leadership or other personnel (including the CCO); and, whether a firm has custody of investor assets.
Regulatory Change and Risk Alerts
2020 examination priorities will also include verification that the regulated community is applying recent regulatory changes and risk alerts. The most notable regulatory changes are Regulation Best Interest (“Reg BI”), the new ADV Part 3 (Form CRS Relationship Summary), and two new interpretations of the fiduciary standard under the Advisers Act. Reg BI is directed to broker-dealers and the ADV Part 3 to advisers to retail customers, which are therefore both of limited applicability to STRAIT’s private fund clients. The interpretations regarding the fiduciary duty standard are very relevant to our clients, though they largely codify existing interpretations and enforcement actions requiring:
- A Duty of Loyalty: an RIA must not subordinate its client’s interest to its own, and provide full and fair disclosure of conflicts of interest to provide informed consent thereto, or eliminate those conflicts; and
- Duty of Care: an RIA must provide advice that is in the client’s best interest, (ii) seek best execution and (iii) act and provide advice and monitoring over the course of the relationship.
The interpretations also clarify that any broad waiver of fiduciary duties would be inconsistent with the Advisers Act regardless of the sophistication of the client. Also, so-called “hedge clauses” (relieving the RIA from liability for certain acts or conflicts) may be permissible in the private fund context, but largely indefensible in the retail context.
In 2019, OCIE had its busiest year in terms of releasing risk alerts:
RIAs are generally prohibited from paying a cash fee to solicit clients/investors absent an adequate written arrangement, certain client/investor acknowledged disclosures, and adequate oversight of the solicitor;
Examination focus on certain common retail vehicles, such as custom index funds, small/thinly traded ETFs, underperforming mutual funds, mutual funds invested in securitized products, side-by-side management of mutual funds and private funds, RIAs new to registered funds;
Policy weaknesses related to books and records retention for e-mail and other electronic communication platforms;
Risks and issues associated with paying agent actives with examination focus on the safeguarding of funds and securities by paying agents, transfer agents should review their practices, policies, and procedures to ensure funds and securities are protected while held at the transfer agent;
- Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P—Privacy Notices and Safeguard Policies;
Risks and issues associated with security requirements including failure of RIAs to provide privacy opt-out notices to customers, RIAs lacking in policies and procedures required under Regulation S-P and the Advisers Act, and the lack of implementation of policies and procedures. Advisers should carefully evaluate existing practices and policies currently in place to assure that the privacy policies are distributed to investors as required under the rule.
- Safeguarding Customer Records and Information in Network Storage—Use of Third-Party Security Features;
Observations with respect to compliance issues related to storage of electronic consumer records and information by broker-dealers and RIAs in various network storage solutions – including those leveraging cloud-based storage, RIAs who use network storage are encouraged to have adequate policies and procedures for these storage solutions, ensure the networks are properly configured, and have vendor management policies to ensure ongoing maintenance is occurring;
- Observations from Examinations of Investment Advisers: Compliance, Supervision, and Disclosure of Conflicts of Interest;
Examination focus of RIAs related to compliance, supervision, and disclosure of conflicts of interest; RIAs are encouraged to adequately review and identify potential conflicts of interest that they may have and properly disclose those material conflicts to investors; and
Policy and execution issues related to principal transactions including advisers not obtaining consent or providing proper disclosures for principal transactions, advisers failing to provide sufficient disclosures for potential conflicts of interests, and advisers not obtaining consent until after the transaction had taken place. Advisers are encouraged to review their policies related to these transactions and assure proper consent is obtained before engaging in these practices.
The SEC will expect that these changes and alerts will be incorporated, as relevant, into an RIA’s policies and procedures, which must be reasonably designed, implemented, and maintained for its operations. OCIE is also particularly interested in the accuracy and adequacy of disclosures related to sustainable and responsible investing (e.g. those incorporating ESG standards).
Moreover, OCIE will continue to review RIAs to private funds to assess compliance risks, including controls to prevent the misuse of material, non-public information and conflicts of interest, such as undisclosed or inadequately disclosed fees and expenses, and the use of RIA affiliates to provide services to clients (e.g. so-called “operating partners” of private equity firms. It will also continue focus on dually registered RIAs, or those affiliated with broker-dealers to assess effective compliance programs to address the risks associated with best execution, prohibited transactions, fiduciary advice, or disclosure of conflicts regarding such arrangements.
Retail Investors, Including Seniors and Individuals Saving for Retirement
As in past years, OCIE will continue to focus on protection of retail investors from fraud, fraudulent sales practices, and conflicts of interest. This includes a particular focus on RIAs that manage separately managed accounts side-by-side with private funds.
OCIE will continue to focus on information or “cyber” security, particularly (1) governance and risk management; (2) access controls; (3) data loss prevention; (4) vendor management; (5) training; (6) incident response and resiliency; (7) compliance with Regulations S-P and S-ID (privacy and identify theft); (8) online access and mobile application access to customer brokerage account information; and (9) the safeguards around the proper disposal of retired hardware that may contain client information and potential network information that could create an intrusion vulnerability.
While use of third parties and vendors are common for this purpose, OCIE will examine oversight of those providers and network solutions, including those leveraging cloud-based storage.
STRAIT is your compliance solution. From regulatory filings to building out and executing a full compliance program, forensic testing and on-site exam support, we have the expertise to service your fund and advisers, employing attorneys and ex-regulators to service our clients.
STRAIT is also a leading SOC I Type II fund services provider, offering exceptional fund administration, regulatory compliance, outsourced CFO, and management company services to the alternative investments industry. With industry-leading technology and a 98% client retention rate, our focus is on private equity, hedge funds, fund of funds, SPVs and other investment vehicles.
STRAIT Compliance Services
- On-Site Examination Support: document and information collection and production; CCO and senior leadership prep; in-person exam leadership during SEC on-site visit.
- Mock Exam in preparation for potential SEC exam, including use of actual exam notices and requests, on-site interviews and mock deficiency letters
- Regulatory Filings (Form ADV, Form PF, 13D/G/F)
- Draft or Edit Compliance Manual and Code of Ethics.
- Policy and Procedure Gap Analysis, including a fulsome documentary and operations review with a risk-weighted report on deficiencies and recommendations.
- Full or partial outsourcing of execution on compliance policies and procedures (manual, code of ethics, forensic testing, books and records, marketing material/DDQ review).
- Conflict of Interest Analysis (e.g. front running, material non-public information, investment and expense allocation) and Design of Controls.
- Disclosure Review and Templatizing (e.g. marketing material and other offering documents, DDQs, pitch books, performance reporting).
- Vendor due diligence, including review of internal policies and procedures, public records, negative news, and asset verification