Bates Research | 12-03-20
Noting Deficiencies, OCIE Warns IAs to Comply with the Compliance Rule; Director Driscoll Emphasizes CCO Empowerment
On November 19, 2020, OCIE issued an alert on common deficiencies identified in recent examinations related to the obligations on investment advisers required by the Advisers Act (“Compliance Rule”).
As highlighted in the Alert, the Compliance Rule requires registered investment advisers to: (i) adopt and implement written policies and procedures reasonably designed to prevent rule and Advisers Act violations, (ii) consider fiduciary and regulatory obligations that adequately address these policies and procedures, (iii) review these policies and procedures at least annually to determine their adequacy and effectiveness, and to review them more often “in response to significant compliance events, changes in business arrangements, and regulatory developments,” and (iv) designate a chief compliance officer (“CCO”) to oversee the compliance program. (See additional detail on the requirements under Compliance Rule 206(4)-7 here.) In this article, Bates takes a closer look at OCIE’s recent findings and the additional emphasis placed upon the role of CCOs by OCIE Director Peter Driscoll (pictured above) in a related address.
A Comprehensive (and Lengthy) List of Deficiencies
In its examinations, OCIE found numerous Compliance Rule deficiencies. They include failures by investment advisers to “devote adequate resources” to compliance programs, failures to provide CCOs with the necessary authority to develop and enforce adequate policies, failures in the annual review process, failures in policy implementation, and failures to update information and maintain or establish adequate policies and procedures.
Resourcing – OCIE observed that key compliance program elements—specifically, information technology and training—were under-resourced. CCOs were often overburdened with “numerous other professional responsibilities,” and staff had insufficient resources to implement basic compliance program functions, such as “performing annual reviews, accurately completing and filing Form ADVs or timely responding to OCIE requests for required books and records.” Further, OCIE said that compliance resources often had not grown in tandem with the growth and complexity of the adviser, leading to implementation failures.
CCO Authority – OCIE traced program deficiencies to CCOs who had insufficient authority to develop and enforce appropriate policies and procedures. This manifested itself in instances where the CCO (i) did not have access to certain compliance information (e.g. trading exception reports), (ii) had limited interaction with senior leadership, and (iii) was not consulted on matters that may have had significant compliance implications.
Annual Reviews – OCIE raised concerns about irregular or inadequate annual compliance reviews, including whether they actually occurred, failures to identify risk areas (conflicts of interest or protection of client assets), and deficiencies with respect to reviewing policies and procedures to address oversight of third party managers, cybersecurity, and fee and expense calculations.
Procedure Implementation – OCIE also found failings with respect to the implementation of a firm’s compliance procedures across the board. These included procedural deficiencies on training, compliance processes on “trade errors, advertising, best execution, conflicts, disclosure,” as well as failures in testing on fee calculations and business continuity processes.
Adequacy of Policies and Procedures – Some advisers simply failed to establish, implement, or tailor written policies and procedures pursuant to their obligations under the Compliance Rule. Highlighted OCIE observations included written policy and procedure deficiencies in several areas, including: portfolio management, marketing, trading practices, disclosures, advisory fees and valuation, safeguards for client privacy, safeguards for client assets, required books and records, and business continuity plans.
OCIE Director Wants Advisers to Empower their CCOs
On the same day OCIE released its Alert, Director Peter Driscoll emphasized the underlying issue of CCO responsibility over effective compliance programs. At a virtual National Investment Adviser-Investment Company Compliance Outreach program, the Director discussed the challenges that OCIE (and investment advisers) faced during the pandemic, cited OCIE’s success at remaining fully operational despite these challenges, and then reviewed the deficiencies described in the Compliance Rule alert, honing in on the role of the CCOs to the entire compliance regime.
Director Driscoll reiterated that “an adviser's CCO should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop, implement, and enforce appropriate policies and procedures for the firm.” He decried a “check-the-box” approach, asserting that the “CCO should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures.” In this he underscored that empowerment, seniority and authority are “three words [that] matter.” He warned that “we cannot overstate a firm’s continued need to assess whether its compliance program has adequate resources to support its compliance function,” and that “compliance must be integral to an adviser’s business and part of its senior leadership.” He concluded by reinforcing the importance of firm culture to effective compliance and the recognition that, “without the support of management, no CCO, no matter how diligent and capable, can be effective.”
In its Alert, OCIE staff highlighted the regulator’s perspective on effective compliance. This has been a consistent approach for the agency. (See Bates Article on OCIE 2020 Priorities here.) While going into a detailed list of each of the elements that investment advisers should take into account in order to ensure the adequacy of their compliance programs, OCIE staff and the Director made a broader point about the importance of instilling a culture of compliance throughout the firm. Back in January, OCIE underscored that effective compliance requires (i) establishing a culture of compliance for the firm, (ii) a commitment by firm executives that compliance is “integral” to firm success, and (iii) “tangible” support for compliance in all operations, throughout all levels of the firm. The recent alert and comments by Director Driscoll doubles down on that message emphasizing that the chief compliance officer must be fully empowered with the “responsibility, authority, and resources to develop and enforce policies and procedures of the firm.” Bates will continue monitoring OCIE activity and keep you apprised.