A Source of Concern for the SEC — The Outsourcing by Investment Advisers and Funds of Compliance Activities
In a recent National Exam Program Risk Alert (dated November 9, 2015) the U.S. Securities and Exchange Commission's (SEC) Office of Compliance Inspections and Examinations (OCIE) reported on the results of examinations conducted on about 20 investment advisers and investment companies that have outsourced compliance activities to outside parties, including the role of their chief compliance officer (CCO).
The purpose of the Risk Alert was to present the results of the examinations and the staff's concerns about the outsourcing of compliance responsibilities.
According to recent surveys, it is estimated that about 38 percent of registered investment advisory firms in 2014 outsourced at least some of their compliance activities (up from about 27 percent for the previous year). It is reasonable to believe that the percentage of firms engaging outside third parties for compliance activities will continue to grow.
Under the Investment Advisers Act of 1940 and the Investment Company Act of 1940, registrants are required to:
- Adopt and implement written policies and procedures reasonably designed to prevent and detect violations of the applicable federal securities laws and regulations
- Designate an individual to be the registrant's CCO who will be responsible for administering the registrant's supervisory policies and procedures
- Review those policies and procedures on at least an annual basis to determine their adequacy and effectiveness and maintain a written record of the review and steps taken to address deficiencies
The SEC has provided guidance to registrants from time-to-time concerning what attributes the designated CCO should have (i.e., being competent and knowledgeable about the applicable federal securities laws) and that such person needs to be sufficiently senior in authority within the registrant's organization in order to be effective.
During the examinations conducted by the SEC, the staff evaluated generally the effectiveness of the registrant's overall compliance program and specifically the effectiveness of the outsourced CCOs. The key observations from the examinations include:
- Those outsourced CCOs who had frequent and personal contact with the registrant's advisory and fund personnel had a better understanding of the registrant's business and risks. By being in personal contact versus contact by e-mail or telephone only, those CCOs were better prepared to react to changes in the advisory business and additional risks.
- Those registrants who engaged outsourced CCOs who served numerous advisory firms generally were found to have more deficiencies.
- Outsourced CCOs who had the authority to independently review the registrant's books and records and compliance procedures were found to be more effective than those outsourced CCOs who relied solely on what the registrant requested them to review.
The important takeaways from the results of the SEC's examination of advisory firms and funds that outsourced compliance activities and CCOs are:
- Outsourced CCOs need to have personal contact with personnel of the registrant and not have an extensive list of advisory firms they serve as the CCO
- Outsourced CCOs needs to have authority to determine the books, records and advisory practices for review and have sufficient knowledge and experience within the industry to be effective
While the OCIE is not saying that registrants should not outsource their compliance activities including their CCO, they are reminding registrants to carefully vet the candidates to take on those activities because the person ultimately responsible for compliance with the Investment Advisers Act of 1940, is the registrant itself.
Repeat of Custody Rule Violations Results in SEC Enforcement Action
In a recent enforcement action (In the Matter of Sands Brothers Asset Management, LLC, Steven Sands, Martin Sands, and Christopher Kelly), the SEC charged an investment advisory firm, its two owners and former chief compliance officer for alleged violations of the custody rule (Rule 206(4)-2) under the Investment Advisers Act of 1940.
It is not unusual for registrants to avoid enforcement actions by the SEC where there have been violations of the custody rule and prompt actions taken by the registrant to remedy the violations. However, in this case, the advisory firm and its owners had been the subject of a previous SEC enforcement action in 2010 for the same type of violations.
The SEC will generally apply a heavy enforcement hand when a registrant repeats the same unlawful conduct. According to Andrew M. Calamari, Director of the SEC's New York regional office, "There is no place for recidivism in the securities markets." Calamari cited that the firm and its owners had the opportunity since the previous enforcement action to get things right and they failed to do so.
The SEC's findings in this matter indicated that the advisory firm failed to timely distribute to investors audited financial statements of the private funds managed by the advisory firm. Accordingly, the SEC alleges the firm was not only in violation of the custody rule but also in violation of the SEC's 2010 cease and desist order issued against the firm and its owners for the same violations.
In order to settle the matter without admitting to any of the violations alleged by the SEC, the advisory firm and its co-owners agreed to pay a $1 million penalty and be suspended for a year from raising money from new or existing investors. The firm also agreed to engage a compliance monitor for each of the next three years. The firm's former CCO agreed to pay a $60,000 penalty and to be suspended for a year from acting as CCO or appearing or practicing before the SEC as an attorney.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.