The Office of Compliance Inspections and Examinations (OCIE) issued a risk alert on November 19, 2020 related to the Advisers Act compliance rule, Rule 206(4)-7. Some key takeaways for Chief Compliance Officers (CCOs) are as follows:
CCOs must be nimble and respond to changes in the business. The rule calls for annual compliance reviews, but when things go wrong, or the adviser’s business arrangements or risk profile changes, CCOs should assess whether an interim review is necessary or advisable, and act accordingly.
CCOs should have authority within their firm and act with authority. OCIE observes that CCOs should have sufficient knowledge, authority and seniority to compel others to comply. OCIE’s list of deficiencies include the following:
Doing what you can, but not fully complying with the requirements of the rule, may not be enough. OCIE observed deficiencies in the effectiveness of annual compliance reviews, such as compliance reviews that: were not well documented, failed to identify key risk areas (particularly conflicts of interest and asset protection), overlooked key areas for compliance, such as oversight of third party managers, cybersecurity, fee calculations and expense allocations. CCOs need to ensure that the compliance program is carried out as intended, and not settle for inadequate compliance measures.
If it’s in your manual, OCIE will inspect for it. OCIE zeroed in on staff training; procedural implementation regarding conflicts of interest; advertising reviews taking place uniformly; following and using your checklists; back testing fee calculations by compliance; testing continuity plans; and reviewing client accounts for compliance with investment objectives on a systematic basis. CCOs need to ensure that all material risks are identify in the compliance manual, and then ensure that all items in the compliance manual are carried into effect, as intended.
Off the shelf policies are an OCIE red flag. OCIE is looking for up to date, firm specific, tailored compliance programs. An off the shelf compliance program that is not properly tailored puts the firm at risk of compliance violations and deficiencies. A reasonably designed compliance program needs to address the specific risks of the firm.
OCIE’s 27 Hot Topics. OCIE is looking at the following areas:
Conclusion: Compliance is a process, and not an event. It is a process that can and should adapt with the firm, as the firm grows and changes. CCOs should also remember that details matter, both to properly manage the firm’s risks, and because OCIE will review the details with care in assessing the adequacy of the firm’s compliance program.
See full alert here.