§ 5.03 SEC Regulation of Investment Advisers

• Jurisdiction: United States
• Publication year: 2022

§ 5.03 SEC Regulation of Investment Advisers

[1]—General Requirements

Section 206 of the Advisers Act provides the SEC with a broad grant of rulemaking authority:

"The Commission shall . . . by rules and regulations define, and prescribe means reasonably designed to prevent, such acts, practices, and courses of business as are fraudulent, deceptive, or manipulative."¹³⁰

[a]—Designation of Chief Compliance Officer

SEC Rule 206(4)-7 (the "Compliance Rule") requires that an investment adviser "designate an individual (who is a supervised person) responsible for administering the policies and procedures" required by the Advisers Act and rules promulgated thereunder.¹³¹ Section 202(a)(25) of the Advisers Act defines a supervised person as "any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee of an investment adviser, or other person who provides investment advice on behalf of the investment adviser and is subject to the supervision and control of the investment adviser."¹³² The choice of a Chief Compliance Officer ("CCO") is critical for a hedge fund manager. In addition to being a supervised person, the CCO must have sufficient familiarity with the applicable legal requirements and must stay up to date on changes in the laws. The CCO also must have sufficient time and resources to successfully administer the firms' compliance program. In addition to these factors, the SEC examination staff looks to the CCO of a firm in determining the sufficiency of the compliance program.¹³³

Administering the compliance program means, among other things, that the CCO makes sure that all relevant personnel receive education and training with respect to applicable laws, regulations, policies and procedures. The CCO also is involved in testing the compliance program, both as part of the required annual review process and also on a more risk-targeted basis.

In November 2020, the SEC's Division of Examinations (then OCIE) and its director provided unprecedented guidance with respect to the responsibilities of chief compliance officers.¹³⁴ The director explicitly stated that the SEC staff notices when chief compliance officers are not empowered, do not have sufficient resources to carry out their responsibilities, are stretched too thin or are ignored or otherwise marginalized.¹³⁵ Further, the director stated that "CCOs should not and cannot do it alone and should not and cannot be responsible for all compliance failures."¹³⁶ The message, made clear from the title of the director's speech, is that chief compliance officers must be empowered, occupy a place of seniority with the firm and have sufficient authority to effect the firm's compliance program.

[b]—Annual Review

Hedge fund managers registered with the SEC are required by the Compliance Rule to conduct an "annual review" but have historically been given little guidance as to how to do so. The Compliance Rule states that the adviser must "[r]eview, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation."¹³⁷

The annual review (and resulting documentation resulting from it) has consistently been a focus area for SEC examinations and enforcement matters.¹³⁸ Topics frequently included in annual review documentation include:

• identification of risk areas and the efficacy of the firm's policies and procedures;

• compliance matters that have arisen since the previous review;

• results of specific testing measures taken (e.g., expense reviews, surveillance of electronic communications);

• changes in the business practices of the adviser or its affiliates that may require complementary changes in policy;

• and statutory and regulatory updates, including pertinent SEC releases and no-action letters.

In a recent Risk Alert the SEC examination staff highlighted annual review-related deficiencies where advisers: (1) could not evidence that an annual review had occurred; (2) failed to identify key risk areas applicable to the adviser; and (3) failed to review significant risk areas.¹³⁹ In the same Risk Alert, the examination staff stressed that "[a]lthough the Compliance Rule requires only annual reviews, advisers should consider the need for interim reviews in response to significant compliance events, changes in business arrangements, and regulatory developments."¹⁴⁰

There is no required format for the annual review and no specific requirements with respect to any written work product from the annual review. Hedge fund managers should tailor their annual review to their business practices and investment strategy to provide the most insight into the efficacy of their compliance program.¹⁴¹ As noted above, SEC examiners typically request a copy of the annual review documentation and study it carefully.¹⁴²

[c]—Written Compliance Policies and Procedures

The Compliance Rule also offers little guidance with respect to the compliance policies hedge fund managers should adopt. The Compliance Rule states only that managers must "[a]dopt and implement written policies and procedures reasonably designed to prevent violation, by you and your supervised persons, of the Act and the rules that the Commissioner has adopted under the Act."¹⁴³

In the Compliance Rule's adopting release, the SEC stated that:

"each adviser, in designing its policies and procedures, should first identify conflicts and other compliance factors creating risk exposure for the firm and its clients in light of the firm's particular operations, and then design policies and procedures that address those risks."¹⁴⁴

The SEC also stated that it "expect[s] that an adviser's policies and procedures, at a minimum, should address the following issues to the extent that they are relevant to that adviser":¹⁴⁵

(1) Portfolio management processes, including allocation of investment opportunities among clients and consistency of portfolios with clients' investment objectives, disclosures by the adviser, and applicable regulatory restrictions.

(2) Trading practices (best execution, aggregation/allocation, soft dollars, principal transactions, affiliated brokerage, trade errors).

(3) Proprietary trading of the adviser and personal trading of supervised persons.

(4) The accuracy of disclosures made to the investors, clients and regulators.
(5) Safeguarding of client assets from conversion or inappropriate use by advisory personnel.

(6) The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction.

(7) Marketing policy and marketing advisory services, including the use of solicitors.

(8) Processes to value client holdings and assess fees based on those valuations.

(9) Confidentiality and safeguards for the protection of client information.

(10 Business continuity plans.

(11) Conflicts of interest.

(12) Cybersecurity.

(13) Safeguarding of client privacy.

The SEC staff has noted that it expects compliance policies and procedures to be reasonably tailored to the adviser's business practices,¹⁴⁶ and the use of "off the shelf" compliance manuals can, under certain circumstances, violate the Compliance Rule.¹⁴⁷ Increasingly, examination staff expect that advisers' compliance policies are specific and detailed, so that they can be easily understood and followed. Lack of specificity in compliance policies and procedures is becoming a consistent deficiency cited by the examination staff.¹⁴⁸ This is an evergreen and significant focus of the examination staff who continue to observe that advisers routinely fail to implement actions required by their policies, maintain the accuracy of information in their policies, or sufficiently tailor their policies to their business.¹⁴⁹

[d]—Code of Ethics

[i]—Rule 204A-1

Advisers Act Rule 204A-1¹⁵⁰ requires a registered investment adviser to "establish, maintain, and enforce" a reasonably designed code of ethics that applies to the firm's supervised persons. The code of ethics helps an adviser satisfy its fiduciary obligations by monitoring and addressing potential conflicts of interest that may occur from employees' personal securities transactions and outside business activities and by documenting the firm's commitment to honesty, integrity and professionalism. Rule 204A-1 requires the code of ethics to include:

• standards of business conduct for supervised persons of the fund sponsor requiring, at a minimum, that the supervised persons comply with applicable federal securities laws;

• provisions requiring supervised persons to report to a designated compliance officer any violation of the code of ethics; and

• provisions requiring each supervised person to receive a copy of the code of ethics and to provide the investment adviser with a written acknowledgment of such receipt.

Additionally, a firm's "access persons" (as described in further detail below) must submit holdings reports and transactions reports that detail any personal or family holdings¹⁵¹ and transactions of securities covered by the code of ethics ("reportable securities") in a personal account.¹⁵² Holdings reports include general information about the access person's securities holdings (e.g., the title and type of security, the exchange ticker symbol or CUSIP number, number of shares, the principal amount of each security, and the name of any broker, dealer or bank with which the access person maintains an account in which any securities are held for the access person's direct or indirect benefit) and must be submitted no later than ten days after the person becomes an access person and at least once each twelve-month period thereafter. Transaction reports include general information about each transaction involving a reportable security in which the access person had, or as a result of the transaction acquired, any direct or indirect...