Reminder: OCIE Risk Alert on Investment Adviser Compliance Programs

March 04, 2021

As Securities and Exchange Commission registered investment advisers (“RIAs”) prepare to file annual updating amendments to their Form ADVs, RIAs should be reminded to also examine the adequacy and effectiveness of their compliance policies and procedures. As part of the review process, RIAs should consider the deficiencies and weaknesses identified by the Office of Compliance Inspections and Examinations (“OCIE”) in the most recent risk alert1 related to Rule 206(4)-72 (the “Compliance Rule”) under the Investment Advisers Act of 1940 (the “Advisers Act”) and adjust and update their compliance policies and procedures accordingly. The OCIE alert noted the following:

  • Inadequate Compliance Resources: OCIE staff observed that RIAs failed to devote sufficient resources to the maintenance of effective compliance programs. CCOs had numerous other professional duties that detracted from their ability to fulfill their compliance responsibilities and demonstrated an inability to develop a comprehensive understanding of the Advisers Act. Compliance staff lacked adequate resources, such as sufficient staff and training, to implement effective compliance programs. RIAs that grew in size or complexity failed to supplement their growth with additional compliance staff or information technology.
  • Insufficient Authority of CCOs: CCOs lacked sufficient authority and empowerment to develop and enforce necessary compliance policies and procedures. OCIE staff noted CCOs who were restricted from accessing key compliance information, who maintained limited interaction with senior management, and who were not consulted on matters with potential compliance implications.
  • Annual Review Deficiencies: OCIE staff observed RIAs that were unable to produce evidence of an annual review, or whose annual reviews failed to identify or review compliance or regulatory issues. Compliance departments also failed to review significant areas of the advisory business, including policies relating to third-party managers, cybersecurity, calculation of fees, and allocation of expenses.
  • Implementing Actions Required by Written Policies and Procedures: RIAs failed to implement or carry out their written policies and procedures, which included adequate training of employees, implementation of procedures regarding trade errors, advertising, best execution, conflicts, disclosure and other requirements, review of advertising materials, adherence to compliance checklists and other processes, and review of client accounts.
  • Maintaining Accurate and Complete Information in Policies and Procedures: OCIE staff noted that some RIAs maintained policies and procedures that contained outdated, inaccurate, or incomplete information, some of which included off-the-shelf policies with information unrelated to the RIA’s business.
  • Maintaining or Establishing Reasonably Designed Written Policies and Procedures: RIAs failed to maintain written policies and procedures, or failed to establish, apply, or appropriately tailor their written policies and procedures in a manner reasonably designed to prevent violations of the Advisers Act. OCIE staff also observed RIAs that claimed to rely on cursory or informal processes in lieu of maintaining written policies and procedures, and that adopted outside policies from other entities, such as a broker-dealer affiliate, without conforming such policies to their specific advisory business. Where RIAs did maintain written policies and procedures, OCIE staff found various deficiencies in areas relating to portfolio management, marketing, trading practices, advisory fees and valuation, safeguards for client privacy, required books and records, safeguarding client assets, and business continuity plans.

To read the full article, click here.

1 SEC Risk Alert, “OCIE Observations: Investment Compliance Programs” (November 19, 2020),
2 Compliance Programs of Investment Companies and Investment Advisers, Final Rule, Rel. No. IA-2204, File No. S7-03-03, (December 17, 2003). The Compliance Rule requires RIAs to (1) adopt written policies and procedures that are reasonably designed to prevent violation of the Advisers Act and the rules thereunder; (2) review, at least once annually, the policies and procedures and the effectiveness of their implementation; and (3) designate a chief compliance officer (“CCO”) to administer the policies and procedures.
Media Contacts