Do You Make the Grade? Most Frequently Identified Deficiencies and Weaknesses Uncovered During Examinations of Registered Investment Advisers

In February 2017, the Office of Compliance Inspections and Examinations (OCIE), the body charged with conducting the Securities and Exchange Commission’s (SEC) National Exam Program (NEP), issued a risk alert that highlighted the five compliance topics most frequently identified in more than 1,000 deficiency letters issued to SEC Registered Investment Advisers over the course of the previous two years. The risk alert was issued to encourage advisers to review their own practices, policies and procedures in an effort to promote improvements in investment adviser compliance programs. The five most frequent compliance topics cited include:

• Custody Rule (Rule 206(4)-2 under the Advisers Act)
• Compliance Rule (Rule 206(4)-7 under the Advisers Act)
• Code of Ethics Rule (Rule 204A-1 under the Advisers Act)
• Books and Records Rules (Rule 204-2 under the Advisers Act)
• Required regulatory filings

Custody Rule

The Custody Rule was significantly overhauled in 2009 to improve investor confidence in the wake of the Madoff scandal. The Custody Rule enhances the safety of client assets by protecting them from the potential for unlawful activities being perpetrated by investment advisers, as well as any financial difficulties advisers may incur. The amendments and related requirements became effective in 2010 with the following key provisions:

• Advisers deemed to have custody of client assets must undergo an annual surprise examination performed by an independent public accountant.
• Generally, an adviser that has custody of client assets must maintain them with a qualified custodian.
• An investment adviser is to notify its clients in writing when an account with a qualified custodian has been opened on their behalf.
• After due inquiry, an adviser is required to have a reasonable basis to believe that the qualified custodian sends account statements directly to its respective clients on a quarterly basis at minimum.
• An annual audit provision exception is provided to advisers of pooled investment vehicles (PIVs). If using the audit provision exception, the adviser is deemed to comply with the surprise examination and is not required to comply with the requisite notice and account statement delivery obligations. In order to rely on the audit provision, the adviser must adhere to all of the following: (i) its audited financial statements must be prepared in accordance with US GAAP, (ii) the distribution of such audited statements must be within 120 days of year-end (or 180 days for a fund of funds), (iii) the audit of the financial statements must be performed by an independent public accounting firm which must be registered with, and subject to regular inspection by, the Public Company Accounting Oversight Board (PCAOB), (iv) the audited statements must meet the requirements of auditing standards generally accepted in the United States of America (US GAAS), and (v) the audit opinion must be unqualified.
• In instances where the adviser, or a related party to the adviser, also maintains custody of client assets as a qualified custodian, an independent public accounting firm registered with the PCAOB must conduct the annual surprise examination. On an annual basis, the adviser must also receive from the accountant a report on internal controls as they relate to custody of client assets.

The most critical step in adopting or reviewing compliance with the Custody Rule is making the determination as to whether or not an adviser has custody of client assets, a determination that can be very complex. Generally, an adviser is deemed to have custody of client assets when the adviser, or a related person, has the authority to withdraw client assets upon the adviser’s instruction to the qualified custodian. In cases where the determination may not be clear, it is recommended that the adviser obtain guidance from qualified legal counsel and stay informed as to any new amendments or interpretations of the Custody Rule. Key areas to consider include:

Client Relationships
Although the custody determination is made upon the adviser’s adoption of the Custody Rule or client relationship, it is imperative to periodically reexamine the adviser’s capabilities and access credentials to client accounts. The staff of the OCIE reiterated that the granting of online access to client accounts could trigger custody. Clients may grant an adviser online access by providing login credentials to the adviser or related persons, concurrently allowing the adviser to withdraw or transfer such assets. Understanding the full capabilities of access credentials is crucial, and any modification to the credentials can trigger custody.

Authority Over Client Accounts
The OCIE noted that relationships in which an adviser or a related person acts as trustee of client accounts, or has been granted powers of attorney of client accounts, can trigger custody when the adviser is authorized to withdraw client cash or securities. Another situation that may trigger custody is the adviser serving as the general partner of a client PIV. Upon entering into any new relationship, advisers must consider the potential impact the relationship has on the custody determination and what capabilities are integrally granted to the adviser.

Annual Surprise Examination
As noted above, the annual surprise examination is required to be completed within 120 days of a compliance date selected at random by the independent public accountant. The OCIE noted deficiencies in which examinations were not completed within the 120-day requirement and instances in which the examinations did not appear to be conducted on a surprise basis. A key indicator of an examination lacking the surprise component was an examination conducted as of the same date each year. The examination requirements additionally require the adviser to provide the independent public accountant with a complete and accurate list of all accounts over which the adviser has determined it has custody. Instances were noted by the OCIE in which the list of accounts provided was inaccurate or incomplete, leading to the filing of inaccurate Form ADV-Es. In addition to reviewing and keeping a current listing of all custody accounts, best practice is to document the criteria utilized in making the determination.

Recent Interpretations of the Custody Rule
Although the Custody Rule was significantly modified in 2009, the SEC periodically issues interpretations that can influence an adviser’s custody determination. The most recent interpretation of the Custody Rule is described in the SEC’s Staff Responses to Questions about the Custody Rule as updated on February 21, 2017, and clarifies the custody determination when an adviser has authority to transfer client funds or securities between two or more of a client’s accounts maintained with the same qualified custodian. It is interpreted that an adviser would not have custody over the respective accounts in instances where:

1. The adviser has only limited authority to transfer a client’s assets between the client’s accounts maintained at one or more qualified custodians, if the client has authorized the adviser in writing to make such transfers, and
2. A copy of that authorization is provided to the qualified custodians, specifying the client accounts maintained with the qualified custodians.

The staff also clarified that an adviser’s authority to transfer client assets between the client’s accounts at the same qualified custodian or between affiliated qualified custodians that both have access to the sending and receiving account numbers and client account name does not constitute custody and does not require further specification of client accounts in the authorization.

Additional Deficiencies Identified by the OCIE

While the focus of this article is the Custody Rule and related deficiencies, the remaining four topics identified by the OCIE warrant mention. All five key areas have resulted in a range of actions including potential instances in which the staff have referred examinations to the division of enforcement.

Compliance Rule

The Compliance Rule requires an adviser to adopt and implement certain written policies and procedures, review the adequacy of such policies for effectiveness and implementation (no less frequently than annually), and designate a chief compliance officer responsible for administering the policies and procedures that were adopted. The following four examples of deficiencies or weaknesses related to the Compliance Rule were noted:

• Compliance manuals were not reasonably tailored to the adviser’s business practices.
• Annual reviews were not performed or did not address the adequacy of the adviser’s policies and procedures.
• The advisers did not follow compliance policies and procedures.
• Compliance manuals were not kept current.

Code of Ethics Rule

Advisers are required to adopt and maintain a code of ethics that sets forth a number of internal and external stipulations. Distribution of the code of ethics is required along with a description of it in Form ADV. Examples of deficiencies with respect to the Code of Ethics Rule included:

• Access persons [those supervised persons with access to nonpublic information regarding clients’ purchases or sales of securities, involved in making securities recommendations to clients, or who have access to such recommendations that are nonpublic] were not identified.
• Codes of ethics were missing required information.
• Untimely submission of transactions and holdings.
• Description of code of ethics in Form ADVs was lacking.

Books and Records Rule

The Books and Records Rule requires investment advisers to make and keep true, accurate and current books and records relating to their investment advisory business, generally for a period of five years. As recordkeeping requirements vary depending upon the nature of the adviser’s business, it is important to consult the Books and Records Rule should a question arise. Examples of deficiencies or weaknesses noted include:

• All required records were not maintained.
• Books and records were not accurate or were not updated.
• Recordkeeping was inconsistent.

Regulatory Filings

The SEC requires advisers to file certain regulatory filings on a timely basis. Deficiencies noted relative to the adviser regulatory filing obligations are as follows:

• Inaccurate disclosures on Form ADVs.
• Untimely amendments to Form ADVs.
• Incorrect and untimely Form PF filings:
  – Initial and annual filings are due 120 calendar days after the end of the filer’s fiscal year for small private fund advisers.
  – Large private fund advisers must file within 15 days of the end of each fiscal quarter.
• Incorrect and untimely Form D filings:
  – Form D must be filed with the SEC within 15 days of the first sale of a security in a private placement.
  – Form D notices and amendments are to be filed with the SEC online using the SEC’s EDGAR (electronic gathering, analysis and retrieval) system.

With the ever-changing regulatory landscape, it is imperative as an investment adviser to remain up-to-date with new rules and regulations. The OCIE’s recent publication of the five compliance topics most frequently identified in deficiency letters offers invaluable insight into prevalent compliance issues and highlights the nuances of the related rules and regulations. If you have any questions concerning custody, please contact your assurance professional at Marcum LLP.