What you need to know
Rule 206(4)-7 of the Investment Advisers Act of 1940 requires that all SEC registered investment advisors adopt and implement written policies and procedures that are reasonably designed to prevent violations by the Advisor or any of its supervised persons. Almost all states have also adopted a rule similar to Rule 206(4)-7, which requires state registered investment advisors to also adopt and implement written policies and procedures.
Whether you are SEC registered or state registered your policies and procedures must be detailed and customized to your formalized internal process to meet your fiduciary and regulatory obligations. The SEC has stated in its discussion of Rule 206(4)-7 that Advisors are too varied in their operations for the rules to impose of a single set of universally applicable required elements. Therefore, each Advisor should adopt policies and procedures that take into consideration the unique nature of your firm's operations.
Required policies and procedures
Even though policies and procedures are required to be customized to your operations, you will have to make sure that your policies and procedures are also designed to:
- prevent violations of fiduciary and regulatory obligations from occurring,
- detect violations that have occurred, and
- correct promptly any violations that have occurred.
To design adequate policies and procedures, the Advisor should identify all potential conflicts or factors creating risk exposure for the Advisor, supervised persons and its clients. Only then can an Advisor design policies and procedures that address applicable risks to the Advisor.
At a minimum, the scope of the policies and procedures is expected to address the following issues:
- The appointment of a Chief Compliance Officer responsible for administering the policies and procedures;
- Portfolio management processes, including allocation of investment opportunities among clients and consistency of portfolios with clients' investment objectives, disclosures by the adviser, and applicable regulatory restrictions;
- Trading practices, including procedures to satisfy best execution obligation, uses client brokerage to obtain research and other services ("soft dollar arrangements"), and allocates aggregated trades among clients;
- Proprietary trading of the advisor and personal trading activities of supervised persons;
- The accuracy of disclosures made to investors, clients, and regulators, including account statements and advertisements;
- Safeguarding of client assets from conversion or inappropriate use by supervised persons;
- The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;
- Review of the Client Communications (advertising & marketing), including any solicitors utilized;
- Processes to value client holdings and assess fees based on those valuations;
- Safeguards for the privacy protection of client records and information;
- Code of Ethics; and
- Business continuity plans.
Reviewing policies and procedures
In addition to having written policies and procedures customized to a firm’s operations, Advisors are also required to review the policies and procedures on an at least annual basis. This annual review should be documented in your books and records. Advisors are also required to maintain documentation that all supervised persons of the Advisor have received and reviewed the policies and procedures. This documentation should be kept for a minimum of five fiscal years from the end of the fiscal year during which the last entry was made on such record.
What are the next steps for a CCO?
To ensure that you have an up-to-date compliance program, AdvisorAssist recommends the best practices of:
- Completing risk assessments regularly during the fiscal year to document reviews of policies and procedures
- Conduct periodic testing of processes to ensure that policies and procedures accurately describe your operations
- Conduct annual due diligence reviews of any third party vendor utilized to support the services of the Advisor
- Compose an annual CCO report summarizing the findings from risk assessments and tests completed
- Communicate policies and procedures, and any adhoc amendments, to all of your supervised persons
- Ensure all supervised persons certify that they have received and reviewed your policies and procedures
- Maintain all of your documentation of your compliance program according to your books and records matrix
The AdvisorAssist CCO Series is a collection of blog posts that cover each of the elements of your RIA's compliance program. Each post will provide an overview of one compliance topic, including our insights on how regulators view each topic as well as some practical steps to help Chief Compliance Officers address this topic. As always, we would welcome your comments and thoughts.