As I hope you are all now well aware, changes to the SEC Custody rule requires advisers to conduct “due inquiry” as a basis for forming a reasonable belief that their clients’ qualified custodian sends out at least quarterly account statements. You should also now be aware, in a bit of backward looking thinking, that the SEC believes that if clients’ receive paper account statements via regular mail, that due inquiry can only be formed if the investment adviser is copied on the correspondence and receives a copy of the statement. Many advisers are displeased with this arrangement as they have made great efforts to go paperless. However, being good citizens and not wanting to run afoul of the SEC, they have begun to contact their custodians to arrange to be copied on such statements. One major custodian told an investment adviser client of mine that “since they were the entity that had the custody and that they sent out the account statements, that the adviser did not need to be copied on the statements.” Not only does this show a total ignorance of the revised custody rule, it also points out a very important issue that some advisers rather not know about. That is, those advisers that have an affiliation (affiliation with a small “a”) with a custodian/broker-dealer by virtue of also being a registered representative of that custodian/B-D, often rely too much on that custodian/B-D for compliance matters. I have seen on one more than one occasion that come SEC audit time, the adviser has looked to the custodian/B-D for the “promised” compliance help and such help has been nowhere to be found. The moral being: don’t rely too much on the custodian/B-D because 1. they do not always have a full understanding of investment adviser rules and 2. they will never ever take liability for your compliance matters.
Archive for February, 2010
Custodian . . . Oops
Friday, February 26th, 2010February Compliance Training - Annual Review
Thursday, February 25th, 2010THE FOLLOWING IS A REPRINT OF THE U.S. COMPLIANCE CONSULTANTS FEBRUARY 2010 COMPLIANCE TRAINING NEWSLETTER
The purpose of this compliance training material is to familiarize you with key issues regarding the annual review process.
……………………………………………….
Overview
In accordance with Rule 206(4)-7(b) under the Advisers Act, an investment adviser is required to perform an annual review of its compliance policies and procedures to determine whether they are adequate, current and effective in view of the advisory firm’s businesses, advisory services, and regulatory requirements.
In this review, the Chief Compliance Officer (or other designated individual(s)) is required to consider (i) any compliance matters that arose during the previous year; (ii) any changes in the advisory activities of the advisory firm; (iii) any previous SEC and other applicable regulatory examination deficiency letters (to confirm that past deficiencies were corrected and are not reoccurring); and (iv) any changes in the Advisers Act and other applicable laws and regulations that might suggest the need to revise certain policies and procedures.
Goals of the Annual Review
Determine whether the Procedures are Adequate
- Do the procedures address all applicable areas of the advisory firm’s business?
- Have all laws and rules been cited?
- Do the procedures require the advisory firm to do what the rules require?
Determine how Effectively the Advisory Firm’s Procedures have been Implemented
- Are they reasonably designed to detect violations and promptly correct any violations that have occurred?
- Is there sufficient: (i) supervision; (ii) employee training; (iii) forensic testing; and (iv) problem detection and correction?
Methodology for Conducting the Annual Review
Step 1: Review the inventory of the compliance obligations under state and federal laws, SEC rules, contracts with clients, offering documents and disclosures made to clients. Review should include:
- Identification of recent SEC exams including any deficiencies raised and any corrective actions taken;
- Identification of the advisory firm’s interim reviews and other audits and any follow-up or corrective action;
- Identification of any serious compliance issues that arose at the advisory firm in the past year;
- Identification of any serious compliance issues that arose in the investment advisory industry in the past year;
- Identification of violations reported pursuant to the advisory firm’s code of ethics;
- Analysis of compliance implications of any new businesses, discontinued businesses and change in the advisory firm’s operations during the past year;
- Analysis of new statutory or regulatory requirements that impact the advisory firm’s business;
- Identification of “hot topics” identified by the SEC staff;
- Description of how the advisory firm sought to identify risk; and
- Description of how the advisory firm went about assessing the effectiveness of critical controls.
Step 2: Compare the inventory of obligations against existing procedures:
- Determine whether the procedures specify the actions to be taken to achieve compliance;
- Identify any gaps and determine whether new procedures need to be developed or current procedures enhanced to address such gaps; and
- Determine whether new obligations arose as a result of new products offered or new regulations were adopted since the last review.
Step 3: Assess the effectiveness of existing procedures and how well the advisory firm is implementing the procedures as currently written. For each procedure evaluate whether the procedure:
- Makes violations less likely;
- Results in prompt identification of violations;
- Collects in a timely fashion the information necessary to allow the advisory firm to correct problems as they are identified;
- Is written in plain English articulating the goal of compliance and how it is supervised; and
- Is adequately supervised by responsible personnel of the advisory firm.
Step 4: Engage in a risk-assessment strategy that targets high-risk areas of the advisory firm’s business.
- Review well-recognized areas of conflicts of interest present in the advisory firm’s operations (i.e. personal trading accounts, allocation of aggregated orders and advertising materials);
- Identify any conflicts that, if left unmitigated, could result in harm to the advisory firm’s clients; and
- Develop procedures to mitigate or eliminate these conflicts.
Step 5: Test and assess the procedures periodically.
- Use “forensic testing” including the examination of samples of accounts, transactions, communications for consistency with the advisory firm’s procedures, compliance with the law and outcomes for clients.
Documentation of Findings
As part of the annual review, the advisory firm should document the following:
- Whether the compliance policies and procedures continue to be reasonably designed to prevent and detect violations of the Advisers Act and its rules;
- Whether the compliance policies and procedures are being adequately carried out by accountable personnel of the advisory firm; and
- Whether any customer harm resulted from any significant compliance deficiency that was uncovered as part of the annual review.
January Compliance Training - Risk Assessment
Tuesday, February 23rd, 2010THE FOLLOWING IS A REPRINT OF THE U.S. COMPLIANCE CONSULTANTS JANUARY 2010 COMPLIANCE TRAINING NEWSLETTER
The purpose of this compliance training material is to familiarize you with key issues regarding the risk assessment process.
……………………………………………….
Overview
Investment advisers are required to evaluate how their advisory activities, arrangements, affiliations, client base, service providers, conflicts of interest and other business factors may cause violations of the Investment Advisers Act. The results of this risk assessment should serve as the basis for drafting and revising compliance policies and procedures that are designed to mitigate, manage and control each risk area in ways that reflect advisory firm’s resources and need for assurance that violations can be prevented or, if violations occur, that such violations will be detected promptly and corrected.
A risk assessment involves identifying and prioritizing issues pertaining to an investment adviser’s operations that may create risk to the interests of the advisory firm and/or its clients. Accordingly, investment advisors need to (1) identify areas of risk that may be part of their advisory firm’s everyday operations; (2) assess whether the controls in place managing or mitigating these risks are adequate; and (3) make modifications to their advisory firm’s compliance policies and procedures as necessary.
Types of Risk
An adviser should consider the following types of risk as potentially harmful to the interests of the advisory firm and its clients.
Operational Risk
Operational risk arises from the potential that inadequate information systems, operations systems, transaction processing will result in unforeseen losses.
Compliance Risk
Compliance risk arises from the possibility that a breach of internal policies or procedures, laws, rules, regulations or ethical standards may impact negatively or disrupt firm operations or condition.
Financial Risk
Financial risk is the risk that the advisory firm may be unable to meet its financial obligations.
Reputational Risk
Reputational risk arises from the potential that inappropriate associated persons or management actions or inactions may cause clients or potential clients to form a negative opinion of the advisory firm and/or its services.
Strategic Risk
Strategic risk arises from inadequate current and prospective business decisions or responsiveness that might harm the advisory firm’s financial condition or create conflicts among its clients.
Identifying Risks
The SEC has identified 12 specific areas of concern that should be examined:
- Marketing/Performance
- Form ADV/Disclosures
- Invoices/Fees
- IPO Offerings
- Soft Dollars
- Compensation
- Objectives/Restrictions
- Trade Ticket
- Trade Execution
- Non-Public Information
- Personal/Proprietary Trading
- Money/Securities to/from Broker/Custodian
Measuring the Risks
The adviser should measure the risks identified by considering the likelihood, impact and probability of a risk event in the absence of controls.
Likelihood
The possibility that a given event will occur.
Impact
The effect the event will have on clients or potential clients, disclosures, finances, reputation and regulatory obligations should it occur.
Probability
The anticipated frequency of a risk event given the regularity of the activity or process that is associated with the risk.
Prioritizing the Risks
Once the advisory firm has measured the inherent risks (e.g., the likelihood and impact in the absence of controls), the firm should prioritize the risks by addressing the areas that have the greatest exposure.
Managing the Risks
The advisory firm should develop a risk management matrix that maps the firm’s inventory of risks to specific compliance policies and procedures. The firm should periodically, but no less than annually, update the risk management matrix.
One-Size Does Not Fit All
Monday, February 22nd, 2010Let me just state for the record that one of the greatest mistakes an investment adviser can commit is purchasing a “one-size-fits-all” type compliance manual. Indeed, officials from the SEC Office of Inspections and Examinations officials have urged advisers not to buy an “off-the-shelf” compliance manual and have stated on numerous occasions that if they find compliance manuals that are not specific to the adviser’s business, they will assume that compliance is not well-respected by these firms, determine that these firms are at high risk of violations, and will likely conduct a top-to-bottom, in-depth review of the firm’s entire operations. If anyone is in doubt as to just how the SEC feels about this subject, please go the to SEC web site and look up the speeches of Lori Richards, the former Director of the Office of Inspections and Examinations. In numerous speeches and public statements over the past years she has stated time and again that the SEC will come down very hard on advisors who use boilerplate policies and procedures.
As if risking the opprobrium of SEC regulators was not reason enough to avoid these types of manuals, there is a second reason that should be of even greater concern to advisers. That is, there is nothing more enticing to a lawyer of a potentially litigious client (and lets face it, all clients are potentially litigious clients) than to find that the advisory firm is not even following its own policies and procedures. Litigators call that the Holy Grail. I call that game, set and match. Insurance companies call that “go get your Errors and Omissions insurance from some other company”. The point being is that ill-fitting compliance policies and procedures are bad for your advisory business vis-à-vis regulators and clients.
De-Registration from the SEC
Thursday, February 18th, 2010Had an interesting conversation with a very helpful attorney at the SEC about SEC registration and assets under management . . .
As you can imagine, a lot of smaller advisers are no longer seeing the benefit of SEC registration. The perceived “prestige” factor has dissipated in the wake of the Madoff affair and in the face of an increasingly onerous regulatory burden. A lot of client whose assets have fallen below the $30 million mark as of December 31, 2009 are trying to de-register with the SEC and register with one or more states. If their asset level is below $25 million the de-registration is mandatory. The problem is when the asset level is between $25 million and $30 million. Remember, when first registering with the SEC, an adviser is give the choice to register at $25 million but must register at $30 million. Thus, there is that grey area where the adviser has some latitude.
Is it the same for de-registration? That is, can an adviser with $28 million to report on their annual updating amendment de-register from the SEC. The answer - according to this attorney at the SEC - is no they can not de-register. It was explained that the purpose of the $25 to $30 million grey area is only meant to spare an adviser that is registered with the state from having to register with the SEC if their assets jump over $25 million.
Fact Sheet - Surprise Audit
Monday, February 15th, 2010Requirement
Advisers with custody of client assets are required to undergo a surprise examination of those assets by an independent public accountant.
Objective
The objective of the accountant’s examination is to verify that client funds and securities of which an investment adviser has custody are held by a qualified custodian in a separate account for each client under that client’s name, or in accounts that contain only clients’ funds and securities, under the investment adviser’s name as agent or trustee for the clients.
PCAOB Registration and Inspection
The surprise examination must be conducted by an independent public accountant that is registered with, and subject to regular inspection by, the Public Company Accounting Oversight Board (“PCAOB”).
Surprise Audit
The accountant should obtain from the investment adviser records that detail client funds and securities of which the investment adviser has custody and the identification of the qualified custodian(s) of those funds and securities. The accountant should also obtain records of accounts that were closed during the period or that have a zero balance as of the date of the examination.
For a sample of client accounts, the accountant should obtain records of the purchases, sales, contributions, withdrawals and any other debits or credits to each selected client’s account occurring since the date of the last examination. The accountant’s procedures to meet the objective of the examination should normally include, but are not limited to, the following with respect to each selected client account:
- Confirmation with the qualified custodian(s) of client funds and securities as of the date of the examination and that the client’s funds and securities are held in either a separate account under the client’s name or in accounts under the name of the investment adviser as agent or trustee for clients;
- Confirmation with the client of funds and securities held in the account as of the date of the examination and contributions and withdrawals of funds and securities to and from the account since the date of the last examination; where confirmation replies are not received, the accountant should perform alternative procedures; and
- Reconciliation of confirmations received and other evidence obtained to the investment adviser’s records.
Commission Reporting
Under amended rule 206(4)-2, each investment adviser subject to the surprise examination requirement must enter into a written agreement with an independent public accountant to conduct the surprise examination. The agreement must require the accountant, among other things:
- To submit Form ADV-E via the IARD system to the SEC accompanied by the accountant’s certificate within 120 days of the time chosen by the accountant for the surprise examination, stating that the accountant has examined the funds and securities and describing the nature and extent of the examination;
- To notify the SEC within one business day of finding any material discrepancy during the course of the examination; and
- To file via the IARD system, upon dismissal or resignation within four business days a statement regarding the termination along with Form ADV-E.
Important Information - Custody Notice Provision
Saturday, February 13th, 2010As we all know by now, investment advisers that send out their own statements to clients are required to place a notice on any such statement “urging” the client to compare the adviser’s information with the statement sent by the client’s qualified custodian. From my conversations with clients and other compliance professionals, the prevailing wisdom is that unless the statement sent by the investment adviser contains much of the same type of information sent by qualified custodian, it is not a “statement” and no notice is required. I have come to find out that this is wrong, wrong, wrong. One of my clients - who always seems to know more than I do - spoke with a representative of the SEC and was told point blank that the SEC intended to use the term “statement” generically and that if the “statement”, “report”, “appraisal” or whatever other term an adviser applied to what they send to clients “contains account balance information” then it is a statement and must have the required notice. Therefore, even if what the adviser sends to clients does not contain transactional information or even holdings information, the SEC would expect to see a version of the following notice:
“Pursuant to recent amendments to Rule 206(4) under the Investment Advisers Act of 1940, the Securities and Exchange Commission now requires us to urge clients to compare the information set forth in this statement with the statements you receive directly from your custodian to ensure that all account transactions are proper.”
More on the Surprise Audit
Thursday, February 11th, 2010I have a great client that always challenges me with well, challenging compliance questions. His latest was something along the lines of:
“In the case where an adviser representative has a general power of attorney for a client, and thereby has access to a client’s bank accounts as well as brokerage accounts, do you think the requirement to reconcile statements as well as the scope of the audit extend to these bank accounts or would it be confined to accounts over which the adviser provides advice?”
My response was as follows:
The following language can be found in the Final Rule Release:
“Advisers also should consider developing policies regarding the ability of individual employees to acquire custody of client assets (i.e., as trustees for client assets), because their custody may be attributable to the firm, which will thereby acquire responsibility for those assets under the rule.”
While the SEC offers no examples of when it “may or may not” be attributable to the firm, at least they contemplated such a situation. Since it is ambiguous, however, maybe the tipping point could be something along the lines of whether the firm provides advice to the client. I just cannot say for sure. It may have to be one of those things that must wait until either an audit or a no-action letter.
Fact Sheet - Internal Control Report
Tuesday, February 9th, 2010Requirement
When a related person serves as a qualified custodian for advisory client funds or securities, an adviser must receive from its related person, no less frequently than once each calendar year, a written report, which includes an opinion from an independent public accountant with respect to the related person’s controls relating to custody of client assets.
Objective
The objective of the examination supporting the internal control report is to obtain reasonable assurance that the related party’s controls have been placed in operation as of a specific date and are suitably designed and are operating effectively to meet control objectives related to custody of funds and securities.
PCAOB Registration and Inspection
The internal control report must be prepared by an independent public accountant that is registered with, and subject to regular inspection by, the Public Company Accounting Oversight Board (“PCAOB”).
Internal Control Report
The internal control report should address control objectives and associated controls related to the areas of client account setup and maintenance, authorization and processing of client transactions, security maintenance and setup, processing of income and corporate action transactions and client reporting.
The internal control report objectives should include:
· Documentation for the opening and modification of client accounts is received, authenticated, and established completely, accurately, and timely on the applicable system.
· Client transactions, including contributions and withdrawals, are authorized and processed in a complete, accurate, and timely manner.
· Trades are properly authorized, settled, and recorded completely, accurately, and timely in the client account.
· New securities and changes to securities are authorized and established in a complete, accurate and timely manner.
· Securities income and corporate action transactions are processed to client accounts in a complete, accurate, and timely manner.
· Physical securities are safeguarded from loss or misappropriation.
· Cash and security positions are reconciled completely, accurately and on a timely basis between the custodian and depositories.
· Account statements reflecting cash and security positions are provided to clients in a complete, accurate and timely manner.
As part of the internal control report, the independent public accountant must verify that funds and securities are reconciled to a custodian other than the adviser or its related person (for example, the Depository Trust Corporation). The accountant’s tests of the custodian’s reconciliation(s) should include either direct confirmation, on a test basis, with unaffiliated custodians or other procedures designed to verify that the data used in reconciliations performed by the qualified custodian is obtained from unaffiliated custodians and is unaltered.
The accountant’s internal control report should identify the control objectives included within the scope of the examination and include the accountant’s opinion as to whether controls have been placed in operation as of the specific date, and are suitably designed and are operating effectively to meet the identified control objectives during the specified period. The report should also describe the nature, timing, extent and results of the accountant’s procedures performed to verify that funds and securities are reconciled to depositories and other unaffiliated custodians.
U.S. Compliance Consultants Web Site
Sunday, February 7th, 2010I am pleased to announce that an upgrade to the U.S. Compliance Consultants web site is just a few days away. Information on the registration requirements of all 49 states will be available for viewing (remember that Wyoming does not register state investment advisers). This upgrade will allow potential state registrants to see exactly what each state requires in order to register as an investment adviser. No other compliance consultant company maintains a web site with such comprehensive information.
Subscribe