The Investment Advisers Act of 1940 (“Advisers Act”) imposes a significant number of regulatory obligations on the roughly 13,000 advisers registered under its purview. One of the broader mandates under the Advisers Act, articulated by Rule 206(4)-7 (“Compliance Program Rule”), requires advisers to review, no less frequently than annually, the adequacy of the policies and procedures established and the effectiveness of their implementation.
The Compliance Program Rule is not so prescriptive as to require specific methods of satisfying its requirements. Indeed, there are a number of ways advisers choose to approach this exercise, and the process varies largely as a function of the size and complexity of the organization. For example, some firms will approach the annual review as a distinct project, whereby a block of time each year is dedicated to a thorough analysis of the whole firm with a view to regulatory deficiencies. Other firms may instead elect to adopt a continuous testing schedule that is executed over the course of a year on an ongoing basis. Under either approach, a firm may engage a third party to supplement its internal review.
In general, larger organizations tend to prefer the continuous testing approach. In light of their size and breadth, these firms often operate under a strict risk management framework established by a board of directors, internal committees, or even by a regulatory body. This framework often dictates that the firm devise formal testing procedures (e.g., pursuant to a risk and control self-assessment (RCSA) model), often to be executed throughout the year. This continuous testing approach, within the context of satisfying the Compliance Program Rule, is characterized by a series of focused, periodic reviews such that the constituent periods, in the aggregate, comprise the full scope annual review at the conclusion of the year. Approaching the exercise in this way imparts a number of advantages, including the following.
Resource Drain Can be a Pain
Under a periodic testing approach, resource drain across the organization is often significantly minimized. Consistent with the SEC’s expectations, a holistic annual review should touch all aspects of an adviser’s business. Consequently, stakeholders and process owners operating in these critical areas will need to devote time and resources to address a potentially hefty number of inquiries made by the firm’s compliance group. In light of this need for firm-wide participation, a full-scale, project-based approach implicating all business units at once can create disruptions sufficient to frustrate the purpose and timeline of the review. Alternatively, choosing a few key focus areas to test each quarter avoids placing too heavy a burden on the organization as a whole, which can result in a more efficient exercise.
Tighter Focus, Deeper Dive
A periodic testing approach tends to drive a tighter focus and more potent analysis of each area of the organization. The grander scope demanded by an annual project-based approach is liable to dilute the amount of attention given to each area of the organization, which can yield erroneous conclusions drawn from a mile-wide, inch-deep evaluation. Alternatively, breaking down the scope and assigning testing areas to each quarter may permit a more focused and disciplined evaluation of each area. This increased level of attention can drive a more thoughtful approach and a successful outcome.
Be Nimble, Be Quick
The fluid nature of regulatory expectations poses additional considerations that may inform an organization’s testing approach. SEC focus areas shift frequently, and are generally communicated to the public through an intricate mosaic of enforcement actions, risk alerts, investment management guidance, and no-action letters. In addition, a change in SEC leadership often precipitates a further shift in examination priorities and focus areas. Consequently, a firm that utilizes the project-based approach to the annual review will only be able to incorporate relevant SEC priorities at that snapshot in time. Alternatively, a firm that pursues the periodic testing approach is privy to SEC priorities as they develop throughout the year, and can nimbly revise each quarter’s testing approach to accommodate the latest regulatory landscape.
Planning and executing on a continuous testing mandate to satisfy the Compliance Program Rule is a complex and resource-intensive exercise involving multiple business units and stakeholders. Difficulties or delays can arise if unexpected events require a compliance group’s focus to shift from testing to addressing more immediate needs. Failing to meet testing mandates can subject a firm to regulatory exposure by allowing mal- or misfeasance to continue unnoticed, and invite scrutiny from regulators, internal governance functions, and investors alike.
How ACA Can Help
ACA has significant experience in helping larger managers to supplement their internal testing efforts and meet annual deadlines. Learn more about how we can assist by contacting firstname.lastname@example.org.
About the Author
Matt Girandola joined ACA in February 2015. As a Consultant, he conducts mock SEC examinations and provides regulatory consulting services to registered investment advisers, including hedge fund, private equity fund, and traditional SMA managers. He can be reached at email@example.com.