newyork1.jpg

SEC Highlights Importance of Risk Assessments

The SEC stated in their 2015 Examination Priorities that, as was the case in prior years’ priorities, the Commission will conduct “focused, risk-based examinations”. This guidance confirms that investment advisers should be engaged in identifying risk areas and working to correct any deficiencies prior to the SEC conducting an examination. We have also recently seen a number of our client firms being requested by prospective investors to show them their risk assessments.

All investment advisers owe fiduciary duties to their clients. This means that advisers have an obligation to act and provide investment advice in their clients’ best interest. The SEC says advisers owe their clients a “duty of undivided loyalty and utmost good faith” and describes this as not engaging “in any activity in conflict with the interest of any client” and taking “steps reasonably necessary to fulfill your obligations” as well as taking “reasonable care to avoid misleading clients”. The Commission expects you to provide “full and fair disclosure of all material facts to your clients and prospective clients” under this obligation. The idea of a fiduciary duty is the foundation of the rules set forth in the Investment Adviser Act of 1940 and should be taken seriously by all investment advisers. Below we have outlined some concepts that will refresh your memory and help you get “back to basics” when it comes to risk assessment and mitigation.

There are several ways an investment adviser can approach an analysis of their risks and conflicts of interest and each adviser should identify those risks and conflicts of interest that are relevant to their particular business. The identification of risks and conflicts should be easily repeatable and should be firm-wide. Such a process may include any or a combination of the below as described in a 2009 SEC CCO Outreach Seminar.

  • Top-down: a simple approach to risk assessment in which management identifies the conflicts of interest and other risks the firm confronts.
  • Layered: committees are used to identify the conflicts of interest and other risks present within each area of expertise (e.g., portfolio management committee, brokerage committee, pricing committee, IT oversight committee, internal controls committee and corporate governance committee). Such committee input is compiled and summarized into a firm-wide program.
  • Bottom-up: each employee or group of employees provides input regarding the potential conflicts of interest and other risks that the firm confronts in the employees respective areas of expertise.
  • Dedicated risk staff: a group of individuals are responsible for managing the risk assessment process and ensuring risks are properly assessed, inventoried and managed.

Identification of potential risks will then lead to an inventory of risks that reflect the firm’s current environment. These identified risks should not be static and should evolve and change as the firm changes. By performing this type of risk identification process, a firm can demonstrate that they are cognizant of their risks and that they are taking steps to diminish them on an ongoing basis. A large percentage of recent SEC examination request lists have included a request for documentation pertaining to the standard operation procedures for risk mitigation.

The questions advisers should be asking themselves when reviewing their policies and procedures to ensure proper assessment of risks should include:

  • Have you conducted an effective “risk assessment” (i.e., evaluated how your activities, arrangements, affiliations, client base, service providers, conflicts of interest, and other business factors may cause violations of the Advisers Act or the appearance of impropriety)?
  • Did this risk assessment serve as the basis for developing your compliance policies and procedures?
  • Do you periodically re-evaluate your risk assessment to determine that new, evolving, or resurgent risks are adequately addressed?
  • Are your compliance policies and procedures designed to manage and control the compliance risks identified in your risk assessment?
  • Does the implementation of your compliance policies and procedures reflect good principles of management and control?
  • Do you regularly conduct transactional or quality control tests to determine whether your activities are consistent with your compliance policies and procedures?
  • Do you conduct periodic tests to detect instances in which your policies and procedures may be circumvented or where there may have been attempts to take advantage of the gaps in your policies and procedures?
  • Do these tests produce exceptions or other reports? Does knowledgeable staff review these reports, follow up on any exceptions, and resolve problematic items found in a timely manner?

An easy way to keep all of these procedures in a centralized place is to create and maintain a Compliance Calendar. Included in such a calendar would be reminders to perform testing and analysis of current firm policies and procedures as outlined in the firm’s Compliance Manual. Firms should remember to reference the risk inventory created when conducting their annual review to document the processes implemented and their findings from forensic testing conducted.

SEC3 can assist your firm in assessing and improving your risk policies and controls. We can also assist specifically with conducting risk assessments, providing a customized compliance calendar and an annual review. For further information, please contact your SEC3 representative or contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Lastly, please make sure to check out our upcoming events here. Email announcements to follow shortly.

Newsletter

Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on CCO topics.
tip: check both to keep informed!

Communiques

Exciting Summer Project -- Dig Into Some Sand or Dig Into Your Firm's Best Ex Pr…

The Office of Compliance Inspections and Examinations (OCIE) issued a risk alert July 11 targeting investment advisers’ most common deficiencies with regard to their best execution obligations under the Investment... read more »

SEC Adopts Fund Liquidity Reporting and Disclosure Changes

The final week of June was a busy one for SEC releases following the SEC’s June 28th open meeting. Among these was a revisit of Rule 22e-4 under the Investment... read more »

More SEC Settlements - This Time Form PF Filing Deficiencies

On June 1st, the SEC announced settlements with 13 RIAs who repeatedly failed to file Form PF reports. Most of these firms never filed over the review period (2012 through... read more »

Two Recent Enforcement Actions Against Private Fund Advisers

The industry should not misinterpret the SEC’s 2018 National Exam Program Priorities as a shift away from private fund advisers. As discussed during the SEC’s recent National Compliance Outreach Seminar... read more »

2018 - Are you ready for your next SEC exam?

The pool of registered investment advisers that will be subject to an SEC exam in 2018 is at the highest level seen in years. The SEC projects it will examine... read more »

Navigating the Changes to Form ADV

On August 25, 2016, the U.S. Securities and Exchange Commission adopted numerous substantive and technical amendments to Form ADV. While the adopting release required advisers to begin complying with the... read more »

Events

Chief Compliance Officer Roundtable: Breakfast Briefing - June 14, 2018

When: June 14, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Webinar: 2018 SEC Exam Priorities & Recent Exam Highlights

Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. Tobin S. Cochran, Managing Member/President of Focus 1 Associates, LLC and...

Chief Compliance Officer Roundtable: Breakfast Briefing - February 7, 2018

When: February 7, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Upcoming Events - September & October 2017

Upcoming Events Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. SEC3 is teaming up with industry experts in NYC to discuss...

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email info@seccc.com to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...

Webcast: SEC 2017 Examination Focus Area – Cybersecurity Testing

Penetration Testing & Vulnerability Assessments - Examining the SEC & FINRA Requirements When: Wednesday, January 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder,...

Chief Compliance Officer Roundtable: Breakfast Briefing

When: October 20, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Thomas Westle and Janaya...