SEC Highlights Importance of Risk Assessments

The SEC stated in their 2015 Examination Priorities that, as was the case in prior years’ priorities, the Commission will conduct “focused, risk-based examinations”. This guidance confirms that investment advisers should be engaged in identifying risk areas and working to correct any deficiencies prior to the SEC conducting an examination. We have also recently seen a number of our client firms being requested by prospective investors to show them their risk assessments.

All investment advisers owe fiduciary duties to their clients. This means that advisers have an obligation to act and provide investment advice in their clients’ best interest. The SEC says advisers owe their clients a “duty of undivided loyalty and utmost good faith” and describes this as not engaging “in any activity in conflict with the interest of any client” and taking “steps reasonably necessary to fulfill your obligations” as well as taking “reasonable care to avoid misleading clients”. The Commission expects you to provide “full and fair disclosure of all material facts to your clients and prospective clients” under this obligation. The idea of a fiduciary duty is the foundation of the rules set forth in the Investment Adviser Act of 1940 and should be taken seriously by all investment advisers. Below we have outlined some concepts that will refresh your memory and help you get “back to basics” when it comes to risk assessment and mitigation.

There are several ways an investment adviser can approach an analysis of their risks and conflicts of interest and each adviser should identify those risks and conflicts of interest that are relevant to their particular business. The identification of risks and conflicts should be easily repeatable and should be firm-wide. Such a process may include any or a combination of the below as described in a 2009 SEC CCO Outreach Seminar.

  • Top-down: a simple approach to risk assessment in which management identifies the conflicts of interest and other risks the firm confronts.
  • Layered: committees are used to identify the conflicts of interest and other risks present within each area of expertise (e.g., portfolio management committee, brokerage committee, pricing committee, IT oversight committee, internal controls committee and corporate governance committee). Such committee input is compiled and summarized into a firm-wide program.
  • Bottom-up: each employee or group of employees provides input regarding the potential conflicts of interest and other risks that the firm confronts in the employees respective areas of expertise.
  • Dedicated risk staff: a group of individuals are responsible for managing the risk assessment process and ensuring risks are properly assessed, inventoried and managed.

Identification of potential risks will then lead to an inventory of risks that reflect the firm’s current environment. These identified risks should not be static and should evolve and change as the firm changes. By performing this type of risk identification process, a firm can demonstrate that they are cognizant of their risks and that they are taking steps to diminish them on an ongoing basis. A large percentage of recent SEC examination request lists have included a request for documentation pertaining to the standard operation procedures for risk mitigation.

The questions advisers should be asking themselves when reviewing their policies and procedures to ensure proper assessment of risks should include:

  • Have you conducted an effective “risk assessment” (i.e., evaluated how your activities, arrangements, affiliations, client base, service providers, conflicts of interest, and other business factors may cause violations of the Advisers Act or the appearance of impropriety)?
  • Did this risk assessment serve as the basis for developing your compliance policies and procedures?
  • Do you periodically re-evaluate your risk assessment to determine that new, evolving, or resurgent risks are adequately addressed?
  • Are your compliance policies and procedures designed to manage and control the compliance risks identified in your risk assessment?
  • Does the implementation of your compliance policies and procedures reflect good principles of management and control?
  • Do you regularly conduct transactional or quality control tests to determine whether your activities are consistent with your compliance policies and procedures?
  • Do you conduct periodic tests to detect instances in which your policies and procedures may be circumvented or where there may have been attempts to take advantage of the gaps in your policies and procedures?
  • Do these tests produce exceptions or other reports? Does knowledgeable staff review these reports, follow up on any exceptions, and resolve problematic items found in a timely manner?

An easy way to keep all of these procedures in a centralized place is to create and maintain a Compliance Calendar. Included in such a calendar would be reminders to perform testing and analysis of current firm policies and procedures as outlined in the firm’s Compliance Manual. Firms should remember to reference the risk inventory created when conducting their annual review to document the processes implemented and their findings from forensic testing conducted.

SEC3 can assist your firm in assessing and improving your risk policies and controls. We can also assist specifically with conducting risk assessments, providing a customized compliance calendar and an annual review. For further information, please contact your SEC3 representative or contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Lastly, please make sure to check out our upcoming events here. Email announcements to follow shortly.


Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on CCO topics.
tip: check both to keep informed!


Overlooked Benefits of E&O/D&O

While asset managers should always be aware of the protections provided by their E&O/ D&O coverage, there are more reasons than ever to think about it now. The SEC continues to... read more »

SEC3 Newsletter

Commentary: How Compliance Officers & Firms Can Help Limit CCO Personal Liability This article originally appeared on the Thomson Reuters Regulatory Intelligence subscription service for compliance and risk professionals and is... read more »

Wishing One-and-All a Happy, Healthy and Prosperous New Year

We hope each of you found some peace and tranquility in the company of loved ones this holiday season and want to wish one-and-all a happy, healthy and prosperous New... read more »

Understanding How to Mitigate Liability and Navigate Insurance Options (Part II)

In June, we shared our thoughts around common insurance gaps and insurance riders that CCOs as well as managers should understand. One of the gaps we shared related to pre-claim... read more »

Cybersecurity - What have we learned and what have we done?

Regulatory Landscape In April 2015, the Securities and Exchange Commission ("SEC's") Division of Investment Management issued a guidance update, identifying cybersecurity as a critical issue. Several regulators are in fact focusing... read more »

Gatekeepers in SEC Crosshairs

Ever since the enforcement cases were announced as part of the SEC’s “Operation Broken Gate,” the SEC enforcement division has continued to ramp up scrutiny of gatekeepers including third-party service... read more »


Upcoming Events - September & October 2017

Upcoming Events Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. SEC3 is teaming up with industry experts in NYC to discuss...

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...

Webcast: SEC 2017 Examination Focus Area – Cybersecurity Testing

Penetration Testing & Vulnerability Assessments - Examining the SEC & FINRA Requirements When: Wednesday, January 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder,...

Chief Compliance Officer Roundtable: Breakfast Briefing

When: October 20, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Thomas Westle and Janaya...

Practicing Law Institute - Hedge Fund Management 2016

When: September 15, 2016 Where: New York & concurrent webcast | 1177 Avenue of the Americas | New York, NY 10036 Schedule: 9:00 am – 5:00 pm Janaya Moscony, President of SEC3 will...


When: April 13, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 22nd Floor Boardroom Thomas Westle and Janaya Moscony, along with industry experts,...


When: November 17, 2015 Where: Convene Midtown East | 730 Third Avenue | New York, NY 10017 Janaya Moscony, President, SEC Compliance Consultants, Inc. will be moderating a...