The EXAMS staff at the SEC recently released a Risk Alert on the topic of material non-public information and adviser Codes of Ethics. Long cited as among the most common areas of deficiency, the alert manages to hit all of the familiar beats for Code of Ethics issues:
- • Identification of access persons.
- • Inclusion of required pre-approvals for new issues and private placements.
- • Compliance with these and firm-established pre-approval requirements.
- • Timely submission of complete holdings and transaction reports.
- • Timely review of those holdings and transaction reports.
- • Assignation of review of the CCO’s activities to other personnel.
- • Documented acknowledgement of receipt of the Code of Ethics.
The Staff also emphasized practices where policies and procedures surrounding material non-public information (“MNPI”) should be further adapted by firms. This can include firms that make use of expert networks or alternative data, or that receive input or feedback from investors who are more likely to possess MNPI (“value-add investors”), such as investment bankers, principals or portfolio managers at asset management firms, and officers or directors of public companies.
The broad themes of these observations include initial and ongoing risk assessment for firm exposure to these risks; ongoing monitoring such as periodic due diligence of data providers and assessment of experts; and documentation supporting the reviews.
We do not recall a time when Code compliance was not a staple of routine examinations. Even with the amount of change in the industry, Code of Ethics compliance, even if nothing else, should be an area in which you have confidence. Reporting and pre-clearance requirements should be clear to all access persons. Review processes should be well documented and provide for investigation of trading overlap with restricted lists and client portfolios.
Similarly, firm exposure to MNPI should be an element of your risk assessments. If you employ alternative data, value-add investors, and/or expert networks, then your policies and procedures should reflect those practices not only as an onboarding-type event, but as an ongoing process consistent with the nature of such exposures. While firms keep pushing for shorter compliance manuals, the regulators continue to emphasize more, more, more.