The SEC’s Division of Examinations (“EXAMS”) posted its observations concerning registered investment advisers’ compliance with Section 204A of the Investment Advisers Act of 1940 and Rule 204A-1 (also known as the “Code of Ethics Rule”) in its Risk Alert “Investment Adviser MNPI Compliance Issues”. As usual, this Risk Alert offered the industry something to consider.
Section 204A requires investment advisers to “establish, maintain, and enforce written policies and procedures reasonably designed . . . to prevent the misuse . . . of material, nonpublic information by such investment adviser or any person associated with [it].” To that end, EXAMS noted that it found advisers that:
- “used data from non-traditional sources (“alternative data”), but did not appear to adopt or implement reasonably designed written policies and procedures to address the potential risk of receipt and use of MNPI through alternative data sources” (more on this below);
- “did not have or did not appear to implement adequate policies and procedures regarding investors (or in the case of institutional investors, key persons) who are more likely to possess MNPI”; and
- “did not appear to have or did not appear to implement adequate policies and procedures regarding their discussions with expert network consultants who may be related to publicly traded companies or have access to MNPI”.
RIAs “did not appear to adopt”, “did not have”, or “did not appear to have” procedures. To paraphrase Ian Fleming of James Bond fame, if once is an occurrence and twice is a coincidence, then three times is intentional. This is yet another reminder that procedures matter. Failure to have any procedures will always result in a quick and easy finding for EXAMS. And one that is not easily rebutted. However, having procedures on the books means that EXAMS must assess how effective those procedures are. This is, of course, a much different question. And one that can be defended.
But The Procedures Must Be Practicable
EXAMS also outlined various deficiencies it observed concerning compliance with the Code of Ethics Rule. As examples, EXAMS found RIAs that did not identify access persons or review personal securities transactions. These do not seem to be attributable to a failure to have procedures, but the failure to execute procedures. I have seen a number of procedures in my time as a regulator that went to great lengths to describe the regulatory standards but did not articulate what one must do to comply with it. The “why” was there, but not the “who”, “what”, “when” or “how”. This is arguably worse than having no procedure at all.
So yes, remedy a potential “did not appear to adopt” or “did not have” finding not just with procedures, but practicable, meaningful procedures that articulate what one has to actually do.
A Thought About “Alternative Data”
As noted above, EXAMS found RIAs that did not have procedures to address the potential receipt and use of MNPI through “alternative data”. EXAMS defined this as “information gleaned from satellite and drone imagery of crop fields and retailers’ parking lots, analyses of aggregate credit card transactions, social media and internet search data, geolocation data from consumers’ mobile phones, and email data obtained from apps and tools that consumers may utilize.” That is a wide net. Nonetheless, EXAMS raises an interesting point – an RIA (and broker-dealers) should understand and carefully consider the risks of the information it consumes. Information believed to be benign may apparently end up being anything but that.
Thank you for reading this article. Please know that I wrote it for informational purposes only (some may consider it ADVERTISING MATERIAL) and did not intend for it to be legal advice or to form an attorney-client relationship with you – especially in jurisdictions where I am not licensed to practice law. I encourage you to seek your own counsel to help you with your specific situation. To that end, I invite you to contact me if you would like to discuss my services.
I enable broker-dealers, registered investment advisers and their associates to spend more time growing their business by helping them address a wide range of legal and compliance responsibilities with clear and detailed advice.