SEC’s Division of Examinations Issues Risk Alert on Investment Adviser MNPI Compliance Issues

5 Mei 2022

In a Risk Alert issued on 26 April 2022 (the Risk Alert), the staff of the Division of Examinations (the Staff) of the Securities and Exchange Commission (SEC) described notable deficiencies relating to investment advisers’ use of material non-public information (MNPI). Specifically, the Staff identified deficiencies stemming from Section 204A of the Investment Advisers Act of 1940 (the Advisers Act), which requires advisers (registered and unregistered) to implement written policies and procedures reasonably designed to prevent the misuse of MNPI, and Rule 204A-1 thereunder (the Code of Ethics Rule), which requires investment advisers to adopt a code of ethics setting forth the standard of business conduct expected from the adviser’s “supervised persons,”among other requirements. The Code of Ethics Rule also requires certain supervised persons (defined as access persons2) to report their personal securities transactions and holdings to the adviser’s chief compliance officer.

We summarize below areas of concern observed by the Staff, and suggest courses of action that advisers may wish to consider taking to address such concerns.

Compliance Issues Related to Section 204A 

Policies and Procedures Related to Alternative Data

According to the Staff, advisers that used data from non-traditional sources beyond company financial statements, filings, and press releases (e.g., information gathered from satellite and drone imagery, analyses of aggregate credit card transactions, social media and internet search data, geolocation data from consumers’ mobile phones, and email data obtained from applications and other tools utilized by consumers) (collectively, alternative data) appeared to not have adopted or implemented written policies and procedures reasonably designed to address the potential risk of receiving and using MNPI through such sources. For example, the Staff asserts that advisers: 

  • Did not consistently implement their policies and procedures related to alternative data service providers, including by not consistently applying or adequately recording the advisers’ due diligence processes for all sources of alternative data;
  • Did not have policies and procedures for assessing the terms, conditions, or legal obligations related to the collection or provision of alternative data, including for instances in which advisers became aware of red flags about alternative data sources; and
  • Neglected to develop processes for determining when due diligence needed to be re performed based on the passage of time or changes in data collection practices.3

Takeaway: Although the Staff acknowledged in the Risk Alert that alternative data does not necessarily contain MNPI, advisers should nevertheless consider whether they use alternative data, and if so, whether their existing written policies and procedures provide for (i) consistent (and, where appropriate, ongoing) due diligence of data sources; (ii) consideration of the advisers’ obligations and restrictions in connection with the data; and (iii) memorialization of due diligence processes. Also, while not specifically addressed in the Risk Alert, advisers should consider whether (and which) alternative data sources actually introduce an enhanced risk of actual or potential receipt or use of MNPI, and whether their policies and procedures are appropriately tailored to such risks. Advisers may also wish to consider whether additional training may be appropriate for personnel who receive or use alternative data, including to clarify that the legal requirements and restrictions relating to MNPI apply to alternative data. 

Policies and Procedures Related to “Value-Add Investors”

The Staff also observed advisers that did not have—or did not appear to implement—adequate policies and procedures related to investors (or, in the case of institutional investors, key persons) who are more likely to possess MNPI (e.g., officers or directors of a public company, asset management firm principals or portfolio managers, and investment bankers) (value-add investors), and the risks posed by such value-add investors. In addition, the Staff asserts that some advisers that had policies and procedures regarding value-add investors did not correctly identify all of the value-add investors, or did not correctly identify and track their relationships with potential MNPI sources.

Takeaway: Advisers should consider whether their firms have as clients, or as investors in managed funds, actual or potential value-add investors, and the risk that those investors may pass MNPI to the advisers. Advisers make use of value-add investors should also consider developing, or confirming the accuracy of, a value-add investor inventory, and should regularly update such an inventory.An adviser may also wish to identify those value-add investors who have engaged the adviser or invested in a fund managed by the adviser because of a relationship with the portfolio manager or other person associated with the adviser, as those value-add investors may exchange information (including potential MNPI) with portfolio managers more frequently than other types of investors. In addition, advisers should consider whether their policies and procedures regarding electronic communications and MNPI appropriately address communications with value-add investors. For example, an adviser could consider adding to its code of ethics or other compliance policy a requirement that supervisory or compliance personnel pre-clear, participate in, or review communications between investment personnel and value-add investors. 

Policies and Procedures Related to Expert Networks

The Staff observed advisers that did not appear to have or implement adequate policies and procedures for discussions with expert network consultants (i.e., groups of professionals who are compensated for their information and research services) who may be related to publicly traded companies or otherwise have access to MNPI. For example, the Staff observed omissions related to: 

  • Tracking and logging calls with expert network consultants; 
  • Reviewing detailed notes from expert network calls; and 
  • Monitoring trading activity related to securities of publicly traded companies that are in industries similar to those discussed during expert network calls. 

Takeaway: The use of expert networks has been the subject of previous SEC enforcement actionsand regulatory guidance.The Risk Alert is a reminder that advisers should consider their use of expert networks, and whether their policies and procedures relating to MNPI appropriately address communications with expert network consultants. For example, advisers may consider a review of their policies and procedures to confirm that the specific concerns cited by the Staff, to the extent they are applicable to an adviser’s activities, are addressed in the advisers’ compliance programs.

Compliance Issues Related to the Code of Ethics Rule

Inaccurate Identification of Access Persons

According to the Staff, advisers did not identify and supervise certain employees as access persons in accordance with the Code of Ethics Rule. In addition, some codes of ethics failed to (i) properly define “access person,” or (ii) correctly identify those employees who were access persons.  

Takeaway: Advisers should review their codes of ethics and any separately maintained list of “access persons” to ensure that (i) such term is defined in a manner that is consistent with the Code of Ethics Rule, and (ii) the list of access persons is accurate and includes all applicable persons. The treatment of consultants, affiliates, and temporary employees, in particular, warrants special attention when identifying an adviser’s access persons. Advisers should also ensure that procedures for updating that list are in place and are routinely followed.

Failure to Obtain Required Pre-Approval for Investments

The Staff observed access persons that purchased beneficial ownership in initial public offerings (IPOs) and limited offerings without first obtaining pre-approval as required by the Code of Ethics Rule, and also observed that some advisers did not include in their codes of ethics provisions requiring such pre-approval.7

Takeaway: Advisers should review their codes of ethics to ensure that they require pre-approval of IPO and limited offering purchases, and remind access persons of their obligation to obtain pre-approval prior to making such purchases.

Deficiencies Related to Personal Securities Transactions, Holdings Reports, and Written Acknowledgments

The Staff also observed access persons that did not report personal securities transactions and holdings as required by the Code of Ethics Rule, and advisers that otherwise had deficiencies related to personal securities transactions and holdings. For example, some advisers:

  • Failed to produce evidence of supervisory review of holdings and transaction reports;
  • Did not assign to another employee or officer the review of the chief compliance officer’s reporting, thereby permitting the chief compliance officer to self-review his/her own reports; and
  • Did not include in their codes of ethics provisions requiring access persons to (i) submit holdings or transaction reports, or (ii) include in such reports all of the information required by the Code of Ethics Rule, such as private placement investments.

In addition, some advisers’ supervised persons did not receive copies of the code of ethics or did not acknowledge in writing that they had received the code or any amendments thereto (written acknowledgements). In other instances, codes of ethics failed to require that such written acknowledgements be provided as required by the Code of Ethics Rule. 

Takeaway: Advisers should review their codes of ethics to confirm that they provide for all elements required by the Code of Ethics Rule. In addition, advisers should remind access persons of their obligation to submit (i) transaction and holdings reports, and (ii) written acknowledgements on a timely basis and otherwise in accordance with the code to ensure these basic requirements are followed. Advisers should also consider whether their recordkeeping processes are sufficient to demonstrate that transaction and holdings reports are reviewed and that any omissions or violations by access persons are addressed.

Additional Observations by the Staff

The Risk Alert also described the following observations of the Staff, which do not represent explicit violations of Section 204A or the Code of Ethics Rule, but are inconsistent with guidance provided by the Securities and Exchange Commission in the adopting release relating to the Code of Ethics Rule:8

  • Employees traded in securities of issuers that were on the adviser’s restricted securities list; and
  • An adviser or its employees purchased securities at a better price, or ahead of the adviser’s clients and in contravention of the adviser’s own code of ethics.

Takeaway: Most advisers have policies and procedures that prohibit trading of securities of issuers on any restricted securities list and contain some measures designed to ensure that investment opportunities are first offered to clients before the adviser or its employees may act on them (often with certain exceptions). Although the additional observations of the Staff are not necessarily violations of Section 204A of the Advisers Act or the Code of Ethics Rule, these provisions are designed to protect against misuse of MNPI and ensure that advisers adhere to their duty of loyalty to clients. In addition, pervasive failures by an adviser to follow (or enforce) its compliance policies and procedures could represent violations of the Advisers Act, even in the absence of any insider trading or breach of fiduciary duty liability. Consequently, an adviser and its personnel must still comply with any obligation or practice addressed by the adviser’s compliance program.

The Risk Alert also encouraged advisers to review their practices, policies, and procedures regarding the topics addressed above to ensure that they comply with the Advisers Act and the rules thereunder. This Client Alert provides brief “takeaways” that advisers may wish to consider in response to the Risk Alert or, at the very least, items that advisers should carefully review in connection with the annual review of their compliance programs.