Hero Background
Home / Blog



MAY 25, 2017


Investment advisers are subject to audit and examinations by the SEC and/or state regulatory authorities in somewhat unpredictable intervals. This paper focuses on the four topics most frequently identified in deficiency letters. The four topics fall under the following topical headings:

  • The “Compliance Rule”
  • The “Custody Rule”
  • The “Code of Ethics Rule”
  • The “Books and Records Rule”

This information was initially published by the SEC.  It is consistent with our experience representing hundreds of advisory clients over the years.  In publishing this excerpt, we seek to encourage advisers to reflect upon their own practices, policies and procedures in these areas and to promote preparedness for the “inevitable” exam.

First deficiency:  The “Compliance Rule

The so-called “Compliance Rule” has three main parts. It requires every adviser to (1) adopt and implement written policies and procedures; (2) review, no less frequently than annually, the adequacy of its written policies and procedures and (3) designate a chief compliance officer responsible for administering the compliance policies and procedures that the adviser adopts.

Typical examples of deficiencies:

  • Compliance manuals are not reasonably tailored to the adviser’s business. In these cases, the adviser’s compliance programs do not take into account important individualized business practices such as the adviser’s particular investment strategies, types of clients, trading practices, valuation procedures and advisory fees. “Off-the-shelf” compliance manuals that have not been tailored to the adviser’s individual business are almost never acceptable to examiners.
  • Annual reviews are not performed or did not address the adequacy of the adviser’s policies and procedures. In most of these cases, the CCO did not conduct annual reviews of the adviser’s compliance policies and procedures, as required. In other cases, the CCO’s annual review did not address the adequacy of the adviser’s policies and procedures and their effectiveness. In some other cases, the examiner observed that the CCO did not address or correct problems identified in its annual review.
  • Adviser does not follow its own compliance policies and procedures. In these cases, the adviser is not following its own compliance policies and procedures as required by the Compliance Rule. For example, the CCO did not regularly perform certain internal reviews of the adviser’s practices as required by its compliance manual.
  • Compliance manuals are not current. In these cases, the adviser’s compliance manual contains information or policies that are no longer current such as investment strategies that are no longer being pursued, stale information about the firm, references to regulations that have since been changed, etc.

Second Deficiency: The “Custody Rule

The Custody Rule should be of concern to just about every investment adviser and fund manager. For example, a separate account manager will be deemed to have custody of client funds and securities if it has an arrangement under which it is authorized or permitted to withdraw client funds or securities from its clients’ accounts (including to pay its advisory fee). An adviser that serves as the general partner of a hedge fund generally has custody of client assets because the position generally gives the adviser legal ownership or access to client funds and securities.

Typical examples of deficiencies:

  • Advisers did not recognize that they may have custody due to online access to client accounts. An adviser’s online access to client accounts may meet the definition of custody when such access provides the adviser with the ability to withdraw funds from the client accounts. This will almost certainly be the case if the adviser has access to such accounts using a client’s personal username and password!
  • Advisers did not recognize that they may have custody as a result of certain authority over client accounts. In these cases, the adviser may have custody over client accounts as a result of having (or related persons having) powers of attorney authorizing them to withdraw client cash or securities. The same thing may happen when the adviser serves as a trustee of client trusts.

Third Deficiency: The “Code of Ethics Rule

The Code of Ethics Rule requires an adviser to adopt and maintain a written code of ethics meeting a number of requirements. At a minimum, it must (1) establish a standard of business conduct that the adviser requires of all of its supervised persons; (2) require an adviser’s “access persons” to periodically report their personal securities holdings to the CCO; and (3) require that such “access persons” obtain the CCO’s prior approval before investing in an IPO or a private placement.

Typical examples of deficiencies:

  • Access persons not identified. In these cases, the adviser did not identify all of its access persons for purposes of reviewing personal securities trading.
  • Missing required information. The code of ethics did not specify review of the holdings and transaction reports, or did not identify the specific submission timeframes as required by the Rule.
  • Untimely submission of transactions and holdings. In these cases, the examiner found that certain access persons submitted transactions and holdings less frequently than required by the Rule.
  • No description of the Code of Ethics in FORM ADV. An adviser must describe its code of ethics in its FORM ADV Part 2A brochure and indicate that a copy of the same is available to any client or prospective client free of charge. In these cases, the adviser failed to adequately describe its code of ethics, if it was mentioned at all, in the adviser’s Part 2A brochure.

Fourth Deficiency: The “Books and Records Rule

The Books and Records Rule requires an adviser to make and keep certain books and records relating to their investment advisory business, including typical accounting and other business records.

Typical examples of deficiencies:

  • Missing records. The adviser may not be maintaining all the books and records required by the Rule, such as trade records, advisory agreements and general ledgers, etc.
  • Books and records are inaccurate or not updated. The adviser had errors or omissions in its books and records, such as inaccurate fee schedules, client records, stale client lists, etc.
  • Inconsistencies. In these cases, there is contradictory information in separate records.


Examinations can result in a range of actions and, in some cases, sanctions. In most cases, the adviser will receive a routine “deficiency letter,” which will simply require the adviser to take remedial action such as enhancing its written compliance policies, procedures and processes, changing business practices or devoting more resources or attention to the area of compliance. In extreme cases, the examiner can refer its findings to enforcement personnel for further action, resulting in a “regulatory letter” and, in the worst cases, fines and/or sanctions.


* * * *

This newsletter is published as a source of information only for clients and friends of The Securities Law Group and should not be construed as legal advice or opinion on any specific facts or circumstances.  The delivery of this publication is not intended to create, and receipt of it does not create, an attorney-client relationship.



James Grand