SEC Compliance Consultants, Inc.

32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
What’s on the SEC’s radar?
January 2009

Michael T. Brophy, Esq. 
Senior Consultant 
SEC Compliance Consultants, Inc. 

In March of this year Lori Richards, Director of the Office of Compliance Inspections and
Examinations (“OCIE”), addressed the industry at a Best Practices Summit and provided
information on the SEC’s top 10 focus areas. In June, U.S Securities and Exchange Commission
(“SEC”) Chairman Christopher Cox addressed the Chartered Financial Analysts Institute and
discussed items on the SEC’s regulatory calendar for 2008. This past July the SEC published a
Compliance Alert summarizing issues found during recent examinations. The following ten
discussion items address the top areas addressed by SEC staff in speeches and not surprisingly,
the top areas reviewed during SEC examinations. They are presented with the intention of
providing a step by step actionable plan for Chief Compliance Officer’s (“CCO’s”) to reference
when reviewing their internal compliance programs. More often than not, theory and rules are
presented and compliance personnel are still left wondering how to implement appropriate
testing. The areas presented below should be considered in an investment adviser’s risk
assessment as part of its compliance program.

1. Valuation

Asset managers may now be facing the SEC's toughest scrutiny with regard to how advisers
conduct valuations. The sub-prime mortgage and credit crisis has made valuation even more
difficult. In 2008, managers have experienced unprecedented challenges in valuing securities
and as a result it should be no surprise that the SEC conducted a sweep exam related to valuation
issues. The sweep exam included inquiries related to firm fair value pricing policies and the
types of investments being made by advisers. Of particular emphasis in the valuation sweep
examinations and during routine SEC examinations is the pricing of structured products, illiquid
securities and other difficult to price securities. Examiners looked at whether the adviser
understood the nature of the security before purchasing the security and whether or not the
adviser had a plan on how the security was going to be priced. In addition, examiners sought to
determine whether advisers have adequate processes and procedures and whether the advisers are
following those procedures.

A reliable and consistent valuation approach is necessary in order to satisfy the SEC’s scrutiny.
There should be a sufficient level of experience and independence for personnel involved in the
pricing of securities. Rest assured there are some specific things that firms can do to be
adequately prepared for an SEC visit.
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
What Should Firms be Doing?

Earlier this year John Walsh, OCIE chief counsel, discussed eight points to consider when
creating valuation procedures:

1. Set sound procedures around the market quotation sources that will be used;
2. Ensure that the criteria for determining whether quotations are current and
readily available are well documented;
3. Develop procedures governing how the executive level at the adviser gets involved in
valuations (i.e. – a valuation officer or committee);
4. Develop procedures that consider how the adviser handles events that affect the
calculation after it has already calculated a price;
5. Test and monitor the accuracy of valuations against external sources by aggregating the
data over time, comparing the previous day’s value against the next day's prices, or by
executing test trades to see what happens;
6. Develop procedures explaining the adviser’s interaction with pricing services and how
the information provided is verified;
7. Detail when it is appropriate to deviate from the existing valuation process and what
checks and balances are in place to validate the exception;
8. Retain adequate documentation, such as: (a) any communications between portfolio
managers and the pricing services, and (b) the information used and the judgment factors
utilized on a particular valuation, especially difficult valuations. This can help prevent
and detect inappropriate influence by portfolio management over the valuation process.
In addition, this will illustrate to a regulator and auditors the steps taken in the decision
making process for a particular valuation.

FAS 157 established a framework for measuring fair value in generally accepted accounting
principles (“GAAP”), and expanded disclosures about fair value measurements. Prior to FAS
157, there were different definitions of fair value and limited guidance for applying those
definitions in GAAP. Further, that guidance was dispersed among the many accounting
pronouncements that require fair value measurements. Differences in that guidance created
inconsistencies that added to the complexity in applying GAAP. In developing FAS 157, the
need for increased consistency and comparability in fair value measurements and for expanded
disclosures about fair value measurements was considered.1

What Are SEC Examiners Reviewing?

During exams, SEC examiners generally request that advisers provide a number of valuation
related documents including, but not limited to: (1) a copy of the firm’s valuation policies and
procedures; (2) a list of pricing services being used; (3) the list of securities that were fair valued
                                                            
1
 Financial Accounting Standards Board, Summary of Statement No. 157. 
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
and supporting documentation; (3) copies of pricing exception reports; and (4) a list of securities
that had pricing exceptions.

Since performance has close ties to valuation, examiners have asked advisers for a summary of
advisory fee billing errors during the inspection period. The SEC staff looks to see whether or
not the errors were related to mispricing or inaccurate valuation of an investment. Service
providers involved in valuation are also a key focus area for examiners. With regard to
investment companies (“Funds”), SEC examiners ask advisers to describe what functions related
to pricing, valuation, and calculation of a Fund’s net asset value, and preparation of a Fund’s
financial statements have been outsourced to third parties. Further, examiners review to
determine whether oversight of those activities is covered by the adviser’s compliance program.
The SEC seeks to verify that the valuation process has been built into existing compliance
procedures. Other requests from examiners could include minutes and materials from valuation
committee meetings, pricing materials provided to auditors, and documentation of the CCO
review of fair valued securities.

The SEC is always looking to determine an adviser’s conflicts of interest. Examiners will review
if a dealer providing market quotes was also involved in originating and conducting those trades.
Whenever there is potential for conflict of interest, sound valuation policies should require that a
firm look for an alternative independent source for confirmation.

An adviser can outsource most of its valuation and pricing process, but not its obligations.
Advisers are not relieved of their ultimate responsibility for complying with all applicable rules
and regulations after selecting a valuation outsource provider. The adviser still has a
responsibility to oversee, supervise and monitor the service provider’s activities. Advisers
should perform adequate due diligence to ensure appropriately qualified personnel are in place to
monitor responsibilities under these arrangement.

Usually, the adviser conducts the initial due diligence analysis prior to hiring a third-party
service provider. The review should determine that the provider is capable of performing the
outsourced activities. As a follow-up, advisers should periodically conduct a review to
determine that the agreement’s terms are being met and that the provider continues to have the
ability to perform the outsourced activities.

Since valuation has a significant impact on compensation, it is imperative to minimize conflicts

in the valuation process. When it comes to valuation and pricing, providers have the ability to
provide checks and balances to the process. However, keep in mind that an adviser’s ultimate
responsibility is to ensure the valuation policy is accurate, up to date, consistently applied, and
appropriately disclosed to investors.

2. Conflicts of Interest, Insider Trading and Code of Ethics

 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
The purpose of the Code of Ethics (“COE”) Rule and personal securities transactions reporting
requirements is to ensure that an adviser complies with its fiduciary duty to keep clients’ security
holdings and financial circumstances confidential. Each adviser’s COE must maintain and
enforce procedures to prevent the misuse of material nonpublic information about the adviser’s
securities recommendations, client securities holdings, and transactions. An adviser’s COE must
also require the review of such reports in order to identify improper trades or patterns of trading
by employees with access to such information.

The COE should provide that, as a fiduciary, the adviser has an affirmative duty of care,
loyalty, honesty, and good faith to act in the best interests of its clients. Compliance with this
duty can be achieved by trying to avoid conflicts of interest and by fully disclosing all
material facts concerning any conflict that arises with respect to any client. In addition,
advisers may wish to impose a higher standard by providing that individuals subject to the
COE must try to avoid situations that have even the appearance of conflict or impropriety.
Conflicts of interest can take many forms – access to inside information, gift incentives which
may compromise sound judgment, ability and/or willingness to make questionable or
unethical decisions and more.

What Should Firms be Doing?

Conflicts of interest may arise where the adviser or its personnel have reason to favor the
interests of one client over another (i.e., larger over smaller accounts, accounts compensated by
performance based fees over accounts with standard advisory fees, accounts in which employees
have material personal interest). An adviser’s COE should specifically prohibit inappropriate
preference of one client over another client that would constitute a breach of fiduciary duty.
Advisers may also wish to consider including the following additional types of conflicts of
interest provisions in their COE:

• Advisers should prohibit investment personnel from recommending or considering any

securities transaction for a client without having disclosed any material beneficial
ownership, business or personal relationship, or other material interest in the issuer or its
affiliates. If a designated reviewer deems the disclosed interest to present a material
conflict, the investment personnel may not participate in any decision-making process
regarding the securities of that issuer.
• Even if already addressed in other policies and procedures, an adviser should include in
the COE a provision requiring supervised persons to act in the best interests of the
adviser’s clients regarding execution and other costs paid by clients for brokerage
services. The COE should remind supervised persons to strictly adhere to the adviser’s
policies and procedures regarding brokerage, including allocation, best execution, soft
dollars, and directed brokerage.
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
• Advisers should include a provision in the COE requiring supervised persons to disclose
any personal investments or other interests in third-party service providers with respect to
which the person negotiates or makes decisions on behalf of the adviser.
• Advisers should include a provision stating that supervised persons are not permitted to
intentionally sell to or purchase from a client any security or other property.

Included in an adviser’s COE and any separate insider trading policies and procedures should be
a discussion of potential insider trading penalties, including civil injunctions, permanent bars
from employment in the securities industry, civil penalties up to three times the profits made or
losses avoided, criminal fines, and jail sentences. Advisers should also emphasize that all
employees, officers, and directors are subject to insider trading policies and procedures and that
it is not just applicable to those who come in contact with material nonpublic information on a
regular basis.

Advisers should tailor their insider trading policies and procedures to the circumstances of their
firm, employees, and clients. For example, advisers with clients that are publicly traded
companies or clients who are insiders at public companies may need additional cautionary
language in their COE. Advisers should consider information provided not only by insiders, but
also by paid consultants and other third parties.

An adviser’s policies and procedures should emphasize that the SEC considers the term
“material nonpublic information” to apply not only to issuers, but also to the adviser’s client
securities holdings and transactions.

As part of or in addition to insider trading policies and procedures, an adviser should include a
provision in their COE that governs the timing of the firm’s disclosure of fund or model portfolio
holdings to clients, consultants, or prospective clients upon request. The provision should be
designed to ensure that certain clients are not given enhanced transparency allowing them to
receive portfolio information earlier than other clients. An adviser should also require
consultants and other third party service providers to abide confidentiality agreements and
stipulate that trading on the information provided is prohibited.

Depending on the size and nature of the adviser, an internal wall provision should prohibit access
persons from disclosing nonpublic information concerning clients or securities transactions to
non-access employees. If the adviser has any affiliates, it should include a provision prohibiting
supervised persons from sharing information with employees of the affiliated entities, except for
legitimate business purposes.

The COE should also prohibit employees with access to nonpublic information from using
knowledge about pending or currently considered securities transactions for clients to profit
personally, directly or indirectly, by purchasing or selling such securities. Advisers are required
to review personal securities transactions and holdings reports periodically. An adviser should
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
designate an individual or position that is responsible for reviewing and monitoring personal
securities transactions and trading patterns of access persons.

Advisers should consider the following tests when reviewing an employee’s personal securities
transactions.

• Compare pre-clearances against quarterly reports or confirmations received from brokers.

• Compare holdings reports against quarterly reports.
• Check the timeliness of access persons’ reporting.
• Check for compliance with any other internal policies and procedures (i.e. - blackout
periods).
• Determine whether access person bought securities on restricted list.
• Sample completeness of required records.
• Review list of access persons.

While conducting its annual review its compliance program, an adviser should do the following:

• Assess the frequency of personal trades of adviser employees.

• Assess the comparative performance of access persons’ accounts with clients’ accounts.
• Compare trades of access persons with those of clients.
• Analyze whether clients received terms as favorable as the access person when both are
trading in the same securities.
• Investigate any substantial disparities between the percentage of trades that are profitable
for access person in their own account compared to the percentage that are profitable for
clients.
• Evaluate over time whether the timing or pattern of access persons’ trading raises any red
flags (i.e. - market timing).
• Conduct the above tests for proprietary accounts as well.

When reviewing client accounts against proprietary and access person accounts for performance
disparities, calculate one and three year average annual total returns and compare and further analyze
any wide discrepancies. When reviewing the number of profitable trades in each proprietary and
access person's account over the previous 12 months, calculate the average number of such trades for
these accounts and compare to those in clients' accounts to determine if there are significant
discrepancies.

Finally, advisers should train and educate supervised persons regarding the COE. The training
should occur annually and require employees to attend all training sessions and read applicable
materials.

What Are SEC Examiners Reviewing?

 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 

Examiners review whether an adviser has identified the source and type of non-public
information employees may be privy to, and whether the firm has crafted adequate procedures
to maintain the confidentiality of that information. Adequate policies and procedures will
also attempt to identify false rumors. Rumors are the new hot topic as a result of an SEC
charge of securities fraud and market manipulation brought against a Wall Street trader for
intentionally spreading false rumors about an acquisition while selling the supposed soon to
be acquired firm short.2 It Adviser should create a procedure that requires personnel to
escalate questions about rumors. At the National Securities of Compliance Professionals
2008 National meeting in October 2008, Gene Golke, Associate Director of the Office of
Compliance Inspections and Examinations (“OCIE”) suggested forensic testing similar to
what is used to detect possible insider trading. He recommended taking a sample of the most
profitable trades over a period of time and check for any news or potential rumors that were
circulating about the securities at the same time.

In addition to conducting tests similar to the above with regard to personal securities
transactions, the SEC will check to see if an adviser:

• Provided a copy of the COE to all employees, including supervised persons, and received
acknowledgment of receipt from them;
• Identified all access persons including part-time employees and independent contractors
and obtained their initial holdings reports;
• Received quarterly transaction reports from all access persons;
• Stressed the importance of complying with the COE; and
• Retained the appropriate books and records.

Examiners will always scrutinize an adviser’s Form ADV to make certain it makes full
disclosure of potential conflicts of interest, such as soft dollar arrangements and best execution.
If there is not full disclosure in the adviser’s Form ADV, the SEC examiners concern could
increase and the review could be expanded.

3. Dealing with Senior Investors

With more senior investors in our markets than ever before--individuals aged 50 or above
account for approximately 75% of the total financial assets in the country3, the SEC has
prioritized the protection of senior investors in its investor education, examination and
enforcement programs. Concerns related to senior investors involve marketing, sales and
supervisory processes in place at firms.
                                                            
2
 Litigation Release No. 20537 / April 24, 2008, SEC v. Paul S. Berliner, Civil Action No. 08‐CV‐3859 (JES) (S.D.N.Y.)
 
3
 "Selling to Seniors" Monthly Report on Marketing, Jan. 1999. 
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 

Millions of seniors are victims of financial abuse and fraud annually. Often financial
representatives take advantage of their position of trust and misappropriate funds. Seniors
have been sold on a number of “too good to be true” scenarios offering guaranteed high
returns or risk free investments through vehicles such as variable annuities, life settlements,
and equity-indexed annuities. Equity-indexed annuities are source of confusion and concern
for many seniors. They share characteristics of both fixed and variable annuities. Their
returns vary more than a fixed annuity, but not as much as a variable annuity. They also have
greater risk than a fixed annuity, but less risk than a variable annuity.

The SEC has seen a number fraud cases under the guise of high pressure sales seminars
posing as free lunch or dinner seminars.4 According to the SEC, investment materials
distributed at these seminars sometimes contain exaggerated or misleading information
regarding the possible risk and return of various financial products. Moreover, the SEC has
expressed concern that some of the products promoted at these seminars are not appropriate
for senior investors living on fixed incomes.

What Should Firms be Doing?

Advisers should implement processes and procedures aimed at addressing common issues
associated with its employees’ interactions with senior investors. Adviser should consider the
following in dealing with senior investors:

• Designate a specific individual or department to serve as a central contact for questions

about senior issues.
• Provide written guidance to employees on senior-related issues, such as how to identify
and/or what to do if they suspect their customer is experiencing diminished capacity or is
being abused, financially or otherwise, by a family member, caregiver or other third
party.
• Remind representatives that it is important when dealing with customers, particularly
seniors, to base recommendations on current information.
• Offer training to help representatives understand and meet the needs of older investors.
• Be proactive in helping to educate customers about how to avoid being victims of
financial fraud.
• Have tight controls on the use of titles that indicate an expertise in advising senior
citizens on financial affairs.

                                                            
4
 “Protecting Senior Investors: Compliance, Supervisory and Other Practices Used by Financial Services Firms in 
Serving Senior Investors,” Securities and Exchange Commission’s Office of Compliance Inspections and 
Examinations, North American Securities Administrators Association, and Financial Industry Regulatory Authority, 
September 22, 2008. 
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
• Create a committee that focuses on the issues of senior investors that is made up of
people from different departments in the firm.
• To address suitability concerns, establish age-based restrictions on certain products and
product features.
• Educate senior investors about the importance of power of attorney, and encourage them
to share details of their financial affairs with trusted family members.
• Document conversations with senior investors in case they have trouble remembering.
• Use plain-English explanations, and provide written brochures that investors can take
home or show to relatives.

Advisers should also conduct supervisory and surveillance review of the activity in senior
investors’ accounts using exception reports and other supervisory review activities in order to
pay special attention to seniors’ accounts. Advisers should attempt to capture transactions and
practices that may particularly impact seniors. Exception reports should identify and monitor
portfolio allocations, commissions, and other issues in seniors’ accounts.

What Are SEC Examiners Reviewing?

Examiners will be focusing on the following areas:

• Marketing and advertising;

• Account opening procedures;
• Product and account review;
• Ongoing review of the relationship and appropriateness of products;
• Discerning and meeting the changing needs of customers as they age;
• Surveillance and compliance reviews; and
• Employee training.

4. Compliance and Supervision

By now, investment advisers should have developed and implemented an overall compliance
program that includes compliance monitoring and testing reasonably designed to protect the
firm, its employees, and clients from compliance deficiencies or abuses. The monitoring of
activities within the firm and testing of the firm’s compliance policies and procedures are both
integral parts of fulfilling a firm’s obligation to review its policies and procedures at least
annually to determine the adequacy of their effectiveness and implementation.

What Should Firms be Doing?

Firms should consider the following points when developing monitoring and testing of their
compliance programs.
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 

• A testing program should appropriately correspond to risks identified in the firm’s risk
assessment. An adviser should have a process in place for identifying risks and making
sure such risks are appropriately addressed in the firm’s policies and procedures.
• An adviser’s CCO or designated person should review the monitoring and testing results.
• The CCO in conjunction with appropriate senior management should develop an action
plan to address significant exception items and to determine if any disclosure
modifications are required to address results from monitoring or testing. An adviser
should have a process in place to determine how escalation to senior management would
occur, if needed.
• An adviser should include as part of its compliance program review any relevant
resources, such as internal/external audits, mock SEC audits, SAS 70 reviews (if
applicable), and other relevant consulting reviews.
• A testing calendar should be developed to address the frequency and type of testing over
the course of the year.

When developing the testing calendar, an adviser should consider the following:

• Risk-weighting each area of compliance to correspond appropriately to the scheduled

testing frequency.
• The appropriate amount of testing to be accomplished over the year and develop a
workable plan that will accomplish a certain amount of that work each month or quarter.
• Using internal deadlines throughout the year to set benchmarks for accomplishing policy
reviews and for taking appropriate remedial action.
• Avoid making the plan for testing too ambitious or too scarce.

As part of a compliance program, advisers may wish to obtain certifications from leaders of
business units regarding certain compliance matters occurring in their area of operations on a
regular basis, such as:

• Head of trading certifying that the firm’s allocation policy has been followed.
• Head of marketing certifying that the firm’s advertisements are accurate and comply with
the firm’s policies, procedures, and recordkeeping requirements.
• Head of information technology certifying that the firm has a business continuity plan
that has been tested in the last 12 months.

Firms should determine from year-to-year the appropriate mix of certifications, monitoring and
testing activities. An adviser should have someone outside each business unit conduct forensic
testing as a separation of functions and a good control.
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
Employee and management interviews are key methods of identifying and documenting an
adviser’s activities, practices, needs, deficiencies, and solutions. Interviewing management can
help document a firm’s culture of compliance. Further, interviewing management and
employees can document changes, enhancements, and problems identified and hopefully
resolved during the most recent time frame.

Advisers should develop a training plan that addresses employee needs for training in all
compliance areas relevant to the employee’s responsibilities. A training plan should incorporate
the high risk areas and any areas of deficiency. The adviser should document: in-house training
sessions, computer-based training provided, outside training conferences attended, and
individualized instruction on compliance matters.

For any deficiencies noted, consider the appropriate level of training, instruction, specialized
problem solving, or retraining that may be indicated. An adviser should also create specialized
training for any new areas during the year such as new products, new laws or regulations, new
computer systems.

Once monitoring and testing identify exceptions, problems, or recommendations, management

should follow-up in a way it deems appropriate. Some items must be accomplished
immediately; others should be accomplished as soon as appropriate. Management should
address each item appropriately from the standpoint of risk and considering possible solutions,
available options, and firm resources. An adviser should determine the appropriate course of
action and then implement that solution within a reasonable timeframe. Items for follow-up
should be tracked for progress until accomplished or closed.

What Are SEC Examiners Reviewing?

Examiners will seek to understand the adviser’s compliance program and whether it appears
designed to capture and manage that particular adviser’s compliance risks. They are
interested in whether the adviser has conducted a risk-assessment and identified its own
compliance risks and conflicts of interest, and crafted and implemented procedures to
effectively mitigate those risks.

The examiners will review an adviser’s documentation to demonstrate the effectiveness of its
control process. Documentation can include among other items:

• Exception reports together with documentation of follow-up work;

• Completed compliance checklists;
• Reconciliations;
• Management reports;
• Completed questionnaires
• Notes of interviews with adviser employees and others;
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
• Documents containing supervisory approval of overrides in various areas;
• Warning or sanction notices to staff who did not follow a policy or procedure;
• Results of any transactional and forensic testing and any follow-up work performed based
upon such testing;
• Self-assessments of the effectiveness of the adviser’s compliance policies and
procedures, internal audit reports, and similar documents; and
• List of COE violations together with documentation that demonstrates how each
violation was handled.

In its July 2008 ComplianceAlert, the SEC noted that in many of the advisory firms that
appeared to have effective compliance programs, compliance personnel were actively involved
in implementing those programs. For example, the compliance department implemented policies
and procedures for personal securities transactions and trading in proprietary accounts and
ensured that all employees were aware of the advisers’ policies and procedures. Further,
compliance personnel not only provided employees with the firm’s COE as mandated by the
regulations, but expanded on the regulatory requirements by ensuring that firm employees
received training in the adviser’s policies and procedures and requiring firm employees to
acknowledge each year, in writing, that they had read the adviser’s COE.5

5. Portfolio Management

Advisers are expected to incorporate into their compliance program portfolio management
processes that are reasonably designed to assure consistency of portfolios with guidelines
established by clients, including investment guidelines, restrictions and risk tolerances,
disclosures, and regulatory requirements. Policiesy should be designed to prevent, among other
things,violations of investment restrictions and guidelines and style drift.

What Should Firms be Doing?

Advisers should consider various ways to document that portfolio managers determine whether a
trade will violate investment restrictions or guidelines of a client, such as:

1. Ensuring each client’s investment guidelines are in writing and are delivered to the
portfolio managers, traders, and other advisory personnel responsible for investments;
2. Requiring portfolio managers to consult the written documents outlining the client’s
investment restrictions including: investment guidelines and restrictions, the advisory
contract and, if applicable, the mutual fund prospectus;
3. Using an automated system to monitor for and stop potential trading violations after the
trades are placed, but before they are executed. The system should screen for permissible
and impermissible investments for an account;
                                                            
5
 http://www.sec.gov/about/offices/ocie/complialert0708.htm 
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
4. Requiring portfolio managers to provide reasons for any overrides of pre-trade warnings
and violations of investment guidelines;
5. Creating exception reports for trading violations and having the proper personnel follow
up to reconcile accounts. Compliance personnel should review exception reports; and
6. Following up on “red flags” and suggestions of irregularities/impermissible investments
and ensure resolution of these exceptions is adequately documented.

After trades are completed, advisers should consider ways to ensure personnel determine if a
trade has violated some investment restrictions or guidelines of a client, such as:

1. Reviewing and reconciling account statements generated internally versus those

generated byclient custodians and broker-dealers;
2. Using computerized compliance programs to identify trading violations after trades are
executed;
3. Review all trade confirmations to ensure any errors are caught and corrected as soon as
possible;
4. Training portfolio managers and traders to promptly notify compliance personnel of an
error when it occurs; and
5. Having compliance personnel conduct reviews of post-trade violations of investment
guidelines.

What Are SEC Examiners Reviewing?

The SEC will examine the adviser’s disclosures and client investment objectives to determine
whether the recommendation of securities is consistent with the decision making process.
Examiners are also looking at whether processes and procedures related to risk management,
valuation, accounting, and other back office functions are adequate given the types of
investments made on behalf of clients. Examiner focus will include a review of client
investments in structured products and other complex derivative instruments, including
collateralized debt obligations (CDOs), collateralized loan obligations (CLOs), credit default
swaps, and other types of swaps.

The SEC seeks evidence of periodic documented reviews by the compliance officer, or a
designated person, to determine if account activity is consistent with client’s investment
objectives. We recommend documenting this review at least quarterly.

6. Brokerage Arrangement/Best Execution

Advisers owe a fiduciary duty to clients under Section 206(2) of the Investment Advisers Act to
execute securities transactions for clients in such a manner that ’ total costs or proceeds in each
transaction is the most favorable under the circumstances. A key element of the duty of
execution is securing the best price for a securities transaction. Other factors in addition to price
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
and commission costs may be considered by advisers when determining how to direct
brokerage.

Lori Richards has listed several factors for advisers to consider in evaluating the quality of the
execution including:

• Which broker-dealer can obtain the best price with the least amount of market impact;

• The speed of the execution;

• The certainty of the execution; and

• The commission rate or spread.6

An adviser should consider the full range and quality of a broker’s services in placing brokerage
including, among other things, the value of research provided as well as execution capability,
commission rate, financial responsibility, and responsiveness to the money manager. The
determinative factor is not the lowest possible commission costs but whether the transaction
represents the best qualitative execution for the client account.

Investment advisers with discretion should evaluate the best execution of broker-dealers on an
ongoing basis. Richards suggests that advisers must “periodically and systematically” evaluate
the quality of executions services received from broker-dealers. Advisers should reevaluate best
execution in response to specific events, such as an increase in the broker-dealer’s fees or a
reduction in its services.7

What Should Firms be Doing?

An adviser should have policies and procedures reasonably designed to seek best execution for
each advisory client’s securities transactions.

Some advisers have established broker committees that oversee all aspects of brokerage activities
including broker selection and allocation. The committee should maintain a list of approved
broker-dealers and conduct periodic reviews to determine whether to add or remove any such
broker-dealers. In assessing whether to add or remove brokers, the committee may wish to
consider: (1) any changes in commission schedules; (2) new brokers or ECNs added during the
period and the reasons for the additions; (3) any positive or negative news articles noted on any

                                                            
6
 Speech by SEC Staff: Valuation, Trading, and Disclosure: Three Compliance Imperatives, Remarks by Lori A. 
Richards, 2001 Mutual Fund Compliance Conference Investment Company Institute, June 14, 2001, 
http://www.sec.gov/news/speech/spch499.htm. 
7
 Id. 
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
broker-dealers or ECNs used by the firm or that the firm is considering using; and (4) any
negative experience with the broker reported by the trading desk. The adviser may wish to
establish a policy that its traders will use only those broker-dealers on the approved list, unless
prior approval from the committee is obtained and the reasons are documented.

The Best Execution Committee should also establish the criteria it will consider when assessing
the quality of a particular broker-dealer, such as:

1) The commission rates charged by the broker in comparison to the charges of other
brokers for similar transactions;
2) Direct access to the broker’s trading desk and the familiarity of the contact person with
the adviser’s business and interests;
3) The extensiveness of the broker’s distribution network and its ability to fulfill more
difficult orders (e.g., thinly traded of limited availability securities);
4) The ability of the broker to maintain confidentiality while executing trades to prevent the
disclosure of an adviser’s investment strategy or the details of an order in a way that will
adversely affect the market price;
5) The extent to which the broker is willing to commit its own capital to fulfill difficult
orders;
6) The broker’s execution abilities, including the level of accuracy in executing orders,
speed of execution, and ability to obtain best net price;
7) The broker’s communications and administrative abilities, including efficiency of
reporting, settlement efficiency, and proper correction of trade errors;
8) The broker’s research capabilities and ability to provide market information;
9) The extent to which the broker provides the adviser with access to companies through
trade shows, conferences or other contacts;
10) The quality and flexibility of any custodial services provided by the broker; and
11) The financial stability of the broker.

The Best Execution Committee may wish to establish ranges for commission rates and attempt
to negotiate with the approved broker-dealers when possible. Rates should be generally
reviewed at least annually, together with the value of any other services provided by the broker.
If ranges are established, trades at rates outside these ranges should be brought to the attention of
the Best Execution Committee. The Best Execution Committee should also review the
concentration of trades with any one broker-dealer. Procedures should direct the Best Execution
and/or its designee to periodically review and oversee the disclosures related to best execution by
the adviser in its Form ADV and advisory agreements. Best execution reviews should generally
be documented at least quarterly.

Certain records, although not all specifically required to be created, should be maintained to
document the firm’s best execution analysis, including:
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
• Evidence of competitive prices from several broker-dealers for a trade indicating the
adviser has looked for the best combination of commissions and net prices;
• Minutes or other documentation of the broker approval process by the Broker Committee;
• Disclosures in the Form ADV and advisory agreements about best execution practices;
• A list of approved brokers (categorized by research, trading, ECN, etc.);
• A list of companies followed and brokers that provide research for each company;
• Research-related conferences attended and a list of attendees;
• Client directed brokers and documentation of direction;
• Documentation of the Broker Committee’s post-trade review of best execution;
• Copies of trade execution reports; and
• Any broker-dealer financial statements.

What Are SEC Examiners Reviewing?

In this area, examiners will look to see if brokerage arrangements are consistent with fiduciary
obligations. SEC examiners will ascertain whether the adviser seeks best execution, whether it
uses soft dollars consistent with its disclosures, and whether the adviser periodically and
systematically evaluates the costs and benefits of its brokerage arrangements.
Examiners are particularly looking for any inappropriate and/or undisclosed use of soft dollars
for the benefit of the adviser, and use of any affiliated or preferred broker-dealers for excessive
commission payments, kickbacks to the adviser, or other undisclosed arrangements.

7. Allocation of Trades

As a matter of fiduciary duty, an adviser that makes investment decisions and places orders for
multiple accounts must ensure that participating clients are treated fairly and equitably when
allocating securities transactions. During examinations, the SEC and other regulators scrutinize
trade allocation practices, because there is a potential for clients to be harmed or defrauded.
Furthermore, these trade allocation practices may be contrary to clients’ expectations. Therefore,
it is a good business practice for advisers to adopt and implement strict trading allocation
policies and procedures and disclose the process to clients.

It is important to recognize that this does not require that each client account be managed
identically. Further, it is not improper for one client account to perform better than another.
This could in fact be the case due to individualized suitability determinations and chance rather
than improper allocation practices.

There are many ways for trade allocation practices to harm clients. As an example, an adviser
may defraud its clients when it disproportionately allocates scarce and potentially lucrative initial
public offerings (“IPOs”) or “hot issues” to favored accounts and fails to disclose adequately this
practice to all clients. Allocations of IPOs may be inequitable when preference is given to the
following:
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 

• Proprietary accounts;
• Accounts that pay performance-based fees;
• Accounts that are underperforming; and
• Clients that the adviser hopes will invest additional assets with the firm.

In addition to the issues raised by possible breach of fiduciary duty, allocation decisions can also
raise anti-fraud concerns. For instance, if hot issues are disproportionately allocated to an
account in order to artificially inflate performance, the adviser may have an obligation to
disclose this fact when it advertises that account’s performance. As the SEC stated in a
prominent case, “disclosure that a large portion of the Growth Fund’s return was attributable to
its investments in IPOs would have been material to an investor’s decision whether to invest in
the Growth Fund, particularly in light of the fact that, given the growth in the fund’s total assets,
it was questionable whether the fund could continue to experience, by investing in hot IPOs,
substantially similar performance as the fund had previously experienced.”8

What Should Firms be Doing?

The following controls should be considered when developing trade allocation procedures:

1. An adviser’s procedures should require a written allocation statement for each trade that
specifies the participating client accounts and how orders will be allocated among
accounts. In the event an order is allocated differently from the statement, the Trading
Desk should document the reasons for the change after determining that clients are being
treated fairly and equitably. The allocation should be completed promptly after the trade.
2. Transactions combining orders for two or more portfolios generally may be allocated on
a pro rata basis, with each participating portfolio receiving a percentage of the executed
portion of the order based on each portfolio’s percentage of the original order.
3. An adviser’s allocation policy may provide for alternative allocation procedures so long
as all client accounts receive fair and equitable treatment. The reason for such different
allocation should be fully documented and promptly approved in writing by a designated
individual.
4. A random or rotation allocation program may be used to fill client orders of limited
availability or thinly-traded securities. Random or rotation allocations should ensure that
all eligible accounts have an opportunity to participate in such transactions over time.
5. If the portfolio manager or trader uses any method other than those stated in the firm’s
policy, the reasons should be documented and approved by the CCO or Best Execution
Committee.

The following forensic tests should be considered to detect improper allocation practices:
                                                            
8
 Van Kampen Investment Advisory Corp. and Alan Sachtleben, Advisers Act Rel. 1819 (Sept. 8, 1999). 
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 

1. Compare performance among client accounts managed under similar investment styles
(e.g., large cap growth, large cap value, etc.) for undisclosed favoritism toward certain
clients. Identify accounts with performance of two or more standard deviations, both
plus and minus, away from the mean performance of accounts managed under a
particular investment style. Reasons for deviant performance may be due to client
restrictions or large cash flows, but may also be due to undisclosed favoritism toward
certain accounts.
2. Compare the performance of all accounts that were eligible to participate in IPOs over
various periods such as one and two years. Accounts whose performance is significantly
higher than the average for this group of clients should be analyzed closely to determine
if a reason for the unusual performance is the allocations of IPOs that were given to these
accounts.
3. Calculate the number of profitable trades in each client’s account over the previous 12
months and the average number of such trades for all clients. Identify those clients’
accounts that have much better results than the average and determine the reason for such
results.
4. Compare performance among client accounts managed under similar investment styles
over a one or two year period. Identify accounts whose performance is significantly
higher than the average of all accounts in a style. Review trading in such accounts to
determine if a reason for the unusual performance is due to the unfair or fraudulent
allocation of trades. For example, check to see if a trade intended for one client was
diverted to the account of another client by changing the allocation or settlement
instructions given to the executing broker.

What Are SEC Examiners Reviewing?

Regarding allocation of trades, examiners will look to see if the adviser has disclosed its policy,
and whether those policies and procedures include procedures for allocating IPOs, block trades,
and investment opportunities among clients and proprietary accounts. In addition, examiners
will look for cherry-picking and favoritism in allocations to relatives, high-profile clients, clients
with performance-fee accounts, or other clients that the adviser may have an incentive to favor.

8. Performance Advertising

Investment advisers’ advertisements are governed by Investment Advisers Act Rule 206(4)-1,
which prohibits false or misleading advertising, as well as more specific practices. An adviser
should include written policies and procedures in its compliance program designed to ensure
compliance with this rule, as well as compliance with any standards the firm chooses to follow,
such the CFA Institute’s Global Investment Performance Standards (“GIPS”).

Although the advertising rule is silent on the issue of performance advertising, the SEC
scrutinizes this practice because it can be misused. Generally, there are two types of
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
performance advertising by investment advisers. The first type is where an adviser advertises the
investment performance of actual portfolios it manages. The second type is where the adviser
advertises the performance of its model portfolio, which has no assets, but is managed as if it
does. Whether it is actual or model performance, the SEC stated its position on performance
advertising in the Clover Capital no-action letter released on October 28, 1986.9 The Clover
Capital no-action letter is the best source for determining what information to include when
showing performance information.

What Should Firms be Doing?

If performance advertising is being utilized, an adviser should make sure it iscomplying with the
Clover Capital, as well as other no-action letters. The adviser should designate an individual
responsible for calculating performance, as well as a different individual (“performance
reviewer”) who is responsible for reviewing and understanding the calculations. The
performance reviewer should consider whether all appropriate disclosures have been made, given
the method of calculation and all relevant factors and conditions.

The adviser should also periodically test recordkeeping practices to ensure that all documents
necessary to substantiate advertised performance are being appropriately created and retained. If
an adviser claims compliance with GIPS or other ethical standards, it should verify the claim is
accurate. An inaccurate claim of compliance in advertisements and other correspondence could
constitute a false and misleading statement under Rule 206(4)-1(a)(5).

If an adviser maintains composites, it should periodically review client account holdings for its
appropriateness to a composite, including sector and security concentrations. The adviser should
also compare client account asset levels to composite asset minimums and review accounts that
are excluded from composites to ensure that reasons for the exclusion are adequate and
documented. Finally, composite disclosures should be periodically reviewed to ensure the
information reported is accurate.

Finally, an adviser should periodically review responses to requests for proposals (“RFP’s”) and
consultant questionnaires to ensure the information reported is truthful and not misleading.

What Are SEC Examiners Reviewing?

The SEC is interested in whether funds and advisers have effective policies and procedures to
make sure that their claims about their past investment performance, their advertisements, and
other marketing materials contain accurate information, and whether information in pitchbooks,
RFPs and other materials provided to clients is accurate.

                                                            
9
 Staff No‐Action Letter, Clover Capital Management, Inc., SEC Ref. No. 86‐264‐CC, File No. 801‐27041, 
http://www.sec.gov/divisions/investment/noaction/clovercapital102886.htm. 
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 

Examiner look for the following during the examination process:

• Whether the adviser maintains an advertising file;

• Whether the advertisement is false or misleading in any way;
• Whether the adviser uses performance advertising;
• Whether the adviser has documented its performance calculation methodology;
• Whether the CCO or his/her designee has approved all of the advertisements; and
• Whether there is documentation demonstrating that approval.

9. Safeguarding Clients’ and Funds’ Assets

The SEC has long been concerned with safeguarding client assets from conversion or improper
use. To address this concern, the SEC imposed requirements on investment advisers that have
custody or possession of client assets under Investment Advisers Act Rule 206(4)-2 (“Custody
Rule”). The Custody Rule requires advisers that are deemed to have custody of client funds and
securities to maintain those funds and securities with a “qualified custodian”. The Custody Rule
also requires advisers to have a reasonable belief that the qualified custodian provides account
statements at least quarterly directly to the adviser’s clients or the clients’ independent
representative. If the qualified custodian is not sending the account statements, the adviser may
do so instead, but in that case the adviser must undergo an annual surprise examination by an
accountant to verify the funds and securities of those clients. Finally, where the client is not
involved in setting up the custodial account, the adviser must send a notice to the client
identifying the custodian.

The SEC is interested in whether advisers have effective policies and procedures for
safeguarding their clients’ assets from theft, loss, and misuse. The SEC also is concerned with
regard to the adviser potentially representing false performance results or account holdings,
perhaps as a way to deduct larger advisory fees than are appropriate.

What Should Firms be Doing?

Advisers should establish procedures for dealing with the following issues arising under the
Custody Rule:

1. An adviser should have procedures in place to assess its arrangements and determine
whether it has custody under the Custody Rule.
2. An adviser should establish procedures to avoid being deemed to have custody other than
in limited circumstances (i.e. – the deduction of fees).
3. When opening an account for a new client, an adviser should check whether the client’s
custodian is a “qualified custodian.”
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
4. An adviser should establish procedures enabling it to form a “reasonable basis” for
believing that the qualified custodian sends each of its clients or the client’s independent
representative account statements on at least a quarterly basis. It is extremely important
that the account statements are not routed through the adviser prior to delivery to the
client. This ensures that advisory personnel do not have an opportunity to alter or falsify
custodial statements.
5. An adviser should review its Form ADV to determine if any amendments are necessary.
If the only reason that an adviser has custody is because it has authority to deduct
advisory fees, then it does not have to indicate custody on Item 9 of Part I. However, if
the adviser has custody for any other reason, it must so indicate on Form ADV.
6. An adviser should review its advisory contract and third party agreements to determine
whether custody arrangements are appropriately disclosed.

An adviser may also wish to establish policies and procedures with regard to safeguarding
clients’ assets, including:

1. An adviser should consider limiting the personnel who are authorized to trade regarding
client accounts. The adviser could use passwords for electronic trading software and
systems or provide custodians with a list of personnel authorized to provide instructions.
Further, a compliance officer or designated individual should periodically review account
trading patterns to monitor for signs of unauthorized trading.
2. The adviser should also have a system of reconciling custodial statements to its internal
records and resolve any differences.
3. An adviser’s policies and procedures could also provide for protecting client assets by
requiring advisory personnel to maintain confidentiality when handling client account
information.

What Are SEC Examiners Reviewing?

Examiners will focus on the following issues:

1. Whether the adviser has custody of clients’ funds and securities;

2. Whether the client is billed directly by the adviser;
3. Whether the adviser uses a qualified custodian to take custody of client assets;
4. Whether fees are deducted directly from the client’s account by a qualified custodian;
5. Whether the client agreement authorizes automatic withdrawal of advisory fees from the
client’s account;
6. Whether the client receives a statement at least quarterly that shows the deduction of
advisory fees; and
7. Whether the adviser has a policy and procedure in place to prevent inadvertently taking
custody of securities or checks.
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
Examiners may also look at whether fee statements are sent simultaneously to the client and the
custodian, and if the statements show how the fee was calculated. Best Practice for protecting
the adviser would be for the adviser to disclose to clients that they are responsible for verifying
the accuracy of fee calculations.

10. Information Protection

In March 2008, the SEC proposed amendments to Regulation S-P (“Reg S-P”) which
implement certain personal and financial privacy obligations for SEC-registered financial
institutions, such as broker-dealers and investment advisers.10

Eight key changes in the SEC's proposed changes to Reg S-P would require institutions to:

1. Designate in writing an employee or employees to coordinate the information security

program;
2. Identify in writing reasonably foreseeable security risks that could result in
unauthorized compromise of personal information;
3. Implement safeguards to control identified risks;
4. Regularly test, monitor, and document the effectiveness of safeguards;
5. Train staff to implement the program;
6. Oversee service providers and require them by contract to implement and maintain
appropriate safeguards;
7. Provide for secure disposal and written documentation as to destruction of records
with non-public personal information; and
8. Evaluate and adjust the information security program on an ongoing basis.

The SEC is looking for firms to adopt an “information security program” which would
require the adoption of written policies and procedures to address administrative, technical,
and physical safeguards and protection of customer records. Further, the amendments would
require written procedures for responding to incidents of unauthorized access to or use of
personal information. The SEC’s goal is to ensure the security and confidentiality of personal
information; protect against any anticipated threats or hazards to the security or integrity of
personal information; and protect against unauthorized access to or use of personal
information that could result in substantial harm or inconvenience. Where the misuse or
possibility of misuse of personal information has occurred, the SEC would require notice to
affected individuals. If a person has suffered substantial harm or inconvenience or intentional
intrusion by someone without authorized access, notice to the SEC is required.

                                                            
10
 Securities and Exchange Commission, 17 CFR Part 248, Release Nos. 34‐57427; IC‐28178; IA‐2712; File No. S7‐06‐
08. 
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
The amendments would also broaden the scope of the personal information under the current
different provisions into the definition of “personal information.” In addition, “personal
information” would include any information identified with any consumer, employee,
investor, or security holder that is handled by the institution. The amendments would extend
the safeguards and disposal rules to nonpublic personal information of employees, which
would minimize the risk that an identity thief could access investor information by
impersonating an employee.

The Amendments would add a new exception to the notice and opt out requirements to permit
limited disclosures of investor information when a representative moves from one firm to
another. The purpose of the exception is to create an orderly framework for controlling the
type of information that departing representatives share with their new firms. This
information includes: the customer’s name, a general description of the type of account and
products held by the customer, and contact information, including address, telephone number
and e-mail information. Departing representatives would have to provide to their former firm
a written record of information that would be disclosed based on the exception, and the
representatives would be barred from sharing any customer’s account number, Social Security
number, or securities position.

What Should Firms be Doing?

With the possible implementation of the Reg S-P proposals, many financial institutions may
find a need to add sophisticated and/or costly measures to control the risk of personal
information being accessed by hackers or other unauthorized persons. In the interim,
customer self-education as well as a financial institution’s proactive measures can help
mitigate the associated risks.

Firms should identify in writing their reasonable security risks, standardize their policies
throughout all communications (employee manuals, Form ADV, etc.) and consider keeping
some documents, such as executed contracts, longer than the SEC's books and records rule.

Some other tips include making sure laptops that contain sensitive client information carry
passwords, that employees' thumb drives with confidential data are encrypted and that the
firm notify the client and the SEC if such information is lost. State law may even be stricter
regarding what constitutes non-public info and reporting responsibilities.

Further, advisers should be aware that not all records destruction vendors are the same in the
way they shred records. Advisers should ensure that their vendor uses cross-cut shredders.
At least one company sells services that promise to re-assemble shredded documents and a
cross-cut technique would make this extremely difficult.
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com
 
 
A financial institution could send e-mails or post warnings on their internet site to alert
customers of known e-mail and Internet-related fraudulent schemes and to caution them
against responding. Additionally, the firm could offer customers assistance when fraud is
detected in connection with customer accounts. A centralized reporting system should be
considered to monitor all privacy breaches to detect and track patterns of potential fraudulent
activity. Firms should also maintain a centralized file of all relevant documents pertaining to
privacy breaches and keep a copy in the files of the impacted customers.

What Are SEC Examiners Reviewing?

During on-site examinations, examiners look at whether advisers and their employees guard
their clients’ privacy or act carelessly with regard to client confidentiality. Examiners look
for various red-flags including but not limited to the following:

1. Employees have access to all files, not just the ones for which they have certain
responsibilities;
2. Firm does not restrict access to private information to employees with a need to know;
3. Employees do not log off their computers when they leave their desk and change their
passwords infrequently;
4. Files on desks and file drawers are left open where anyone may see or access them;
5. File cabinets and offices with private information are left unlocked; and
6. Employees have conversations about client private information in open areas.

Examiners also verify that formal policy requirements are being satisfied, such as:

1. Whether clients were provided a copy of the adviser’s Privacy Policy at the time the
account was opened;
2. Whether the adviser shares client information;
3. Whether clients may opt out of any sharing of information arrangements;
4. Whether the policy is thorough and accurate;
5. Whether there is evidence of the delivery of an Annual Privacy Notice to clients; and
6. Whether a record is maintained to document delivery of initial and annual privacy
notices.

The top ten compliance areas discussed above continue to be hot button items on the SEC’s
radar. More emphasis is needed with regard to clarifying how to conduct reviews and test
compliance theory, rules, and best practices rather than just discussing the rules. While
addressing the areas presented within your compliance program is vital to the health of your
compliance program, additional compliance risk areas must also be addressed and tested
dependent on the specific risks present at your firm.
 
SEC Compliance Consultants, Inc.
32 Saddlebrook Lane • Phoenixville, PA 19460
ph: 610.415.9261
fax: 610-200-1463
www.seccc.com