Apr 17th 2018 - by Patrick Adrian, CFA
In my experience, most manager research teams are not thinking about compliance that much. They typically rely on their firm’s Chief Compliance Officer or outsourced compliance consultant to tell them what they need to know. It’s a one-way interaction every once in a while, at best.
I’m guilty of this myself. In my first research role, I was working for George F. Russell, Jr.'s family office. George essentially invented pension consulting in the late 1960’s, so the tradition and culture around manager research and due diligence was quite strong. Analysts were respected for digging deep into a manager’s process and tearing apart everything the manager said. “Question everything” would have been an apt mantra for us.
However, there was one question I never considered: how well did our research process stack up against what the SEC expects? I just assumed that we were doing way more than we technically needed to. In retrospect, that assumption was naïve and even firms that think of themselves as extremely thorough, experienced, and diligent can end up in hot water. Reviewing SEC cases and Risk Reports, there are areas that could very easily be missed by relying solely on compliance professionals who don’t necessarily understand the nuances of due diligence and research. Likewise, just focusing on what you, as a researcher, view as solid research could leave you vulnerable. Research compliance is multi-faceted, always evolving, and requires a cooperative effort on the part of compliance and research functions to make sure firms are in the strongest possible position should something come up.
One of the best starting points for research compliance within the context of the Investment Advisors Act of 1940 is a 2014 Risk Report written by The Office of Compliance Inspections and Examinations (OCIE)1. OCIE is the division within the U.S Securities and Exchange Commission (SEC) that carries out what is commonly called an SEC Audit or Exam. Did anyone just shudder a little reading that? The SEC Exam is one of the most stressful times for a firm, because it can lead to an investigation by the SEC Enforcement division. The 2014 Risk Report is a great starting point in terms of connecting the dots between specific rules in the Investment Advisors Act of 1940 and the manager research conducted day-to-day by analysts.
The data presented in the 2014 Risk Report comes from actual examinations of firms. Specifically, the firms recommending or invested in hedge funds and private equity. In this article, we’ll look at two of the major portions of the Risk Report. The first deals with observations around due diligence, industry practices, and trends. The second details areas where the OCIE found material deficiencies or control weaknesses.
Additionally, I will point out a few SEC cases where strong due diligence and documentation would have gone a long way to protecting advisors and their clients.
Let’s dive in.
The items in Figure 1 are not an exhaustive list of potential research actions, but I would imagine there is at least one or more your team is not currently doing and could consider in your next research process review. The OCIE is not saying that their observations represent requirements. However, the Risk Report presents risks and issues that the OCIE has identified during examinations, and addressing these risks could help firms strengthen their current practices and avoid potential trouble with the SEC down the road.
The OCIE found that many advisors had written formal due diligence policies and procedures. Those that did not had some sort of informal framework in place. They also point out that advisors who adopted written policies were more likely to apply them consistently.
In cases where advisors outsource their manager selection, those vendors need to be reviewed periodically.
There were several areas where compliance issues were found. The two rules cited specifically were 206(4)-7 and 204A-1. Advisors could put themselves in a more solid compliance position by looking at these rules closely and ensuring their written procedures address and adhere to these rules.
The OCIE specifically noted that advisors must:
Review manager due diligence policies and procedures annually.
Advisors must ensure that information is consistent with actual practices, not misleading or unsubstantiated.
In 2016 2, the SEC announced penalties against 13 firms who repeated false claims by investment manager F-Squared Investments about their performance. The critical issues were failure to have a reasonable basis to believe the accuracy of the performance claims in advertisements and a failure to maintain records necessary to form a reasonable basis.
Perhaps most surprising is that a number of the firms cited had a disclosure along the lines of: third parties were the source of performance data and that Firm XXX did not guarantee the accuracy. I’ve seen that disclosure throughout my career, but that’s not enough to dilute responsibility. The SEC states that these firms did not take sufficient steps to confirm the accuracy of the performance results or obtain sufficient documentation that would have substantiated the results.
Additionally, advisors need to maintain true, accurate, and current documentation that demonstrates how they formed a reasonable basis.
In 2009 3, the SEC found that an advisor did not follow their full due diligence process represented to clients when they recommended an investment in funds managed by Bayou Management, LLC, who then committed fraud. The advisor also did not follow up on observed red flags.
Due diligence from an SEC compliance perspective is left ultimately to our own interpretation. There are no hard and fast rules to guide firms in all situations. In my mind, you want to design a process that would stand up to a jury of your peers as reasonable should something go wrong. I think it’s relatively straightforward to reach a consensus that F-Squared performance records were too good to be true. In fact, I believe there was a tacit understanding by most organizations that the performance was a backtest, but the demand for liquid alternative strategies following the financial crisis caused firms to rely on an often-used disclosure and hoped for the best instead of doing proper due diligence. Safety in numbers in this instance proved to be unwise, and perhaps that’s the ultimate lesson. A fiduciary must act in their client’s best interest, period.
If your comfort level around avoiding an SEC enforcement action isn’t high enough, take some time with your research staff and map out a plan to shore things up and make the necessary changes. Loop in your compliance resources for their input. Read the 2014 Risk Report and have a process to stay up to date with SEC cases that relate to research going forward. Explore technology that can help streamline the documentation process and provide analytical based insights to make due diligence easier. Taking the time to implement these steps could improve your standing in the case of an SEC exam, and at the same time strengthen your due diligence and compliance processes so that you can provide better advisory services to your clients.