Division Risk Alert: Code of Ethics
Main Contributor: Gretchen Sturdivan, CSCP Creative Director & Client Service Manager
Background
The Division of Exams (“EXAMS”) has found notable deficiencies in relation to Section 204A of the Advisers Act and the Code of Ethics Rule 204A-1, which they lay out in a recent Risk Alert. We may all associate the Code of Ethics with the dreaded quarterly task of providing personal trading statements, and while that is a critical piece, the rule encompasses several other standards of business conduct that should be adequately addressed in your “reasonably designed” policies and procedures, as required by Section 204A. The Code of Ethics applies to supervised persons, but drills down further to outline requirements of access persons, such as personal trading practices. These standards of conduct support an adviser’s fiduciary duty and ensure that federal securities laws are upheld.
Unfortunately, EXAMS has found consistent deficiencies within advisers’ Code of Ethics, which they highlight in this risk alert. Read our overview below in light of your own policies and make modifications where applicable before your next examination.
Compliance Issues Related to Section 204A
EXAMS’ main grievance was that policies and procedures did not adequately address potential risks or due diligence procedures for various practices. One practice they referred to is the use of “Alternative Data,” a descriptive term they further define in the footnote as “different types of information increasingly used in financial analysis beyond traditional financial statements, company filings, and press releases.” When using alternative data sources, advisers failed to document policies and procedures around the potential risk of receipt and use of MNPI. It is important to conduct ongoing due diligence while using the alternative data and document this process to support your policies.
If you use Expert Networks, ensure your policies and procedures outline how to navigate conversations with expert network consultants who may be related to publicly traded companies or have access to MNPI. EXAMS recommends tracking and logging calls, reviewing notes from the calls, and reviewing the trading activity of supervised persons in publicly traded companies that are in similar industries as those discussed during calls.
If you have some investors who are more likely to possess MNPI, including officers or directors at a public company, PMs at asset management firms, or investment bankers, then you should implement adequate procedures to address the risk those investors pose and a way to identify and track those investors.
Compliance Issues Related to COE Rule 204A-1
None of the Code of Ethics policy deficiencies jump out as being surprising and in fact, we have seen many of these ourselves. Let’s go through the essential elements to address in your Code of Ethics, based on their deficiency findings:
Identify who at your firm is deemed an access person and how they are supervised.
Ensure a provision for pre-approval for certain investments is outlined in your policies and procedures, especially for IPOs and limited offerings. However, it’s not enough to just write it down! Make sure you are actually obtaining and documenting the pre-approval.
Personal transactions and holdings:
Document your process for supervisory review of transactions. When reviewing:
Double-check that they are not investing in securities on your restricted list, and
Ensure that employees are not investing ahead of clients and receiving favorable pricing!
Ensure someone else at the firm is designated to review the CCO’s transactions and they are not “self-reviewing.”
Ensure your policies indicate the requirement for employees to submit their reportable transactions within 30 days of quarter end and all holdings at each year-end.
Outline which transactions are required as reportable for employees to ensure they provide all reportable content for review.
Include space in your policies for employees to attest in writing, within 10 days of hire and at least annually thereafter, their acknowledgment and receipt of the Code of Ethics.
Conclusion
While this risk alert may not seem like a monumental, procedure-changing upheaval, it is an important reminder to ensure your Code is buttoned up and addresses the requirements. It’s easy to let the basics slip when juggling new rules, and many hats, but those basics are the foundation of a rock-solid compliance program that can substantiate its own effectiveness through documented reviews.