Hot Topics in Private Equity Regulation: Where to Focus Your Compliance Program Efforts

Legal Risk Management Tip

January 2018

Download as a PDF by Clicking Here

Introduction

One area that continues to be a primary focus for the U.S. Securities and Exchange Commission ("SEC") in recent years is the private equity segment of the financial marketplace.1 As a continuing trend, the SEC’s 2017 Examination Priorities clearly focused on private fund topics and practices.2 As we begin 2018, the SEC shows no signs of decreasing the scrutiny of private equity advisers ("PE Advisers").3 With several years since many PE Advisers were required to register with the SEC, PE Advisers can expect their regulatory examinations to include emphasis on compliance areas that have been the subject of recent SEC guidance which applies more broadly to registered investment advisers of all shapes and sizes.

This month’s Legal Tip focuses on select "hot topics" identified in announcements from the SEC’s Office of Inspections and Examinations ("OCIE") that have direct application to PE Advisers’ compliance programs.

A. An Observation About Improving Adviser Compliance

In his September 2017 speech titled "Improving Investment Adviser Compliance," Peter B. Driscoll, the Acting Director of OCIE, provided insight into the broader goals of OCIE. He drew a roadmap of sorts for advisers considering how to improve their regulatory compliance programs and prepare for their next regulatory examination.4 After reiterating the common refrain that the SEC is not a "gotcha" regulator, Acting Director Driscoll highlighted the fact that part of OCIE’s mission is to improve the ability to understand the SEC’s compliance expectations not only for advisers that undergo an SEC exam, but also (and from a practical view, more importantly) for the much larger number of advisers that are not examined in any given year.5

OCIE recently has increased the use of publications, announcements and guidance, including Investor Alerts and Bulletins,6 which give advisers, including PE Advisers, good insight into the areas which the SEC will likely emphasize in its examinations. Logically, PE Advisers should be focused on these topics as they implement and continue to enhance their regulatory compliance programs.

B. Compliance Policies and Procedures

By now, each PE Adviser registered with the SEC (or a state regulator) should be aware of the "Compliance Rule" which requires, among other things, PE Advisers to have in place written policies and procedures reasonably designed to prevent violations of federal securities laws, including the Investment Advisers Act of 1940, as amended ("Advisers Act") and rules adopted thereunder.7 In 2017, OCIE published a Risk Alert (the "Exam Risk Alert") that discussed topics frequently identified in SEC examinations of investment advisers, and the Compliance Rule was featured prominently.8

To summarize, OCIE examination staff found numerous deficiencies or weaknesses based on underpinnings of the Compliance Rule and compliance programs in general, including: (i) a Compliance Policies and Procedures Manual ("Manual") not tailored to the adviser’s business, (ii) annual reviews not performed or not addressing the adequacy of the adviser’s policies and procedures, (iii) advisers not following their own policies and procedures, and (iv) out of date compliance Manuals.9

Clearly, the SEC expects that PE Advisers will have a complete set of policies and procedures, customized to address risks associated with the particulars of the private equity firm’s business practices, investment strategies, conflicts of interest, protection of investors and valuation procedures.10 Moreover, a PE Adviser’s policies and procedures should be a "living document" that evolves with a firm’s practices, and updated regularly as those practices change. The PE Adviser’s Manual in should reflect a PE Adviser’s current business and compliance functions.

PE Advisers need to ensure that they are performing annual reviews as required by the Compliance Rule to assess whether the PE Adviser’s policies and procedures are effective in practice. Additionally, and contrary to many PE Adviser’s instincts, the regulators expect an annual review to identify compliance gaps that were detected during the review and discuss steps on how they are to be or were addressed.

Consequently, it is essential for PE Advisers to think critically about their compliance program and how risks associated with their business are addressed. To that end, each year the firm’s Manual should be reviewed and enhanced accordingly. Policies and procedures should be adopted that take into account the specific nature of the firm's operations and business activities. PE Advisers need to be thoughtful and critical as they identify the unique risks, conflicts of interest and other compliance issues that apply to their advisory business and design or improve internal controls to address those risks.

C. Cybersecurity

For the past several years, cybersecurity has received significant attention from OCIE, based in large part on recurring, high profile electronic attacks. The sheer volume of guidance and articles issued by OCIE on the subject of cybersecurity should be an indication of where it ranks on the SEC’s overall priority list. Since the announcement of the OCIE Cybersecurity Initiative in April of 201411, the SEC has issued numerous, well-publicized Risk Alerts devoted to cybersecurity, cyber examination results and related topics.12 In fact, one recent global cyber event, the WannaCry ransomware virus, prompted the SEC to create a Risk Alert focused specifically on ransomware, which is just one of many damaging types of cyber-attacks.13

Suffice to say, in light of the SEC’s focus on cyber issues (which is expected to continue for the foreseeable future), PE Advisers should have robust and well-implemented cybersecurity policies in their Manuals that cover cyber topics including, among others, risk assessment, access rights and controls, data loss prevention, vendor management and cyber incident response. Creating and implementing a PE-specific cyber incident response is recommended as a preemptive measure to protect against cyber-attacks.

D. Form ADV and Form PF Issues

The Exam Risk Alert highlighted certain failures regarding the filing of Form ADV and Form PF, two mandatory regulatory filings for PE Advisers, including inaccurate disclosures in Form ADV, incorrect Form PF filings and late filings of both forms.14

Form ADV continues to be a primary method for PE Advisers to communicate information about their firms to investors and prospects, and the starting point for OCIE when examiners assess the quality of a PE Adviser’s disclosures about their business practices. It is critical that the information in a PE Adviser’s Form ADV accurately describe the details of the firm and its investment processes. In particular, private securities carry increased risk related to the following topics, among others: valuation processes, conflicts surrounding fair valuation determinations, liquidity issues, additional fee layers in fund of fund structures, performance fees/ carried interest and interested party transactions.

The Exam Risk Alert is a clear warning that the OCIE staff will be looking at PE Advisers’ regulatory filings at the next SEC examination. PE Advisers should be certain that the disclosures in Form ADV adequately describe firm operations, and, after the upcoming Annual Amendment deadline, update Form ADV if any information becomes materially inaccurate during the year. In addition, PE Advisers required to file Form PF should take special care to ensure that the information submitted is accurate.

E. Performance Advertising

On the same day as the speech by Acting Director Driscoll discussed above, the SEC issued a Risk Alert titled "The Most Frequent Advertising Rule Compliance Issues Identified in OCIE Examinations of Investment Advisers" ("Advertising Risk Alert").15 This was not a coincidence. To the contrary, the Advertising Risk Alert encapsulates the notion that OCIE is making an effort to educate its advisers prior to an examination setting.

The Advertising Risk Alert covers a variety of highly relevant topics relating to PE Adviser performance reporting and advertising, including, among others, reporting of past investment recommendations, deducting fees form performance data, use of benchmarks and hypothetical and back-tested performance. The Advertising Risk Alert is a mandatory read for any PE Adviser as you consider those policies and procedures that cover your marketing and promotional materials and how to ensure they contain performance data that meets the standards of the Advisers Act and relevant SEC guidance.16

Conclusion

PE Advisers are no longer the new registrants on the block. This Legal Tip provides a brief look at areas that the SEC considers to be relevant to all advisers, and thus must not be overlooked by PE Advisers. If you have not reviewed the topics discussed above, now is the time to start. Addressing the subjects that the SEC has highlighted through OCIE announcements and guidance will go a long way in helping to prepare for your next SEC examination.

For more information, please contact us at (619) 298-2880, or email us at [email protected].

Author: Robert D. Conca, Esq., Partner; Editor: Michelle L. Jacko, Esq., Managing Partner, Jacko Law Group, PC. JLG works extensively with investment advisers, brokerdealers, investment companies, private equity and hedge funds, banks and corporate clients on securities and corporate counsel matters.

This article is for information purposes and does not contain or convey legal advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer.


1 See, e.g., Private Equity Reporting on New Form ADV ( /News-Room/Legal-Tip-May2017.shtm); Back to Basics – Private Equity Compliance Beyond Fee and Expense Practices (/Legal-Tip-October-2016-Back-to-Basics-Private-Equity-Compliance-Beyond-Fee-andExpense-Practices.pdf); Private Equity - Enforcement Summary and What to Expect in 2016 (/January-20-16-Legal-Tip-Private-Equity.pdf).

2 See SEC 2017 Examination Priorities, listing private fund advisers as an SEC initiative, available at https://www.sec.gov/about/offices/ocie/national-examination-program-priorities-2017.pdf.

3 As of the date of this article, the SEC had not yet released its 2018 Examination Priorities, which are expected to include private equity topics.

4 Peter B. Driscoll, Acting Director, OCIE, "Improving Investment Adviser Compliance," September 14, 2017, available at https://www.sec.gov/news/speech/speech-driscoll-2017-09-14.

5 Id.

6 For a list the SEC’s recent Investor Alerts and Bulletins, visit https://www.sec.gov/investor/alerts.

7 See Advisers Act Rule 206(4)-7 (called the "Compliance Rule," this statute covers other core compliance topics relevant to PE Advisers); see also Compliance Programs of Investment Companies and Investment Advisers, Advisers Act Rel. No. IA-2204 (Dec. 17, 2003).

8 OCIE Risk Alert, "The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers," February 7, 2017, available here: https://www.sec.gov/ocie/Article/risk-alert-5-most-frequent-iatcompliance-topics.pdf).

9 Id.

10 Id. Note that valuation was expressly mentioned in the Exam Risk Alert.

11 See "OCIE Cybersecurity Initiative," OCIE, National Exam Program Risk Alert, (April 15, 2014), available at http://www.sec.gov/ocie/announcement/Cybersecurity-Risk-Alert--Appendix---4.15.14.pdf.

12 See, e.g., "OCIE Cybersecurity Examination Sweep Summary," OCIE, National Exam Program Risk Alert, (Feb. 3, 2015), available at https://www.sec.gov/about/offices/ocie/cybersecurity-examination-sweep-summary.pdf; "Observations from Cybersecurity Security Examinations," OCIE, National Exam Program Risk Alert, (Aug. 7, 2017), available at https://www.sec.gov/about/offices/ocie/cybersecurity-examination-sweep-summary.pdf.

13 See "Cybersecurity: Ransomware Alert." OCIE, National Exam Program Risk Alert (May 17, 2107), available at https://www.sec.gov/files/risk-alert-cybersecurity-ransomware-alert.pdf.

14 Rule 204-1 under the Advisers Act requires advisers to amend their Form ADV at least annually, within 90 days of the end of their fiscal year; Rule 204(b)-1 of the Advisers Act requires PE Advisers with at least $150 million in regulatory assets under management attributable to private funds to file Form PF annually within 120 days if the end of its fiscal year.

15 OCIE Risk Alert, "The Most Frequent Advertising Rule Compliance Issues Identified in OCIE Examinations of Investment Advisers," September 14, 2017, available here: https://www.sec.gov/ocie/Article/risk-alertadvertising.pdf.

16 For a more detailed summary of the Risk Alert, see "JLG Legal Tip - 7 Essential Takeaways from the SEC Risk Alert" (/News-Room/JLG-Legal-Tip-7-Essential-Takeaways-from-the-SEC-Risk-AlertSept-2017.shtml).