Compliance Reviews: Annual, Periodic and Forensic Testing

I. Introduction: The Regulatory Framework

Annual review season is once again upon us! A key requirement of Rule 206(4)-7 under the Investment Advisers Act of 1940, as amended, requires advisers to each year evaluate the adequacy and effectiveness of their compliance policies and procedures.  In this article, we discuss this requirement and provide a non-exhaustive list of methods, techniques, and other considerations for advisers to perform relevant and meaningful testing across their various departments.

II. Compliance Testing: Methods and Techniques

There is no “one-size-fits-all” solution for advisers to properly conduct this review.  Advisers should tailor their review to the size, scope and complexities of their respective operations.  This may include considerations pertaining to the types of investment services and products offered by an adviser, the types of clients, investors and potential investors of the adviser, and the extent to which an adviser may rely on third party service providers to perform business critical functions.

We recommend testing across all program areas utilizing three general testing techniques: (i) transactional testing; (ii) periodic testing; and (iii) forensic testing. When conducting testing in conjunction with an annual review, it is critical the personnel of the adviser who are responsible for conducting the testing are provided with adequate resources to perform their testing.  In addition, a requirement of the rule it to maintain records pertaining to the review, so documentation should be retained which demonstrates any testing and related findings or recommendations.

(i)  Transactional Testing: “Real-Time Action”

The first layer of testing is recommended to be performed by relevant personnel of the adviser at or near the time the activity occurs.  For example, transactional testing may be performed by compliance personnel when an investment is made for a client account.  A transactional test in this focus area would be performed around the time the investment is made to ensure compliance with an investment guideline.  Relevant personnel of the adviser performing the transactional testing should be adequately trained, supervised and familiar with familiarity program area being tested.  For example, when performing transactional testing pertaining to investments for clients and/or investment products of the adviser, relevant adviser personnel should have access to the necessary client documentation which forms the basis of the testing (e.g., client investment management agreements with investment guidelines, investment product offering documents, etc.).   Where possible, look to leverage technology.  For example, in the context of transaction testing for adherence to client investment guidelines, many order management systems are designed to provide testing designed to determine whether compliance is being achieved.

(ii)  Periodic Testing: Ongoing Compliance Reviews

Periodic testing refers to a second layer of testing performed at appropriate intervals, but not contemporaneously with each transaction.  For example, periodic testing may be performed by compliance personnel to review documents reflecting client-imposed guidelines or product offering documents and comparing those guidelines against the lists which are used for the transactional testing discussed earlier in this article.  A periodic test in this focus area would be performed, for example, to review all investment guidelines for clients and/or investment products within a particular investment strategy or group of accounts.  Testing in this focus area may include reviews of the applicable coding of investment guidelines within an order management system to ensure all investment guidelines appear accurate, up to date and being observed by the system.  Testing also could be tailored in this focus area to ensure appropriate record retention requirements are being met.

(iii)  Forensic Testing: Identifying Gaps and Potential Issues

Forensic testing is recommended to be designed to detect whether systems are being subverted by clever means that may be difficult to detect through other testing.  For example, such testing may be designed to compare the performance of an account with the performance of a relevant benchmark and other client accounts with similar guidelines or mandates with the expectation that material differences would not be evident.  Forensic testing in this focus area would be performed, for example, to review client performance and determine whether investment opportunities may have been selectively allocated to certain client accounts and may have disadvantaged other client accounts.

III. “Show Your Work”

As noted above, it is a requirement of the rule to retain records of your testing.  For advisers, a written report is not required (though advisable), however, advisers are required to records of its annual review.  Advisers should maintain copies of their annual reviews and supporting documents and this requirement should not be taken lightly. While the level and sophistication of testing and related documentation may vary among advisers for many reasons, it is important all testing which is performed be documented and readily demonstrable if requested, particularly by staff of the United States Securities and Exchange Commission (the “SEC”).  Note, for registered investment companies (e.g., mutual funds) a written report is a requirement.

While many advisers may view the annual review requirement as a daunting task which may appear burdensome, it is important to realize annual reviews are not only a requirement but also an opportunity for advisers to document, highlight, and stand with confidence behind the work and systems supporting an adviser’s organization.  Maintaining comprehensive documentation throughout an annual review will enable an adviser to demonstrate a thorough review of its compliance program.  It also may be used to tailor future testing and serve to strengthen business practices and processes across other departments of the adviser’s organization.

IV. Planning and Execution, Areas of Review

Completing a comprehensive annual review is not a simple task.  Appropriate planning and allocation of resources will position an adviser to conduct a meaningful review in the most efficient fashion.  We recommend implementing annual review testing outlines prior to beginning the annual review process.  A thorough annual review outline should include itemized testing of all key areas of an adviser’s business.  A few areas for review will likely include:

Trading
Operations
Accounting
Research and Portfolio Management
Marketing and Client Service
Technology, including Business Continuity and Disaster Recovery; and
Personnel Issues
Changes to the Advisers Business

There are several categories appropriate for review under each of these areas, and much will depend upon the nature of the adviser’s business.  A proper review will be conducted across all departments of an organization and not focus solely on one or few areas of an adviser’s operations.

V. Conclusion

Advisers are fiduciaries to their clients, with ongoing responsibilities to always place clients’ interests ahead of their own in all matters.  Among other things, annual reviews should serve to document all the efforts made by an adviser to comply with the various legal and compliance requirements while serving their clients.  Annual reviews should be thoughtful and comprehensive to enable an adviser to determine whether any material violations or other incidents have occurred pertaining to the adviser’s compliance policies and procedures.  It also should be leveraged as an opportunity to identify areas for improvement or enhancement.

FiSolve Can Help

Conducting a proper annual review can provide benefits beyond meeting a compliance requirement.  We will assist in formulating and executing on an annual review plan tailored to your business.  This review also may be used to critically evaluate and identify areas for improvement.  For more informational and additional resources, visit us at www.fisolve.com or contact us at growth@fisolve.com.