SEC Logo

SEC Division of Examinations Publishes Risk Alert on MNPI Compliance Issues

Exposure to material nonpublic information (“MNPI”) remains one of the highest risks for many firms in the financial services industry, with special considerations for investment advisers.  In a Risk Alert published yesterday, the SEC’s Division of Examinations described notable deficiencies its Examination Staff has commonly observed during its examinations of IAs.  The Risk Alert identifies specific areas of concern relating to MNPI and Code of Ethics considerations.  We summarize key parts of the Risk Alert in this posting.

All IAs are required to establish written policies and procedures that are reasonably designed to prevent and detect the misuse of MNPI.  These policies should consider the nature of the IA’s business.  For example, policies for a fundamental, research-intensive IA that interacts with management of public companies, should look different than those of a quantitative fund relying on coded algorithms for trading.  These requirements stem from Section 204A of the Investment Advisers Act of 1940, as amended, which is part of a broader requirement for IAs to adopt a Code of Ethics for its personnel (“Code of Ethics Rule”).  The Risk Alert enumerates the requirements for an IA’s Code of Ethics.  These requirements also are an expected part of an IA’s compliance program under Section 206(4)(7).

The Risk Alert provides helpful examples of common deficiencies uncovered during examinations.  An adviser who finds any of these areas relevant to the nature of their respective business should conduct a review of their policies and procedures to ensure appropriate protocols are in place.

Common MNPI Related Deficiencies

Alternative Data:  The Staff observed in some cases IAs using data from non-traditional sources have not adopted written policies and procedures to address the risk of potential receipt and use of MNPI through these sources.  For example, the Staff noted instances where IAs are not memorializing diligence processes or following them consistently when engaging with alternative data service providers; instead exhibiting ad hoc diligence practices.  The Staff also is looking for IAs to exhibit policies and procedures regarding the assessment of terms, conditions and legal obligations relating to these forms of data, including potential red flags.  IAs should have a written, comprehensive vetting process for onboarding alternative data providers and train staff on potential red flags and what to do about them.

“Value Add” Investors:  Where IAs may have investors such as executives at a public company, portfolio managers at an IA or investment bankers, the Staff expects adoption of policies and procedures to address the fact these investors are more likely to possess MNPI due to the nature of their work.  The Staff suggests policies and procedures should contemplate associated risks, articulate a process to correctly identify all such investors, and track their relationships with potential sources of MNPI.  This is another area that should be calibrated depending upon the nature of an IAs business and the nature of the relationship it has with its clients.

Expert Networks:  Today many reputable expert network firms treat issues pertaining to MNPI as a serious matter, training experts on MNPI issues and assisting client IA firms with compliance oversight tools.  Nevertheless, the Staff notes IAs have not implemented adequate policies and procedures regarding their discussions with expert network consultants who may be related to a public company or may have access to MNPI.  Suggested policies include (1) tracking and logging expert network consultations, (2) a compliance review of detailed notes taken from expert consultations, and (3) review of trading activity of publicly traded companies that are in similar industries as those discussed during expert consultations.  Other effective practices may include a compliance officer periodically chaperoning a consultation and an IA’s compliance staff conducting diligence around how an expert network provider trains its experts on issues pertaining to MNPI.

Code of Ethics Considerations

The Risk Alert also notes compliance issues related to the Code of Ethics Rule, including issues pertaining to Access Persons, Reporting of Personal Securities Transactions and Holdings, and written acknowledgement of an employee’s receipt of an IA’s Code of Ethics and any amendments.   The Staff noted IAs did not identify and supervise certain employees as Access Persons, which is required by the Code of Ethics Rule.  In other cases, IAs did not define Access Persons or did not accurately reflect which employees are considered Access Persons.  Under the Code of Ethics Rule, an Access Person is defined as “a supervised person who has access to nonpublic information regarding clients’ purchase or sale of securities, is involved in making securities recommendations to clients or who has access to such recommendations that are nonpublic.”  An Access Person also includes employees with access to nonpublic information regarding the portfolio holdings of affiliated mutual funds.  Smaller IAs should consider defining all employees as Access Persons as it is not uncommon for all employees to have broader access to sensitive firm information than with larger IAs, and a single standard may be more manageable.

The Staff also observed instances where IA employees did not obtain required pre-approval for personal trades, or IAs did not have provisions in their Code of Ethics to address transactions in IPOs or limited offerings.  Additionally, the Staff found inadequate submission and reviews of employee trading statements.  The Staff notes some IAs did not have policies and procedures in place to assign the CCO’s reporting to another member of the adviser staff, effectively allowing the CCO to self-review his or her own statements.

Finally, the Staff notes areas the SEC recommended in adopting the Code of Ethics requirements, including use of restricted lists to prohibit purchases of securities where an IA is in possession of MNPI and procedures to ensure investment opportunities are first offered to clients before the adviser or its employees may act on them.  The Staff observed situations where an adviser or its employees purchased  securities at a better price, ahead of adviser’s clients in contravention of the IA’s Code of Ethics.

The Risk Alert provides excellent insight to IAs as to areas of concern for the Staff when it comes to MNPI related issues under an IA’s Code of Ethics.  The area is particularly important because any use of MNPI by an adviser has the potential to lead to grave consequences, including enforcement action and criminal prosecution for the firm and individuals.  Effective MNPI policies, along with proper training, are excellent ways for firms to protect themselves.  We recommend IAs review their compliance programs in light of the Risk Alert and assess whether changes or enhancements are appropriate.

Contact Us Today

We will show you how FiSolve will position your firm to grow its assets and bolster its processes.