“Supervision” is one of those compliance buzzwords that gets tossed around without much explanation, like its meaning is taken for granted and assumed to be obvious. I submit to you that it is not, especially when it comes to demonstrating that adequate supervision of a person, process, product, or policy has occurred. But why should advisers care about supervision at all?
The concept of supervision is sprinkled throughout the regulatory sandbox that the SEC has built for advisors to play within. The foundation of this sandbox is the Investment Advisers Act of 1940, which introduces the definition of both a “supervised person” and the “failure to reasonably supervise”. In short: supervised persons of a registered investment adviser need to be supervised and the failure to reasonably do so can result in an adviser being censured or its registration being limited, suspended, or revoked. Or said another way, a supervisor that’s asleep at the wheel may unwittingly be held liable for violations committed by others he was supposed to be overseeing.
A “supervised person” is defined to include
any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee of an investment adviser, or other person who provides investment advice on behalf of the investment adviser and is subject to the supervision and control of the investment adviser.
This is a very broad definition, and is designed to encompass the vast majority of most advisers’ personnel. It is also specifically designed to encompass all “access persons” – the folks that must report their personal securities transactions and holdings for code of ethics purposes. All access persons are supervised persons, but not all supervised persons are access persons.
As is not uncommon in principles-based regulation, a “failure to supervise” is not defined by what it is, but is instead defined by what it is not. To cite section 203(e)(6) of the Advisers Act itself,
no person shall be deemed to have failed reasonably to supervise any person, if—
(A) there have been established procedures, and a system for applying such procedures, which would reasonably be expected to prevent and detect, insofar as practicable, any such violation by such other person, and
(B) such person has reasonably discharged the duties and obligations incumbent upon him by reason of such procedures and system without reasonable cause to believe that such procedures and system were not being complied with.
Step 1: establish supervisory procedures. Step 2: follow said procedures. I’m intentionally oversimplifying to underscore just how important written procedures are to an adviser’s compliance program and as a means of refuting a “failure to reasonably supervise” allegation.
And not all supervisory procedures are created equal. They should be tailored to the adviser’s actual business practices, reviewed no less frequently than annually, and updated as needed in response to new regulations or changes in the business. Think quality over quantity.
Each procedure should also establish how such supervision will be performed, and by whom. Contrary to popular belief, this is not necessarily the firm’s chief compliance officer. Rather, the SEC has made it clear that
Having the title of chief compliance officer does not, in and of itself, carry supervisory responsibilities. Thus, a chief compliance officer […] would not necessarily be subject to a sanction by [the SEC] for failure to supervise other advisory personnel. A compliance officer who does have supervisory responsibilities can continue to rely on the defense provided for in section 203(e)(6) of the Advisers Act [the section cited above].
The responsibility of an adviser’s CCO is to administer the supervisory procedures, not necessarily supervise its personnel. This is not a distinction without a difference, but it is a whole other can of worms to be reserved for a later article. But for purposes of this article, the point is that a supervisory hierarchy (in which each supervised person is assigned to a supervisor) need not have the CCO at the top.
At the end of the day, how can an adviser establish a reasonable system of supervision?
1. Identify which individuals within the advisory organization qualify as “supervised persons”
2. Assign each supervised person a supervisor. Though it may seem ridiculous, this even applies to solo advisers that must supervise themselves. For established advisers reading this article, refer to your policies and procedures to determine if you are designated a supervisor; the answer may surprise you.
3. Draft a tailored set of supervisory policies and procedures that, at a minimum and to the extent applicable, address: (a) Portfolio management; (b) Accuracy of disclosures; (c) Proprietary trading and personal trading of supervised persons; (d) Safeguarding of client assets; (e) Recordkeeping; (f) Client privacy protections; (g) Trading practices; (h) Marking; (i) Valuation; (j) Business continuity plans. This list is summarized from the SEC’s “Information for Newly-Registered Investment Advisers” website, which incidentally states that an update is currently in progress. Also – as emphasized above – the above list is the bare minimum; a reasonably-designed set of policies and procedures will very likely contain additional discrete policies and procedures.
4. Regularly educate supervised persons on such supervisory policies and procedures (especially when they are updated or changed), and obtain a signed annual certification from each supervised person that he or she has read, understood, and agrees to comply with such supervisory policies and procedures.
5. Create a compliance calendar that outlines how various supervisory activities are carried out, by whom, with what frequency and on what dates, as well as any findings and corrective action that result from such supervision (a/k/a “testing” your policies and procedures). Documenting a compliance calendar can go a long way in demonstrating reasonable supervision, so long as it is consistently followed. If supervision isn’t documented, it’s basically impossible to prove (to a regulator) that it actually occurred. Consider building this into or around your CRM for consistency of recordkeeping.
6. To the extent an advisory firm employs an individual with a history of disciplinary events, plan to conduct “extra” supervision of that individual. The SEC released a risk alert on this very topic in September 2016, and announced that it would be examining the supervision practices at such advisory firms pursuant to its “Supervision Initiative”. Firms subject to this examination initiative should expect a review of the firm’s hiring processes, employee oversight, complaint reporting, disclosures, conflicts of interest, marketing practices, and the overall “tone at the top”.
Registered investment advisers of all sizes and complexities must have a robust supervisory regime in place, and those individuals that are designated supervisors would do well do ensure that they are practicing the time-honored tradition of CYA.