Alternative Investment Management Association Representing the global hedge fund industry
Citi Investor Services
Private equity and hedge funds (“Private Funds”) often contract with third-party administrators (“Administrators”) to manage certain of their books and records. Investment advisers to Private Funds who are required to be registered (“Private Fund Advisers”) with the Securities and Exchange Commission must comply with the requirements of the Investment Advisers Act of 1940 (the “Advisers Act”), which includes those related to recordkeeping.
Section 404 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 added new section 204(b) to the Advisers Act, which provides recordkeeping requirements for investment advisers to private funds. Specifically, section 204(b)(2) states that the records and reports of any private fund to which a registered investment adviser provides investment advice are to be considered the records and reports of the Private Fund Adviser. As a result, Private Fund Advisers often look to the Administrators of the Private Funds they manage for these records to assist them in meeting the adviser’s books and records requirements.
Thus, when a Private Fund opts to outsource core duties the investment adviser or general partner would otherwise perform for its client(s), the adviser has a vested interest in selecting an appropriate service provider and continuing to oversee or monitor the outsourced duties as part of its compliance program pursuant to Rule 206(4)-7 under the Advisers Act (the “Compliance Rule”). In addition, a growing number of investors, especially institutional investors, expect that this oversight will be performed.
The Compliance Rule
Upon registration with the SEC, an investment adviser must have a compliance program in place which meets the requirements of the Compliance Rule. An often overlooked area in an adviser’s compliance program includes oversight of key service providers to the Private Funds it advises, such as the Administrator.
Private Fund Advisers are required by the Compliance Rule to adopt and implement written policies and procedures reasonably designed to prevent, detect, and correct violations of the Advisers Act and rules thereunder. The Compliance Rule also requires that the adviser appoint a competent and empowered Chief Compliance Officer (CCO) to administer the policies and procedures, and that an annual review of the written compliance policies and procedures (the “Compliance Manual”) be performed. Rule 204-2(a)(17)(ii) requires that records documenting such review be retained.
This article discusses some of the key oversight responsibilities Private Fund Advisers should consider in their compliance programs with respect to Administrators of the Private Funds they advise.
The Compliance Manual should include policies and procedures tailored to fit the adviser’s business functions that are designed to reasonably prevent violations of the Advisers Act and any regulations that are applicable to the adviser. The Compliance Rule’s adopting release contains a list of key areas to consider for inclusion within the Compliance Manual. The Compliance Manual must continuously be maintained and revised for changes to laws, regulations, operations or the organization. Senior management must fully support the form and function of the Compliance Manual.
The annual review is usually conducted and evidenced through the creation of a risk-based testing program. Firm size, the complexity of investments and operations and testing resources will impact how much testing should be performed. The testing program should be documented and tied (or mapped) to the written compliance policies and procedures contained within the Compliance Manual. A compliance risk matrix should be used to demonstrate that a risk-based approach was taken in the development of the testing program. As part of this approach, the CCO should consider the potential likelihood of an issue occurring with respect to that action within the Compliance Manual, as well as any potential impact to the adviser or its clients. The risk matrix could also be used to assign testing frequency and sample sizes based upon the frequency of the control activity, the likelihood of its failure and the impact it would have on operations if it should fail. The risk matrix should be updated at least annually and whenever there is a regulatory, infrastructure or procedural change that impacts the content.
ADMINISTRATOR COMPLIANCE OVERSIGHT
While the SEC has not yet committed to rulemaking on the responsibilities a registered investment adviser has over the functions it relies upon an Administrator or other third party service provider to perform, members of the SEC’s staff have provided insight into their views on outsourcing certain duties that would otherwise be performed by an adviser. During the SEC’s 2009 CCOutreach Regional Seminars directed to the compliance staff of advisory and broker-dealer firms, the staff devoted its April session to “The Evolving Compliance Environment: Examination Focus Areas.” During this session, the staff stated that “when a service provider is utilized, the adviser still retains its fiduciary responsibilities for the delegated services. As a result, advisers should review each service provider’s overall compliance program for compliance with the federal securities laws and should ensure that service providers are complying with the firm’s specific policies and procedures.” Private Fund Advisers should, therefore, consider their oversight obligations of Administrators and other key service providers and, at a minimum, include a description of this oversight within their Compliance Manual. More appropriately, a Private Fund Adviser should maintain a copy of the service provider’s key compliance controls and procedures related to those functions that the Private Fund has outsourced to the Administrator, given that the associated books and records are deemed to be those of the Private Fund Adviser under Section 204 of the Advisers Act. The CCO should also periodically test these key compliance controls and procedures, using a risk-based approach, as described in the “Annual Review” section. Test results should be maintained as part of the annual compliance review.
Compliance Program Considerations
Some examples of outsourced functions an Administrator might provide to a Private Fund, and other incidental regulatory and business considerations, which should be reviewed or tested by the CCO to support the Private Fund Adviser’s compliance program include:
In addition, the adviser should use its testing results to identify whether the service provider is performing the functions that they are contracted to provide as part of its due diligence review of the Administrator. If the service provider produces a report on Service Organization Controls (“SOC 1 Report” formerly known as the SAS 70 Report), it is prudent to consider that as a factor in its evaluation rather than the SOC 1 Report having completely satisfied the adviser’s oversight responsibilities of that service provider. SOC 1 Reports are not client specific; rather, the auditor takes samples across the service provider’s client base to test controls. Thus, a CCO should not consider a SOC 1 Report’s results conclusive of the type of control environment the Administrator has in place with respect to the specific services it is providing to the Private Funds managed by the adviser.
Advisers should review services delegated to service providers to reasonably confirm that the service provider is performing these services adequately. In addition, CCOs, as part of the required annual compliance review, should include services provided by service providers to reasonably confirm that the service provider is operating in compliance with the federal securities laws, as well as complying with the adviser’s specific policies and procedures, where appropriate. The adviser could use its compliance testing program results to help satisfy increasing customer demand for strong due diligence reviews of the Private Funds in which they invest and its key service providers. The oversight program can also be used to help assure the SEC that the Private Fund Adviser’s compliance program is robust, sound and compliant with the requirements of Rule 206(4)-7 under the Advisers Act.
This communication is provided for informational purposes only and may not represent the views or opinions of Citigroup or its affiliates (collectively, “Citi”), employees or officers.The information contained herein does not constitute and shall not be construed to constitute legal and/or tax advice by Citi. Citi makes no representation as to the accuracy, completeness or timeliness of such information.This communication and any documents provided pursuant hereto should not be used or relied upon by any person/entity (i) for the purpose of making regulatory decisions or (ii) to provide regulatory advice to another person/entity based on matter(s) discussed herein. Recipients of this communication should obtain guidance and/or advice, based on their own particular circumstances, from their own legal or tax advisor.Back to Listing