Custody Rule Violations Observed During SEC Examinations
The staff of the Securities and Exchange Commission (the “SEC”) recently issued a Risk Alert highlighting violations of the Custody Rule. These violations were observed in the course of the SEC’s National Examination Program (the “NEP”) of registered investment advisers.
Rule 206(4)-2 (the “Custody Rule”) under the Investment Advisers Act of 1940, as amended (the “Advisers Act”), which currently governs only SEC registered investment advisers, is one of the most critical rules under the Advisers Act. Most advisers to private funds are deemed to have custody of client assets under the Custody Rule, and compliance with the Custody Rule is typically a part of the SEC’s examination of advisers to private funds, including the NEP’s “presence exam” program. The NEP issued this Risk Alert in order to assist advisers in complying with the Custody Rule. In this alert we highlight deficiencies identified in the Risk Alert that are of general concern to advisers to private funds.
Background of the Custody Rule
The Custody Rule requires, among other things, that (i) client assets be held by a “qualified custodian” (generally, a bank or broker-dealer), (ii) notices be sent to clients detailing how their assets are held, (iii) the adviser have a reasonable basis, after due inquiry, for believing account statements have been provided to clients and investors by a qualified custodian on a quarterly basis, and (iv) that the adviser be subject to a surprise examination by an independent public accountant. Importantly, requirements (ii), (iii) and (iv) are inapplicable and/or deemed satisfied for each pooled investment vehicle for which the adviser distributes financial statements audited by an independent public accountant that is registered with, and subject to regular inspection by, the Public Company Accounting Oversight Board (the “PCAOB”) within 120 days after the pool’s fiscal year-end (180 days for fund of funds).1
Custody Rule Deficiencies Discusses in the Risk Alert
The Risk Alert groups the various Custody Rule violations observed by NEP into categories corresponding generally to various requirements under the Custody Rule. Below is a description of the Custody Rule violations highlighted by the Risk Alert:
Violations Relating to the Adviser’s Failure to Recognize it has Custody of Client Assets: Under the Custody Rule, an adviser is deemed to have custody of a client’s assets if it or a “related person”2 holds, directly or indirectly, client funds or securities, or has any authority to obtain possession of them, in connection with advisory services it provides to clients.
The NEP examinations revealed that advisers failed to recognize they have “custody” over clients’ assets by virtue of (i) their personnel having a power of attorney over certain client’s assets or serving as trustees of client accounts, (ii) managing their portfolio by directly accessing clients’ online accounts using personal names and passwords without restriction, enabling such advisers to withdraw funds and securities from such accounts, (iii) serving as general partners or in similar capacities of pooled investment vehicles, (iv) having physical possession of client’s assets, and (v) having signatory or check-writing authority for client accounts.
Violations Relating to the Qualified Custodian Requirement: Advisers who are
deemed to have custody of client assets must generally maintain those assets at a qualified custodian, either in a separate account for the client under the client’s name or in an account containing only client assets under the adviser’s name as agent or trustee for the adviser’s clients. Simply put, client assets may not be commingled with the adviser’s assets.
Advisers who are deemed to have custody of client assets must generally maintain those assets at a
qualified custodian, either in a separate account for the client under the client’s name or in an account containing only client assets under the adviser’s name as agent or trustee for the adviser’s clients. Simply put, client assets may not be commingled with the adviser’s assets.
Violations Relating to the “Audit Approach”: As indicated above, the Custody Rule’s notice and account statement requirements do not apply where advisers to pooled investment vehicles deliver to investors in the pool an annual financial statement audited by an independent public accountant that is registered with, and subject to regular inspection as of the commencement of the professional engagement period by, the PCAOB in accordance with its rules, within 120 days (or 180 days for funds of funds) after the end of each pooled investment vehicle’s fiscal year. In addition, the “surprise examination” requirement is deemed satisfied if the “audit approach” is satisfied.
The NEP examinations found that advisers failed to satisfy the requirements of the “audit approach” because (i) the accountant preparing the audit was not “independent” as defined under Regulation S-X, as required by the Custody Rule, (ii) the audited financials were not prepared in accordance with GAAP (e.g., organizational expenses were amortized, rather than expensed as incurred; and financial statements were prepared on a basis other than GAAP), (iii) advisers failed to demonstrate that the audited financials were distributed to all fund investors (e.g., making them available upon request), (iv)
audited financials were sent past 120 days following the fund’s fiscal year-end (or 180 days for funds of funds), (v) auditors were not PCAOB-registered and subject to PCAOB inspection, (vi) the advisers requested investors to waive the annual financial audit requirement but did not obtain a surprise examination, resulting in the adviser failing to comply with either the “surprise examination” requirement or the “audit approach,” and (vii) a final audit was not performed on liquidated pooled investment vehicles.
Advisers to private funds should take note of these deficiencies and review their Custody Rule procedures to see if any changes are necessary. This is of particular importance because, while many of the deficiencies cited in the Risk Alert resulted in requests by the SEC for immediate remediation (e.g., drafting, amending or enhancing written compliance procedures; changing of business practices), some were referred to the SEC’s Division of Enforcement.
1Advisers to separately managed accounts may also avoid these onerous requirements if the only reason that such advisers are deemed to have custody is as a result of being able to deduct fees directly from such accounts. Managed account agreements should be reviewed to determine compliance with this exception.
2A “related person” includes anyone who controls, is controlled by, or is under common control with the adviser.