The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published a risk alert on November 9, 2020, which discussed supervisory and compliance issues related to Registered Investment Advisors (“RIAs”) with multiple branch offices. The risk alert summarized the findings of OCIE’s Multi-Branch Initiative. Although examiners identified a range of deficiencies during their examinations, they also observed branch office practices that RIAs may find helpful in their compliance oversight efforts. Many of OCIE’s comments will be of interest to RIAs that do not have branch offices.
The Multi-Branch Initiative compiled information derived from almost 40 examinations of RIAs’ main offices. That data was combined with the findings of one or more examinations of each RIA’s branch office. Most of those RIAs conducted their advisory business in 10 or more branch offices. The branch offices were geographically dispersed from the RIA’s main office in most cases.
When an RIA’s business model relies on one or more branch offices, the firm faces a higher degree of risk. Furthermore, when RIAs have multiple branch offices, it is more likely that policies and procedures will not be implemented or adhered to by advisory personnel situated there. Examiners identified instances where RIAs did not monitor, review, and/or test their branch office’s practices. As a result of those failings, an RIA’s main office may not be aware that their compliance controls are ineffective.
OCIE’s risk alert is available here.
Focus areas of the Multi-Branch Initiative
The Multi-Branch Initiative focused on the following areas:
- Compliance programs and supervision; and
- Investment advice.
Pursuant to Rule 206(4)-7 of the Investment Advisers Act of 1940, commonly referred to as the “Compliance Rule,” RIAs must adopt and implement written policies and procedures, which are designed to prevent violations of the securities laws and the rules that interpret them. Policies and procedures must address the unique risks presented by the RIA’s business model. The risks faced by a firm with multiple branch offices are much different from RIAs that just have one office.
OCIE observed that the branch office model may create risks that advisors should consider as they design and implement their compliance programs. They should also consider these risks when supervising branch office personnel and processes. These risks may increase when the main and branch offices have different practices.
As part of the Multi-Branch Initiative, examiners focused on RIAs’ compliance programs in both their main and branch offices. They looked at firms’ compliance with the Custody Rule and the Code of Ethics Rule, as well as other regulations. In addition, examiners analyzed whether RIAs’ practices were consistent with fiduciary obligations in areas such as fees, expenses, advertising.
Examiners also looked at how supervised persons located in branch offices provided investment advice to advisory clients. Examiners scrutinized RIAs’ oversight of investment recommendations, management and disclosure of conflicts of interest, and allocation of investment opportunities.
OCIE’s observations related to compliance programs and supervision of branch offices
The vast majority of the RIAs examined were cited for at least one Compliance Rule deficiency. In particular, examiners noted that more than half of these RIAs had compliance policies and procedures that:
- Contained inaccurate and outdated information;
- Were not implemented at every branch office;
- Were inadequately implemented, because the compliance department did not receive the books and records mandated by the firm’s policies and procedures; and
- Were not enforced.
Further, some RIAs’ policies and procedures referred to entities that no longer existed and advisory personnel who had changed roles and responsibilities.
Examiners identified a number of compliance program-related shortcomings in the following areas:
- Custody of clients’ assets. RIAs did not have policies and procedures that curtailed the ability of supervised persons to process withdrawals and deposits in clients’ accounts and change their addresses. Without these policies and procedures, the examined RIAs might be deemed to have custody of a client’s assets, thus requiring compliance with the Custody Rule.
- Fees and expenses. RIAs did not have policies and procedures that included the identification and remediation of situations where clients were charged undisclosed fees. In certain instances, policies and procedures applicable to fees were not enforced. Examiners found that RIAs failed to oversee fee billing processes, which sometimes resulted in overcharges to clients.
- Oversight and supervision of supervised persons. Supervision deficiencies were discovered related to:
- The failure to disclose material information, including disciplinary events of supervised persons;
- Portfolio management, such as recommending mutual fund share classes that were not in the client’s best interest; and
- Trading and best execution, including enforcing policies and procedures the advisor had in place.
Supervision deficiencies were prevalent when RIAs oversaw branch office personnel with higher-risk profiles. Deficiencies included the identification and documentation of disciplinary events.
- Advertising: Advisors often had deficiencies in the area of advertising. Examples of problematic advertisements included:
- Performance presentations that omitted material disclosures;
- Use of superlatives and unsupported advertising claims;
- False presentation of professional experience and/or credentials of supervised persons or the RIA; and
- Third-party rankings or awards that omitted material facts regarding these accolades.
- Code of ethics. Several advisors were cited for code of ethics deficiencies because they failed to:
- Comply with reporting requirements;
- Review transactions and holdings reports;
- Properly identify access persons; and/or
- Include all of the required codes of ethics provisions.
Certain RIAs failed to implement a review and approval process before supervised persons were permitted to invest in limited or private offerings.
OCIE’s observations related to investment advice offered at branch offices
More than half of the advisors examined were cited for deficiencies related to portfolio management practices. OCIE’s examinations focused on:
- Oversight of investment recommendations at a specific branch office and across all of the RIA’s branch offices;
- Management and disclosure of conflicts of interest; and
- Trading and allocation of investment opportunities.
Examiners observed deficiencies connected to the oversight or evaluation of investment recommendations, such as the mutual fund share class selection processes. There were also deficiencies related to wrap fee programs, such as failing to disclose fees and trading away practices.
In addition, examiners found that conflicts of interest were not fairly and fully disclosed. For example, certain advisors did not fully and fairly disclose that they received financial incentives to recommend specific investments.
Examiners also found that RIAs:
- Did not document their analysis of their efforts to seek best execution for their clients;
- Completed principal transactions involving securities sold from the firms’ inventory without prior client consent; and
- Did not monitor supervised persons’ trading.
Certain advisors improperly allocated block trade losses to clients.
Best practices with respect to branch office activities
The risk alert offered best practices for RIAs with branch offices. Many firms had policies and procedures for monitoring and oversight of branch offices. These policies and procedures typically required compliance reporting by their branch offices. Certain advisors implemented:
- Uniform policies and procedures regarding main office oversight for monitoring and approving advertising;
- Uniform and centralized processes to manage client fee billing;
- Centralized processes to oversee and approve personal trading of all supervised persons working at all offices, not just the main one;
- Uniform portfolio management policies and procedures and portfolio management systems across all office locations.
Firms had implemented uniform procedures to address the risks created when Investment Advisor Representatives in branch offices serve as portfolio managers. To guard against this risk, OCIE encouraged RIAs to implement uniform portfolio procedures across all branch offices that apply to every advisory employee.
It is a best practice for RIAs to perform compliance testing or periodic reviews of key activities at all branch offices. These reviews should be performed at least annually. Certain RIAs conducted these reviews more frequently. OCIE offered examples of compliance oversight and testing of branch office activities such as:
- Validating that branch offices undertook compliance or supervisory reviews of their portfolio management decisions initially and on an ongoing basis;
- Designating individuals within branch offices to monitor portfolio management;
- Consolidating the trading activities within branch offices into the RIA’s overall testing; and
- Conducting compliance reviews that do not rely exclusively on self-reporting.
The risk alert commended RIAs that established compliance policies and procedures to check for prior disciplinary events when hiring supervised persons and periodically confirming the accuracy of related disclosures. Certain RIAs implemented procedures that included the following:
- Periodically reviewing disciplinary histories;
- Documenting those reviews; and
- Providing heightened supervision of individuals with disciplinary histories.
It is a best practice for RIAs to conduct compliance training for employees in the main office and in branch offices. Training helps to ensure that all advisory employees are on the same page and are familiar with the firm’s policies and procedures.
OCIE’s risk alert is meant to encourage RIAs to consider the unique risks and challenges presented when their business model includes numerous branch offices, as well as business operations that are geographically dispersed. RIAs must adopt policies and procedures that are tailored to address those risks and challenges.
OCIE’s risk alert sends the very important message that RIAs’ principal office must ensure that policies and procedures are communicated to their branch offices. The RIA’s principal office must also make certain that policies and procedures are implemented and adhered to at all of the branches.
 Rule 206(4)-2
 Rule 204A-1