On February 27, 2012, the Staff of the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert encouraging broker-dealers and investment advisers to review and strengthen their controls designed to detect and prevent unauthorized trading. Firms should review their policies and procedures and identify any conditions that could permit an individual to engage in or conceal unauthorized transactions.
Without imposing any new standards, OCIE focuses on curbing rogue or unauthorized trades in customer or client proprietary accounts, which includes trades that exceed firm limits for exposure, risk tolerance or loss, contain intentionally mismarked positions, or create sham transaction records. Recognizing that firms’ needs will vary, OCIE does not provide a checklist or identify any specific requirements for firms’ control policies. The alert indicates that firms should set a proper tone at the top and establish a culture of compliance in which traders are encouraged to raise any issues and concerns with management. Reporting lines should be clearly defined, and supervisors should understand any complex products and strategies. Firms should ensure that each individual’s access to systems and functions is appropriate for the person’s current role, and should not aggregate functions in one trader or desk. OCIE also encourages firms to align incentives with responsible risk-taking, while considering red flags such as extended settlement trades or firm positions that are rolled over several times. Mandatory vacation policies, during which personnel has no access to the firm’s systems, would help identify any unauthorized trading, as would a central recording function that compiles a holistic perspective of trading activity. Firms should also consider working with internal audit or compliance to check performance and risk, and firms should consider periodic tests of the controls designed to identify unauthorized trading.
Although firms should already have in place policies and procedures that detect and deter unauthorized trading, firms should review them and ensure they comply with the requirements imposed by FINRA and the SEC. FINRA developed recommendations for broker-dealers through FINRA Regulatory Notice 08-18, and the SEC adopted requirements for investment advisers in Advisers Act Release No. 2204. A cursory overview of these requirements follows.
Through Regulatory Notice 08-18, FINRA staff recommended that broker-dealers implement six types of policies and procedures, and noted that even profitable trading could result in regulatory exposure. These recommendations are not exhaustive or required.
- Impose mandatory vacation policies during which individuals in sensitive jobs are barred from physical or electronic access to the firm and its facilities and systems.
- Scrutinize red flags, such as unusual cancelation patterns, trading limit breaches, or aged outstanding confirmations.
- Protect systems and risk management information by limiting employees’ access to what is appropriate for the job function.
- Establish well-defined supervision and accountability so individuals know who supervises all day-to-day responsibilities, even if the firm uses dotted line or matrix reporting structures.
- Consider whether to waive controls for affiliated transactions.
- Establish a culture of compliance where management trains and encourages personnel to raise any issues, and back-office functions maintain appropriate independence.
Investment advisers and investment companies are bound by rules adopted by the SEC pursuant to the Investment Advisers Act of 1940 and the Investment Company Act of 1940. If registered with the SEC, investment advisers and investment companies that provide investment advice must: (1) implement written policies and procedures to prevent violations of federal securities laws; (2) designate a chief compliance officer to administer the policies, which reports directly to the board for investment companies; and (3) review these policies every year. Firms must keep copies of all policies and procedures that are currently in effect or were in effect any time in the last five years, and firms must keep records from the annual review.
Although the policies and procedures for investment advisers related to unauthorized trading will vary, the SEC expects firms to adopt, among others, portfolio management processes that ensure opportunities are allocated across clients and conform with clients’ investment objectives; trading policies that govern proprietary and personal trading by supervised persons, and prevent the misuse of material nonpublic information; controls that ensure disclosures remain accurate; and systems that create and maintain accurate records.
The SEC requires that investment companies implement policies and procedures for complying with federal securities laws, including policies for overseeing all service providers through which they conduct activities. In addition to the requirements imposed on investment advisers, investment companies must adopt policies and procedures that, among other things, identify the individuals that are barred from trading fund shares because they are in a unique position to take advantage of the fund, and reasonably protect nonpublic information from misuse. The board, including a majority of the independent directors, must approve the policies and procedures of the fund and of its service providers. Funds must keep materials provided to the board in connection with approval of the policies and procedures for five fiscal years.
If you have any questions regarding OCIE’s Risk Alert or policies and procedures that detect and deter unauthorized trading, please contact the authors of this Client Alert or your O’Melveny & Myers advisor.