Failure to Comply with Custody and Books and Records Rules and for Failure to Adopt Appropriate Written Policies and Procedures
The SEC has ordered Registered Investment Adviser Southwind Associates of NJ Inc. (“Southwind,” “Adviser,” “Firm”) to pay a civil penalty of $50,000. The order stems from the firm’s repeated failure to comply with rules related to custody, books and records retention, and the adoption of appropriate written policies and procedures. Prior to instituting administrative proceedings against Southwind, the SEC’s OCIE exam staff had conducted three separate examinations of the investment adviser– in 2003, 2006, and 2013—each of which resulted in the SEC issuing deficiency letters to the firm. Moreover, Southwind had hired an independent compliance consultant to review its compliance program and provide written recommendations. Despite so many warnings, Southwind “failed to timely implement the majority of the Consultant’s recommendations,” including those related to custody, electronic communications/books and records retention, and the firm’s written policies and procedures, resulting in the SEC order issued against the Adviser on December 22, 2017.
Custody Rule Violations
Subject to limited exceptions, rule 206(4)-2(a)(4) under the Adviser’s Act makes it illegal for a registered investment adviser to have custody of client funds or securities unless the adviser obtains an annual surprise examination of those funds and securities from an independent public accountant. Although a compliance consultant hired by Southwind had advised the Firm regarding the custody rule as early as August 2011, the Firm did not retain an independent public accountant to conduct a surprise examination until August 2012 and such accountant never actually conducted any surprise examination for the Adviser. In fact, no surprise examination occurred until after the commencement of the 2013 OCIE examination, where after Southwind re-assumed noncompliant custody of client funds–even as Southwind’s response to the OCIE’s 2013 deficiency letter promised that “going forward, any account of which Southwind could be deemed to have custody will be audited by a qualified independent firm,” the Adviser again failed to obtain the required surprise examination for the year 2014.
As exception to the general custody rule, rule 206(4)-2(b)(4) provides that an adviser “shall be deemed to have complied with” the surprise examination provision if, among other things, the client at issue constitutes a pooled investment vehicle subject to audit and such pooled investment vehicle distributes its audited financial statements to all beneficial owners within 120 days of its fiscal-year end (or to investors in a fund-of-funds within 180 days). Southwind’s compliance manual had noted the elements of the custody exception and Southwind’s compliance consultant had warned Southwind of the rule’s requirements following its 2011 initial review. However, Southwind did not ensure that its private fund clients timely distributed audited financial statements, and thus the Adivser still failed to comply with the custody rule as applied to the pooled investment vehicles it advised.
Books and Records and WSP Rule Violations
Rule 204(a) under the Advisers Act sets forth categories of books and records that an investment adviser “shall make and keep true, accurate and current,” which includes, among other categories, certain written communications. Additionally, Rule 204-2(g)(3) provides that firms should establish procedures to “maintain and preserve [client] records, so as to reasonably safeguard them from loss, alteration or destruction” and “limit access to the records to properly authorized personnel and the [Securities Exchange] Commission.” Despite numerous warnings and incidents, Southwind did not establish procedures relating to its maintenance and preservation of records on electronic storage media until May 2012 and did not establish procedures relating to safeguarding client records and information until May 2016.
Southwind’s record retention proble began to snowball in late 2011 when a third-party IT service provider discovered (and informed Southwind President, Scott Villafranco) that an internal IT specialist previously employed by Southwind had, in the absence of any written policies/pocedures to the contrary, forwarded all of the Firm’s sent and received electronic communications to a “gmail” email account. Following its initial 2011 review, Southwind’s compliance consultant specifically advised Southwind to “investigate if [it] is able to retrieve emails transmitted” during the relevant time period. Although a February 2012 status update produced by Southwind’s compliance consultant indicated that Southwind CCO, Anthony LaPeruta, had investigated and stated that he was able to retrieve the emails, Southwind had not in fact been able to access the Gmail account. Moreover, although LaPeruta had allegedly used tape drives to back-up electronic communications, he was unable to locate such data back-ups. During the 2013 exam, OCIE staff requested certain electronic communications, and LaPeruta in turn produced data with conspicuous gaps.
Due to the actions of Southwind’s internal IT specialist and Southwind’s repeated failures to take any remedial actions, the Adviser not only failed to establish adequate written policies/procedures but also failed to maintain the required books and records.
Compliance Lessons Learned
Perhaps the most striking element of the Southwind case is the firm’s repeated failure to cooperate with its own compliance professionals and repeated failures to take any remedial action in light of clear systemic failures. Retaining a competent consulting firm to assist with your compliance program is a great first step toward compliance, especially if your firm has already experienced compliance incidents. However, the best time to hire a consultant is always before a compliance issue arises, and the partnership is most effective for those who work cooperatively with their consultants and truly strive to maintain a culture of compliance.
At Red Oak, we can identify areas of significant risk, help you establish written policies procedures that are compliant and effective, and manage your ongoing compliance program to ensure that you are prepared when the regulators come knocking. If you have any questions or concerns or would like us to assist you with your compliance program, please call 888.302.4594 or email us and we will be happy to assist.