Alert May 22, 2012

OCIE Director Discusses Examination Approach and Highlights Compliance and Risk Management Issues for Newly-Registered Private Fund Advisers

The Director of the SEC’s Office of Compliance Inspections and Examinations, Carlo V. di Florio, spoke at the May 2012 Private Equity International Private Fund Compliance Forum. His speech examined issues relating to plans for OCIE’s National Exam Program (“NEP”) to conduct risk-based examinations of newly-registered private fund investment advisers. Mr. di Florio discussed various topics of interest to newly-registered advisers, including (1) NEP’s examination strategy, (2) compliance obligations, (3) conflicts of interest, (4) risk management and (5) the internal audit function. This articles provides an overview of Mr. di Florio’s remarks on those topics.

Examination Strategy.  Mr. di Florio discussed NEP’s preparation for the additional examination burdens associated with the arrival of investment advisers to private funds that were required to register with the SEC in light of changes to the investment adviser registration requirements made by the Dodd-Frank Act. He outlined “a three-fold strategy” involving an initial phase of industry outreach and education, in which NEP would share its expectations and perceptions of the highest-risk areas, followed by “coordinated examinations of a significant percentage of new registrants, focusing on highest risk areas of their business.” The plan would culminate in the publication of “a series of ‘after-action’ reports on the broad issues, risks and themes identified.”

Mr. di Florio outlined the following areas of likely inquiry in an NEP examination of a private equity fund adviser:

  • Tone at the Top - What is the overall attitude of management towards the examination process, its compliance obligations, and towards risk management generally, compared to its peers? Mr. di Florio emphasized that, as part of NEP’s exam process, the examination staff intends to engage in an active dialogue with senior management personnel in part to assess whether a firm’s chief compliance officer enjoys sufficient authority and support within the firm.
  • Product Line - Does the firm have a complicated set of diverse products? If so, how does the firm resolve inter-product conflicts, such as when products may invest in different parts of a portfolio company’s capital structure or compete with each other for deal allocation?
  • Fund Strategies and Portfolio Company Relationships - What strategies do the firm’s funds pursue? Do the funds control their portfolio companies or hold only minority positions? Do fund strategies entail investing with other firms or on their own? Do fund strategies make general sense? Are fund investments in easily understandable companies?
  • Stages of the Fund Life Cycle - Where are funds in their life cycle? For a fund approaching the end of its life, in the case of an adviser looking to raise additional capital, the focus will be on claims about a fund’s track record and valuation, while in the case of an adviser who is unlikely to raise additional capital, the focus may be on risks related to fees, expenses and liquidity. For a fund at the beginning of its life cycle, deal allocations between investment vehicles, or other types of possible favoritism may receive greater attention.
  • Compliance Program Elements - How sophisticated and reliable are a fund’s compliance processes? Is the valuation process robust, fair and transparent? Are there strong processes for compliance with the fund’s agreements and formation documents? Are compliance and other key risk management and back office functions sufficiently staffed? What is the quality of investor communications? What is the quality of processes to ensure conflict resolution in disputes with or among investors?
  • Disclosures - How clear are investor disclosures around ancillary fees (particularly those charged to portfolio companies), management fee offsets and allocation of expenses? Are the processes to ensure compliance with those disclosures robust?

Mr. di Florio observed that OCIE’s prior experience has been that private fund advisers were slightly more likely to have significant findings, be cited for a deficiency, or have findings referred to the SEC’s Enforcement Division than registered advisers without private fund clients. He speculated that this trend may have been, in part, attributable to the fact that many of the private fund advisers examined in the past, like many of the private fund advisers who registered following the enactment of the Dodd-Frank Act, might not have the same level of compliance systems and controls as advisers with longer experience as regulated entities.

Compliance Obligations. Mr. di Florio highlighted certain of the specific compliance obligations of registered advisers. First, he explained that the “compliance rule” (Rule 206(4)-7) under the Investment Advisers Act (the “IAA”) requires that registered investment advisers adopt and implement written policies and procedures, conduct an annual review of the adequacy of such policies and procedures and designate a chief compliance officer who is responsible for implementing the policies and procedures. He also discussed certain requirements as to maintaining books and records, updating Form ADV, maintaining a code of ethics and complying with the IAA’s advertising requirements. With respect to the “advertising rule” (Rule 206(4)-1 under the IAA), he explained that the “SEC staff has also indicated its view that, if you advertise performance data, the firm should disclose all material facts necessary to avoid any unwarranted inferences.” Mr. di Florio emphasized that “[a] firm should clearly disclose to clients the fees that it is earning in connection with managing investments as well as expense allocations between a firm and its client fund.” In this regard, he highlighted that a private fund adviser’s disclosure policies and procedures should include a provision addressing the allocation of fees and expenses.

Conflicts of Interest. Mr. di Florio discussed the importance of identifying and addressing any conflicts of interests and provided an approach for analyzing “conflicts in the context of the lifecycle of a private equity fund: The Fund-Raising Stage, the Investment Stage, the Management Stage and the Exit Stage.” He described the various circumstances and arrangements that may give rise to conflicts of interest at each stage, as follows:

  • Fund-Raising Stage: the use of third-party consultants such as placement agents, preferential terms in side-letters, and fund marketing, particularly where marketing materials make representations about returns on previous investments.
  • Investment Stage: acquisition of inside information, allocation of investment opportunities, and allocation of fees and expenses.

  • Management Stage: reporting to current or prospective investors on fund performance (in terms of the mention of successful portfolio companies relative to those that underperform). • Exit Stage: fund extensions, timing of liquidity events and valuation.

  • Mr. di Florio also discussed the importance of evaluating and managing any conflicts as a result of (1) a fund professional’s co-investment with firm clients and (2) a fund professional’s role at a fund portfolio company. He noted that while “there is nothing inherently wrong with either of these activities… [they] increase the risk of other conflicts that need to be managed.”

Mr. di Florio also cited a number of deficiencies related to conflicts of interest specifically identified by OCIE staff during recent examinations of private equity firms, as follows:

  • Allocation of expenses to its funds that should have been paid by the adviser; • Negotiating more favorable discounts on the adviser’s behalf than for its fund;
  • Favoritism to side-by-side funds and preferred separate accounts by shifting certain expenses to less favored funds;
  • Placing one or more of the funds into both the equity and debt of a company;
  • Failing to provide sufficiently robust disclosures regarding the ability of a portfolio company to hire a related party of the adviser to perform consulting or investment banking services;
  • Weak or nonexistent controls where the public and private sides of an adviser’s business hold meetings or telephone conversations regarding an issuer about which the private side has confidential information; and
  • Poor physical security during business hours over an adviser’s office space such that employees of unrelated financial firms that have offices in the same building could gain access to the adviser’s offices.

Risk Management. In addition to managing conflicts of interest, Mr. di Florio emphasized that firms should evaluate their risk management structures and processes by asking themselves the following types of questions:

  • Do the business units manage risks effectively at the fund levels in accordance with the tolerances and appetites set by the principals and by senior management of the organization?
  • Are the key control, compliance and risk management functions effectively integrated into the structure of the organization while still having the necessary independence, standing and authority to effectively identify, manage and mitigate risk?
  • Does the firm have an independent assurance process, whether through an internal audit department or a third party performing a comparable function by independently verifying the effectiveness of the firm’s compliance, control and risk management functions?
  • Do senior managers effectively exercise oversight of enterprise risk management?
  • Does the organization have the proper staffing and structure to adequately set its risk parameters, foster a culture of effective risk management, and oversee risk-based compensations systems and the risk profiles of the firm?

Mr. di Florio explained that another reason NEP engages with senior management in adviser examinations is to gauge the support and involvement of senior management in risk management. Mr. di Florio reviewed what he believes are the three critical lines of defense in an effective risk management program:

(1) The business is the first line of defense responsible for taking, managing and supervising risk effectively and in accordance with laws, regulations and the risk appetite set by the board and senior management.

(2) Key support functions, such as compliance and ethics or risk management, are the second line of defense, which need to have adequate resources, independence, standing and authority to implement effective programs and objectively monitor and escalate risk issues.

(3) Internal audit is the third line of defense, which provides independent verification and assurance that controls are in place and operating effectively.

Internal Audit Function. Mr. di Florio observed “that private equity firms have not traditionally had internal audit functions” and expressed hope that firms would further develop the internal audit function. Importantly, he added that “at firms that lack a robust internal audit function the NEP will place even greater weight on assurance that senior management and the firm’s principals are supporting each of the other two levels by reinforcing the tone at the top, driving a culture of compliance and ethics and ensuring effective implementation of risk management in key business processes, including strategic planning, capital allocation, performance management and compensation incentives.”