CCO Resource Hub: OCIE Risk Alerts

Chief Compliance Officer Committee

EXAMS Risk Alerts

As discussed under EXAMS Document Requests, it is not uncommon for EXAMS to publish a Risk Alert following a targeted review conducted by EXAMS. EXAMS began publishing these Risk Alerts several years ago. They were published to respond to concerns raised by the ICI that the SEC lacked a vehicle to communicate with registrants regarding practices observed by EXAMS in conducting targeted reviews. The Risk Alerts address this concern by EXAMS detailing in these publications observations from the EXAMS staff regarding practices EXAMS has observed in conducting inspections, which appear to be more effective or less effective than others. EXAMS stresses the fact that the information in these Risk Alerts is not intended to be read as imposing any compliance obligations on registrants. Instead, they are intended as a resource to registrants to assist them in their own compliance efforts.

Typically, these Risk Alerts are published following some, but not all, targeted reviews. EXAMS has also published Risk Alerts in advance of conducting a targeted inspection (e.g., cybersecurity) to alert registrants to the type of information it expects to review in conducting an inspection. It does so in hopes that, for those registrants that are not visited as part of the targeted inspection, they can review their own compliance policies and procedures and determine how they might measure up were EXAMS to inspect the firm. As noted in the Risk Alerts:

This Risk Alert is intended to highlight for firms risks and issues that the staff has identified. In addition, this Risk Alert describes factors that firms may consider to (i) assess their supervisory, compliance and/or other risk management systems related to these risks, and (ii) make any changes, as may be appropriate, to address or strengthen such systems. These factors are not exhaustive, nor will they constitute a safe harbor. Other factors besides those described in this Risk Alert may be appropriate to consider, and some of the factors may not be applicable to a particular firm’s business. While some of the factors discussed in this Risk Alert reflect existing regulatory requirements, they are not intended to alter such requirements. Moreover, future changes in laws or regulations may supersede some of the factors or issues raised here. The adequacy of supervisory, compliance and other risk management systems can be determined only with reference to the profile of each specific firm and other facts and circumstances.

The Risk Alerts published by EXAMS relevant to ICI’s members include the following:

• Risk Alert: Registered Investment Companies: Review of Certain Core Focus Areas and Associated Documents Requested? (November 20, 2024)
• Risk Alert: Investment Adviser Examinations: Assessing Risks, Scoping Examinations, and Requesting Documents (September 6, 2023)
• Risk Alert: Select COVID-19 Compliance Risks and Considerations for Broker-Dealers and Investment Advisers (August 12, 2020)
• Risk Alert: Cybersecurity: Ransomware Alert (July 10, 2020)
• Risk Alert: Observations from Examinations of Investment Advisers Managing Private Funds (June 23, 2020)
• Risk Alert: Examination Initiative: LIBOR Transition Preparedness (June 18, 2020)
• Risk Alert: Examinations that Focus on Compliance with Regulation Best Interest (April 7, 2020)
• Risk Alert: Examinations that Focus on Compliance with Form CRS (April 7, 2020)
• Risk Alert: Top Compliance Topics Observed in Examinations of Investment Companies and Observations from Money Market Fund and Target Date Fund Initiatives (November 7, 2019)
• Risk Alert: Investment Adviser Principal and Agency Cross Trading Compliance Issues (September 4, 2019)
• Risk Alert: Observations from Examinations of Investment Advisers: Compliance, Supervision, and Disclosure of Conflicts of Interest (July 23, 2019)
• Risk Alert: Safeguarding Customer Records and Information in Network Storage - Use of Third Party Security Features (May 23, 2019)
• Risk Alert: Investment Adviser and Broker-Dealer Compliance Issues Related to Regulation S-P - Privacy Notices and Safeguard Policies (April 16, 2019)
• Risk Alert: Transfer Agent Safeguarding of Funds and Securities (February 13, 2019)
• Observations from Investment Adviser Examinations Relating to Electronic Messaging (December 2018)
• Risk-Based Examination Initiatives Focused on Registered Investment Companies (November 2018)
• Investment Adviser Compliance Issues Related to the Cash Solicitation Rule (October 2018)
• Most Frequent Best Execution Issues Cited in Adviser Exams (July 2018)
• Most Frequent Advisory Fee and Expense Compliance Issues Identified in Examinations of Investment Advisers (April 2018)
• Observations from Cybersecurity Examinations (August 2017)
• Cybersecurity: Ransomware Alert (May 2017)
• The Five Most Frequent Compliance Topics Identified in OCIE Examinations of Investment Advisers (February 2017)  
• Multi-Branch Adviser Initiative (December 2016)
• Examining Whistleblower Rule Compliance (October 2016)
• Examinations of Supervision Practices at Registered Investment Advisers (September 2016)
• OCIE’s 2016 Share Class Initiative (July 2016)
• Examinations of Advisers and Funds That Outsource Their Chief Compliance Officers (November 2015)

The documentation provided by ICI that may be accessed by the CCO Committee members is restricted to members’ use only and not for distribution or reproduction. Documentation may be used internally at member organizations as needed.