That is what hedge fund managers should be thinking about the US regulatory agency, warn legal experts. “A little paranoia will go a long way to ensuring they are prepared for a grueling round of exams this year,” says Ron Geffner, a partner with the law firm of Sadis & Goldberg in New York.
The SEC’s new Office of Risk and Strategy under its Office of Compliance Inspections and Examinations will help the regulatory agency customize examination of hedge managers depending on their size and investment strategy. With the addition of private fund managers to the roster of investment advisers registered with the SEC, the amount of data coming into the agency has grown exponentially. The SEC is using an updated risk-based filtering approach to determine which fund managers are rich territory for serious operational errors and fraud.
Newly registered hedge fund managers have just as much to worry about as those which have already experienced an SEC exam. “The SEC is continuing its aggressive enforcement of the investment advisory industry. It is taking compliance seriously with more frequent and rigorous exams,” says Mark Kornfeld, a partner with the law firm of BakerHostetler in New York. About thirty percent of private fund managers who registered with the SEC last year were examined. The agency brought 800 enforcement actions resulting in $4.2 billion in penalties.
Fortunately, the SEC has already provided private fund managers hints over what they will focus on this year. Based on what the regulatory agency has suggested in examination alerts and public statements, as well as interviews with attorneys and hedge fund compliance managers, FinOps Report has come up with five hot-button categories.
1. Cybersecurity Risk
Hedge fund managers control significant amounts of money not to mention holding sensitive personal information on the fund’s underlying investors. The intellectual property of the fund is also highly valuable, which makes it attractive to cyberhackers looking for top-drawer information about investment strategies.
When the SEC comes calling, “a combination of technology and the right policies and procedures is required to show how networks and information are being protected,” says James Van Horn, co-managing partner with Hirschler Fleischer in Richmond, Virginia. A hedge fund manager is unlikely to know when a breach has occurred, unless it has a detection solution in place. A manual of policies and procedures will direct staffers on what to do if a breach occurs. As is the case with any crime, the timeliness of the response is extremely important. The faster a hedge fund manager can respond to a breach, the faster the extent can be determined and the damage mitigated.
2. Fees and Expenses
When it comes to explaining what investors are really paying for, the SEC is looking for clarity in communications. Investors should know what the manager is earning in the form of management fees and performance allocation, as well as its expenses. Those include what the manager is paying third-party service providers — such as fund administrators, prime brokers, or other vendors. The reason: investment decisions are often based on understanding a fund’s actual costs.
“It sounds logical that the more information the hedge fund manager provides, the happier the SEC will be. Hence. overkill is a common solution,” says Geffner, who also serves on the Hedge Fund Association’s regulatory and government committee. However, he cautions that providing too many details can be counter-productive. “If the expense provisions of offering documents are overly inclusive, investors may not be able to discern which fees are actually charged versus which fees may be charged,” notes Geffner.
It’s up to the hedge fund manager to strike the right balance. “We spend countless hours fussing over the disclosure of our fees and expenses,” says one compliance manager at a hedge fund shop. “No matter what we do, we expect we’ll be second-guessed by the SEC.”
Size aside, not all hedge funds are created equal. Those which invest in exchange-traded instruments can more easily their assets than those which invest in asset-backed, mortgage-backed and other so-called exotic financial instruments. Fair-value accounting practice calls for the hedge fund manager to have a pricing model, methodology and data inputs in place for each asset class. “A lot of hedge fund managers investing in illiquid assets are hesitant to reveal their their valuation models. They believe they are proprietary and part of their secret sauce, but the SEC wants transparency,” says Van Horn, who is also a member of the HFA’s regulatory and government committee.
Consistency and cooperation also count. The valuation policies must be established by an internal valuation committee and reviewed on a quarterly basis with administrators, third-party valuation experts, and internal staff. The manager shouldn’t rely solely on its trading desk, portfolio manager or even executing broker-dealers for validation because each has a vested interest in the ultimate decision.
4. Inconsistent Disclosures
There is nothing more likely to raise a red flag with the SEC than finding discrepancies in facts, figures and procedures provided on Form ADV, compliance manuals, investor due diligence questionnaires and marketing materials. An examiner’s impression may be that one or all of the documents are incorrect or intentionally misleading.
“The most common inconsistencies are differences in value of assets under management, performance figures, and compliance policies and procedures,” says Douglas MacLean, founder of Armor Compliance in Boston. Those differences can open a pandora’s box of further questions and, worst case, lead to a deficiency letter describing just what the hedge fund did wrong and how quickly the error must be fixed.
5, Outsourced Compliance
It is common practice for hedge fund managers to outsource middle and back-office functions to prime brokers, fund administrators, and custodians. However, that doesn’t mean they can set it and forget it, warns van Horn. The SEC expects managers to keep tabs on all of their service providers to ensure they are up to snuff with the terms of their contracts.
Such due diligence applies particularly to compliance functions, which the SEC recently highlighted as an area ripe for error. External compliance managers may not have enough information about the firm and be operating in the blind, says the regulatory agency in a risk alert published in November 2015. The alert recommended that investment advisers which have outsourced the CCO role review their compliance procedures.
“The SEC’s concern is valid, but hedge fund managers shouldn’t jump the gun and conclude they must never outsource their compliance duties,” says van Horn. “It only means they have to be extra careful in ensuring ongoing communications and oversight.” Outsourced compliance can be cost-effective for smaller managers who don’t have in-house expertise or deep enough pockets to hire a dedicated employee.
What about delegating the responsibilities of the chief compliance officer to an internal executive such as the chief investment officer or portfolio manager? MacLean recommends caution. “Hedge fund managers don’t want the SEC thinking there could be a potential conflict of interest,” he says. “Such could be the case if the CIO or portfolio manager also has an equity stake in the firm.” Of the five hedge fund management firms contacted by FInOps Report, three rely on a dedicated CCO, one oursources the functions to a third-party consultancy and the other has added the CCO role to the duties of its chief financial officer. Those two outsourcers were startup hedge funds that just registered with the SEC.
For hedge fund managers who have well-defined and tested policies and procedures for all of the critical operating areas, the SEC’s exam process shouldn’t be that cumbersome. Still, that doesn’t mean they shouldn’t bother to prepare for the SEC’s questions. An examiner will likely be paying close attention to the level of granular details in responses to questions, determining whether the chief compliance officer really understand the firm’s policies and procedures or is just reciting them verbatim. “One common mistake is to give an SEC examiner incomplete responses showing a lack of understanding of responsibilities,” says Kornfeld. “Another is to make an SEC examiner wait too long for responses to questions posed multiple times.” His advice: the better hedge fund managers are in communicating the right narrative, the less risk they will face in regulatory action such as disgorgement, suspension or fine.
One definite faux pas for hedge fund managers is to manufacture answers and paperwork, cautions Geffner. “If the hedge fund manager doesn’t know the answer, it shouldn’t guess or lie. If it doesn’t have the documents requested, it should not create documents after the fact.” It isn’t just the lies or obfuscation that bothers the regulator, it what it implies about other behavior. “If the manager lies and the SEC finds out, it will assume it is doing the same with its investors,” says van Horn.
Even the most prepared hedge fund manager should expect less-than-perfect scores from the SEC. After an exam, virtually every investment adviser receives a deficiency letter citing holes in its compliance program The key, says Van Horn, is to limit the deficiencies to technical and easily remedied problems. All of the hedge fund management firms that spoke with FinOps reported that they are doing their best to evaluate and test all of their policies and procedures before they face an SEC examiner. “We’re going through a top-to-bottom review and hoping we catch and correct any shortcomings first,” says one hedge fund compliance manager.
Hedge fund managers that imagine that compliance is simply an add-on function to be addressed right before an exam are the ones most likely feel the brunt of the SEC examiner’s displeasure, say legal experts. A letter of deficiency may be the least of its worries. The SEC might find the mistakes egregious enough to fine not only the fund manager. but also its chief compliance officer and executive officers. Being barred from the financial services industry either temporarily or on a permanent basis is also a possibility.
Final words of advice to hedge fund managers: “Don’t wait until the SEC comes knocking at your door,” urges Geffner. “If you believe in preventative medicine when it comes to your personal health, do it for the health of your business.”