SEC Focuses on MNPI and Code of Ethics Issues


The SEC issued the Risk Alert Investment Adviser MNPI Compliance Issues to provide investment advisers, investors, and other market participants with information concerning notable deficiencies that the the Division of Examinations (“EXAMS”) has cited related to material non-public information (MNPI) and Code of Ethics Issues.

Watch the on-demand webinar Taking the Broad View: Better Risk and Compliance Through Holistic Oversight featuring Mitch Avnet from Compliance Risk Concepts and Richard Pike from MCO

Section 204A of the Investment Advisers Act requires investment advisers to establish, maintain, and enforce written policies and procedures that are reasonably designed to prevent the misuse of MNPI by the adviser or any person associated with the adviser. Deficiencies and weaknesses associated with Section 204A observed by EXAMS staff and outlined in the alert include:

How firms handle MNPI issues around alternative data.  As defined in the Alert, alternative data refers to information used in financial analysis beyond traditional financial statements, company filings, and press releases. Examples of alternative data include information gleaned from satellite and drone imagery of crop fields and retailers’ parking lots, analyses of aggregate credit card transactions, social media and internet search data, geolocation data from consumers’ mobile phones, and email data obtained from apps and tools that consumers may utilize.

Deficiencies include failure to adopt or implement reasonably designed written policies and procedures to address the potential risk of receipt and use of MNPI through alternative data sources, failure to adequately memorialize diligence processes around alternative data or follow them consistently and lack of policies and procedures regarding the assessment of the terms, conditions, or legal obligations related to the collection or provision of alternative data, including when advisers became aware of red flags.

MNPI Remains a High Risk Area for Compliance

Firms lacking policies and procedures regarding MNPI risks posed by “value-add investors”. The Alert defines “Value-add investors” as clients or fund investors that are corporate executives or financial professional investors who may have MNPI.

Examiners found firms failed to implement adequate policies and procedures regarding investors or key persons who are more likely to possess MNPI, including officers or directors at a public company, principals or portfolio managers at asset management firms, and investment bankers. The Alert also noted firms that failed to correctly identify all of their value-add investors or correctly identify and track their relationships with potential sources of MNPI.

Inadequate policies and procedures related to expert network consultants who may be related to publicly traded companies or have access to MNPI. EXAMS staff observed advisers that did not implement adequate policies and procedures regarding their discussions with expert network consultants who may be related to publicly traded companies or have access to MNPI, including failure to track and log calls, to review detailed notes from calls, or to review relevant trading activity of supervised persons in the securities of publicly traded companies that are in similar industries as those discussed during calls.

The alert noted that deficiencies were also found related to Code of Ethics issues. The Code of Ethics Rule within Section 204A requires registered investment advisers to adopt a “code of ethics” that clearly explains the standards of business conduct expected from the adviser’s “supervised persons” (e.g., employees, officers, partners, directors and other persons who provide advice on behalf of the adviser and are subject to the adviser’s supervision and control). “The Code of Ethics Rule requires certain supervised persons, called “access persons,” to report their personal securities transactions and holdings to the adviser’s chief compliance officer (“CCO”) or other designated persons.” Deficiencies associated with the Code of Ethics Rule identified by EXAMS staff included:

Identification of access persons. EXAMS staff observed firms with adviser codes that did not properly define access person and advisers that did not identify and supervise certain employees as access persons in accordance with the Code of Ethics Rule.

Access persons did not obtain required pre-approval for certain investments. The Alert notes firms that did not include a provision in their codes requiring access persons to obtain pre-approval before directly or indirectly acquiring any interests in an initial public offering or limited offering and adviser access persons that purchased beneficial ownership in initial public offerings and limited offerings without securing the required pre-approval.

What are the compliance challenges firms need to tackle to avoid reputational damage?

Deficiencies related to the required reporting of access persons’ personal securities transactions and holdings. Examiners found lack of evidence of supervisory review of holdings and transaction reports and late, incomplete or missing submissions. EXAMS staff also observed codes that did not require access persons to include required content and reports in which access persons did not include their investments in private placements.

Written acknowledgement of receipt of the code and any amendments. EXAMS staff observed instances where supervised persons were not provided with a copy of the code or did not provide written acknowledgement of their receipt of the code. Examiners also cited instances where the code did not contain provisions to reflect the written acknowledgment requirement of Rule 204A-1(a)(5).

The Risk Alert encourages advisers to review their practices, policies, and procedures in this area and to ensure they are in compliance with provisions of the Advisers Act and its rules. During the recent webinar  Minimizing the Risk of CCO Liability, Scott Noah touched on the fact that having solid written policies amd procedures is important, but just having those policies and procedures is not enough. If a policy and procedure exists, regulators expect it to be followed, and they expect to see proof of compliance.

Managing your MNPI and insider risk information matters in a couple of ways. First, it's about compliance. Regulators require companies to record material non-public information—and the people who know about it. And second, it's about control. Having an accurate record of MNPI and insider knowledge means you can effectively manage the spread of sensitive information.

MCO's Insider & MNPI Management solution is purpose-built for recording critical details such as: 

  • Details of your MNPI  
  • Identities of insiders who have had access to the information 
  • Dates/times of planned information sharing  

If you'd like to learn more about how MyComplianceOffice helps firms manage MNPI and Code of Ethics issues across the organization, contact us today for a demo.