In recent comments, Julie M. Riewe, Co-Chief of the Asset Management Unit (“AMU”) within the Enforcement Division of the U.S. Securities and Exchange Commission (“SEC”), observed that registered investment company performance calculations and performance advertising were 2015 examination priorities for her division. Her remarks reiterate and emphasize the intense regulatory focus on investment performance today.
Government agencies such as Riewe’s have been investing substantially in developing more sophisticated technological tools to identify potential misconduct. To support their shift to risk-based targeting, regulators are asking for increasing amounts of data from investment companies to analyze with these tools for illegal acts or suspect accounting. Along with examining transactional data, regulators can now perform peer-to-peer comparisons of written disclosures. This allows them to focus sharply, as never before, on the information discussed in these disclosures and, more importantly, on the information not being discussed, which
helps identify irregularities. Such anomalies do not automatically suggest wrongdoing or identify fraud. They can, however, point to something amiss before an investor calls in a tip. Given this increased scrutiny via technology, even organizations that are not bad actors but simply have strong performance have a greater chance of being flagged as higher risk and as such undergoing an examination.
During these exams, the regulators’ focus on investment performance can range from a high-level touch to a very detailed, granular historical dive. Some recent SEC information requests in this regard have included, but not been limited to, the following:
- Monthly and quarterly portfolio performance returns, as well as comparable benchmarks and peer group returns
- Adviser balance sheet, trial balance, general ledger, cash receipts and disbursements journal, income statement, and cash flow statements as of the end of the most recent fiscal year and the most current year to date
- Pitch books, one-on-one presentations, pamphlets, brochures, and other marketing materials
- Strategy or composite performance, including strategy description and investment objectives, inception dates, and account minimums
- A list of accounts not included in composites that represent an aggregate of portfolios managed according to a similar strategy
- Copies of responses to requests for proposals and due diligence questionnaires
Regulators’ specific documentation requests depend on multiple factors. These might include what initially flagged the organization as a risk, aberrant investment performance returns, the complexity of strategies, and even the examiners’ experience level. In this environment, firms should take every precaution and be prepared for the highest scrutiny. The information on and suggestions regarding performance that follow require thoughtful consideration so that a firm is well prepared to stand up to the scrutiny of an examination.
Investment performance can and often does score high on an organization’s inherent risk matrix. For this reason, it is critical for firms to have strong control environments in place for their investment performance generation and dissemination. Such controls may vary depending on whether data is provided through vendors or processed internally. Firms should address both instances. Regardless of its source, organizations must ensure that data used to generate performance is pertinent, accurate, and readily accessible. Initiating and maintaining stringent controls to this end can mitigate risks related to investment performance generation.
While getting investment performance numbers right is critical, what is even more crucial with regard to examinations is how performance is communicated internally and externally. This area may be the most highly scrutinized one during regulatory exams. One of the SEC’s ultimate missions is protecting investors,
and the Commission recognizes that investors gain information on products and sometimes make decisions based on an organization’s marketing and advertisement materials. It therefore strives to ensure that information is disseminated accurately and consistently. This means that, regardless of who receives and uses the information, in all cases it must contain sufficient and appropriate disclosures and be presented consistently with regard to the particular strategy that is being discussed.
For example, for a specific strategy, a firm must make sure that the returns and disclosures used by marketing teams are consistent with the returns and disclosures used by affiliates or consultants or loaded into consultant databases. In other words, the same story should be consistently told across all distribution channels. This does not mean an organization cannot report information differently to different users. It does mean, though, that whenever the same information is being presented, that information must be consistent. Having a control mechanism in place to make sure information is being communicated consistently may help firms avoid deficiencies such as this example from an actual deficiency letter (sanitized for privacy purposes):
“The examination also revealed that performance returns presented in the marketing materials were inconsistent. Specifically, Adviser reported the 20x1 net performance return as 10.76% for ABC in the Fact Sheet and 10.97% in the Presentation Materials.”
Equally important as having controls is testing them to ensure they are designed appropriately and operate effectively. Periodic testing of the controls in place for performance generation data sources can reduce risk. These tests should be performed on a schedule that takes an organization’s complexity into account. For example, a more complex organization might test its controls monthly or quarterly whereas a less complex firm might test on a semi-annual basis.
Questions firms should consider when reviewing their investment performance control environment could include the following:
- Has there been an ownership or process change, team turnover, or a decentralization of oversight?
- Are manual performance checks done to ensure the calculation methodologies documented yield appropriate returns?
- Are the appropriate fields checked within the performance measurement system to reflect documented policies and procedures?
- Are these processes documented and owned by designated individuals within the organization?
Policies and Procedures
Once firms determine that the data they use to generate performance is reliable, the next, equally important step is to ensure their performance calculation methodologies are appropriate and conform to industry leading practices. There are varying ways of calculating performance that can generate significantly different results. For example, firms have numerous options for presenting performance for a fund that has multiple share classes and fee structures. This has been a regulatory focus, as has the manner in which private equity firms calculate net IRR for their funds. Methodologies that fall out of line with industry leading practices can be red flags for regulators. Again, it is important to have controls in place to ensure the methodologies used are sound and applied consistently.
In addition, these methodologies should be documented appropriately in internal policies and procedures manuals and in the disclosures accompanying any disseminated performance materials. Firms’ policies and procedures sometimes fail in how accurately they reflect actual practices. It is important to have robust documented policies and procedures, but it is critical for these policies and procedures to depict the actual day-to-day activities. Performance policies and procedures are a likely starting point for examiners. If the documentation does not reflect actual practices, the examiners will likely dig deeper and deficiency citations could result.
Regarding policies and procedures, organizations should ask the following questions:
- Is there robust documentation that contains all policies and procedures used to calculate and disseminate investment performance?
- Do the policies and procedures reflect actual day-to-day activities?
- Have any changes occurred that require documented policies and procedures to be updated?
- Is there a regular review process in place for all investment performance policies and procedures?
- Can the complete policies and procedures documentation and all relevant attachments be retrieved in a timely manner?
Books and Records
At times, regulators choose to delve deeper into investment performance. In such cases, data retrieval can often be problematic for firms that do not review data accessibility regularly, particularly with regard to historical periods. Regulations require firms to have books and records that substantiate any performance that is marketed. If a firm markets performance at a strategy level through composites, regardless of whether it claims compliance with the Global Investment Performance Standards (GIPS®), all portfolio-level data that makes up the strategy must be maintained as far back as the performance being presented. Depending on which regulatory body governs a firm, the requirement can extend for an additional five years after the last use of that performance. For example, if a firm has a strategy level performance track record that begins on January 1, 1999, and that strategy terminated on December 31, 2010, it would have to maintain books and records for every portfolio in that strategy from January 1, 1999, through December 31, 2015. These books and records would include but not be limited to holdings level data, pricing, transactions, fees and expenses, contracts, and any other data needed to support information in the presentation. Maintaining access to that data can be a daunting task, especially if system conversions have occurred. Employee turnover can also contribute to the challenge of retrieving this information, especially if past policies and procedures were not documented appropriately.
In the area of books and records related to performance, firms should ask questions such as these:
- Can we access data back to inception?
- What types of data have we maintained?
- Do we have access to systems no longer in use by the organization?
- Do those system vendors still exist and, if so, will they still provide support in accessing data?
- Have historical policies and procedures for calculating performance, aggregating performance into strategy-level performance or composites, and disseminating performance been documented?
- Do we have a control in place to understand how performance was used throughout the organization over time?
- Who is responsible for ensuring books and records exist?
- Has any testing been done to verify that the books and records available actually support marketed performance?
- How quickly can we produce such records if they are requested?
As part of creating and sustaining a strong performance control environment, firms should, at a minimum, address all the questions listed above and then revisit them regularly.
Organizations that seek confidence in their investment performance should be constantly asking this question: “How would we stand up to regulatory scrutiny of our investment performance process?” The investment performance risk areas covered in this article have been provided to assist firms in assessing their current
strengths and weaknesses in this area and determining what additional efforts are necessary to support their investment performance process adequately. Taking a proactive approach to performance will ease the burden and operational disruption that can occur during regulatory examinations.
Specifically, firms should test their books and records. They should answer the questions noted above and take any preventive actions dictated by the answers. They should take a fresh look at their performance policies and procedures. If these cannot stand on their own as a clear depiction of the current investment
performance process, they should be revised accordingly. Finally, firms should also examine their internal audit programs to ensure they provide testing that effectively determines whether performance-related risks are being adequately addressed.
In conjunction with their internal resources, organizations should consider using an independent third-party consultant to develop robust testing in support of a strong internal control environment surrounding the investment performance process. Advanced preparation can serve as a great tool for mitigating regulatory risk.