The SEC has reached a settlement with an RIA specializing in retirement advice that failed to conduct mandatory compliance reviews for a more than four-year span while it was registered with the commission.
Under the agreement, Dupree Financial Group, based in Lexington, Kentucky, has accepted a censure for its compliance lapses and agreed to pay a $25,000 fine while also explicitly committing to avoid repeat violations of the relevant provisions of the Investment Advisers Act.
Tom Dupree, the firm's founder and a 38-year veteran of the investment industry, acknowledges that the compliance program did not meet the exact contours of the SEC's rule, but insists that he has worked hard to instill a strong culture of compliance at the fee-only advisory shop, which manages about $156 million in assets for about 600 clients.
"I knew that compliance was a real deal," Dupree says.
Quote"We were simply unaware of a certain requirement. It's that simple" – Tom Dupree
"I made every effort to comply with everything that I felt I needed to comply with. One of the things that didn't happen is we didn't do an annual compliance meeting the way they wanted it done and documented. We were doing everything else around compliance," he explains. "We were simply unaware of a certain requirement. It's that simple."
The trouble started for the firm when staff from the SEC's Office of Compliance Inspections and Examinations dropped in for a routine exam in 2014 (Dupree says it was October; the SEC says August). In the course of the review, the examiners discovered that Dupree Financial Group had never conducted the annual compliance review that is required under Rule 206(4)-7.
That regulation, which the SEC adopted in December 2003, requires every registered adviser "to adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws, review those policies and procedures annually for their adequacy and the effectiveness of their implementation, and designate a chief compliance officer to be responsible for administering the policies and procedures."
OCIE also discovered that Dupree Financial, which had engaged outside compliance consultants since it registered with the commission in 2010, had policies and procedures on the books that, in fact, stipulated that it would conduct the annual compliance reviews.
Dupree says he hired two "compliance-in-a-box type firms" to help establish internal policies to ensure that his practice satisfied the SEC's regulatory requirements. He does not give those compliance consultants a glowing review.
"It was almost useless. They were not helpful," Dupree says. “They helped us write a compliance manual, but it was a generic thing. I could have gotten it off the internet."
Still, the compliance manual was in place, so when the examiners discovered that no compliance reviews had taken place, they referred the matter to the enforcement division, which eventually concluded that the firm had violated both the SEC rule and its own stated policies.
LONG AND WINDING PROCESS
For several months following the initial exam, Dupree didn't hear anything from the SEC. Then late on a Friday afternoon in April, Dupree says that his firm got a call from SEC enforcement staffers informing him that they were taking action on the compliance issues. Dupree describes the process as long and expensive and wonders if the matter might have been handled more painlessly had the examiners simply noted the need to conduct the formal compliance review in the post-exam deficiency letter.
Dupree says that he twice reached out to the SEC for guidance on compliance well before the OCIE exam, but got nowhere. "There is no handbook for how you do this correctly," he says.
A spokeswoman for the SEC did not immediately respond to a request for a comment on how advisers should approach the regulator for help with compliance.
In its order, the SEC notes that Dupree had been cooperative with investigators, and credits the firm for having taken remedial action to shore up its compliance program.
Part of that action included tapping a new chief compliance officer — Bill Ambrose, an experienced hand who had already been working with the firm as its chief financial officer and was "more familiar with the right kind of reports" that the regulators require, Dupree says.
"We had somebody doing this that did not have a compliance background," he says. "Now, that doesn't mean that we weren't doing compliance."
The SEC says that Dupree's new CCO has received additional compliance training and that the firm has enlisted another outside consultant to revamp its policies and procedures. Earlier this year, Dupree conducted the annual compliance review for 2015.
As a condition of the settlement, Dupree Financial Group neither accepts nor denies guilt in the case.