The SEC's RIA code of ethics rule, explained

All investment advisors are fiduciaries who owe a duty of care and loyalty to their clients.

In an ideal world, that would be the end of the story and the need for investment advisors to maintain a prescriptive code of ethics would be unnecessary. Unfortunately, the early 2000s were plagued by a variety of SEC enforcement actions that alleged fiduciary duty violations — primarily involving trading abuses by investment advisory personnel.

This is why we can't have nice things.

In response to such widespread abuses, in January 2004 the SEC proposed to require all SEC-registered investment advisors to adopt and enforce a written code of ethics applicable to its supervised persons. The proposal was adopted the same year and became effective as a final rule on August 31, 2004 (with a compliance date of Jan. 7, 2005).

In principle, the SEC's Investment Adviser Codes of Ethics Rule is fairly straightforward. It requires all SEC-registered investment advisors to establish, maintain and enforce a written code of ethics that, at a minimum, includes the following:

1. The standard(s) of business conduct required of supervised persons that reflects the advisory firm's fiduciary obligations and those of its supervised persons;
2. Provisions requiring supervised persons to comply with applicable federal securities laws;
3. Provisions requiring access persons to report their personal securities transactions and holdings for review by the chief compliance officer or other designated personnel;
4. Provisions requiring supervised persons to report code of ethics violations promptly to the chief compliance officer; and
5. Provisions requiring the advisory firm to provide its supervised persons with a copy of its code of ethics and any amendments thereto, and for such supervised persons to acknowledge receipt in writing.

In practice, however, the implementation of the Codes of Ethics Rule from a practical perspective is a bit more nuanced and requires a careful review of its defined terms and embedded cross-references to other rules. There are also a few SEC No-Action Letters that are worth highlighting due to the insight they shed into certain types of securities that may not necessarily be captured for personal securities account reporting purposes.

But first, let's unpackage the structure of the rule itself.

Rule structure and overview of components (other than personal securities transactions and holdings reporting)
The five requirements enumerated above represent the minimum components of an advisory firm's code of ethics.

Required components No. 1 (the standard of business conduct), No. 2 (compliance with applicable federal securities laws), No. 4 (reporting violations), and No. 5 (distribution and acknowledgment of receipt) are straightforward enough on their own, and the rule itself offers no further elaboration with respect to how an advisory firm is to comply with such requirements. Though elaboration on each of these components in the rule itself was deemed unnecessary, the rule's adopting release does add some additional color, at least with respect to certain such requirements. Component No. 3 (personal securities transactions and holdings reporting) constitutes the bulk of the rule and adopting release and is therefore discussed later, in its own dedicated section below.

Standard(s) of business conduct and compliance with applicable federal securities laws
Components No. 1 and No. 2 should be no-brainers, as such components require the memorialization of legal obligations and ethical standards that an advisory firm is subject to anyway. The SEC makes it very clear that describing the advisory firm's standard of business conduct (e.g., acting as a fiduciary) and mandating compliance with federal securities laws establishes only a minimum requirement, and that advisory firms are free to adopt higher standards (e.g., as set by professional or trade groups):

We urge advisors to take great care and thought in preparing their codes of ethics, which should be more than a compliance manual. Rather, a code of ethics should set out ideals for ethical conduct premised on fundamental principles of openness, integrity, honesty and trust. A good code of ethics should effectively convey to employees the value the advisory firm places on ethical conduct, and should challenge employees to live up not only to the letter of the law, but also to the ideals of the organization.

In other words, the introductory prose of a code of ethics should espouse the advisory firm's dedication to acting ethically and with integrity, acknowledge that it is bound to act pursuant to its fiduciary duties of care and loyalty to clients (as well as applicable federal securities laws)  and impose such expectations on its supervised persons.

Reporting violations 
To be clear, the requirement to report code of ethics violations is an internal reporting requirement that is imposed on an advisory firm's supervised persons to the chief compliance officer (CCO), or to some other person designated in the code of ethics, so long as the CCO also receives reports periodically of all violations: 

We caution advisors, however, that it is incumbent on them to create an environment that encourages and protects supervised persons who report violations. Advisors should consider how they can best prevent retaliation against someone who reports a violation; many advisors may choose to permit anonymous reporting, others may decide that retaliation constitutes a further violation of the code and still others may find other methods to ensure that concerned employees feel safe to speak freely.

Whistleblower retaliation is de facto prohibited, and advisory firms should contemplate a mechanism by which supervised persons can anonymously report code of ethics violations accordingly.

Distribution and acknowledgment of receipt
The requirement to distribute the code of ethics and all amendments to supervised persons and for such supervised persons to acknowledge their receipt in writing can either be included in the introductory prose or elsewhere in the code of ethics; the exact placement from a code of ethics formatting perspective is irrelevant.

Regulation and compliance

Advisors see hope for more stability in SEC's money market rules

July 13, 2023 3:43 PM

What is relevant, however, is that the advisory firm actually has a workflow to facilitate the distribution of the code of ethics to all supervised persons and to collect and maintain a record of such supervised persons' receipt. I generally recommend using an e-signature service like Dropbox Sign, an online form such as Google Forms or Jotform or — if captured and organized by a CRM — perhaps by email exchange. The specific workflow and technology used to facilitate distribution and acknowledgment of receipt are not particularly important so long as an advisory firm can easily produce (to SEC Division of Examinations staff) a record of when its code of ethics was distributed to supervised persons and what supervised persons acknowledged receipt and when.

Personal securities transactions and holdings reporting
The standard of business conduct, compliance with applicable federal securities laws, reporting violations, and distribution and acknowledgment of receipt components of the Codes of Ethics Rule are all addressed in short order in the rule itself and are relatively straightforward.

This leaves component No. 3, personal securities transactions & holdings reporting, as the lone remaining code of ethics component. This component alone commands the vast majority of the rule's word count and is where the nuances and complexities start to emerge. The fundamental concept of requiring certain individuals within an advisory firm to report their personal securities holdings and transactions to the CCO seems simple enough, but the devil is in the details or, more appropriately, in the definitions.

The three most important questions to answer when designing and implementing a compliant code of ethics are the following:

1. Who within the advisory firm is subject to reporting of their personal securities transactions and holdings;
2. What information do such individuals need to report with respect to their personal securities and holdings; and
3. When must they report such information?

In brief, the answers are (i) access persons, (ii) holdings reports and transaction reports and (iii) initially, quarterly, and then annually. To appreciate these answers more fully requires an understanding of a few defined terms in the Codes of Ethics Rule and the Investment Advisers Act of 1940.

Access persons
An "access person" is a "supervised person" (defined below) who meets at least one of the following two conditions:

1. Has access to nonpublic information regarding any clients' purchase or sale of securities, or nonpublic information regarding the portfolio holdings of any reportable fund (defined below); or
2. Who is involved in making securities recommendations to clients, or who has access to such recommendations that are nonpublic.

If an advisory firm's primary business is providing investment advice, all of its directors, officers, and partners are presumed to be access persons.

Regulation and compliance

SEC wins $1.5M judgment in case against imprisoned advisor

July 5, 2023 4:19 PM

The SEC added some additional color in the Codes of Ethics adopting release with respect to whom it expects will be swept within the definition of access person (and therefore subject to the reporting of their personal securities transactions and holdings):

Access persons will include portfolio management personnel and, in some organizations, client service representatives who communicate investment advice to clients. These employees have information about investment recommendations whose effect may not yet be felt in the marketplace; as such, they may be in a position to take advantage of their inside knowledge. Administrative, technical, and clerical personnel may also be access persons if their functions or duties give them access to nonpublic information. Organizations in which employees have broad responsibilities, and where information barriers are few, may see a larger percentage of their staff subject to the reporting requirements. In contrast, organizations that keep strict controls on sensitive information may have fewer access persons.

It is worth emphasizing that even employees who are not investment advisor representatives (IARs) of the advisory firm may be deemed access persons if they have access to client transaction information through, for example, a custodian's online platform, portfolio accounting software or other internal communication channels in which securities recommendations are discussed. Thus, depending on an advisory firm's information barriers and internal sharing of job responsibilities, an office manager, unregistered client service associate or even administrative professionals may be deemed access persons and required to report their personal securities transactions and holdings.

To be deemed an access person, however, an individual must first fit within the definition of a "supervised person" as noted above. For this definition, one must look to the Investment Advisers Act of 1940 itself, which defines a supervised person as "...any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee of an investment advisor, or other person who provides investment advice on behalf of the investment advisor and is subject to the supervision and control of the investment advisor."

This is an intentionally broad definition that encompasses all of an advisory firm's employees, but may exclude some independent contractors that do not render investment advice (please refer to this past blog article for a further discussion of access persons and supervised persons in the context of W2 employees versus 1099 independent contractors).

Assuming an individual meets the definition of access person (i.e., who is required to report personal securities transactions and holdings), let's next answer what such an access person must report pursuant to the Codes of Ethics Rule.

Holdings reports 
An access person is essentially required to submit two types of personal securities reports to the CCO officer of an advisory firm (or to the CCO's designee): holdings reports and transactions reports.

A holdings report is just that: a report of an access person's current securities holdings. The first such holdings report (commonly referred to as the initial holdings report) is to be submitted within 10 days of an individual first being deemed an access person, and the securities holdings reported therein must be current as of a date no more than 45 days prior to when the individual was first deemed an access person. Thereafter, a holdings report must be submitted at least once each 12-month period with the securities holdings reported therein current as of a date no more than 45 days prior to the date the report was submitted (commonly referred to as the annual holdings report).

Both initial and annual holdings reports must be dated as of the date the access person submits the report and include the following data points with respect to each reportable security (defined below) in which the access person has any direct or indirect beneficial ownership (defined below):

1. Title and type;
2. Exchange ticker symbol or CUSIP number (as applicable);
3. Number of shares; and
4. Principal amount.

Additionally, each holdings report must include the name of any broker, dealer or bank with which the access person maintains an account in which any securities are held for the access person's direct or indirect benefit.
Note, again, that the data points enumerated above only apply to securities in which the access person has direct or indirect beneficial ownership, and then only to those securities that are reportable securities.

Beneficial ownership of a security is generally conferred on an access person if the access person has a direct or indirect pecuniary interest in the securities (e.g., the opportunity to profit from a transaction in the securities.) Importantly, beneficial ownership is also presumed to be conferred on an access person by virtue of securities held by an access person's immediate family sharing the same household. For a more thorough breakdown of what can constitute beneficial ownership, one must refer to the Securities Exchange Act of 1934 (and, oddly, to the section that deals with registration and regulation of security-based swap dealers and major security-based swap participants).

ESG

Survey says: ESG investors who cite ethics still expect returns

April 14, 2023 5:35 PM

In simplest terms, an access person is deemed to have beneficial ownership in securities held by the access person themselves as well as securities held by the access person's immediate family sharing the same household. This is why an access person must usually include a spouse's securities holdings when submitting holdings reports.

Yet, even if an access person is deemed to beneficially own a security, such security must also be a reportable security in order to be reportable on a holdings report.

The term reportable security is defined by exclusion, in that it broadly encompasses all securities (as such term is defined in Section 202(a)(18) of the Investment Advisers Act of 1940) except for securities that are:

1. Direct obligations of the Government of the United States;
2. Bankers' acceptances, bank certificates of deposit, commercial paper, and high-quality short-term debt instruments, including repurchase agreements;
3. Shares issued by money market funds;
4. Shares issued by open-end funds other than reportable funds; and
5. Shares issued by unit investment trusts that are invested exclusively in one or more open-end funds, none of which are reportable funds.

Thus, the five types of securities above need not be included in any access person holdings report. No. 4 (shares issued by open-end funds other than reportable funds) is the real kicker, as it eliminates the need to include most mutual funds on holdings reports (even if an access person or the access person's spouse beneficially owns such mutual funds).
To determine whether an access person has an obligation to submit a holdings report, it may be helpful to trace a path through the following decision tree:

If an access person either (i) does not beneficially own any securities or (ii) only beneficially owns securities other than reportable securities, it is advisable to have such access person complete and sign an attestation or acknowledgement to this effect.

Transaction reports
Like the holdings report, the transaction report is aptly named. It calls for access persons to report, within 30 days of the end of each calendar quarter, all transactions in reportable securities in which the access person had any direct or indirect beneficial ownership.

Each transaction report must be dated as of the date the access person submits it and include the following data points:

1. Date of the transaction;
2. Title of the security transacted;
3. As applicable, the exchange ticker symbol or CUSIP number, interest rate, maturity date, number of shares, and principal amount of the security transacted;
4. The nature of the transaction (purchase, sale, or some other type of acquisition or disposition); and
5. Price at which the security was transacted.

Additionally, each transaction report must include the name of any broker, dealer, or bank with or through which the transaction was effected.

General considerations
Though the SEC is minimally prescriptive in its overall code of ethics requirements (with the exception of personal securities transactions and holdings reporting discussed herein), the rule's adopting release does suggest several components that an advisory firm should evaluate for potential inclusion in their own code of ethics:

• Prior written approval before access persons can place a personal securities transaction ("pre-clearance").
• Maintenance of lists of securities issuers that the advisory firm is analyzing or recommending for client transactions, and prohibitions on personal trading in securities of those issuers.
• Maintenance of "restricted lists" of issuers about which the advisory firm has inside information, and prohibitions on any trading (personal or for clients) in securities of those issuers.
• "Blackout periods" when client securities trades are being placed or recommendations are being made and access persons are not permitted to place personal securities transactions.
• Reminders that investment opportunities must be offered first to clients before the advisor or its employees may act on them, and procedures to implement this principle.
• Prohibitions or restrictions on "short-swing" trading and market timing (e.g., buying and selling the same security within a short period of time in an attempt to time market ups and downs).
• Requirements to trade only through certain brokers, or limitations on the number of brokerage accounts permitted.
• Requirements to provide the advisor with duplicate trade confirmations and account statements (which can preclude the need to provide a manually completed transaction report, as discussed below).
• Procedures for assigning new securities analyses to employees whose personal holdings do not present apparent conflicts of interest.

Again, the SEC has merely suggested that the above components should be "considered" when crafting the personal securities trading elements of a code of ethics that apply to an access person, but they should still be considered nonetheless, even if not ultimately implemented.

Exceptions and logistics
To make the Codes of Ethics Rule workable in reality, there are a few important exceptions and logistical clarifications that the SEC baked in.

Trade confirmations and account statements
Since the data points required to be included in transaction reports are also generally included as part of a custodian's account statements and/or trade confirmations, the access person need not provide a duplicative, manually completed transaction report if the advisory firm receives account statements and/or trade confirmations with the required components within 30 days of the end of each calendar quarter. Said another way, custodian account statements and/or trade confirmations can be made available to the CCO or the CCO's designee and satisfy the transaction reporting requirement.

In my experience, this is how effectively all advisory firms handle transaction reporting requirements for access persons. Some firms even avail themselves of software providers that offer a direct electronic data feed between their software and the accounts beneficially owned by an access person at a custodian, such that the CCO or the CCO's designee need not pore through paper or electronic PDF account statements or trade confirmations.

Automatic investment plans
A transaction report is not required with respect to transactions effected pursuant to an automatic investment plan (i.e., a program in which regular periodic purchases or withdrawals are made automatically in or from investment accounts in accordance with a predetermined schedule and allocation). The "automatic investment plan" definition specifically references a dividend reinvestment plan, but it could arguably also include a 401(k) plan participant account in which payroll deposits are automatically invested into a predetermined asset allocation.

Note, however, that any transaction that overrides the pre-set schedule or allocations of the automatic investment plan must be included in a transaction report.

No direct or indirect influence or control
Whereas the trade confirmation/account statement and automatic investment plan carve-outs noted above purely afford relief from transaction reporting, an access person need not submit either a holdings report or a transaction report with respect to securities held in accounts over which the access person had no direct or indirect influence or control.

Industry News

CFP Board names Elizabeth Miller 2024 chair-elect

July 19, 2023 12:10 PM

What constitutes "direct or indirect influence or control" is unfortunately not fleshed out in either the Codes of Ethics Rule or its adopting release, but a possible scenario I can think of is an access person whose spouse has individually retained another investment advisor to manage just the spouse's individual accounts (e.g., an individual retirement account), while the access person is not a party to the investment advisory agreement with the other investment advisor and thus arguably has no ability to influence or control how the spouse's IRA is managed.

Preapproval of certain investments
There are two types of securities that require the preapproval of the advisory firm (typically via the CCO) before an access person can acquire such securities: Initial public offerings (IPOs) and limited offerings (e.g., most privately offered securities that are exempt from registration under the Securities Act of 1933). In the adopting release, the SEC offered the following explanation for this specific preapproval requirement:

Most individuals rarely have the opportunity to invest in these types of securities; an access person's IPO or private placement purchase therefore raises questions as to whether the employee is misappropriating an investment opportunity that should first be offered to eligible clients, or whether a portfolio manager is receiving a personal benefit for directing client business or brokerage.

In short, all access persons must receive approval to participate in an IPO or invest in a privately offered security before the consummating transaction occurs.

Small advisors
For advisory firms with just a single access person, such persons are not required to submit either holdings reports or transaction reports to themselves or to seek their own approval to participate in an IPO or limited offering. However, such persons are still required to maintain records of their own holdings and transactions that the Codes of Ethics Rule otherwise requires. 

In short: solo access persons should save copies of their custodian account statements with respect to reportable securities in which they have a beneficial ownership interest.

The CCO's review responsibility
Once the CCO (or the CCO's designee) receives the required holdings reports and access reports, what are they to do from a review perspective? The nature and extent of the CCO's review will depend on a variety of factors (not the least of which include the types of securities utilized for client accounts, the type and volume of securities transactions in access persons' accounts, etc.), but the adopting release did offer a few suggestions:

Review of personal securities holding and transaction reports should include not only an assessment of whether the access person followed any required internal procedures, such as pre-clearance, but should also compare the personal trading to any restricted lists; assess whether the access person is trading for his own account in the same securities he is trading for clients, and if so whether the clients are receiving terms as favorable as the access person takes for himself; periodically analyze the access person's trading for patterns that may indicate abuse, including market timing; investigate any substantial disparities between the quality of performance the access person achieves for his own account and that he achieves for clients; and investigate any substantial disparities between the percentage of trades that are profitable when the access person trades for his own account and the percentage that are profitable when he places trades for clients.

Framed in the most simplistic terms, the holdings and transaction report review process should be on the lookout for access persons who are placing their own interests ahead of clients, usurping client investment opportunities for their own personal benefit, or otherwise managing their own personal investments in such a way that does not reflect their fiduciary duties to clients.

Form ADV disclosure and recordkeeping
Item 11 of Form ADV Part 2A requires SEC-registered advisors to briefly describe their code of ethics and to explain that they will provide a copy of such code of ethics to any client or prospective client upon request. An advisory firm's code of ethics is, therefore, not purely an internal document (as compared to a compliance policies and procedures manual, for example) and, at least theoretically, may be scrutinized by prospective or current clients. Bear this in mind during the code of ethics drafting process.

As one might imagine, the SEC's recordkeeping rule requires advisory firms to maintain certain records related to their code of ethics; namely, the code of ethics itself, a record of any code of ethics violations and any action taken as a result, supervised persons' written acknowledgments of receipt, holdings reports, transaction reports, a list of access persons within the past five years, and records approving an access person's IPO or limited offering purchase (including the reasons supporting such approval).

The recordkeeping rule does not prescribe that such records must be maintained electronically, but the SEC's commentary in the adopting release makes it abundantly clear that it is wary of larger advisory firms that still implement their codes of ethics via manual or paper-based processes:

We are not adopting the proposed requirement that records of these reports be maintained in an accessible electronic database. However, we question seriously whether a larger investment advisory firm will be able adequately to review such reports manually or on paper.

Some of the current SEC Commissioners seem hell-bent on taking a meat cleaver to the rules promulgated under the Investment Advisers Act of 1940, and admittedly I'm surprised that (thus far) the Investment Adviser Codes of Ethics Rule has been spared. Time will tell whether this remains to be the case, but for now, advisory firms should remain vigilant in designing and enforcing their code of ethics pursuant to the rule as it stands today.