Annual Compliance Review
An annual compliance review is a mandatory audit that investment advisers must complete each year to assess whether their compliance monitoring program is adequately detecting and preventing violations. It asks: Do our controls work? Have we caught everything we should have? What gaps do we need to fix? The review must be documented and filed with the SEC.
The regulatory mandate
SEC Rule 206(4)-7, part of the Investment Advisers Act, requires every registered adviser to conduct an “annual review” of its compliance program. The rule is brief but unambiguous: advisers must “reasonably design” their policies and procedures to prevent violation of the Advisers Act, and they must periodically (at least annually) review and update those policies and procedures.
The annual compliance review transforms this obligation from an aspiration into a concrete deliverable. By year-end, the adviser’s compliance department must produce a written report answering: Does our monitoring program actually work? Have we tested it? What did we find? Are there gaps?
For small firms with one or two advisers, the annual review might be a 10-page memo. For a large asset manager with 500+ employees, it typically runs to dozens of pages with appendices covering each business line and control category.
What the review covers
A comprehensive annual compliance review examines multiple layers:
Policies and procedures themselves. The reviewer asks: Are our written policies up to date? Do they address current regulatory risks? A rule change from the SEC, or a new FINRA enforcement action, might reveal that a firm’s policies are outdated. If the Dodd-Frank Act introduces a new disclosure requirement, the adviser’s compliance procedures should reflect it. If a competitor is fined for failing to disclose conflicts, the adviser should stress-test its own conflict-disclosure process.
Monitoring and testing results. The reviewer examines the data from compliance monitoring programs: What alerts were generated? Were they investigated? Were violations found? Were they remediated? This is where the review becomes forensic. If the adviser’s trade-surveillance system generated 50 alerts in the past year but compliance staff investigated only 5, why? Either the system is miscalibrated (too many false positives, which is wasteful) or it’s miscalibrated in the other direction (missing real violations).
Sample testing. Advisers conduct lookback samples: pull a random selection of client files and ask, Was this recommendation suitable? Was this conflict disclosed? Was this fee calculation correct? A firm that claims its suitability process is sound but finds unsuitable recommendations in its sample must revise that claim.
Remediation. The reviewer documents violations that were found and how they were corrected. If a client was charged an excess fee due to a calculation error, was she refunded plus interest? If an adviser made a trade in a security matching a personal conflict and failed to disclose it, how did the firm remedy the client?
Staffing and resources. Are compliance personnel adequately trained and empowered? Do they have the right technology? Is the compliance officer’s position protected—meaning she can raise concerns without fear of retaliation? Regulators specifically ask about this. A compliance officer who is subordinate to the trading desk, or who lacks authority to escalate findings, signals a weak control environment.
The tone and delivery
The annual compliance review is not mere box-ticking. Regulators read these reports carefully, and they read between the lines. A review that claims “no issues found” in an environment where competitors are being fined for similar conduct raises red flags. Conversely, a review that identifies specific gaps, explains the root causes, and outlines remediation plans demonstrates institutional honesty and sophistication.
The review is typically signed by the firm’s principal (CEO, managing partner) or compliance officer, certifying that it’s accurate and complete. This is not a casual signature; it exposes the signatory to liability if the review is later found to be incomplete or misleading.
How examiners use the review
When the SEC or a state regulator examines an adviser, one of the first items they request is the annual compliance review. They ask: What did the firm say about its controls? Are the claims supported by the data? Do the control descriptions match what actually happens?
Examiners use the review as a roadmap. If the review identifies a specific risk area—for example, potential overconcentration in a single security—the examiner will dive deeper into that area. Conversely, if the review claims robust testing in an area and examiners find violations in that area, it suggests either that the testing was inadequate or that the findings were not truthfully reported.
An adviser that hasn’t done a thorough annual review, or that submits a perfunctory review, is vulnerable to regulatory criticism. An adviser that identifies issues proactively and has already remediated them is in a much stronger position.
Common gaps found in reviews
Over time, patterns emerge:
- Stale procedures. Policies written five years ago that have not been updated to reflect new regulations or firm growth
- Inadequate testing. Samples that are too small, or sampling methods that miss high-risk areas
- Documentation gaps. Violations caught but not properly documented, so the review cannot account for them
- Conflicts of interest. Inadequate disclosure of adviser conflicts, or inadequate review of conflicts when making recommendations
- Fee calculation. Errors in expense ratio calculations, or failure to refund overcharges promptly
- Suitability violations. Recommendations not matched to client profiles, or profiles not updated when circumstances change
- Supervision. Inadequate oversight of client-facing staff, or supervisors with inadequate training in compliance rules
The link to public examination
Investment advisers must file a Form ADV with the SEC every year, and the form includes a question about whether the adviser has adopted, and complies with, a written compliance program. The annual compliance review is the evidence backing that assertion. If an adviser checks “yes” on Form ADV but the annual review reveals fundamental gaps, the adviser is vulnerable to an SEC enforcement action for making false statements.
Additionally, every few years the SEC examines a sample of registered advisers. The annual compliance review is a prime target for scrutiny. An examiner can compare the adviser’s claims in the review to what the examiner finds in the field—in client files, trading records, and communications—to verify that the compliance program is real, not illusory.
See also
Closely related
- Compliance Monitoring Program — the day-to-day systems the annual review assesses
- Suitability Standard — a frequent subject of annual review testing and remediation
- Pre-Clearance Requirement — employee trading rules that annual reviews test for compliance
- Advisers Act — the statute that mandates annual compliance reviews
- Securities and Exchange Commission — the regulator that enforces the annual review requirement
Wider context
- Operational Risk — compliance failures detected in annual reviews are a subset of operational risk
- Fiduciary Duty — advisers’ duty to clients, which annual reviews help them discharge
- Dodd-Frank Act — introduced additional compliance obligations that annual reviews must now encompass