Rule 206(4)‑7 under the Investment Advisers Act of 1940 requires any investment adviser registered with the SEC to adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws; review those policies and procedures annually for their adequacy and the effectiveness of their implementation; and designate a CCO to be responsible for administering the policies and procedures. The SEC has also made clear that it expects an adviser’s compliance program to be tailored for its specific operations, infrastructure and investment strategy. To comply with Rule 206(4)‑7 and meet the SEC’s expectations, a fund manager must identify the various risks it faces and then design its compliance program to eliminate, mitigate or control those risk factors. Thus, although Rule 206(4)‑7 does not expressly require risk assessments, as a practical matter, an assessment is necessary for a fund manager to ensure that its compliance program is appropriately tailored and effective. This article explains why fund managers should conduct risk assessments, when they should do so, who should be involved in the assessment process, how to use a risk assessment template and what the next steps should be after the assessment. The article also contains a downloadable risk assessment template created for use by both outside counsel and in-house GCs and CCOs at fund managers. For another tool to assist fund managers, see our two-part series “A Checklist for Investment Advisers to Streamline and Organize Their Annual Compliance Program Reviews”: Part One
(Dec. 13, 2018); and Part Two
(Dec. 20, 2018).