Why annual compliance reviews are a cornerstone of investment adviser oversight

The SEC has been actively cracking down on fraudulent behavior, with charges announced on July 11 against a former investment adviser for failing to disclose their conflicts of interest amongst other offences. Cases such as this highlight the importance of conducting timely annual reviews, before the regulator comes knocking. So, what does good look like?

Investment advisers registered with the SEC or state securities regulators are required to conduct an annual compliance review. While there is a regulatory requirement for such a review, there’s no better risk management and proactive compliance assurance than taking a wholistic review at your compliance program with a lens towards improvement, assessing updates to the regulatory landscape, and fine tuning based on the firm’s business initiatives.

The rule

The requirement is based on Rule 206(4)-7 under the Investment Advisers Act of 1940, which mandates that each registered adviser:

• adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act
• review, no less frequently than annually, the adequacy of those policies and procedures and the effectiveness of their implementation
• designate a chief compliance officer (CCO) to administer the compliance program.

The Concern

On July 11, 2025, the SEC announced charges against a former investment adviser for failing to adequately disclose conflicts of interest, overbilling and producing backdated compliance documents responsive to an SEC exam by its CCO and President.  

In addition to the other charges, the SEC found that the CCO backdated compliance documents for three consecutive years that purported to document the firm’s annual reviews of its compliance program and signed with backdated dates by the CCO and President and then provided to the SEC during their exam.

This is a clear example of the importance of reviewing your compliance policies and procedures in a detailed and documented manner on at least an annual basis. It’s also a clear reminder that the SEC continues its examination of firms with great sophistication and ability to identify fraudulent behavior.

The high-level purpose

The annual review is designed to:

1. Identify gaps and evolving risks

As advisory businesses grow, change strategies, or adopt new technologies, the risks they face evolve. The annual review ensures the compliance program is not static but adapts to new products, services, client types, operational complexities, and regulatory expectations.

2. Promote a culture of compliance

A documented and thoughtful review demonstrates a firm-wide commitment to compliance. It also supports the CCO’s efforts to effect change by providing written documentation that’s typically shared with the founders / managing partners of the firm.

3. Prepare adequately for SEC exams

SEC examination staff routinely ask for documentation of the annual review during exams. A thorough review typically includes findings and remediation actions, which can help demonstrate a strong culture of compliance and mitigate potential regulatory risks.

The Commission weighs the documented reviews heavily during exams, but more so if the annual review is done by an external party. The idea of “an outsider looking in”, weights heaving with the SEC since a firm’s compliance program is being reviewed by an independent set of eyes. This is why it’s worth considering periodically contracting with a third party to complete your annual review.

4. Get ahead of potential violations

The goal of a review is to identify weaknesses in policies and / or procedures before they escalate into legal or regulatory problems. By reviewing incident logs, complaints, marketing materials, and trading activity, firms can flag and correct issues proactively.

The practical considerations

A robust annual review typically includes:

• testing the effectiveness of control procedures
• reviewing updates to new laws and regulations to ensure any additional required policies and procedures are implemented
• evaluating internal compliance logs (e.g., code of ethics violations, advertising review)
• assessing business and operational changes
• implementing remedial recommendations.

Document your findings in a formal annual compliance report or memo, which will become part of the adviser’s compliance books and records. Annual review reports / memos are discoverable during an SEC exam; it’s therefore crucial to take the recommendations seriously and demonstrate that suggested changes were implemented, or justify the rationale for not accepting recommended changes.

How can Ocorian help?

The annual compliance review is not just a rule – it’s a best practice tool for managing and mitigating risk. It ensures your compliance program is tailored, current, and effective in safeguarding your business and clients. When done thoroughly, it reinforces a firm’s credibility, integrity, and commitment to compliance and to the protection of clients and their assets.

We can make sure your compliance systems are robust by conducting annual reviews tailored to your business. Our team can draft new policies, assist with operational compliance, or provide your staff with bespoke training.

We also regularly conduct SEC mock examinations to help you prepare for the real thing.