- Headspace
- Posts
- A Look in the Mirror
A Look in the Mirror
A Practitioner's Guide for Preparing Annual Compliance Reports
Paul Felsch
May 31, 2025
Executive Summary
Under Rule 206(4)-7 of the Investment Advisers Act of 1940, as well as Rule 38a-1 of the Investment Company Act of 1940, investment advisers and registered funds are required to review the adequacy of design and operating effectiveness of their Compliance programs on an annual basis. The results of these annual Compliance reviews are accompanied by reports that document and evidence the review performed.
Although the foregoing Rules have been in place for 20+ years, many advisers and registered fund complexes still struggle with the process of preparing their annual Compliance reports – either because of uncertainty around what to include in such reports, the level of tedium that often accompanies their assembly, or myriad other factors.
This struggle, however, can easily be avoided. Through keeping in mind prior regulatory guidance, as well as being aware of common and best practices, an adviser or fund complex should be able to create annual Compliance reports that are supported by streamlined and systemized frameworks, and that also deliver practical value for all stakeholders involved – Compliance, business management, boards, and regulators.
The essay that follows provides various blueprints that advisers and registered funds can leverage when creating their annual Compliance reports, either under Rule 206(4)-7 or Rule 38a-1. These blueprints cover the types of components that should comprise an annual Compliance report, as well as certain regulatory topics of interest.
Additionally, the essay that follows discusses practical report preparation and socialization considerations that can enhance the efficacy of annual Compliance reports themselves – both in terms of providing key insights for management, as well as instilling trust and confidence with regulators and clients alike.
Introduction
For many advisers and fund complexes, spring and early summer mark the initiation or middle of preparing their annual Compliance reports required by Rule 206(4)-7 of the Investment Advisers Act of 1940 and Rule 38a-1 of the Investment Company Act of 1940 (as applicable). For others, they may have already buttoned them up for the year. Regardless, devoting this month’s issue of Headspace to the topic of preparing annual Compliance reports – both for investment advisers and registered funds – seemed timely nevertheless. Compared to prior issues, this month’s Headspace is perhaps less academic in nature, but the ultimate goal is still the same – to provide investment managers with practical insights and perspective to inform practices going forward.
To that end, this month’s essay consists of the following:
A brief discussion the regulatory bases for the annual Compliance report requirements (for both 206(4)-7 and 38a-1);
Model blueprints of the components and topics a 206(4)-7 annual Compliance report and 38a-1 annual Compliance report should cover in some shape or form; and
A discussion regarding how to package, deliver, and actually derive value from the annual Compliance report preparation process.
With these areas of focus and considerations in mind, investment advisers and registered funds should hopefully be able to enjoy a report preparation process that is streamlined, efficient, and consistent, and that also results in an end product that provides management and other parties with valuable and appropriate insights about an adviser’s or registered fund’s Compliance program. On the whole, the preparation of an adviser’s or fund’s annual Compliance report, when viewed through the right lens, can be an opportunity to acquire insights about a registrant’s Compliance program, and also take credit for what are hopefully sound Compliance practices.
Regulatory Bases
As mentioned, Rule 206(4)-7 of the Investment Advisers Act of 1940 and Rule 38a-1 of the Investment Company Act of 1940 are the source of the requirement for investment advisers and registered funds to prepare an annual Compliance report each year. However, it is not simply the plain language of the Rules themselves that informs best practices, but a number of comments provided by the SEC in the proposing and adopting releases of each Rule.
Advisers Act Rule 206(4)-7. First put in place in 2004, Rule 206(4)-7 requires an investment adviser to “[r]eview, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation.” Interestingly (or perhaps oddly), there is no explicit requirement in the Rule for an adviser to then document their annual Compliance program review. That said, documenting the annual Compliance review has long been an established best practice among advisers as it allows them to evidence to the SEC that they have in fact fulfilled the requirement of conducting the annual Compliance review. Additionally, in 2023, the SEC finalized an amendment to Rule 206(4)-7 that would have added a requirement that the annual review be documented. Although this Rule amendment (among others it had been bundled with) was vacated by a federal court, it nevertheless showed what the SEC’s mindset is around documentation of annual reviews. As a result, investment advisers are well advised to document their annual Compliance review in some fashion, the particulars of which will be addressed in the sections that follow and that flow from SEC commentary regarding Rule 206(4)-7.
Company Act Rule 38a-1. Similar to Rule 206(4)-7, Rule 38a-1 was also adopted in 2004 and is the registered fund companion to Rule 206(4)-7. Its scope, however, is more expansive and requires a registered investment company to“[r]eview, no less frequently than annually, the adequacy of the policies and procedures of the fund and of each investment adviser, principal underwriter, administrator, and transfer agent and the effectiveness of their implementation.” Unlike 206(4)-7, 38a-1 explicitly requires a report be prepared in connection with this review, requiring a fund’s Chief Compliance Officer to “provide a written report to the board that, at a minimum, addresses:
(A) The operation of the policies and procedures of the fund and each investment adviser, principal underwriter, administrator, and transfer agent of the fund, any material changes made to those policies and procedures since the date of the last report, and any material changes to the policies and procedures recommended as a result of the annual review conducted [. . .]; and
(B) Each Material Compliance Matter that occurred since the date of the last report.”
Accordingly, registered funds have an explicit regulatory obligation to document the results of their annual Compliance reviews. Although Rule 38a-1 does not by its plain terms further specify what the review needs to consist of beyond the items enumerated on its plain face, similar to Rule 206(4)-7, the SEC has provided additional commentary on what the substance of such reports should consist of (which is discussed in the next section).
Model Blueprints
Although on their face, Rules 206(4)-7 and 38a-1 do not provide a great level of detail regarding what the SEC would expect to see in an investment adviser’s or registered fund’s annual Compliance report, commentary provided in the Rules’ proposing and adopting releases provides registrants with useful insights that should inform the preparation of their reports.
Advisers Act Rule 206(4)-7. In the proposing and adopting releases accompanying Rule 206(4)-7’s adoption in 2004, as well as its now-vacated amendments from 2023, the SEC identified a number of topics and areas an investment adviser’s Compliance program should consider covering (which consequentially should be addressed in an adviser’s annual Compliance report). The SEC also provided commentary regarding the types of items an adviser’s annual Compliance report should address. The table that follows distills this commentary and identifies the basic components an investment adviser’s annual Compliance report should consist of and address (depending on their applicability to an investment adviser’s particular business). It also includes other common items many advisers include and describe in their annual Compliance reports in some fashion:
REPORT SECTION | ADDITIONAL DESCRIPTION |
|---|---|
Relevant Compliance Program Topical Scope & Control Environment | - Portfolio management processes, including best execution, use of soft dollars, compliance with investment restrictions, and allocation of investment opportunities among clients and consistency of portfolios with clients' investment objectives, disclosures by the adviser, and applicable regulatory restrictions - Trading practices, including procedures by which the adviser satisfies its best execution obligation, uses client brokerage to obtain research and other services ("soft dollar arrangements"), and allocates aggregated trades among clients - Conflicts of interest, including processes and controls designed to mitigate or eliminate such conflicts - Proprietary trading of the adviser and personal trading activities of supervised persons - Monitoring of outside business activities, political contributions, and gifts & entertainment - The accuracy of disclosures made to investors, clients, and regulators, including account statements and advertisements - Safeguarding of client assets from conversion or inappropriate use by advisory personnel - The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction - Marketing advisory services, including the use of solicitors - Processes to value client holdings and assess fees based on those valuations - The use of third-party service providers, including sub-advisers, and corresponding third-party risk management framework - Safeguards for the privacy protection of client records and information - Business continuity plans - The responsible use of artificial intelligence - Anti-money laundering processes and controls |
Material Business Changes | - New products or services - New systems (e.g. portfolio accounting, trading, etc.) - Governance changes/reorganizations - Mergers & acquisitions - Other business changes |
Material Personnel Changes | - Officers (e.g. CEO, CCO, COO, CIO, CISO, CFO, President, etc.) - Others that would appear in Form ADV Part 1 |
Material Policy & Procedure Changes | - New policies or procedures - Amendments to policies or procedures that result in a new or changed requirement (but not necessarily minor changes to processes) |
Material Compliance Violations | - Materiality determined by a combination of the following factors (among others): duration, scale, client harm, repeat nature, monetary impact, regulatory vs. policy-violation only, etc. |
Material Compliance Program Changes | - New systems (e.g. portfolio monitoring, electronic communications surveillance, etc.) - Reorganizations - CCO changes |
Material Cybersecurity Events | - Impact, root cause, and remediation of cybersecurity events that impacted the adviser and/or clients |
Material Business Continuity Events | - Any events that caused the adviser to activate its business continuity plan, including whether the plan was successfully executed and whether the plan was effectively designed to address the continuity event. |
Annual Review Methodology | - A description of the methodology employed by the adviser to formulate its opinion about the state of the Compliance program, including a discussion of approaches to policy & procedure testing, documents and information reviewed, meetings with business personnel, and other methods. |
Adviser-Specific Regulatory & Legal Events | - Regulatory examinations - Regulatory enforcement actions - Litigation, arbitration, etc. |
Material Recommendations | - Material changes to make to the Adviser’s Compliance program or business (if any) arising from observations made during the annual Compliance Review - Remediation status of prior year’s material recommendations (if any) |
Future Areas of Focus | - Future Compliance program priorities and initiatives (e.g. upcoming regulatory implementation, onboarding of new systems, etc. |
Company Act Rule 38a-1. Similar to Rule 206(4)-7, in the proposing and adopting releases accompanying Rule 38a-1’s adoption, the SEC also identified several topics and areas a registered fund complex’s Compliance program should consider covering (which consequentially should be addressed in an such complex’s annual Compliance report). Unlike Rule 206(4)-7, however, whose annual Compliance review and report requirement is framed exclusively around an investment adviser’s Compliance program, Rule 38a-1 requires a registered fund CCO to prepare an annual Compliance report that covers the funds’ adviser(s), principal underwriter(s), transfer agent(s), and administrator. Thus, although nearly all of the topics discussed in the table above are equally appropriate and advisable for treatment in the context of a Rule 38a-1 annual Compliance report, there are two primary additional facets.
First, for example, not all policy & procedure changes (or even violations) at an adviser or transfer agent or the like may be relevant to the particular services such service provider is rendering to the fund (as such service providers are presumably supporting a multitude of clients that may drive different Compliance program considerations. Therefore, a fund’s annual Compliance report should only be reporting on items in an adviser’s, administrator’s, transfer agent’s, or principal underwriter’s Compliance program (across the rubric in the above table) that are actually relevant to the fund complex. For example, if a fund administrator reports material changes to or violations of its basket creation and redemption policies and procedures for ETFs, a fund complex who uses the same administrator but does not have any ETFs would not (and probably should not) report these items in its annual Compliance report as they would not be relevant to such fund complex.
Second, given the activities of registered funds and their service providers are governed by the Investment Company Act of 1940, the scope of regulatory topics that a fund’s annual Compliance report should consider reporting on is different/augmented compared to the topical scope identified in the table above. The following table summarizes those regulated functions and topics that a fund’s annual Compliance report should consider mentioning in some fashion as part the annual Compliance review and reporting process:
REGULATORY TOPIC | ADDITIONAL DESCRIPTION |
|---|---|
Affiliated Transactions | - Rule 17a-7 Cross Trades - Rule 17e-1 Directed Brokerage - Rule 10f-3 Affiliated Underwritings |
Trading Practices | - Best Execution - Soft Dollars - FX Transactions - Block Accounts |
Rule 18f-4 Derivatives Risk Management | - Risk Guidelines & VaR Testing - VaR Calculation Models - Derivatives User Monitoring - Exceedances & Remediation - Reporting & Governance |
Rule 22e-4 Liquidity Risk Management | - Classification Methodologies - HLIM Determinations - “Cash” Treatments - Exceedances & Remediation - Reporting & Governance |
Rule 2a-5 Fair Valuation | - Fair Valuations - Hard-to-Value & Thinly Traded Securities - Pricing Vendor Oversight - Valuation Backtesting - Reporting & Governance |
Rule 19b-1 Capital Gains | - Calculation and Validation of Long-term Capital Gains Distributions |
Marketing & Disclosures | - Marketing Materials Reviews - Processes for Disclosing Fund Holdings |
Fund Accounting | - NAV Calculation & Processing - Interfund Credit Facilities |
Shareholder Activity | - In-Kind Transactions - Market Timing - Frequent & Excessive Trading |
Personal Trading | - Rule 17j-1 Code of Ethics - Trustee Closed-End Fund Trading |
SOX Code of Ethics | - Financial Reporting Controls and Integrity |
Rule 2a-7 Money Market | - Eligible Securities & Durations - Website Reporting & Disclosures - NAV Calculations |
Closed-End Funds | - Exchange Act Section 16 Beneficial Ownership Reporting - Share Repurchases |
ETFs | - Basketing - Authorized Participants - Website Disclosures |
Safeguarding of Client Assets | - Custody - Foreign Custody - Authorized Persons |
Financial Crimes & AML | - OFAC Restrictions - CIP/KYC Protocols - SAR Filings |
Regulatory Filings | - N-PORT - N-CEN - N-LIQUID - N-CSR - Other |
Books & Records | - Applicable to All of Foregoing |
Packaging & Delivery
Notwithstanding an adviser or fund complex having an appropriately designed and populated annual Compliance report, if an adviser or fund does not package and deliver the information effectively, any value to be derived from the annual review process itself can be for naught. Accordingly, as advisers and registered fund complexes prepare their annual Compliance reports each year, consideration should be given to the form-of report being used, as well as practices for socializing the content and results.
Form-Of Reporting. Regardless of whether a report is prepared for purposes of Rule 206(4)-7 or Rule 38a-1, neither advisers nor fund complexes should feel bound by a particular form. Certain advisers and fund complexes elect to use narrative-based reporting, whereas others use slide decks, and others even use combinations. Additionally, certain organizations may prepare layered form-of reports, with one layer being a higher-level executive summary provided to more senior levels of management, and another being the full annual Compliance report that would be shared with a regulator. Regardless of the form being used, the decision on what approach to take should be driven by two ultimate factors: audience usefulness and SEC satisfaction. With respect to audience satisfaction, to the extent a CCO has an obligation to advise the business or a fund Board on the state of the Compliance program and any noteworthy events or recommended changes, the form-of report should be designed to clearly, effectively, and persuasively convey that information, taking into account the preferences and leaning of the audience. With respect to SEC satisfaction, the form-of report should enable a sufficient demonstration of having conducted a meaningful and robust annual Compliance review (tailored to the size and complexity of the particular registrant of course), as well as convey as strong a story as possible regarding the registrant’s Compliance program.
Socialization. In so far as an annual Compliance report should be also an instrument of practical value, it stands to be more beneficial when it is socialized, rather than just being filed away after being prepared (or in the case of a Rule 38a-1 annual Compliance report, presented to a fund Board). It also stands to be of more practical value when it is socialized (a) prior to being finalized and (b) with members of an adviser or fund complex outside of simply management. With respect to (a), when preparing an annual Compliance report, it often can be beneficial to share a draft with management (and in the case of a fund annual Compliance report, with independent trustee counsel) prior to finalization. These other stakeholders can provide additional perspective and insights to improve the report, but perhaps more importantly, it allows them to meaningfully participate in assisting and supporting the registrant’s Compliance program. Yes, Compliance needs to serve as independent function within an adviser or fund organization; however, to the extent Compliance needs buy-in from other stakeholders to effectuate any changes that may be needed, bringing other stakeholders into the report preparation process and allowing them to have an appropriate level of voice can be highly effective in this regard. With respect to (b), after a report is finalized, it also can be valuable to share the results with other non-management members of an adviser’s or fund complex’s organization as well. Doing so allows others in the organization to have a better understanding of the types of issues and items that are relevant to the particular registrant’s Compliance health, while also underscoring the value an effective Compliance function can have for the benefit of the organization and its clients alike.
Parting Thoughts
Certainly, the level of detail and involvement that goes into preparing an annual Compliance report of any kind can and should be right-fitted to the size, complexity, and business of model of the adviser or fund complex. The annual Compliance report process should not be filled with needless complexity or irrelevant details. That being said, an adviser or fund complex should also view the annual Compliance report as a means of advocacy and insight as well – whether that is providing internal management with the information they need to continue supporting an adviser’s or fund’s Compliance program, or instilling a level of confidence in regulators and clients regarding the health of an adviser’s or fund complex’s Compliance program. Although these types of decisions are largely matters of professional judgment, having an understanding of historic regulatory expectations, as well as common best practices, can aid an adviser or fund complex in preparing an annual Compliance report that is as painless yet as meaningful as possible. Once an adviser or fund complex has established a preparation system and reporting template best suited to them, “taking a look in the mirror” each year can be viewed as an opportunity, rather than mere tedium or a check-the-box undertaking.
Thanks for reading . . .
Paul Felsch, JD
Paul Felsch, JD is Founder & Owner of Compliance consulting firm Helios. He previously served as CCO with Allspring Global Investments, where he was responsible for the Allspring and Galliard Capital Management mutual fund, ETF, closed-end fund, private fund, collective fund, UCITS, separate account, and retail managed account offerings; he also previously served as Senior Counsel for Edward Jones’ retail wealth management business lines, as well as CCO for the Edward Jones Mutual Funds. He is a licensed attorney and holds the FINRA Series 7, 9, 10, 24 & 66 licenses. He also teaches Investment Management Regulation at Saint Louis University School of Law.
He has been a speaker and content contributor for organizations such as the Investment Company Institute, the Investment Advisers Association, the Investment Management Education Alliance, the National Society of Compliance Professionals, and Advisor Hub, among others.
He may be reached at [email protected].