On April 26, 2022, the Division of Examinations (the "Division") of the Securities and Exchange Commission issued a Risk Alert listing notable examples of deficiencies that its staff has identified regarding investment advisers' obligations to establish, maintain and enforce written policies and procedures to prevent the misuse of material nonpublic information ("MNPI"), as required by Section 204A of the Investment Advisers Act of 1940, as amended (the "Act") and Rule 204A-1 thereunder (the "Code of Ethics Rule").

Section 204A and the Code of Ethics Rule

Section 204A requires investment advisers to establish, maintain and enforce written policies and procedures reasonably designed to prevent misuse of MNPI by advisers and their associated persons. The Code of Ethics Rule requires investment advisers that are, or are required to be, registered under the Act to establish, maintain and enforce a written code of ethics that, among other things, (i) sets forth the standard(s) of business conduct expected of an adviser's "supervised persons" (e.g., its employees, officers, partners, directors and other persons subject to its supervision and control), (ii) requires the adviser's supervised persons to comply with federal securities laws and (iii) includes provisions requiring certain supervised persons (an adviser's so-called "access persons") to report, and requiring the adviser to review, periodically the personal securities transactions and holdings of such persons.

Compliance Issues Regarding Section 204A

The Division staff identified a number of examples of deficiencies related to investment advisers' obligations under Section 204A:

  • Use of "alternative data" (e.g., satellite imagery, aggregated credit card transaction data, parking lot observation, internet search data, mobile phone location data) without adequate guidance to address the potential MNPI risk associated with alternative data collection and dissemination.
  • Inadequate policies and procedures regarding "value-add investors" (e.g., fund investors who are public company executives or professional investors with access to MNPI), including inadequate systems for identifying such investors or tracking their relationships with potential sources of MNPI.
  • Inadequate policies and procedures regarding "expert networks" whose consultants have access to MNPI, including inadequate procedures for tracking, logging and reviewing calls or for reviewing trading activity of supervised persons in the securities of public companies in industries similar to those of companies discussed on calls with consultants.

Compliance Issues Regarding the Code of Ethics Rule

The Division staff also identified the following examples of deficiencies related to investment advisers' obligations under the Code of Ethics Rule and their supervised persons' failure to adhere to their code of ethics:

  • Inadequate identification of relevant supervised persons in accordance with the Code of Ethics Rule.
  • Supervised persons purchasing shares in IPOs and limited offerings without pre-approval or requisite pre-approval rules.
  • Lapses in personal securities transactions and holdings reporting (e.g., not reporting at all or not reporting certain transactions, like private placements).
  • Failures to adequately document acknowledgment of receipt of the adviser's code of ethics.
  • Investment adviser employees trading securities on the adviser's restricted list.
  • An investment adviser or its employees purchasing securities at a better price ahead of the adviser's clients, in violation of the adviser's code.


The Division's Risk Alert addresses a mix of relatively old and relatively new concerns. Expert network issues were very much front and center during the peak period of insider trading criminal enforcement several years ago, leading many firms to seek advice and beef up their compliance policies and procedures around expert networks. The Division's observations may reflect that those efforts have been attenuated as expert networks have been less prominent as an enforcement focus. The Risk Alert also references newer (and legally more complicated) concerns about the use of alternative data. While there has been some enforcement in this area where there is a clear legal violation (e.g., selling employer credit card aggregation data without authorization), there is less clarity around other data types. In any event, the SEC continues to aggressively pursue alleged violations of 204A, including an $18 million settlement with a registered investment adviser in November 2021 and several enforcement actions in the first quarter of 2022.

With the Risk Alert signaling that the Division staff is highly focused on advisers' policies and procedures regarding preventing the misuse of MNPI, advisers may wish to consider whether this is an opportune time to perform a review of their related policies and procedures and/or to conduct related employee training.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.