Building an Effective Compliance Program for Real Estate Fund
Eric Rubenfeld
Legal Adviser to Emerging and Institutional Investors and Operating Companies
Building an Effective Compliance Program for Real Estate Funds
In mid-January, President Biden nominated Gary Gensler, former head of the CFTC under President Obama, to be the next chairman of the SEC. Mr. Gensler, who had a long career at Goldman Sachs before turning to government service, is extremely knowledgeable about the financial markets and has been, and is expected to be, a vigorous regulator.
While Mr. Gensler is unlikely to spend considerable time in the weeds of investment adviser regulations, particularly as those regulations apply to real estate fund sponsors, it is reasonable to expect that the SEC under Mr. Gensler will look more like the Obama SEC than the Trump SEC. For real estate fund sponsors, this means a renewed emphasis on enforcement. The Obama SEC imposed mega fines on private equity firms for practices common in the private equity industry. Real estate fund sponsors should take heed from this history and take a hard look at the effectiveness of their compliance programs in advance of the next round of SEC exams.
Unfortunately, many fund sponsors treat compliance as an unpleasant distraction from their investment business and hold it at arm’s length. Such fund sponsors often adopt a ‘check the box’ approach to compliance, using off the shelf policies and procedures purchased from third parties and ‘dual hatting’ already busy executives as chief compliance officers. Such advisers consider their compliance program effective if they timely file generic Form ADVs, monitor employee stock trading, and conduct cursory annual ethics training. This approach almost guarantees that the inevitable SEC examination will be painful and result in a deficiency letter that will severely impact the advisers’ future business. Further, this approach sacrifices the benefits that an effective compliance program can bring to the adviser.
I have had the opportunity to analyze, implement and defend numerous compliance programs over 26 years advising alternative investment fund sponsors, including almost a decade as a chief compliance officer for multiple multi-billion-dollar fund sponsors. In this article, I review the statutory basis for adviser compliance, identify the components of an effective compliance program, and suggests tools and techniques to implement an effective compliance program. While I focus principally on real estate fund sponsors, the information is generally applicable to all private equity fund sponsors.
Statutory Requirements
Investment Adviser Registration
The Investment Advisers Act of 1940 (the “Advisers Act”) is the primary federal law governing investment advisers. An “investment adviser” is defined in Section 202(a)(11) of the Advisers Act (15 U.S.C. Section 80b-2(a)(11)) as any person “who, for compensation, engages in the business of advising others, either directly or through publications or writings, as to the value of securities or as to the advisability of investing in, purchase, or selling securities.” The Advisers Act defines “security” broadly to include 17 different types of instruments, including “investment contracts” and “any interest or instrument commonly known as a ‘security.’” (Section 202(a)(18), 15.U.S.C. Section 80b-2(a)(18)). An “Investment Contract” is any “contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.” (SEC v. Howey Co., 328 U.S. 93, 298-99 (1946)). In other words, passive investments, including passive investments in real estate, are securities.
Investment advisers with less than $25 million of assets under management that do not advise a registered investment company are regulated by the state in which they maintain their principal office and place of business (Section 203A, 15 U.S.C. Section 80b-3a). Investment advisers with between $25 million and $100 million of assets under management are generally regulated by the state in which they maintain their principal office and place of business unless they advise a registered investment company or a business development company or are not subject to examination as an investment adviser by the applicable state authority. Such medium sized advisers may voluntarily register with the SEC to avoid multiple state registrations. Investment advisers with over $100 million in assets under management ($150 million if the adviser acts only as an adviser to private funds) must register with the SEC.
Compliance Requirements
The Advisers Act imposes several specific requirements on investment advisers, such as providing certain reports to the SEC and maintaining certain records (Section 204, 15 U.S.C.A. Section 80b-4); prohibiting the misuse of material nonpublic information (Section 204A, 15 U.S.C.A Section 80b-4a); and regarding the terms of investment advisory contracts and compensation paid to investment advisers (Section 205, 15 U.S.C.A. Section 80b-5). The SEC, pursuant to the rule-making power granted to it under the Advisers Act, has adopted specific regulations amplifying the general requirements of the Advisers Act. For example, the SEC has issued specific regulations regarding: the books and records an investment adviser must maintain (17 C.F.R. Section 275.204-2); the delivery of brochures and brochure supplements to clients and prospective clients (17 C.F.R. Section 275.204-3); and requiring advisers to adopt a code of ethics to avoid the misuse of material nonpublic information (17 C.F.R. Section 275.204A-1).
In addition to these specific requirements, Section 206 of the Advisers Act (15 U.S.C.A Section 80b-6) contains a general anti-fraud provision that prohibits any investment adviser (whether registered or not) from:
1. employing any device, scheme, or artifice to defraud any client or prospective client;
2. engaging in any transaction, practice, or course of business, which operates as a fraud or deceit upon any client or prospective client; or
3. engaging in any act, practice or course of business which is fraudulent, deceptive, or manipulative.
(Emphasis added).
The SEC is empowered by Section 206 to issue rules and regulations to define, and prescribe means reasonably designed to prevent, acts practices or courses of business that are fraudulent, deceptive, or manipulative. Thus, the SEC has issued specific regulations regarding advertisements (17 C.F.R. Section 275.206(4)-1); custody of client funds and securities (17 C.F.R. Section 275.206(4)-2); cash payment for client solicitations (17 C.F.R. Section 275.206(4)-3); political contributions by certain investment advisers (17 C.F.R. Section 275.206(4)-5); and pooled investment vehicles (17 C.F.R. Section 275.206(4)-8). Finally, in Rule 206(4)-7 (17 C.F.R. Section 275.206(4)-7), the SEC has declared that it is unlawful under Section 206 for an investment adviser registered or required to be registered under the Advisers Act to provide investment advice to a client unless such adviser:
1. adopts and implements written policies and procedures reasonably designed to prevent violation by the Adviser and its supervised persons of the Advisers Act and rules promulgated thereunder;
2. reviews, no less frequently than annually, the adequacy of such policies and procedures and the effectiveness of their implementation; and
3. designates an individual responsible for administering such policies and procedures.
(Emphasis added).
The specific regulations promulgated by the SEC under Section 206 do not define the full scope of Section 206. Rather, each investment adviser is required to evaluate its business to identify and prevent Section 206 violations. To be effective, a compliance program must address not only the specific requirements of the Advisers Act and the rules and regulations thereunder but also identify and promulgate policies to prevent any act, practice or course of business that is fraudulent, deceptive, or manipulative. This means each investment adviser must analyze the risks of its specific business and tailor its compliance program to those risks.
Components of an Effective Compliance Program
To be effective, a compliance program must include the following six elements: (i) diagnostics, (ii) policies and procedures, (iii) training, (iv) testing, (v) annual review, and (v) executive sponsorship.
Diagnostics
The starting point for an effective compliance program is a rigorous analysis of the legal risks raised by the investment advisers’ actual business. The most important tools for this analysis are the risk matrix and risk map.
Risk Matrix
A risk matrix identifies and analyzes each of the potential legal risks in an investment advisers’ business. For each identified legal risk, the risk matrix should include: (i) the relevant statutory or regulatory provision, (ii) a specific description of the risk as it exists at the adviser, (iii) the business unit or employees affected by the risk, (iv) the mitigants that may apply, (v) the control mechanisms for the risk, (vi) the testing protocols for the control, and (vii) the applicable policy and procedures addressing such risk. The risk matrix should cover all the potential risks specifically mentioned in the Advisers Act and the regulations thereunder, including the following:
1. the code of ethics (Section 204A, 15 U.S.C.A Section 80b-4a and 17 C.F.R. Section 275.204A-1);
2. maintenance of certain records (Section 204, 15 U.S.C.A. Section 80b-4 and 17 C.F.R. Section 275.204-2);
3. the terms of investment advisory contracts and compensation that may be paid to investment advisers (Section 205, 15 U.S.C.A. Section 80b-5);
4. the delivery of brochures and brochure supplements to clients and prospective clients (17 C.F.R. Section 275.204-3);
5. advertisements (17 C.F.R. Section 275.206(4)-1);
6. custody of client funds and securities (17 C.F.R. Section 275.206(4)-2);
7. cash payment for client solicitations (17 C.F.R. Section 275.206(4)-3);
8. political contributions (17 C.F.R. Section 275.206(4)-5);
9. compliance procedures and practices (17 C.F.R. Section 275.206(4)-7); and
10. fraudulent, deceptive, or manipulative acts, practices, or course of business (Section 206, 15 U.S.C.A Section 80b-6), including for pooled investment vehicles (17 C.F.R. Section 275.206(4)-8).
While outside advisers and form documents can assist with analyzing the risks covered in items 1-9, only a deep dive into the adviser’s actual business will provide the information necessary to analyze fraudulent, deceptive, or manipulative acts, practices, or course of businesses, which vary significantly depending upon the type of service the adviser provides.
For current or prospective real estate fund sponsors, the four most important anti-fraud risks involve (i) ancillary services, (ii) investment allocation, (iii) co-investments, and (iv) underwriting, asset management and valuation procedures. Each of these risks should be separately analyzed in the risk matrix.
Ancillary Services
Many if not most real estate investment fund sponsors provide ancillary services for a fee to their sponsored funds, such as property management, leasing, development, and construction management services. The fees for these services, which can exceed the base investment advisory fee for the fund, are generally not offset against the base investment advisory fee and constitute both a significant expense for the fund and an equally significant revenue stream for the fund sponsor. Such services thus represent a clear conflict of interest between the fund and the sponsor, and the terms, conditions, and risks of such services must be disclosed to investors. Further, fund sponsors must implement policies and procedures to ensure that the terms and conditions disclosed to fund investors regarding such services are complied with. For example, fund sponsors often state in their fund private placement memoranda that such services will be provided on terms no less favorable than that available from third party services providers, but they do not have policies and procedures to verify that such condition is being met. Such failure could constitute a violation of Section 206 (15 U.S.C.A Section 80b-6) and Rule 206(4)-8 thereunder (17 C.F.R. Section 275.206(4)-8).
Investment Allocation
Successful fund sponsors often operate multiple funds with overlapping investment criteria that compete for investment opportunities. The allocation of investment opportunities between funds and accounts can create a conflict of interest because the fund sponsor may receive different fees and promotes from different funds and accounts and may favor higher fee-paying clients at the expense of lower fee-paying clients. While most sponsors include general language in their private placement memoranda stating that opportunities will be apportioned equitably among managed funds and accounts, many advisers fail to implement policies and procedures to ensure that allocation decisions are made on the basis so disclosed to fund investors. Such failure could constitute a violation of Section 206 (15 U.S.C.A Section 80b-6) and Rule 206(4)-8 thereunder (17 C.F.R. Section 275.206(4)-8).
Co-Investments
Many fund sponsors also provide co-investment opportunities in fund investments to fund investors and third parties. Co-investments are attractive to fund sponsors because they are paid an advisory fee by co-investors based on invested capital and may earn a promote on the co-investment. However, co-investments can be detrimental to fund investors because co-investors can cherry pick the most promising investments from the fund portfolio for co-investment, leaving the fund over-invested in the least promising, and under-invested in the most promising, investments. Some sophisticated fund investors invest in co-mingled funds solely to maximize their access to co-investment opportunities. Co-investments thus represent a conflict of interest between the fund and the sponsor, and the terms under which co-investments are offered must be disclosed to investors. However, many fund sponsors fail to implement policies and procedures to ensure co-investments are only offered on the terms and conditions so disclosed to fund investors. Such failure could constitute a violation of Section 206 (15 U.S.C.A Section 80b-6) and Rule 206(4)-8 thereunder (17 C.F.R. Section 275.206(4)-8).
Underwriting, Asset Management and Valuation Procedures
Finally, fund sponsors generally provide a description of their key policies, such as for underwriting, asset management, and valuation, in their fund private placement memorandum. However, in the press of operating their business (and trying to raise new funds and accounts), fund sponsors often fail to implement policies and procedures to ensure that each investment is subject to the policies so described to fund investors. Such failure could constitute a violation of Section 206 (15 U.S.C.A Section 80b-6) and Rule 206(4)-8 thereunder (17 C.F.R. Section 275.206(4)-8).
While the aforementioned risks are the most prevalent in the real estate fund industry, other risks inherent to the fund industry in general must also be analyzed and accounted for, such as preferential investor rights and allocation of fees and expenses.
Risk Map
The risk map is a corollary instrument to the risk matrix that measures the intensity of each of the risks to the fund sponsor. The risk map should identify, for each risk identified on the risk matrix, the intensity of the risk based on: (i) the importance of the risk for the advisers’ business, (ii) the perceived importance of the risk to investors, and (iii) the perceived importance of the risk to the SEC. For example, the misuse of material non-public information is a longstanding high priority compliance issue for the SEC. However, real estate fund sponsors are rarely in the possession of material non-public information about publicly traded securities. Consequently, while the relative intensity of the risk for the SEC will be high, the actual risk to the adviser and the perceived risk by investors is low. This indicates that a real estate fund sponsor should promulgate a responsive policy and procedure, but that such policy and procedure should not be a primary focus of the compliance program.
A comprehensive diagnostics process is prima facie evidence of a well-designed and effective compliance program and critical to winning the confidence of SEC examiners who may be unfamiliar with the intricacies of niche businesses, such as real estate private equity. On the contrary, the lack of a diagnostics process is a clear red flag to SEC examiners that an adviser does not take its compliance obligations seriously and merits a probing exam.
Policies and Procedures
An effective compliance program will have a separate, tailored policy for each risk identified on the risk matrix. While each adviser’s policies and procedures are unique, all policies and procedures should:
1. clearly identify the specific risk being addressed;
2. identify the employees or business units subject to the policy;
3. summarize the relevant law and SEC guidance;
4. clearly and succinctly state the company’s policy with respect to the risk;
5. provide clear procedures for addressing the risk (i.e., controls), and identify the specific person(s) responsible for the controls;
6. summarize the testing procedures for each control;
7. identify the specific person(s) responsible for enforcing the policy;
8. be written in plain English and comprehensible by non-lawyers; and
9. be developed jointly with the affected business units.
Unfortunately, advisers that adopt a ‘check-the-box’ attitude to compliance often dispense with the risk matrix and risk map and simply purchase prepared policies and procedures from third parties. Such advisers are under the mistaken impression that canned policies and procedures will satisfy the requirement of Rule 206(4)-7 (17 C.F.R. Section 275.206(4)-7). However, such policies and procedures can, at best, only address in a general way the generic risks covered by the Advisers Act and the regulations thereunder. Even if such canned policies and procedures are modified to fit the adviser’s business, they will fall short of effectiveness because they will not include policies and procedures to address the risks unique to the advisers’ business.
Training
The best written policies and procedures will fail to produce good results unless every affected employee is familiar with and follows the policies and procedures applicable to him. Accordingly, an effective compliance program must include a comprehensive training component tailored to the needs of different employees. Not every policy or procedure is applicable to every employee. Certain low-level employees may not be subject to any compliance policies and procedures, while high-level executives will not only be subject to many policies and procedures but may be responsible for enforcement of certain policies and procedures as well. Accordingly, education must be tailored so that the applicable policies are explained in appropriate detail to the affected employees. Thus, annual ethics training delivered to all “supervised employees” (as defined in Section 202(a)(25), 15.U.S.C. Section 80b-2(a)(25)) should be supplemented with specialized training on other policies delivered at least annually, but more often if needed, to affected employees.
I personally believe that in-person training with senior executives in attendance is preferable to online or remote training for three reasons: first, there is a greater likelihood that employees will pay attention to the training (if only to be polite); second, the presence of senior executives at an in-person training is a powerful signal to other employees that the firm values compliance and has a ‘culture of compliance’ from the executive ranks down; and third, employees are able to ask questions during in-person training.
Testing
Each risk control should be periodically tested by the compliance department to determine its adequacy. If a control is found to be inadequate, the CCO should analyze whether the failure is due to inadequate training or a defect in existing policies and procedures and implement immediate corrective action. Testing should be done throughout the year to equalize the administrative burden on the compliance department and affected employees and should be conducted by persons not directly responsible for the related control.
Annual Review
Rule 206(4)-7 (17 C.F.R. Section 275.206(4)-7) requires an adviser to review at least annually the adequacy of its compliance policies and procedures and the effectiveness of their implementation. To comply with this requirement, a CCO should, on an annual basis: (i) review and update the risk matrix and risk map to account for new developments, such as new laws or regulations and new lines of business, (ii) review the results of the periodic control testing for the year and consider whether new or additional testing is required based on changes in law or regulations, changes in the adviser’s business, or weaknesses in the existing compliance program, (iii) promulgate new or revised policies and procedures as appropriate, and (iv) review the adequacy of training and implement revisions to the training calendar as needed. A written report documenting the CCO’s review should be submitted to and discussed with senior management to provide evidence of compliance with Rule 206(4)-7.
Many advisers retain outside consultants on a periodic basis to conduct a mock audit or exam of the compliance program. While this exam can be used to satisfy the annual review requirements of Rule 206(4)-7, best practice would be to have the mock audit or exam occur independently of, and test the sufficiency of, the CCO’s annual review of the compliance program.
Executive Support
Compliance must be adequately resourced and woven into all facets of the advisers’ business to be effective. The best compliance departments analyze risk, work with business units to promulgate appropriate policies and procedures, educate employees about the policies and procedures, and rigorously test controls to measure effectiveness. However, even the most knowledgeable CCO cannot analyze risks of which he is unaware, promulgate appropriate policies and procedures without business unit input and cooperation, or provide effective training to employees who are unengaged or uninterested. Nor can he ensure an effective compliance program if he lacks adequate resources to conduct proper diagnostics, promulgate appropriate policies and procedures training, and conduct proper testing. To be effective, the CCO, and through him, the compliance department, must be empowered, resourced, and have authority commensurate with its responsibilities. All of which requires executive support.
The SEC itself has identified the lack of executive sponsorship as a major source of compliance deficiencies. For example, in its November 19, 2020 Risk Alert, the SEC’s Office of Compliance Inspection and Examinations specifically called out inadequate compliance resources and the marginalizing of the CCO as among the notable compliance deficiencies identified in its exams. Examples of the former included advisers appointing dual hatted or outside CCOs who did not devote sufficient time to their CCO obligations and advisers who failed to provide adequate compliance staff and resources. Examples of the latter included advisers that limited the CCO from accessing critical compliance information, advisers that limited their CCO’s interaction with senior management, and advisers that limited CCO consultation with senior management and other employees about matters that had potential compliance implications.
To have an effective compliance program, an adviser’s senior management (CEO or COO) must take an active interest in and sponsor the compliance department and ensure that the adviser:
1. appoints a CCO with the time, education, and experience to effectively manage the compliance program;
2. gives the CCO actual status and authority within the organization commensurate with the CCO’s responsibilities;
3. adequately staffs and resources the compliance staff based on the adviser’s size and complexity;
4. integrates the CCO and compliance staff into all facets of the adviser’s business; and
5. makes compliance everyone’s business.
Peter Driscoll, the Director of OCIE, summed up the importance of executive sponsorship in his remarks to the National Investment Adviser/Investment Company Compliance Outreach 2020: “[w]ithout a culture that truly values the CCO, supported by a sincere ‘tone at the top’ by senior management, a firm stands to lose the hard-earned trust of its clients, investors, customers and other key stakeholders. As the Commission stated, CCOs should be empowered, senior and have authority, but CCOs should not and cannot do it alone and should not and cannot be responsible for all compliance failures.” (Emphasis in original).
In short, the CCO should be (and be seen throughout the organization as) a full member of the executive management team, with clear lines of communication to the adviser’s ultimate decision-makers. Without such support, even the best CCO will be unable to implement an effective compliance program.
Conclusion
Fund sponsors, like all investment advisers, are fiduciaries operating in a highly regulated industry, and the SEC is an informed and vigorous regulator that can and does impose significant punishment for wrongdoing. Fortunately, an effective compliance program will avoid most compliance issues and minimize the negative consequences of any violations that do occur. With the appointment of a new SEC chairman with a reputation for vigorous enforcement, every fund sponsor should critically examine whether their compliance program is effective. Senior management should carefully evaluate whether their CCO is knowledgeable, focused, empowered, and has sufficient status and authority within the organization to create and oversee an effective compliance program; whether the compliance department is adequately resourced given the advisers’ business; and whether senior management is fostering a culture of compliance at the adviser. CCOs, in turn, should critically examine their compliance program to determine whether all the components of an effective compliance program are in place and whether they have adequate skills and resources to effectively implement the compliance program. Deficiencies should be addressed immediately to avoid adverse SEC action.
About Eric Rubenfeld
Eric Rubenfeld is a partner in Fragner, Seifert Pace & Winograd, a boutique law firm serving the legal needs of institutional real estate investors. Mr. Rubenfeld specializes in advising private equity real estate funds on all aspects of their business, including operational and transactional matters (including joint-ventures, financings, asset acquisitions and dispositions, fund formation and fund raising), dispute resolution, and regulatory compliance. Mr. Rubenfeld draws on 26 years of experience as a former principal, general counsel and CCO at multiple alternative investment firms and at top international law firms to deliver business savvy and cost-effective legal service to his clients.
Before returning to private law practice with FSPW in 2017, Mr. Rubenfeld spent over a decade as the general counsel and chief compliance officer of multiple multi-billion-dollar institutional investment advisors specializing in private and public equity investments in real estate and corporate debt and equity. In addition to handling legal and compliance matters, Mr. Rubenfeld also managed HR and risk management and served on the management, investment, valuation and risk and conflict committees.
Mr. Rubenfeld began his legal career practicing corporate law and litigation in New York City and Washington, D.C., including stints at Fried, Frank, Harris, Shriver & Jacobson and Arnold & Porter. Mr. Rubenfeld advised leading financial institutions, including Goldman Sachs, Morgan Stanley, Merrill Lynch and J.P. Morgan, in connection with their securities and structured product offerings and represented private and public companies in litigation in both federal and state courts.
Mr. Rubenfeld earned his J.D., cum laude, from the Harvard Law School in 1995 and his B.A., magna cum laude and with college and departmental honors, from UCLA in 1991.
Mr. Rubenfeld recently:
? Represented a private equity fund in assembling and financing $300+ million data center portfolio in the United States and Canada
? Represented a private equity fund in $200 million of secured, property financings
? Represented a private equity fund in a $75 million shopping center construction loan
? Represented a private equity fund in $50 million subscription credit facility
? Represented a private equity fund in final fund closing and restructuring
? Represented an institutional real estate investor in a $25 million unsecured senior credit facility
? Advised a founding partner of private equity firm in a business control dispute
? Represented a private equity fund in fund formation and operations, co-investment formation and operations, and regulatory compliance
Eric Rubenfeld Contact Information
1860 Bridgegate Street,
Westlake Village, CA 91361
Tel: 805-409-9427
About Fragner Seifert Pace & Winograd, LLP
Fragner Seifert Pace & Winograd, LLP was formed over a decade ago to fulfill a simple goal: to provide the highest quality legal services while maximizing the value the firm adds to its clients’ business affairs. All of us at FSPW strive to be as efficient as possible, using common sense approaches that benefit our clients on an immediate, short term and long-term basis. FSPW represents start-up, growing and mature businesses in all types of commercial transactions.