Rule 206(4)‑7 under the Investment Advisers Act of 1940 requires any investment adviser registered with the SEC to adopt and implement written policies and procedures reasonably designed to prevent violation of the federal securities laws; review those policies and procedures annually for their adequacy and the effectiveness of their implementation; and designate a CCO to be responsible for administering the policies and procedures. The SEC has also made clear that it expects an adviser’s compliance program to be tailored to its specific operations, infrastructure and investment strategy. To comply with Rule 206(4)‑7 and meet the SEC’s expectations, a fund manager must identify the various risks it faces and then design its compliance program to eliminate, mitigate or control those risks. Thus, although Rule 206(4)‑7 does not expressly require risk assessments, as a practical matter, an assessment is necessary for a fund manager to ensure its compliance program is appropriately tailored and effective. This article explains why and when fund managers should conduct risk assessments; who should be involved in the assessment process; how to use a risk assessment template; and what the next steps should be after the assessment. The article also contains a downloadable risk assessment template created for use by both outside counsel and in-house GCs and CCOs at fund managers. See “How CCOs Can Use a Sample OCIE Information Request Letter to Improve Their Compliance Programs
” (Jan. 28, 2020).