Ethical conduct can and should be held up as a hallmark of the financial services industry. While the U.S. Congress saw fit to regulate registered investment advisers with the Investment Advisers Act of 1940, it wasn’t until more than 60 years later that the SEC started requiring an investment adviser code of ethics.

Enacted in 2005 following a litany of “enforcement actions against advisers or their personnel alleging violations of their fiduciary obligations to clients,” SEC rule 204A-1 lays out what an investment adviser code of ethics should include.

Given recent SEC risk alerts and enforcement actions, it’s clear some RIA firms are still missing the mark, and many of you may be looking for guidance on how to meet investment adviser code of ethics requirements. Well, look no further. Here, we’ll dive into the details and provide insight on how to stay out of the crosshairs of the SEC.

The Importance of Code Compliance

Generally, most everyone in our business understands the need to be ethical, particularly RIAs, which are heavily regulated. A code of ethics simply formalizes a firm’s expectations of behavior and compliance with regulatory requirements.

Every code must list “a standard of business conduct that the adviser requires of all its supervised persons.” But that’s just one of the minimum requirements. What if you don’t include all the required provisions, put distinct thought into your firm’s specific code, and continue to give it attention? You run the risk of disciplinary action—and who wants clients to read your firm’s name next to “failure to abide by its code of ethics” in an SEC press release?

Fortunately, reviews of deficiencies recently cited by the SEC can help firms avoid such a fate. The regulator’s December 2022 enforcement action against Two Point Capital Management, for example, is a fascinating read. In seven pages, the SEC staff excoriated the investment management firm for lacking a compliance program and for adopting a code of ethics, word for word, from an irrelevant trade organization.

According to the SEC, the code was missing all five of rule 204A-1’s minimum requirements:

1. Standard(s) of business conduct that the adviser requires of all its supervised persons that reflect the adviser’s fiduciary obligations and those of its supervised persons.

2. Provisions requiring supervised persons’ compliance with applicable federal securities laws.

3. Provisions requiring access persons to report, and the adviser to review, their personal securities transactions and holdings periodically.

4. Provisions requiring supervised persons to promptly report any violations of the code of ethics to the chief compliance officer (CCO) or another designated person.

5. Provisions requiring the adviser to provide each supervised person with a copy of the code of ethics and any amendments and requiring the supervised persons to provide the adviser with a written acknowledgment of their receipt of the code and any amendments.

Let’s take a deeper look at these rule 204A-1 requirements and what your firm’s code should include.

Standard of Conduct

A firm’s business conduct standard “must reflect the adviser’s fiduciary obligations . . . and must require compliance with the federal securities laws.” Generally speaking, this means a code’s introduction should state that the adviser and associated persons owe a fiduciary duty to the firm’s clients and briefly explain what that means.

Compliance with Securities Laws

The code should also include a statement that the activities of the adviser and personnel are governed by the Investment Advisers Act, the act’s rules and regulations, and similar federal and state rules. You may also want to add a general statement about expecting employees to engage in practices like basic honesty, good judgment, and professional integrity.

Disclosures of Personal Securities Transactions and Holdings

Disclosures are the meat and potatoes of any investment adviser code of ethics. These reporting and review provisions are meant to ensure that clients’ interests always come first when managing portfolios.

To do this, RIA firms need to collect:

1. A report from each “access person” (defined as any supervised person either who has access to nonpublic information related to clients’ purchase or sale of securities or who is involved in or has knowledge of securities recommendations made to clients) of all of their personal securities accounts and holdings within 10 days of employment and at least annually.

2. A quarterly report of all transactions executed in accounts belonging to access persons no later than 30 days after the previous quarter’s end.

Once this information is received, it must be reviewed and compared against holdings and transactions in client accounts to identify and remedy any conflicts of interest.

There are many ways to conduct these trade reviews. At the very least, you’ll need to look for situations where clients purchasing or selling the same security on the same day as an associated person received a materially worse price. The client should be made whole (i.e., the trade rebooked at the same price received by the associated person and any fees or market action costs borne by the firm), and any reimbursements made should be well-documented as to the reasons why.

For restricted lists, watch lists, or blackout periods, trades in related accounts must be reviewed to ensure adherence to those requirements. This issue was called out in a 2022 SEC risk alert about deficiencies and weaknesses noted in investment advisers’ code of ethics.

Also worth noting: All firms need a documented and repeatable process for such reviews that can be shown during an SEC examination, if necessary. This requirement can be more challenging for smaller firms, but they, too, must take reasonable steps to ensure that another person in the firm reviews the primary trade reviewer’s personal trades.

Finally, this code section must include a requirement for supervised persons to receive approval before participating in an IPO or limited offering. Given the nature of these offerings and the potential for conflicts of interest between the firm and clients during such events, you may want to prohibit associated persons from participating in these offerings entirely.

Reporting of Code Violations

Requiring staff to report any code violations to the firm’s CCO (or designee) is perhaps the most uncomfortable requirement of rule 204A-1 in real-life situations. But the requirement underscores the basis of ethical conduct and the high standard we must adhere to in our industry.

Firm personnel must “feel safe to speak freely” about any code violations under rule 204A-1 requirements. So, carefully consider your methods for reporting problems. You may want to include anti-retaliation language in the code itself and consider whether creating a set schedule of penalties for code violations makes sense. This can be a fair way of imposing penalties regardless of a violator’s status at the firm.

Receipt of the Code

This requirement is the most straightforward. Similar to other processes, your method of acknowledging receipt of the code from each supervised person should be documented and repeatable, as well as automated as much as possible.

“What Am I Forgetting?”

I get this question often from RIA firms, and it’s a good one to ask. When developing and managing an investment adviser code of ethics, some areas that raise potential conflicts of interest are not specifically listed in rule 204A-1. Working with compliance consulting experts can bring to light pertinent issues—it’s something our RIA Compliance Consulting team does every day with our affiliated advisors.

This process can help you think through which ones should be included in your code, such as the following:

Do you have outside business activities that need to be addressed? Activities like serving on a nonprofit board or selling fixed insurance products are ubiquitous in our industry and mostly harmless at face value. Yet even common activities can present potential conflicts of interest that need monitoring.

For example, serving as both a board member and financial advisor for a nonprofit brings about several potential conflicts, such as the advisor having control of organizational funds and directing them to an account they manage without the rest of the board knowing. Similarly, the sale of fixed insurance products lies outside the scope of an advisor’s fiduciary duty. Is the sale of such products in the client’s best interest, or is the advisor generating the highest possible commission income via this activity and potentially subjecting the firm to negative attention?

While these are extreme examples and not typical of most advisors’ behavior, firms should mitigate these risks and potential conflicts by implementing a review and approval process for outside business activities. Including conditions on approvals helps address obvious risks or conflicts resulting from the advisor’s engagement in the activity.

What’s your policy for gifts and entertainment? Providing or accepting gifts or entertainment from clients or prospects is an obvious source of potential conflicts. For this reason, firms should consider crafting a policy requirement to report gifts given or received over a de minimis amount ($250 is a reasonable guideline, but your limit should reflect your firm and clientele).

Also, consider instituting policies and procedures to ensure that, for example, the receipt of gifts does not result in the advisor providing preferential treatment to the gift giver and that gifts aren’t being provided to resolve a customer complaint outside of the firm’s established process.

What happens if material nonpublic information is used? As noted in rule 204A-1, the potential receipt and misuse of material nonpublic information is an important ethical issue for RIAs and their personnel. Firms should consider including language in their code that specifically prohibits using such information when making trading decisions and require supervised persons to report the receipt and suspected use of such information to the CCO.

Formalizing Your Firm’s Ethics

Ethics for RIAs is not an abstract concept. In a very real sense, an effective code of ethics forms the basis for a firm’s culture. For that reason (not to mention rule 204A-1 specifically requires it), firms must devote the necessary thought, time, and resources to developing and enforcing a clear code and ensuring that it’s tailored to the specific nature of their investment advisory business. By doing so, you will be in compliance with SEC regulations and on the right path to meeting your fiduciary obligations to clients.