Okla. Admin. Code § 660:11-7-46

Current through Vol. 42, No. 4, November 1, 2024
Section 660:11-7-46 - Written policies and procedures
(a)Required written policies and procedures. It is unlawful for an investment adviser registered or required to be registered under section 1-403 of the Securities Act to provide investment advice to clients unless the investment adviser establishes, maintains, and enforces written policies and procedures tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser. The written policies and procedures must provide for at least the following:
(1)Compliance Policies and Procedures. The investment adviser must establish, maintain, and enforce written compliance policies and procedures reasonably designed to prevent violations by the investment adviser of the Act and the rules that the Administrator has adopted under the Act;
(2)Supervisory Policies and Procedures. The investment adviser must establish, maintain, and enforce written supervisory policies and procedures reasonably designed to prevent violations by the investment adviser's supervised persons of the Act and the rules that the Administrator has adopted under the Act. The following standards shall apply to supervisory procedures:
(A) Regardless of its size or complexity, every investment adviser registered or required to be registered under the Securities Act must adopt and implement supervisory procedures that are tailored specifically to their business and must address the activities of all its investment adviser representatives and associated persons. Supervisory procedures must be in writing and must be reasonably designed to achieve compliance with applicable securities laws and the rules adopted under the Securities Act. Ultimate responsibility for supervision rests with the investment adviser.
(B) Written supervisory procedures must identify who has supervisory responsibilities, a record of each associated person who has supervisory responsibilities and the date assigned, and procedures for each business line and applicable securities laws for which each supervisor is responsible.
(C) All written supervisory procedures should specifically identify the individual to perform a supervisory function; what specifically the supervisor will review; when or how often the review will take place and how the supervisor's review will be documented.
(3)Proxy Voting.
(A) If the investment adviser has the authority to vote client securities, the investment adviser must:
(i) establish, maintain, and enforce written proxy voting policies and procedures that are reasonably designed to ensure that the investment adviser votes client securities in the best interest of clients, to include how the investment adviser addresses material conflicts that may arise between its interests and those of the investment adviser's clients;
(ii) disclose to clients how they may obtain information from the investment adviser about how it voted with respect to their securities: and
(iii) describe to clients the investment adviser's proxy voting policies and procedures and, upon request, furnish a copy of the policies and procedures to the requesting client.
(B) If the investment adviser does not have the authority to vote client securities, then disclose to clients that it does not have such authority.
(4)Physical security and cybersecurity policies and procedures. Every investment adviser registered or required to be registered shall establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information. The polices and procedures must be tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser.
(A) The physical security and cybersecurity policies and procedures must:
(i) Protect against reasonably anticipated threats or hazards to the security or integrity of client records and information;
(ii) Ensure that the investment adviser safeguards confidential client records and information; and
(iii) Protect any records and information the release of which could result in harm or inconvenience to any client.
(B) The physical security and cybersecurity policies and procedures must cover at least five functions:
(i)Identify. Develop the organizational understanding to manage information security risk to systems, assets, data, and capabilities;
(ii)Protect. Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services;
(iii)Detect. Develop and implement the appropriate activities to identify the occurrence of an information security event;
(iv)Respond. Develop and implement the appropriate activities to take action regarding a detected information and security event; and
(v)Recover. Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that are impaired due to an information security event.
(C) The investment adviser must review, no less frequently than annually, and modify, as needed, these policies and procedures to ensure the adequacy of the security measures and the effectiveness of their implementation.
(5)Privacy policy. The investment adviser must deliver upon the investment adviser's engagement by a client, and on an annual basis thereafter, a privacy policy to each client that is reasonably designed to prevent the misuse of material, non-public information by the investment adviser or any person associated with the investment adviser, and to aid in the client's understanding of how the investment adviser collects and shares, to the extent permitted by state and federal law, non-public personal information. The investment adviser must promptly update and deliver to each client an amended privacy policy if any of the information in the policy becomes inaccurate.
(6)Code of Ethics.
(A) The investment adviser must establish, maintain, and enforce a written code of ethics that, at a minimum, includes:
(i) A standard (or standards) of business conduct that the investment adviser requires of its supervised persons, which must reflect the investment adviser's fiduciary obligations and those of its supervised persons;
(ii) Provisions requiring the investment adviser's supervised persons to comply with applicable State and Federal securities laws;
(iii) Provisions requiring all of the investment adviser's access persons to report, and the investment adviser to review, their personal securities transactions and holdings periodically as provided below;
(iv) Provisions requiring supervised persons to report any violations of the investment adviser's code of ethics promptly to its chief compliance officer or, provided the investment adviser's chief compliance officer also receives reports of all violations, to other persons designated in the investment adviser's code of ethics; and
(v) Provisions requiring the investment adviser to provide each of its supervised persons with a copy of the investment adviser's code of ethics and any amendments, and requiring the investment adviser's supervised persons to provide it with a written acknowledgment of their receipt of the code and any amendments.
(B)Reporting Requirements.
(i)Holdings reports. The code of ethics must require the investment adviser's access persons to submit to its chief compliance officer or other persons designated in the investment adviser's code of ethics a report of the access person's current securities holdings that meets the following requirements:
(I)Content of holdings reports. Each holdings report must contain, at a minimum, the title and type of security, and as applicable the exchange ticker symbol or CUSIP number, number of shares, and principal amount of each reportable security in which the access person has any direct or indirect beneficial ownership; the name of any broker, dealer, or bank with which the access person maintains an account in which any securities are held for the access person's direct or indirect benefit; and the date the access person submits the report.
(II)Timing of holdings reports. The investment adviser's access persons must each submit a holdings report no later than 10 days after the person becomes an access person, and the information must be current as of a date no more than 45 days prior to the date the person becomes an access person and at least once each 12-month period thereafter on a date selected by the investment adviser, and the information must be current as of a date no more than 45 days prior to the date the report was submitted.
(ii)Transaction reports. The code of ethics must require access persons to submit to the investment adviser's chief compliance officer or other persons designated in the investment adviser's code of ethics quarterly securities transactions reports that meet the following requirements:
(I)Content of transaction reports. Each transaction report must contain, at a minimum, the following information about each transaction involving a reportable security in which the access person had, or as a result of the transaction acquired, any direct or indirect beneficial ownership: the date of the transaction, the title, and as applicable the exchange ticker symbol or CUSIP number, interest rate and maturity date, number of shares, and principal amount of each reportable security involved; the nature of the transaction (i.e., purchase, sale or any other type of acquisition or disposition); the price of the security at which the transaction was effected; the name of the broker, dealer, or bank with or through which the transaction was effected; and the date the access person submits the report.
(II)Timing of transaction reports. Each access person must submit a transaction report no later than 30 days after the end of each calendar quarter, which report must cover, at a minimum, all transactions during the quarter.
(iii)Exceptions from reporting requirements. The investment adviser's code of ethics need not require an access person to submit:
(I) any report with respect to securities held in accounts over which the access person had no direct or indirect influence or control;
(II) a transaction report with respect to transactions effected pursuant to an automatic investment plan in which regular periodic purchases or withdrawals are made automatically in or from investment accounts in accordance with a predetermined schedule and allocation, including a dividend reinvestment plan;
(III) a transaction report if the report would duplicate information contained in broker trade confirmations or account statements that the investment adviser holds in its records so long as the investment adviser receives the confirmations or statements no later than 30 days after the end of the applicable calendar quarter.
(iv)Pre-approval of certain investments. The investment adviser's code of ethics must require its access persons to obtain the investment adviser's approval before they directly or indirectly acquire beneficial ownership in any security in an initial public offering or in a limited offering.
(v)Small advisers. If the investment adviser has only one access person, it is not required to submit reports to itself or to obtain its own approval for investments in any security in an initial public offering or in a limited offering, if the investment adviser maintains records of all of its holdings and transactions that this section would otherwise require the investment adviser to report.
(7)Material Non-Public Information Policy and Procedures. The investment adviser must establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, non-public information by the investment adviser or any person associated with the investment adviser.
(8)Business continuity and succession plan. The investment adviser shall establish, maintain, and enforce written policies and procedures relating to a business continuity and succession plan that includes at least the following:
(A) the protection, backup, and recovery of books and records.
(B) alternate means of communications with clients; key personnel; employees; vendors; service providers, including third-party custodians; and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.
(C) office relocation in the event of temporary or permanent loss of a principal place of business.
(D) assignment of duties of qualified responsible persons in the event of the death or unavailability of key personnel.
(E) otherwise minimizing service disruptions and client harm that could result from a sudden significant business interruption.
(b)Annual review. The investment adviser must review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this Section and the effectiveness of their implementation.
(c)Chief Compliance Officer. The investment adviser must designate a supervised person as the chief compliance officer responsible for administering the investment adviser's policies and procedures.

Okla. Admin. Code § 660:11-7-46

Reserved at 21 Ok Reg 2532, eff 7-1-04
Amended by Oklahoma Register, Volume 37, Issue 24, September 1, 2020, eff. 11/1/2020
Amended by Oklahoma Register, Volume 39, Issue 24, September 1, 2022, eff. 9/15/2022