Statutes, codes, and regulations
Colorado Administrative Code
Department 700 - Department of Regulatory AgenciesDivision 704 - Division of SecuritiesRule 3 CCR 704-1 - RULES UNDER THE COLORADO SECURITIES ACT
Chapter 4(IA) - NOTICE FILING FROM FEDERAL COVERED ADVISERS. LICENSING OF INVESTMENT ADVISERS AND INVESTMENT ADVISER REPRESENTATIVES
Section 3 CCR 704-1-51-4.12(IA) - Investment Adviser Written Policies and Procedures

3 Colo. Code Regs. § 704-1-51-4.12(IA)

Download
PDF
Current through Register Vol. 47, No. 20, October 25, 2024
Section 3 CCR 704-1-51-4.12(IA) - Investment Adviser Written Policies and Procedures
A. It is unlawful for an investment adviser licensed or required to be licensed pursuant to 11-51- 401(1.5), C.R.S. to provide investment advice to clients unless the investment adviser establishes, maintains, and enforces written policies and procedures tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser. The written policies and procedures must provide for at least the following:
1. Compliance Policies and Procedures. The investment adviser must establish, maintain, and enforce written compliance policies and procedures reasonably designed to prevent violations by the investment adviser of the Act and the rules that the Commissioner has adopted under the Act;
2. Supervisory Policies and Procedures. The investment adviser must establish, maintain, and enforce written supervisory policies and procedures reasonably designed to prevent violations by the investment adviser's supervised persons of the Act and the rules that the Commissioner has adopted under the Act;
3. Physical Security and Cybersecurity Policies and Procedures. An investment adviser must establish and maintain written procedures reasonably designed to ensure physical security and cybersecurity.
a. In determining whether the cybersecurity procedures are reasonably designed, the Commissioner may consider:
i. The firm's size;
ii. The firm's relationships with third parties;
iii. The firm's policies, procedures, and training of employees with regard to cybersecurity practices;
iv. Authentication practices;
v. The firm's use of electronic communications;
vi. The automatic locking of devices that have access to Confidential Personal Information; and
vii. The firm's process for reporting of lost or stolen devices;
b. An investment adviser must include physical security and cybersecurity as part of its risk assessment.
c. To the extent reasonably possible, the cybersecurity procedures must provide for:
i. An annual assessment by the firm or an agent of the firm of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of Confidential Personal Information;
ii. The use of secure email containing Confidential Personal Information, including use of encryption and digital signatures;
iii. Authentication practices for employee access to electronic communications, databases and media;
iv. Procedures for authenticating client instructions received via electronic communication; and
v. Disclosure to clients of the risks of using electronic communications
d. Privacy Policy. The investment adviser must deliver upon the investment adviser's engagement by a client, and on an annual basis thereafter, a privacy policy to each client that is reasonably designed to aid in the client's understanding of how the investment adviser collects and shares, to the extent permitted by State and Federal law, non-public personal information. The investment adviser must promptly update and deliver to each client an amended privacy policy if any of the information in the policy becomes inaccurate.
4. Code of Ethics.
a. The investment adviser must establish, maintain, and enforce a written code of ethics that, at a minimum, includes:
i. A standard (or standards) of business conduct that the investment adviser requires of its supervised persons, which must reflect the investment adviser's fiduciary obligations and those of its supervised persons;
ii. Provisions requiring the investment adviser's supervised persons to comply with applicable State and Federal securities laws;
iii. Provisions requiring all of the investment adviser's access persons to report, and the investment adviser to review, their personal securities-transactions and holdings periodically as provided below;
iv. Provisions requiring supervised persons to report any violations of the investment adviser's code of ethics promptly to its chief compliance officer or, provided the investment adviser's chief compliance officer also receives reports of all violations, to other persons designated in the investment adviser's code of ethics; and
v. Provisions requiring the investment adviser to provide each of its supervised persons with a copy of the investment adviser's code of ethics and any amendments, and requiring the investment adviser's supervised persons to provide it with a written acknowledgment of their receipt of the code and any amendments.
b. Holdings reports. The code of ethics must require the investment adviser's access persons to submit to its chief compliance officer or other persons designated in the investment adviser's code of ethics a report of the access person's current securities holdings that meets the following requirements:
i. Content of holdings reports. Each holdings report must contain, at a minimum:
1. The title and type of security, and as applicable the exchange ticker symbol or CUSIP number, number of shares, and principal amount of each reportable security in which the access person has any direct or indirect beneficial ownership;
2. The name of any broker, dealer, or bank with which the access person maintains an account in which any securities are held for the access person's direct or indirect benefit; and
3. The date the access person submits the report.
ii. Timing of holdings reports. The investment adviser's access persons must each submit a holdings report:
1. No later than 10 days after the person becomes an access person, and the information must be current as of a date no more than 45 days prior to the date the person becomes an access person.
2. At least once each 12-month period thereafter on a date selected by the investment adviser, and the information must be current as of a date no more than 45 days prior to the date the report was submitted.
c. Transaction reports. The code of ethics must require access persons to submit to the investment adviser's chief compliance officer or other persons designated in the investment adviser's code of ethics quarterly securities transactions reports that meet the following requirements:
i. Content of transaction reports. Each transaction report must contain, at minimum, the following information about each transaction involving a reportable security in which the access person had, or as a result of the transaction acquired, any direct or indirect beneficial ownership:
1. The date of the transaction, the title, and as applicable the exchange ticker symbol or CUSIP number, interest rate and maturity date, number of shares, and principal amount of each reportable security involved;
2. The nature of the transaction (i.e., purchase, sale or any other type of acquisition or disposition);
3. The price of the security at which the transaction was effected;
4. The name of the broker, dealer, or bank with or through which the transaction was effected; and
5. The date the access person submits the report.
d. Timing of transaction reports. Each access person must submit a transaction report no later than 30 days after the end of each calendar quarter, which report must cover, at a minimum, all transactions during the quarter.
e. Exceptions from reporting requirements. The investment adviser's code of ethics need not require an access person to submit:
i. Any report with respect to securities held in accounts over which the access person had no direct or indirect influence or control;
ii. A transaction report with respect to transactions effected pursuant to an automatic investment plan in which regular periodic purchases or withdrawals are made automatically in or from investment accounts in accordance with a predetermined schedule and allocation, including a dividend reinvestment plan;
iii. A transaction report if the report would duplicate information contained in broker trade confirmations or account statements that the investment adviser holds in its records so long as the investment adviser receives the confirmations or statements no later than 30 days after the end of the applicable calendar quarter.
f. Pre-approval of certain investments. The investment adviser's code of ethics must require its access persons to obtain the investment adviser's approval before they directly or indirectly acquire beneficial ownership in any security in an initial public offering or in a limited offering.
g. Small advisers. If the investment adviser has only one access person, it is not required to submit reports to itself or to obtain its own approval for investments in any security in an initial public offering or in a limited offering, if the investment adviser maintains records of all of its holdings and transactions that this section would otherwise require the investment adviser to report.
5. Material Non-Public Information Policy and Procedures. The investment adviser must establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, non-public information by the investment adviser or any person associated with the investment adviser.
6. Business Continuity and Succession Plan. The investment adviser must establish, maintain, and enforce written policies and procedure relating to a business continuity and succession plan. The plan must provide for at least the following:
a. The protection, backup, and recovery of books and records.
b. Alternate means of communications with customers, key personnel, employees, vendors, service providers (including third-party custodians),and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.
c. Office relocation in the event of temporary or permanent loss of a principal place of business.
d. Assignment of duties to qualified responsible persons in the event of the death or unavailability of key personnel.
e. Otherwise minimizing service disruptions and client harm that could result from a sudden significant business interruption.
B. Annual review. The investment adviser must review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation.
C. Chief Compliance Officer. The investment adviser must designate a supervised person as the chief compliance officer responsible for administering the investment adviser's policies and procedures.
D. Definitions. As used in this rule, the following terms mean:
1. "Access person" means:
a. Any of the investment adviser's supervised persons:
i. Who has access to non-public information regarding any client's purchase or sale of securities, or non-public information regarding the portfolio holdings of any reportable fund, or
ii. Who is involved in making securities recommendations to clients, or who has access to such recommendations that are non-public.
b. If providing investment advice is the investment adviser's primary business, all of its directors, officers and partners are presumed to be access persons.
2. "Chief compliance officer" means a supervised person with the authority and resources to develop and enforce the investment adviser's policies and procedures. The individual designated to serve as chief compliance officer must be registered as an investment adviser representative and must have the background and skills appropriate for fulfilling the responsibilities of the position.
3. "Federal securities laws" means the Securities Act of 1933 (15 U.S.C. 77a -aa), the Securities Exchange Act of 1934 (15 U.S.C. 78a -mm), the Investment Company Act of 1940 (15 U.S.C. 80a), the Investment Advisers Act of 1940 (15 U.S.C. 80b), title V of the Gramm-Leach-Bliley Act (Pub. L. 106-102, 113 Stat. 1338 (1999), the Sarbanes-Oxley Act of 2002 (Pub. L. 107-204, 116 Stat. 745 (2002)), any rules adopted by the U.S. Securities and Exchange Commission under any of these statutes, the Bank Secrecy Act (31 U.S.C. 5311-5314; 5316-5332) as it applies to funds and investment advisers, and any rules adopted thereunder by the U.S. Securities and Exchange Commission or the U.S. Department of the Treasury.
4. "Fund" means an investment company registered under the Investment Company Act.
5. "Initial public offering" means an offering of securities registered under the Securities Act of 1933 (15 U.S.C. 77a), the issuer of which, immediately before the registration, was not subject to the reporting requirements of sections 13 or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m or 78o(d)).
6. "Limited offering" means an offering that is exempt from registration under the Securities Act of 1933 pursuant to section 4(2) or section 4(5) (15 U.S.C. 77d(2) or 77d(5)) or pursuant to §§230.504, 230.505, or 230.506 of this chapter.
7. "Material, nonpublic information" is material information that has not been disseminated in a manner making it available to investors generally. Information is material when it is substantially likely that the information would be important to a reasonable investor making an investment decision or is likely to have a significant impact on valuation.
8. "Purchase or sale of a security" includes, among other things, the writing of an option to purchase or sell a security.
9. "Reportable security" means a security as defined in section 202(a)(18) of the Securities Act of 1933 (15 U.S.C. 80b-2(a)(18)), except that it does not include:
a. Direct obligations of the Government of the United States;
b. Bankers' acceptances, bank certificates of deposit, commercial paper and high quality short-term debt instruments, including repurchase agreements;
c. Shares issued by money market funds;
d. Shares issued by open-end funds other than reportable funds; and
e. Shares issued by unit investment trusts that are invested exclusively in one or more open-end funds, none of which are reportable funds.
10. "State securities laws" means all applicable state securities statutes, rules, and regulations, including, without limitation, the registration, permit or qualification requirements thereunder and the Protection of Vulnerable Adults from Financial Exploitation Act at 11-51-1001, C.R.S.
11. ''Supervised person'' means any partner, officer, director (or other person occupying a similar status or performing similar functions), or employee of an investment adviser, or other person who provides investment advice on behalf of the investment adviser and is subject to the supervision and control of the investment adviser. The definition includes investment adviser representatives, employees, independent contractors, or other associated persons and supervised personnel, or other person acting on the behalf of the investment adviser.

3 CCR 704-1-51-4.12(IA)

38 CR 01, January 10, 2015, effective 1/30/2015
38 CR 08, April 25, 2015, effective 6/1/2015
38 CR 18, September 25, 2015, effective 10/15/2015
39 CR 01, January 10, 2016, effective 1/30/2016
40 CR 01, January 10, 2017, effective 1/30/2017
40 CR 12, June 25, 2017, effective 7/15/2017
41 CR 13, July 10, 2018, effective 7/31/2018
43 CR 05, March 10, 2020, effective 3/30/2020
46 CR 05, March 10, 2023, effective 3/30/2023