A. In adopting compliance and supervisory policies and procedures, firms should set as their goal the development of a set of policies and procedures that are sufficiently tailored to the firms' business and that are sufficiently specific in nature to be an effective tool that firm management and personnel can, and will, refer to when conducting business on behalf the firm.

B. Effective supervisory procedures will typically:

1. identify the responsible supervisor by name or title;
2. identify the supervisory review or audit to be conducted by the supervisor;
3. state when such supervisory review or audit must be conducted (ideally, such timing should be stated specifically and should not simply state that the review or audit will be conducted "periodically" or "when necessary") and
4. identify the record to be created to evidence that the supervisory review or audit has been conducted.

C. Registered investment advisers are required to adopt written policies and procedures reasonably designed to prevent violations of the applicable securities laws and regulations by the adviser or any of its supervised persons. The firm policies and procedures should, at a minimum, address the following (if applicable):

1. portfolio management processes, including allocation of investment opportunities and consistency with investor goals, adviser disclosure, and applicable regulatory restrictions;
2. trading practices;
3. proprietary trading of the adviser and personal trading of supervised persons;
4. accuracy of public disclosures;
5. safeguarding client assets from inappropriate use;
6. recordkeeping and document retention policies;
7. marketing advisory services;
8. processes to value client holdings and assess fees based on such valuations;
9. client privacy safeguards, and
10. business continuity plans.

D. Advisers must assess the adequacy and effectiveness of their compliance programs at least annually. Suggested guidelines for conducting the annual review include:

1. Identify the person or persons who will be responsible for conducting the review.
2. Examine the business conducted by the firm as of the date of the review and consider whether any differences in the firm's business have triggered new or different legal or regulatory requirements.
3. Review the legal and regulatory requirements that apply to the business conducted by the firm at the time of the review to determine whether new or additional legal and regulatory requirements apply to the firm's business.
4. Identify all potential conflicts of interest.
5. Assess whether the firm's compliance supervisory procedures continue to be reasonable in light of any changes to the firm's business and/or applicable legal and regulatory requirements and assess whether the firm's policies and procedures were implemented as designed.
6. Revise and amend existing policies and procedures, as necessary.
7. Document the annual review.

E. Recordkeeping

1. Maintain either in a paper or electronic form, copies of all policies and procedures currently in effect or that have been in effect in the last five years;
2. Records documenting the annual review.

F. Outsourcing

1. If an adviser considers outsourcing, senior management should conduct an evaluation of whether the activity is appropriate for outsourcing after considering factors, including, but not limited to:
1. the financial, reputational and operational impact if the third party service provider fails to perform;
2. the impact on the ability to provide adequate client service; and
3. the adviser’s ability to conform with regulatory requirements and changes in those requirements.
2. Maintain written procedures to determine the proficiency of service providers, whether outsourced business functions were properly monitored, and whether the investment adviser is in compliance with applicable regulations pertaining to the privacy of customer information in connection with such outsourcing arrangements.
3. Outsourcing relationships should be governed by written contracts.
1. Contract should clearly define what activities are going to be outsourced;
2. The contract should neither prevent nor impede the regulated entity from meeting its respective regulatory obligations, nor the regulator from exercising its regulatory powers;
3. The adviser must ensure it has the ability to access all books, records and information relevant to the outsourced activity;
4. The contract should provide for the continuous monitoring and assessment by the adviser of the service provider so that any necessary corrective measures can be taken immediately;
5. A termination clause and minimum periods to execute a termination provision, if deemed necessary, should be included. Such a clause should include provisions relating to the insolvency or other material changes in the corporate form, and clear delineation of ownership of intellectual property following termination, including transfers of information back to the regulated entity and other duties that continue to have an effect after the termination of the contract;
6. Material issues unique to the outsourcing arrangement should be meaningfully addressed. For example, choice-of-law provisions and agreement covenants and jurisdictional covenants that provide for adjudication of disputes between the parties under the laws of a specific jurisdiction;
7. The contract should include, where appropriate, conditions of subcontracting by the third-party service provider for all of part of an outsourced activity.