The private fund clients we work with are often excused from full registration as investment advisers (“RIAs”) with the SEC. But, most of them are still required to file with the SEC as “exempt reporting advisers” (“ERAs”), usually under the venture capital exemption, though sometimes additionally or exclusively under the small private fund adviser exemption. We are often asked, “what policies do I need to have as an ERA?”, so let’s tackle that.
A couple distinctions are important to start with. First, as noted above, this post is tailored to ERAs. RIAs have more robust requirements and need to address additional policy considerations. Second, it’s highly important to make the distinction between, in the first place, policies that are driven due to the nature of the ERA’s involvement in the investment fund business, and in the second place, requirements for employment-related policies. That latter category is broad, and is not the subject of this post. Nevertheless, care should be taken to maintain awareness of the latter. While there are federal law considerations on the employment side (think ADEA and COBRA), mostly the need in this area arises under state law, and thus what is required varies considerably from place to place. In California, for example, employers with 5 or more employees need to have a written anti-harassment policy. A fund manager with employees, like any other business, should take care to consult with legal professionals to ensure compliance with these matters. At Cooley, we have employment lawyers trained specifically to address the special needs to venture capital and other fund managers. So let’s be clear – this post only focuses on half of the consideration you need to make.
With these distinctions in mind, we get back to the question at hand. As related to the fund business, in our view, ERAs need have in place only two written policies as a mandatory legal matter (though as we will address momentarily, even if not strictly required, as a matter of good business, it may be beneficial to have additional voluntary policies set in place). The first requirement is to have an insider trading policy, which is mandated by the SEC for all managers, including ERAs. The scope of the insider trading policy is not defined by statute. The goal however should be to help the firm (and its personnel) avoid violations of applicable law. This policy is inward facing to the firm only and often part of a broader overall policy suite, discussed further below. The second is to establish and promulgate a privacy policy consistent with the Gramm-Leach-Bliley Act. This is a statutory requirement enforced by the FTC. The scope of the policy is spelled out in the GLB Act and related guidance. The privacy policy is outward facing, meaning it is something you communicate with certain investors. It is often found in relevant subscription agreements. (On the topic of privacy, make certain to keep abreast of the GDPR in Europe, discussed in another recent post).
In answering the question of what policies are legally mandated for an ERA venture capital fund manager, that’s the extent of it as we see it (a note for the record: there is a little practitioner disagreement over the legal requirement for a couple of policies we call out below as optional, such as an information security policy; we’ll set this aside for this discussion). Despite the lack of a broad legal requirement, very few venture capital managers we work with stop there. Usually, they inquire about and find value in setting in place a variety of additional policies in what we would frame generally as an “optional policy suite.” The best practice if doing so, for various legal reasons, is to do so in writing and have everyone in the organization sign the policy, and then re-sign it annually.
What might be in such an optional policy suite? There are three underlying categories that drive these options policies in our experience. I’ll call them out, and mention a few examples of each.
First, certain voluntary policies may serve to support compliance with various laws, rules and regulations. Examples would be policies about complying with the Foreign Corrupt Practices Act (FCPA), anti-money laundering and “pay to play” laws. All of these represent legal areas in which an ERA fund manager (or, at least, one subject to U.S. jurisdiction) must ensure compliance, though, a policy per se is not required. Yet, fund managers often find it additive to set out in writing for staff a specific policy which spells out the applicable laws, the procedures to be followed and the “never do this” elements applicable. In other words, while one might not legally be required to have an FCPA policy, if all personnel are in fact required to follow that law, and if the consequences to the organization of not doing so are severe, why not call this out to those personnel by way of a policy that increases their awareness of the issues, and thus may serve to decrease the chance for violating the law?
Second, certain voluntary policies may be promulgated to satisfy investor demands. Examples would be policies about socially responsible investing, as well as anti-harassment policies (which as noted above, may be legally required in some states under local employment laws). In this area, there have been a lot of investor questions and requests during due diligence of late. It can be the case that media attention to a certain subject matter (lately, think anti-harassment) causes a flurry of questions by investors about what funds are doing about the applicable issue. Many venture capital managers we work with find it very helpful to be able to point to a policy on these sorts of issues, as opposed to the alternative which is to say, “we don’t have a policy” and perhaps start to explain that having one isn’t legally mandated in the first place. Policies in this area often represent things that fund managers stand fully behind, anyway, and as such may not be things that cause any heartburn to adopt formally. For example, a social investment policy that lays out formally the fund manager’s opposition to forced child labor may reflect no real change in behavior that would have been supported even without the policy in place.
Third, certain policies may serve to assist the fund manager with compliance with fund level covenants or to protect the organization generally. Examples would be policies about trading in fund opportunities or in actual portfolio companies (both of which are frequently regulated in fund agreements), non-disparagement, or proprietary information (these latter two generally protecting the organization from improper behavior).
While the actual policies vary case-by-case given a variety of factors, the take-away here is that most ERA regulated venture capital managers we work with go far above and beyond the level of legal requirement in this area. The general recommendation we have is to discuss a policy suite with us and let us guide you through the considerations needed to come to a determination about enacting some slate of voluntary policies. Most fund managers we work with that do so seem to be better positioned to adhere to law, respond to due diligence from investors and in general create a culture of compliance.