Code of Ethics and Personal Trading

You must adopt and enforce a written Code of Ethics that governs personal securities trading, including standards of conduct, access-person reporting of holdings and transactions, pre-clearance for certain trades, prohibitions on abusive trading, and annual certifications. For funds, the code also needs fund board approval. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Key takeaways:

• Put “access persons” at the center: define them, track them, and collect required reports and certifications. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Pre-clearance and restricted lists are operational controls, not policy text. Build workflow, ownership, and exception handling. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Evidence wins exams: maintain books and records that prove reporting, approvals, reviews, and escalation happened. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

“Code of ethics and personal trading” is not a single document requirement; it’s a control system that has to function every week. The SEC’s code-of-ethics rules require investment companies and investment advisers to adopt written codes that set standards of conduct and meaningfully control personal securities trading by people who can misuse nonpublic information or influence trading. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

For a CCO or GRC lead, the fast path is to treat this as a closed-loop lifecycle: identify access persons, define covered securities and accounts, require reporting, enforce pre-clearance where your code requires it, review and document exceptions, and certify annually. If you run a fund complex, board approval becomes a gating item and a recurring governance touchpoint. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

This page translates the requirement into an implementable program: what to write, what to operationalize, which artifacts to keep, what examiners typically test, and how to stand up the workflow quickly without creating a paper policy that no one follows.

Regulatory text

Regulatory excerpt (provided): “Investment companies and advisers must adopt codes of ethics addressing personal securities trading, including pre-clearance requirements and reporting obligations for access persons.” (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Operator interpretation: Your firm needs a written Code of Ethics that (1) sets standards of conduct, (2) controls personal trading risk through reporting and, where required by your code, pre-clearance, (3) prohibits abusive trading practices such as front-running, and (4) collects annual certifications. For registered funds, the code must be approved by the fund board. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Plain-English requirement: what the SEC expects you to be able to prove

Examiners are not looking for elegant prose. They test whether your program can reliably prevent, detect, and remediate conflicts between client/fund trading and employee personal trading. Your program should show four things:

1. Clear rules on behavior and conflicts (standards of conduct). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
2. Clear scope (who is covered, what accounts and securities are covered). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
3. Operating controls (pre-clearance where required, restricted lists, blackouts, surveillance/reviews, escalation). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
4. Proof (reports, approvals, reviews, certifications, and governance actions). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Who it applies to (entity and operational context)

Entities in scope

• Investment companies (funds) and their personnel subject to the code requirement; the code must be approved by the fund board. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Investment advisers subject to the adviser code-of-ethics rule. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Operational roles typically in scope (“access persons”) Your code should define “access persons” and your process should identify them in practice. Access persons generally include personnel with access to nonpublic information about client/fund trading or holdings, or who can influence recommendations and trading. The key is defensibility: your list must match how your business actually works. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Where personal trading risk shows up

• Portfolio management and research teams (information advantage and decision influence). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Trading, operations, and certain technology/data roles (visibility into orders/allocations). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Senior leadership and supervised persons with influence over recommendations. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

What you actually need to do (step-by-step)

1) Define scope in writing: access persons, covered securities, covered accounts

• Access persons: write objective criteria and create an initial roster; assign an owner to keep it current (HR feeds, onboarding, role changes, terminations). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Covered securities: define what personal trading is in scope for reporting and pre-clearance in your code. Align exclusions carefully so they don’t swallow the rule. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Covered accounts: require disclosure of brokerage accounts and any accounts where the access person has direct or indirect beneficial ownership. Make “indirect” operational, not theoretical, by requiring a disclosure attestation. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

2) Build the pre-clearance workflow (where your code requires it)

Your written code should specify:

• Which trades require pre-clearance (by security type, by role, by transaction type). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Who can approve (Compliance, designee), and what they check (restricted list, pending orders, blackout windows, conflicts). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Approval conditions (time window validity, size limits if you set them, documentation requirements). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Exception handling (urgent trades, corporate actions, error corrections) and escalation. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Practical tip: Pre-clearance fails when it lives in email. If you can’t show a consistent queue, timestamps, and a repeatable checklist, you will struggle to evidence the control.

3) Implement required reporting: holdings, transactions, and annual certifications

Your program must require access persons to provide:

• Holdings reports (initial and periodic, as required by your code) covering covered securities. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Transaction reports (periodic, as required by your code) for personal transactions in covered securities. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Annual certification that the access person has read, understands, and complied with the code. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Operational design choice: Decide whether you will collect reports via (a) employee attestations and manual statements, (b) direct broker feeds, or (c) both. Whatever you pick, document how you detect missing accounts and missing statements.

4) Enforce trading prohibitions and preventative controls

Your code should explicitly prohibit:

• Front-running and other abusive trading practices. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Then operationalize it with:

• Restricted list management: define sources (MNPI, pending research, active trading interest) and who can add/remove. Keep change logs. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Blackout windows: set clear blackout logic around client/fund trading or recommendations, consistent with your strategy and trading cadence. Document rationale and exceptions. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Post-trade reviews: reconcile personal trades against restricted lists, firm trading, and any watchlist logic; document reviews and follow-ups. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

5) Put governance around it (especially for funds)

If you support an investment company, make board approval and ongoing oversight real:

• Prepare a board package: code text, material changes, summary of program operation, exceptions and remediation themes. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Track approvals and versions so you can prove what was in effect at a given time. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

6) Use tooling that preserves the audit trail

Daydream can help centralize evidence collection and workflow for personal trading controls, especially where you need consistent artifacts across teams (pre-clearance tickets, attestations, exception logs, and reviews). The goal is not “automation”; it’s producing a clean record of who did what, when, and why, using the same process every time. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Required evidence and artifacts to retain

Maintain a defensible set of records that show design and operation:

• Current Code of Ethics, version history, and distribution records. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Access person definition, current roster, and change history tied to HR/onboarding events. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Holdings and transaction reports (or broker statements/feeds) and your completeness checks. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Pre-clearance requests, approvals/denials, timestamps, approver notes, and exception documentation. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Restricted list/watchlist change logs and access controls. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Review/surveillance checklists, findings, investigations, and remediation outcomes. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Annual certifications and follow-up for non-responders. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Fund board materials and approvals, if applicable. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Common exam/audit questions and hangups

Expect to be asked:

• Who is an access person, and how do you know your list is complete? (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Show me a sample of pre-clearance approvals, denials, and exceptions. What was reviewed? (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• How do you identify covered accounts, including indirect beneficial ownership? (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• How do you detect trades that occurred without pre-clearance when required by your code? (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• What happens when someone violates the code? Show escalation and discipline records. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• If you are a fund complex, show board approval and how the board is informed of material issues. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Frequent implementation mistakes (and how to avoid them)

1. Overbroad policy, weak execution. Fix: narrow the program to controls you can run consistently (pre-clearance scope, clear review steps), then expand. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
2. “Access person” list managed manually with no trigger events. Fix: tie updates to onboarding, role changes, and terminations with named owners and evidence. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
3. No defensible completeness testing for brokerage feeds/statements. Fix: require account disclosure attestations and reconcile disclosed accounts to received statements/feeds. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
4. Pre-clearance approvals with no recorded basis. Fix: require approvers to document restricted-list checks and any conflict analysis in the ticket. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
5. Annual certifications treated as a formality. Fix: use certifications to refresh training and capture changes in accounts, outside business activities, and conflicts that affect personal trading risk. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Enforcement context and risk implications

The core risk is conflict-driven harm: employees trade ahead of clients/funds, misuse nonpublic information, or create undisclosed incentives that compromise advice and allocations. The rules explicitly require controls against front-running and other abusive practices, so a weak personal trading program can create both compliance exposure and reputational damage. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

A practical 30/60/90-day execution plan

First 30 days (stabilize and scope)

• Inventory existing code, procedures, and tooling; identify gaps against required elements (standards, reporting, pre-clearance where required, prohibitions, certifications, board approval for funds). (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Define “access persons” for your org chart and produce an initial roster with owners. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Draft or update the Code of Ethics with clear control commitments you can actually operate. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Days 31–60 (operationalize workflows and evidence)

• Stand up pre-clearance workflow with required fields, approver checklist, and exception categories. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Implement holdings/transaction reporting intake, including completeness checks and reminders. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Create restricted list governance: add/remove criteria, approvers, and logging. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Days 61–90 (prove effectiveness and govern)

• Run post-trade reviews and document findings, investigations, and outcomes; tune rules based on observed gaps. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• Launch annual certification workflow (or refresh if already in place) and document follow-up actions. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)
• If you support a fund, prepare the board approval package or board update on program operation and material changes. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Frequently Asked Questions

Who counts as an “access person” for personal trading controls?

Your code should define access persons based on access to nonpublic information or influence over recommendations and trading, and your roster should reflect real job functions. Keep evidence showing how you identify and update the list. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Do we have to require pre-clearance for every personal trade?

The rule requires a code addressing personal trading and contemplates pre-clearance and reporting obligations for access persons, but your code must specify what requires pre-clearance and you must enforce it consistently. Set scope based on risk and your ability to operate the control. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

What evidence is most persuasive in an exam?

Auditable workflow records: pre-clearance tickets with documented checks, holdings/transaction reports (or statements) with completeness testing, surveillance reviews, and annual certifications. Governance artifacts matter for funds, including board approval and materials. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

How do we handle trades placed without pre-clearance when it was required?

Treat it as an exception with documented investigation, remediation, and discipline consistent with your code. Update controls if the root cause is process failure, such as unclear scope or missing reminders. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

We have multiple affiliates and strategies. Should we run one code or several?

Run a single harmonized code where possible, with appendices for strategy-specific restrictions and pre-clearance rules. What matters is consistent standards, clear scope, and provable operation across the complex. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)

Can we rely on employees to self-report accounts and trades?

You can require self-reporting, but you still need controls to test completeness and follow up on gaps. Pair attestations with reconciliation steps and documented reviews so you can evidence supervision. (17 CFR § 270.17j-1; 17 CFR § 275.204A-1)