COMPLIANCE ON-SITE REVIEW QUESTIONNAIRE Compliance On-site Exam Questionnaire - CCO Step 1 of 14 7% On-site Exam Performed By First Last Date MM slash DD slash YYYY Advisor in Attendance of On-site Exam First Last Additional Advisor (if applicable) First Last Additional Advisor (if applicable) First Last Additional Advisor (if applicable) First Last Additional Advisor (if applicable) First Last Enter notes if follow-up is needed on DBA.Enter notes if follow-up is needed on firm website addresses.Enter notes if follow-up is needed on types of services provided by advisor.Enter notes if follow-up is needed on advisor's experience, active licenses, or active designations.Do you have any comments you'd like to add?1. Firm InformationHave there been any changes to ownership structure? If so, please notify Redhawk's CCO immediately. Follow-up needed N/A Comments Have there been any changes to number of employees, descriptions, and biographies of partners, key personnel, portfolio managers, directors, and officers? Please include information for any of the aforementioned if they serve as officers, directors, or on creditors’ committees. Follow-up needed N/A Comments Do you stay current on regulatory/industry changes? Follow-up needed N/A Comments In the last 12 months, have there been any employees disciplined and/or terminated? Follow-up needed N/A Comments Has there been any changes to the firm’s committees, responsibilities, and/or members? Follow-up needed N/A Comments Do you use outsourced legal/compliance consultants? Follow-up needed N/A Comments Do you currently use an audit firm? Follow-up needed N/A Comments Do you have any comments you'd like to add?1A. Background Check/Entity and Litigation/RegulatoryAre there any outstanding litigation, court actions (e.g. bankruptcy, liens (tax and otherwise), foreclosure, or any entity related issues (corporate filings) initiated during the past 36 months not previously reported to Redhawk? Are there any litigation or other court action noted above concluded within the past 36 months? This includes any affiliate company or partnership that any principal, portfolio manager and/or C-Level Officer is involved with that is affiliated with the Advisor. Please provide full details.If the advisor's answer is "yes", obtain a copy of documentation and inquire about the results. Follow-up needed N/A Comments For any matter not previously disclosed, has there been any examination, enforcement action, and/or investigation by the SEC, FINRA, NFA, CFTC, and/or any similar state or other domestic USA and/or international governmental body, agency, or department thereof, of or against you, its principals, its executive officers, or their affiliates (whether affiliated with you or not) (hereafter jointly referred to as “Parties”), or any other mutual fund or pooled investment vehicle managed by the Parties during the past seven (7) years?For those matters still pending, discuss and obtain copies of all correspondence between the Parties and the regulator. For those matters concluded, discuss and obtain a copy of any deficiency or comment letter along with the Parties’ response thereto, and any administrative Order and/or Settlement or other resolution. In addition, if applicable, discuss any improvements made to the advisor's compliance procedures or systems as a result of any examination, investigation and/or enforcement action or recommendations made by the regulator. Further, if applicable, obtain copies of any administrative and/or civil and/or criminal pleadings and any related Orders resulting from the examination, investigation and/or enforcement action against any Parties. Follow-up needed N/A Comments What was the date of your last regulatory exam? (Provide the date and regulatory body conducting the exam.) Follow-up needed N/A Comments Do you have any comments you'd like to add?1B. ComplaintsDo you have a complaint file? Follow-up needed N/A Comments Have you received any customer complaints since Redhawk's last site visit? This includes any principal, portfolio manager, and/or indirect Officer that has any complaint arising out of their affiliate company or partnership (if applicable).Is the advisor's answer is "yes", obtain complete details. Follow-up needed N/A Comments Do you have compliance monitoring procedures to look for a pattern or trend of customer complaints? Follow-up needed N/A Comments Do you have any comments you'd like to add?1C. ConflictsDo you monitor cross trading and principal/agent trading? A cross trade is a practice where buy and sell orders for the same asset are offset without recording the trade on the exchange. If so, are the above monitored and priced for all clients or just select clients? Follow-up needed N/A Comments Do you have an affiliated Broker-Dealer? Follow-up needed N/A Comments Do you trade through the affiliate for any transaction?If yes, this must be disclosed on ADV. Follow-up needed N/A Comments Do you inform clients referred from an affiliated Broker-Dealer of corresponding conflicts? Follow-up needed N/A Comments Do all clients pay the same commission rate for affiliated Broker-Dealer transactions? Follow-up needed N/A Comments Has there been any payment of commissions or other fees to any affiliate on non-traded investments?If the advisor's answer is "yes", obtain transaction information. Follow-up needed N/A Comments Do you receive 12b-1 fees? If so, is supporting documentation maintained? Follow-up needed N/A Comments Are there other affiliates that could cause potential conflicts of interest, and/or compliance staff with outside business responsibilities? This includes any affiliate company or partnership that any principal, portfolio manager, and/or C-Level Officer is involved with. If so, have you provided (as applicable) full details to Redhawk and any individual of the potential conflict? Follow-up needed N/A Comments Do you have a procedure in place to verify conflicts with respect to outside business relationships/affiliates of any principal/access person/or other staff member?If the advisor's answer is "no", why not? Follow-up needed N/A Comments Do you have a procedure in place to verify that there is no litigation/regulatory exam and/or enforcement action on any such affiliates?If the advisor's answer is "no", why not? Follow-up needed N/A Comments Do you have Separately Managed Account (SMA) clients? Follow-up needed N/A Comments Do any other principal and/or partner have clients investing alongside a sub-advised fund? If so, can you demonstrate that the SMAs or the fund is not being disadvantaged? Follow-up needed N/A Comments Has this relationship been previously disclosed to Redhawk? Follow-up needed N/A Comments Do you have any comments you'd like to add? 2. Best ExecutionAre you approved for Redhawk's Open Investment Platform (OIP)?If the advisor is not on the OIP, skip to section 3. Follow-up needed N/A Comments Do you have a policy and procedure to monitor best execution?Review the advisor's approved broker list. Follow-up needed N/A Comments What factors do you consider in determining best execution? E.g. fees, research, pricing, liquidity, reputation, financial stability and capability, order managements tools, timing, and fairness in resolving disputes Follow-up needed N/A Comments How is best execution documented? How often is it reviewed?Required annually. At least quarterly for best practice. Large Broker-Dealers should be able to provide best execution reports to advisers for documentation purposes. Follow-up needed N/A Comments Do you have a best execution committee? Who is on it? Does the committee keep minutes of meetings?Review most recent meeting minutes (if applicable). Follow-up needed N/A Comments Do you use foreign equity securities not listed on a domestic exchange as part of your portfolio? Do you use any “mark-up” in addition to the stated commission in its determination of best execution? Follow-up needed N/A Comments Do you have any comments you'd like to add? 3. Soft Dollar ArrangementsAre there any soft dollar arrangements? Soft dollars include any dollars retained on a trade to be used for services for the client's benefit. Follow-up needed N/A Comments Are the soft dollar arrangements in compliance with Redhawk's Compliance Manual? E.g. software is permitted but hardware is not; Bloomberg service is permitted but the terminals are not Follow-up needed N/A Comments Does a third-party assist you in determining the soft dollar expenditures? Follow-up needed N/A Comments Are soft dollars directed to a third-party (not through you)?If the advisor's answer is "yes", have advisor explain the soft dollar flow for paying soft dollars. Follow-up needed N/A Comments Are there any mixed-use items? Where a product has a mixed-use, a money manager should make a reasonable allocation of the cost of the product according to its use. Follow-up needed N/A Comments How is the soft/hard percentages determined and what is the frequency? Follow-up needed N/A Comments Do you have any comments you'd like to add? 4. Trade Allocation/BunchingDo you have a written policy on trade execution? Follow-up needed N/A Comments Do you allocate trades among clients and sub-advised funds? Follow-up needed N/A Comments What is the method of allocation? (avg. price/costs, pro rata, etc.) Follow-up needed N/A Comments If trading is not bunched and allocated, is a rotation method used to determine allocation of client trades? Follow-up needed N/A Comments Do you allow directed trades? Follow-up needed N/A Comments Do you have any comments you'd like to add? 5. Portfolio ComplianceDo you have clients on Redhawk's Open Investment Platform (OIP)? Follow-up needed N/A Comments 5A. Pre & Post-Trade ComplianceDo you have a pre-trade checklist or compliance system? If yes, is system used, documented, and reviewed? If no, how do you verify compliance? Follow-up needed N/A Comments Do you have a post-trade checklist or compliance system? If yes, is system used, documented, and reviewed? If no, how do you verify compliance? Follow-up needed N/A Comments Do you have a designated staff person responsible for oversight/review? If yes, who/what department is responsible? Follow-up needed N/A Comments Do you have any comments you'd like to add?5B. Portfolio ManagementIs there an investment committee (IC) in place? If yes, what is IC's function? Follow-up needed N/A Comments Does the IC include any persons independent of you? If yes, is the independent person subject to your Code of Ethics and make required submissions under the Code? Follow-up needed N/A Comments Do you use leverage in the portfolios? (Defined as margin) Follow-up needed N/A Comments Do you allow portfolio lending? (Defined as borrowing money from a lender and using portfolio securities as collateral to purchase securities.) Follow-up needed N/A Comments Do you have a policy and procedures designed to prevent portfolio manipulation? (e.g. Window dressing, inflation of performance etc.) If yes, How do you test to find/prevent manipulation and how often is it done? (Suggest quarterly test) Who is responsible for oversight? Follow-up needed N/A Comments Does the portfolio(s) use alternative investments as part of its strategy?e.g. invests in hedge funds, private equity, non-traded REITS. Follow-up needed N/A Comments Do you oversee the portfolio manager function? If yes, sample oversight documentation. If no, why is there no compliance oversight? Follow-up needed N/A Comments Did you conduct due diligence (initial and ongoing) on the product and the manager?If yes, review the advisor's due diligence. Follow-up needed N/A Comments Did you appropriately account for the risks of this type of investment in your risk assessment? How are the risks mitigated? Follow-up needed N/A Comments Do you have trade reconciliation procedures? If yes, what is the frequency? If not, why not? Follow-up needed N/A Comments Do you reconcile with the Custodian?If the advisor's answer is "no", recommend the advisor reconciles on or after each trading day. Follow-up needed N/A Comments Are there any custody tri-party agreements? Follow-up needed N/A Comments Do you monitor portfolio turnover rate? Follow-up needed N/A Comments Have there been any trade errors in the last 12 months? If yes, was the client made whole in a timely manner? Are corrective actions documented? Who places the trades? Follow-up needed N/A Comments Do you have a policy/procedure to review trades for exceptions? If yes, how often is the review completed? Follow-up needed N/A Comments Do you have an order management and/or other trading systems to assist in tracking commissions, setting up trading rules, and creating an audit trail around the execution lifecycle? Follow-up needed N/A Comments Does the portfolio have any fixed income securities? Follow-up needed N/A Comments Do you conduct stress testing? If so, what type of testing is conducted and how is it documented? Follow-up needed N/A Comments Do you have any comments you'd like to add?5C. CustodyDo you have actual or “deemed” custody of client funds or securities other than to debit client accounts for management fees? If yes, did you provide custodial information and the name of the independent auditor, or provide evidence of regulatory exemption? Follow-up needed N/A Comments Have you inadvertently received cash or securities? What procedures do you have in place to address this? Follow-up N/A Comments Does the portfolio contain mutual funds that pay a 12b-1 fee? If yes, who recieves the 12b-1 fee?If yes, Inform the Advisor that it is a conflict of interest for the Advisor to invest in mutual fund classes that charge a load or 12b-1 fees. The portfolio should always seek to invest in the least expensive or institutional class of an underlying fund whenever possible. The Advisor and affiliates cannot collect 12b-1 distributions or shareholder servicing fees from the underlying mutual fund, unless it goes directly to the client or portfolio. Even if it goes to the client or portfolio, it creates a conflict – to pursue investments that give money back (a sort of discount) instead of pursuing the best investments. If the custodian is purchasing the underlying mutual funds, check the custody agreement to see if the custodian discloses that it may collect the underlying fees for sweeps into money market funds and investments in mutual funds in general. Check with the custodian to find out if it kept any 12b-1 fees from underlying funds. Follow-up N/A Comments Do you have any comments you'd like to add?5D. Valuation/PricingDoes the portfolio have any securities that are being fair valued (Not automatically valued through an exchange)? If yes, who provides fair valuations for the portfolio holdings? What are the procedures? Are the procedures in agreement with Redhawk's Compliance Manual? Is the logic and details for the fair valuation documented? Follow-up N/A Comments Does your portfolio have fixed income securities? If yes, how do you validate prices? Follow-up N/A Comments Does a third-party value your fixed income portfolio? If yes, who is the third-party? Explain the process for ongoing monitoring of the third-party’s valuation policies and procedures. Follow-up N/A Comments Have you ever challenged the pricing? Follow-up needed N/A Comments Do you have any comments you'd like to add? 6. Code of EthicsDo you have a policy that requires all code exceptions/violations to be reported to the CCO? Follow-up needed N/A Comments Were there any reported in the past 12 months? Follow-up needed N/A Comments Does every new employee sign-off on reading the Code of Ethics within 10 days of employment? How is this documented, and if a timely review is performed, by whom? Follow-up needed N/A Comments Is there an annual sign-off on reading the Code of Ethics by all employees? If yes, how this is documented, and if a timely review is performed, by whom? Follow-up needed N/A Comments Do you have duplicate brokerage account statements of your personal accounts sent to Redhawk’s CCO?If the advisor's answer is "no", please confirm with advisor that they will set up duplicate statements. Follow-up needed N/A Comments Do you disclose personal holdings to Redhawk’s CCO on an annual basis? Follow-up needed N/A Comments Do you pre-clear personal trades with Redhawk’s CCO? (Not a requirement but a best practice) Follow-up needed N/A Comments Do you pre-clear all outside activity including board participation by employees with Redhawk’s CCO? Follow-up needed N/A Comments Do you disclose all provisions for political and charitable contributions to Redhawk’s CCO on an annual basis? Follow-up needed N/A Comments Do you report to Redhawk’s CCO “reportable” securities, as prescribed in the Compliance Manual, for personal trades? Follow-up needed N/A Comments Do you have any comments you'd like to add?6A. Pay to PlayDo you or your employees make political contributions? (Monetary or volunteerism) Follow-up needed N/A Comments Do you have policies and procedures in place covering political contributions? Who is responsible for monitoring? Follow-up needed N/A Comments Do you require new employees to disclose all political contributions during the prior 24 months? Follow-up needed N/A Comments Do you require covered associates, on at least an annual basis, to disclose all political contributions and volunteerism? Follow-up needed N/A Comments Do you have any comments you'd like to add? 7. Compliance ManualWhat is the date of the last Compliance Manual you received? Follow-up needed N/A Comments Do you require all employees to read and fully understand the information contained in the Compliance Manual? Follow-up needed N/A Comments Do you have any comments you'd like to add? 8. Compliance ProcessDo you have a policy/procedure with respect to effective tracking and implementation of remediation procedures as a result of internal (Advisor level) or regulator findings? Follow-up needed N/A Comments Who has overall responsibility for this process? Follow-up needed N/A Comments Were there any material compliance matters noted in the report? If yes, what were they and how were they handled? Were any policies and/or policies changed as a result of the matter? Follow-up needed N/A Comments Is a compliance calendar maintained? How is compliance testing documented? Follow-up needed N/A Comments Do you have any comments you'd like to add? 9. Proxy VotingDo you vote proxies on behalf of clients? It is against Redhawk's policies to vote proxies on behalf of clients. Follow-up needed N/A Comments Do you have any comments you'd like to add? 10. Sub-Advisor Due Diligence and MonitoringDo you use Sub-advisor(s)? Follow-up needed N/A Comments Do you have policies and procedures with respect to Sub-advisor oversight and due diligence? Follow-up needed N/A Comments Do you have a policy and procedures for monitoring and reconciling portfolio activities managed by the Sub-advisor? Follow-up needed N/A Comments Have you reviewed best execution of the sub-advisor(s)? Is the review documented?Review documentation. Follow-up needed N/A Comments Did you conduct initial documented due diligence on the Sub-advisor? Is this documented? Were compliance personnel involved? Follow-up needed N/A Comments Do you conduct ongoing documented due diligence on the Sub-advisor? Were compliance personnel involved?Review latest findings. Follow-up needed N/A Comments Who has responsibility for the Sub-advisor due diligence and reporting? Follow-up needed N/A Comments Are there periodic site visits? If so, how often? Who conducts these visits? Is it documented?Review documentation. Follow-up needed N/A Comments What is the frequency of communication with the Sub-advisor? (Calls/emails/committee meetings etc.) Follow-up needed N/A Comments How do you ensure that the Sub-advisor(s) will appropriately interface with your other service providers? (e.g. Custodian, Administrator, Securities Lending Agent) Follow-up needed N/A Comments Are you satisfied with the Sub-advisor(s) performance and responsiveness? Follow-up needed N/A Comments Do you have any comments you'd like to add?10A. Financial Intermediary OversightDo you use an entity that provides omnibus services? Follow-up needed N/A Comments Did you review the selling/operating agreement? Follow-up needed N/A Comments Have you accounted for financial intermediary risk in its risk assessment? (Legal/regulatory risk, reputation risk, financial risk.) Follow-up needed N/A Comments Have you reviewed an SSAE 16 or similar report from the intermediary? What is the frequency of your interaction with the intermediary? Over the last 12 months, have you experienced any issues with the intermediary? Follow-up needed N/A Comments Do you have any comments you'd like to add? 11. Business Continuity/Disaster RecoveryWhat are the perceived biggest risks and what provisions are being made? Follow-up needed N/A Comments Do you have policies/procedures documenting protocols in various business disruption and disaster scenarios? (i.e., Does the BCP cover a metropolitan-wide or disaster affecting the your geographical area like hurricane Sandy?) Follow-up needed N/A Comments Do you regularly test these protocols using the backup system? If yes, what is involved in the testing? What is the testing timetable? (At least annually for a comprehensive test. Can be broken into component parts: Calling tree; computer system; plan to switch over telephone; cloud computing; vendor backup; and good security.) Follow-up needed N/A Comments Have you replicated data to a data center or cloud vendor? Follow-up needed N/A Comments Is there a calling tree or numbers available to all employees and current vendors? Follow-up needed N/A Comments Is there an off-site backup location? If yes, how far away is it from your normal place of business? Is it on the same power grid? Follow-up needed N/A Comments Do all key associates have lists of all vendors? Where are these lists kept? Follow-up needed N/A Comments Do you have a named disaster recovery officer, and a disaster recovery hierarchy? Follow-up needed N/A Comments Is there a Business Continuity Plan? If yes, please provide details. Follow-up needed N/A Comments If there are multiple owners, is there a buyout plan/agreement? Follow-up needed N/A Comments Is there key man insurance? Follow-up needed N/A Comments Is there E&O insurance? Follow-up needed N/A Comments Do you have any comments you'd like to add? 12. Electronic CommunicationDo you have an electronic communication retention policy and methodology? Follow-up needed N/A Comments Is the length of the retention period 2 years easily accessible and 5 years total plus current year? Follow-up needed N/A Comments Is instant messaging (IM) used? If yes, do you retain a record? Follow-up needed N/A Comments Where are the electronic communications stored? List the outside vendor used. Follow-up needed N/A Comments Who reviews the emails and IMs? What is the rate of frequency of review? Who reviews the reviewer? Follow-up needed N/A Comments Do you have any comments you'd like to add? 13. Regulatory/Registration/ReportingHave you made all regulatory filings in a timely manner? If no, what is the reason for the exception? Follow-up needed N/A Comments Do you file any Form 13 with the SEC? If yes, which form do you file?Review proof that it was submitted on time. Follow-up needed N/A Comments Review the latest form ADV Part 1 and brochure. Note any items of interest from review to discuss during site visit. Follow-up needed N/A Comments Do you have any comments you'd like to add? 14. Other14A. Anti-Money Laundering (AML)Do you deal directly with retail clients? If yes, you must have an AML policy and procedures. Follow-up needed N/A Comments Do you rely on a service provider for AML? (e.g. Custodian, Broker-Dealer, Administrator) If yes, who? Follow-up needed N/A Comments Do you have any comments you'd like to add?14B. Privacy and Data SecurityDo you have policies with respect to the privacy and protection of client data? If yes, does it relate to hard and soft information? Follow-up needed N/A Comments Do you have a policy and procedures in place to deter and detect any attempt to gain unauthorized access to proprietary systems? If no, why not? If you do policies, do they include penetration testing performed by a third party? How frequently is the testing performed and what were the results of the most recently completed test? Follow-up needed N/A Comments How often does the firm review its practices and procedures? Follow-up needed N/A Comments Do your procedures include a detailed plan of action in the event of a successful penetration of your systems? Follow-up needed N/A Comments How often is this plan tested and when was the last test performed? Follow-up needed N/A Comments Does this plan include procedures for appropriate disclosure to clients and regulators? Follow-up needed N/A Comments Since the last site visit, has there been a successful cyber-security attack on your systems? If yes, what remedial steps were taken in response to such breaches including any notifications to governmental agencies or clients required by federal or state law? Follow-up needed N/A Comments Is your data stored with a third-party? If yes, where is your data stored? Does the third-party have privacy and security safeguards in place? What have you done to ensure the third-party has sufficient safeguards in place? Follow-up needed N/A Comments Do you maintain and enforce written policies and procedures reasonably designed to prevent you or any of your associated persons or affiliates from misusing material non-public information? Follow-up needed N/A Comments Are there prohibitions against trading portfolio securities on the basis of information acquired by analysts or portfolio managers retained by the you/fund? Follow-up needed N/A Comments Is there a policy/procedure covering potential misuse of non-public information, including disclosure to third-parties of material information about the fund’s portfolio, it's trading strategies, or pending transactions, and the purchase of fund shares by your personnel based on material, non-public information about the fund’s portfolio? Follow-up needed N/A Comments Do you have physical and electronic access limitations? Follow-up needed N/A Comments How do you protect off-site use of data? (Physical theft of laptop/computer and or external hard drives or other physical media storage, as well as data) Follow-up needed N/A Comments Do you store data from the network on a personal computer? Follow-up needed N/A Comments Do you allow the use of company provided mobile devices for work? How do you ensure data security? How do you track the use of the devices for compliance purposes? Follow-up needed N/A Comments Do you allow dual use (personal/business) devices (phones, iPads, etc.)? How do you ensure data security and privacy issues? How do you track the use of the devices for compliance purposes? Follow-up needed N/A Comments Do you have policies and procedures covering identity theft and the red flag rule? Follow-up needed N/A Comments Do you have any comments you'd like to add?14C. Marketing/Advertising/Quarterly LetterDo you have a policy with respect to marketing/advertising/quarterly letters and the use of solicitors? Follow-up needed N/A Comments Who has the authority to authorize the use of marketing/advertising/solicitors? Follow-up needed N/A Comments Do you maintain a marketing log, and maintain a record of all materials approved? Follow-up needed N/A Comments Do you have any comments you'd like to add?14D. Social MediaDo you have a social media policy? Follow-up needed N/A Comments Do you have a policy/procedure for periodic review of all non-personal social media use? Follow-up needed N/A Comments Do you provide training on social media use? Follow-up needed N/A Comments Is there at least an annual sign-off by staff concerning the understanding of the policy, and if approved, a confirmation of the use of social media for business purposes? Follow-up needed N/A Comments Are the reviews of social media sites documented? Who reviews the reviewer? Follow-up needed N/A Comments Do you have any comments you'd like to add?14E. RecordsDo you have a comprehensive records retention policy in compliance with the Advisor’s Act? What is the retention period? Follow-up needed N/A Comments Do you have a policy and procedures for the accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction? Follow-up needed N/A Comments Do you have any comments you'd like to add?14F. Whistleblower (Best Practice)Do you have a Whistleblower policy? (Disclosure of Code of Ethics violations?) Does the policy protect individuals who disclose potential violations? Who is responsible for receiving/reviewing/investigation the complaints? Whom do they report to? Follow-up needed N/A Comments Are potential violations reported to the CEO of the firm and Redhawk’s CCO in a timely fashion (within a week or less)? Follow-up needed N/A Comments Do you have a complaint/violation form for employees to report potential violations? Follow-up needed N/A Comments Do you have any comments you'd like to add?14G. Final QuestionAre there any other material issues that we should be aware of and not previously discussed?Signature*Date* MM slash DD slash YYYY Section Break