SEC has three words for hedge funds: “culture of compliance.” But what do they mean?
By Jeanette Turner, contributing author for Compliance Complete
NEW YORK, April 3 (Thomson Reuters Accelus) – The U.S. Securities and Exchange Commission inevitably emphasizes the importance of an advisory firm’s “culture of compliance,” in the regulator’s speeches, panel discussions, and announcements of enforcement wins and settlements. It stresses that firms will be held accountable when their employees break the law to benefit the firm. Having a “robust” culture of compliance can help firms avoid severe financial consequences.
But, what is a “robust culture of compliance?” Essentially, it is an overall environment that fosters ethical behavior and decision-making. Even the most clearly written, comprehensive compliance program is destined for failure without a such an environment. The challenge, however, is that a “robust culture of compliance” can be an elusive concept. There is no checklist of required policies or processes, and it ultimately comes down to the subjective feeling a regulator has about the firm.
To take some of the guesswork out of developing a culture of compliance, here are 10 typical attributes that regulators look for.
- Tone at the top: This is the most important hallmark of a culture of compliance. Regulators are increasingly meeting with senior management during examinations to get a sense of their engagement in compliance. Tone at the top is often evidenced by the processes for making critical decisions. For example, if senior management conducts a cost benefit analysis when deciding whether to engage in a transaction that is illegal, the tone at the top is that compliance is not the most important factor in making a decision. Simply put, if a firm’s leaders only pay lip service to the importance of compliance, there is no culture of compliance.
- Silos: The compliance department should not be walled off from the rest of the firm. Is compliance staff present when business decisions are made? Does the firm seek their input? Firms with a strong culture of compliance would answer “yes” to both.
- Power: Regulators also look at who holds power in the firm. Is the chief compliance officer (CCO) part of senior management? Is the compliance department independent? Is it respected? Or does the CCO sit in a back office, neither seen nor heard? When discussing an issue, who wins—business or compliance?
- Cowboys: Does the firm reward risk-taking without limits? Are rewards based solely on financial performance? In a strong culture of compliance, risks are taken within the firm’s tolerance for risk and the firm is seen as being bigger than any one individual.
- Resources: Compliance costs money. Is the compliance program appropriately structured and sufficiently funded? Is there a strong disparity in the firm’s investment in technology and other resources to make money versus its investment in technology and other resources to facilitate compliance?
- Employee Buy-In: Once the compliance infrastructure is established, it is the employees who carry out the mandate. The firm’s culture of compliance must be embedded in the culture of the employees. To facilitate employee buy-in, firms should have a zero tolerance policy for employee misconduct and should have a continuing training program to ensure that employees understand their obligations and that the firm takes compliance seriously.
- Living Compliance Program: The compliance program should not be a stagnant checklist of procedural requirements. It must be tailored to the firm’s business and risks; it must be tested and modified; and it must be enforced. Are the policies actually working? Are issues escalated to senior management?
- Technology: Is compliance handled with pencil and paper? Does the firm look for ways to automate compliance and limit human error, as it does with portfolio and risk management? How are workflows and documents managed? Technology allows firms to spend less time managing paper and people and more time actively managing risk, something the SEC likes to see.
- Documentation: Regulators love documentation and so should firms. Good recordkeeping reflects a strong compliance culture. When testing compliance policies, can the firm prove that they work? Is testing documented? Is a documented workflow in place to track the process of marketing materials being approved, and to show that sign-off was received from the legal department?
- Exam Prep: When a regulator notes a firm’s culture of compliance, it is typically during an examination. Nothing shows off a robust culture of compliance more than a firm’s awareness of the regulator’s expectations and its preparedness, should the regulators show up unexpectedly. Taking a long time to locate documents is an indication that the firm is not running an organized and efficient program. Lack of preparation is interpreted as a failure to take compliance mandates seriously.
Although culture of compliance is a subjective concept, these hallmarks are concrete, tangible actions that a firm can take to embed compliance so deeply in a firm’s culture that it simply becomes business as usual.
(Jeanette Turner is Managing Director and General Counsel at Advise Technologies, LLC. With more than 10 years of experience, she specializes in regulatory compliance for investment advisers and private funds.)
(This article was produced by the Compliance Complete service of Thomson Reuters Accelus (http://accelus.thomsonreuters.com/). Compliance Complete (http://accelus.thomsonreuters.com/solutions/regulatory-intelligence/compliance-complete/) provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges. Follow Accelus compliance news on Twitter at: http://twitter.com/GRC_Accelus)