SEC has three words for hedge funds: “culture of compliance.” But what do they mean?

April 3, 2013

By Jeanette Turner, contributing author for Compliance Complete

NEW YORK, April 3 (Thomson Reuters Accelus) – The U.S. Securities and Exchange Commission inevitably emphasizes the importance of an advisory firm’s “culture of compliance,” in the regulator’s speeches, panel discussions, and announcements of enforcement wins and settlements. It stresses that firms will be held accountable when their employees break the law to benefit the firm. Having a “robust” culture of compliance can help firms avoid severe financial consequences.

But, what is a “robust culture of compliance?” Essentially, it is an overall environment that fosters ethical behavior and decision-making. Even the most clearly written, comprehensive compliance program is destined for failure without a such an environment. The challenge, however, is that a “robust culture of compliance” can be an elusive concept. There is no checklist of required policies or processes, and it ultimately comes down to the subjective feeling a regulator has about the firm.

To take some of the guesswork out of developing a culture of compliance, here are 10 typical attributes that regulators look for.

  • Tone at the top: This is the most important hallmark of a culture of compliance. Regulators are increasingly meeting with senior management during examinations to get a sense of their engagement in compliance. Tone at the top is often evidenced by the processes for making critical decisions. For example, if senior management conducts a cost benefit analysis when deciding whether to engage in a transaction that is illegal, the tone at the top is that compliance is not the most important factor in making a decision. Simply put, if a firm’s leaders only pay lip service to the importance of compliance, there is no culture of compliance.


  • Silos: The compliance department should not be walled off from the rest of the firm. Is compliance staff present when business decisions are made? Does the firm seek their input? Firms with a strong culture of compliance would answer “yes” to both.


  • Power: Regulators also look at who holds power in the firm. Is the chief compliance officer (CCO) part of senior management? Is the compliance department independent? Is it respected? Or does the CCO sit in a back office, neither seen nor heard? When discussing an issue, who wins—business or compliance?


  • Cowboys: Does the firm reward risk-taking without limits? Are rewards based solely on financial performance? In a strong culture of compliance, risks are taken within the firm’s tolerance for risk and the firm is seen as being bigger than any one individual.


  • Resources: Compliance costs money. Is the compliance program appropriately structured and sufficiently funded? Is there a strong disparity in the firm’s investment in technology and other resources to make money versus its investment in technology and other resources to facilitate compliance?


  • Employee Buy-In: Once the compliance infrastructure is established, it is the employees who carry out the mandate. The firm’s culture of compliance must be embedded in the culture of the employees. To facilitate employee buy-in, firms should have a zero tolerance policy for employee misconduct and should have a continuing training program to ensure that employees understand their obligations and that the firm takes compliance seriously.
  • Living Compliance Program: The compliance program should not be a stagnant checklist of procedural requirements. It must be tailored to the firm’s business and risks; it must be tested and modified; and it must be enforced. Are the policies actually working? Are issues escalated to senior management?


  • Technology: Is compliance handled with pencil and paper? Does the firm look for ways to automate compliance and limit human error, as it does with portfolio and risk management? How are workflows and documents managed? Technology allows firms to spend less time managing paper and people and more time actively managing risk, something the SEC likes to see.


  • Documentation: Regulators love documentation and so should firms. Good recordkeeping reflects a strong compliance culture. When testing compliance policies, can the firm prove that they work? Is testing documented? Is a documented workflow in place to track the process of marketing materials being approved, and to show that sign-off was received from the legal department?


  • Exam Prep: When a regulator notes a firm’s culture of compliance, it is typically during an examination. Nothing shows off a robust culture of compliance more than a firm’s awareness of the regulator’s expectations and its preparedness, should the regulators show up unexpectedly. Taking a long time to locate documents is an indication that the firm is not running an organized and efficient program. Lack of preparation is interpreted as a failure to take compliance mandates seriously.

Although culture of compliance is a subjective concept, these hallmarks are concrete, tangible actions that a firm can take to embed compliance so deeply in a firm’s culture that it simply becomes business as usual.

(Jeanette Turner is Managing Director and General Counsel at Advise Technologies, LLC. With more than 10 years of experience, she specializes in regulatory compliance for investment advisers and private funds.)

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus ( Compliance Complete ( provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges. Follow Accelus compliance news on Twitter at:


One comment

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see

A great article with equal application in the UK, in particular as we have moved this week to the creation of a separate Financial Conduct Authority. Interestingly, my professional body the CISI (the Chartered Institute for Securities & Investment) have also made it compulsory to complete an ethics test. This means that aspiring brokers and capital markets traders had from Tuesday have to pass a compulsory ethics test before they are allowed to sit exams for professional qualifications.

As Martin Wheatley, the new FCA CEO, says “embedding high standards of ethical conduct is crucial.” Go on try the sample test, on the website

Posted by CharlesJackson | Report as abusive