IA Brief: Year-end chores list: do what you say

December 15, 2015

The looming turn of the calendar offers a good occasion for investment adviser compliance officers to make good on their promises.

A successful compliance program has customized policies and procedures with two elements — due dates and continuing tasks — designed to prevent violations of the Advisers Act. To accomplish this, the policies and procedures must outline the required regulatory filings with definite due dates, as well as describing ongoing tasks or reviews required to satisfy the supervisory element of the program.

The continuing supervisory tasks are usually designated by the Chief Compliance Officer (CCO) or compliance department and intended to match the firm’s risk level. However, when a firm doesn’t do what it says, it can often result in increased regulatory risk.

The consequences of failing to complete a regulatory filing with specific due dates is obvious, but the failure to meet ongoing tasks and review obligations may not be realized until a Securities and Exchange Commission audit or, worse, a compliance breach or failure.

Using the year-end to take a systematic approach to these expectations is a good way to not only determine whether the tasks have been accomplished, but whether they are appropriate and if adjustments are necessary.

Continuing compliance tasks

The continuing compliance tasks or reviews can be periodic, or there can be annual tasks without a specific due date.

A firm must look at factors such as risk, business lines and resources when determining how often to perform compliance tasks that lack a suggested or required frequency. The SEC uses the word “periodically,” requiring the firm to create a plan and justify it, if necessary, during exam time.

For example, a firm must decide how often the compliance department will review the correspondence of advisory personnel. A firm with a large number of investment advisory representatives (IARs) and a complex infrastructure may interpret the periodic review of correspondence as a weekly or daily event; a firm with two IAR’s and a rather simple structure may only review it monthly or quarterly.

An example of annual tasks would be the annual review under Rule 206(4)-7 of the Advisers Act, or delivery of the firm’s privacy notice. These must be performed annually, but the timing is left up to the firm; the SEC will look only for evidence of annual completion.

A firm that fails to live up to its own time frames and risk profile will most likely expose a poor compliance program. It can be a sign an examiner that the firm is using an off-the-shelf compliance manual — a red flag for compliance risk.

Other tasks that may fit into this category include: Client account reviews, annual IAR attestations, IAR training, review of IAR trading, ADV delivery, risk assessments, gifts and entertainment reviews, advertising reviews, BCP testing, surveillance reports, best execution review, exception reports and third-party due diligence reports.

Systematic review

The best course of action would be an audit of the firm’s policies and procedures, highlighting each ongoing task and ensuring that the standard in place has been met. If a task has not been completed, find out why. Reviewing the task and finding out why it hasn’t been met in the timeframe selected by the firm can expose areas of risk.

If compliance obligations match the firm’s characteristics and the tasks nonethless were missed, a firm may want to implement a compliance calendar or a series of reminders to be sure these tasks will be performed in the future. Most firms will create a spreadsheet that outlines all of the tasks and offers a schedule of review.

If the review schedule no longer matches the firm, it should trigger a revision to the policies and procedures. Evidence of the discovery, the change to the policy and the reason why, should be present in the file and made available to the SEC. Evidence of a working program can be invaluable to exhibiting a culture of compliance.

For example, if a firm has stated in its policies that IAR personal trading records will be reviewed weekly due to the firm having a large number of trading IARs, and if the firm’s trade volume drops since the policy’s creation, a monthly review would suffice. A firm could note the finding and document as to why the frequency of review has been changed.

In conclusion, a firm should ensure that they are in fact doing what they say they are doing in reference to supervision in the firm’s policies and procedures. A systematic review that includes identifying those tasks and ensuring they are appropriate for their particular firm is imperative.

(This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on Dec. 11. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @RiskMgment)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/