Refreshing the Annual Review Process to Address Business and Regulatory Risks
Rule 206(4)-7 requires each registered adviser to review its policies and procedures no less frequently than annually, to determine their adequacy and the effectiveness of their implementation. But what’s the best way to approach this review? How are other firms meeting this requirement? At the recent Ascendant Compliance Solutions Strategies 2019 Spring Conference in Miami Beach, a panel of compliance experts offered their insights during the pre-conference workshop, “Refreshing the Annual Review Process to Address Business and Regulatory Risks.”
The session began with a reminder that Rule 206(4)-7 requires each adviser to adopt and implement written policies and procedures, to conduct an annual review, and to designate a Chief Compliance Officer to administer its compliance policies and procedure. The panel stressed that each firm’s compliance manual must be customized. John Gentile, Director of Private Fund Manager Services and Director of Broker-Dealer Services for CSS, noted that when he was an SEC examiner, he “found firms didn’t always do what’s in the compliance manual, and that was a problem.” You may have a great compliance manual written by a top law firm, but if the manual is not tailored to your firm, and your firm is not doing what it says, the firm will start off a regulatory examination on the wrong foot. Heather Kaden, Head of Investment Advisory Compliance for Jennison Associates LLC, advised that CCOs “must know every word of your compliance manual.”
In addition to tailoring policies and procedures to your firm’s business, the panel advised that firms avoid designating the CCO as the one responsible for doing everything. To the extent practicable, structure the firm’s policies and procedures where the CCO serves as a consultant to support the business, and committees or supervisors carry out the day-to-day responsibilities. This advice extends to the annual review process as well—the CCO should not operate in a vacuum!
Eugenie Warner, a Senior Consultant, Content Expert and Associate General Counsel with CSS, suggested beginning the annual review right after the SEC issues its exam priorities notice, and stressed that “annual’ is a misnomer—the best practice is to conduct continuous reviews and compile the results and recommendations annually.”
Begin the process with a formal review of your risk assessment and be sure to include management in the process, then set testing plan based upon these results. Including management at this stage can also lead to greater buy-in—they’ll understand why you’re asking for materials and it can help guide you to schedule testing to better align with their schedules. They may even have their own testing priorities. The risk assessment should consider your business model and recent SEC risk alerts/regulatory hot topics.
Remember that the annual review should not fall solely on the CCO. Include business personnel (Operations, trading), auditors (SOC 1), and consider retaining outside assistance. The testing plan should identify where the CCO will test and where the CCO will incorporate or verify testing completed by others. Leverage available technology and consider where additional software can increase efficiency and decrease potential errors. Ask custodians if there are any additional reports they can provide to you. If your firm is a dual registrant, clearing firms will have multiple monitoring reports that can help, such as reverse churning reports.
Steps to conduct the testing should be documented, along with the results. However, you should avoid writing legal conclusions in your report. Ms. Kaden advised that “having a review where you have no exceptions is probably a red flag for the SEC,” but the report should not include conclusive terms such as violation, fraud, deficiency, crook, or other similar words. While using your work plan to guide testing over the course of the year, if you miss something, be sure to document that the testing was completed at a later date. Never backdate the testing. Once all the testing is completed, prepare a summary of the work, gaps identified and recommendations.
Mr. Gentile also stressed the importance of documentation. “If the review is well-documented, you have something tangible you can send (the SEC). This can demonstrate you don’t need the SEC exam to prompt effective testing. You’re doing it effectively yourself. It may result in an easier exam.” In addition to being prepared to provide a copy of the annual review to the SEC when they examine you, bear in mind that clients may also request the report, especially institutional clients who need to provide it to their boards.
In wrapping up the workshop, the panel offered best practices for forensic testing. If you’re looking to refresh your annual review to better address business and regulatory risks, consider incorporating some of these ideas!
| Gifts and Entertainment (Given) |
|
||
| Gifts and Entertainment (Received) |
|
||
| Pay to Play |
|
||
| Conflicts of Interest |
|
||
| Personal Trading |
|
||
| MNPI |
|
||
| Errors |
|
||
| Trade Allocation |
|
||
| Marketing Materials |
|
||
| Social Media |
|
Ascendant, the compliance services division of CSS, offers help in completing the required annual compliance review under SEC rules, including documentation and recommendations for enhancements to the company’s policies and procedures, and other best practices for consideration. For more explore our solutions or contact us.
Suggestions on Global Threshold Monitoring
On the heels of several European events focused on shareholder and position limit monitoring, we shifted to Miami, Florida and the Ascendant Compliance Solutions Strategies 2019 Spring Conference for another engaging session on the subject. (For an intro to the topic, see our previous blog post here.)
JOIN US: Sign up for our upcoming Roundtables on Global Threshold Monitoring in Amsterdam, Dublin or London. Click for more info!
In many ways the discussions proved to be as different as the locales themselves. The Miami session was designed to be informal, freewheeling and interactive, featuring guest panelist Roman Korotun, a Senior Compliance Officer at Schonfeld Strategic Advisors. Handling a diverse set of compliance responsibilities for his growing firm, which invests across multiple asset classes globally, Roman was well-equipped to discuss the nuts-and-bolts of threshold monitoring, and offered many practical tips on the daily regulatory and data challenges he faces. Some of his suggestions:
- Be aware of not just the initial thresholds triggering reporting to regulators, but also the additional thresholds whereby your positions are disclosed to the public at large (which includes your competitors)
- To help analyze and keep track of changing regulations globally, find a compliance consultant, vendor or law firm (or all of the above, within your budgetary constraints) already well-practiced in handling this task
- Devote extra time and effort to understanding the disclosure thresholds for USA issuers, which in many ways are more complex than filing thresholds elsewhere.
In a reflection of the roundtable-like atmosphere in the room, Roman’s experiences were bolstered by valuable insights from attendees. These reflected both well-established concerns faced by many asset managers (for instance, a cautionary tale about a late filing in Sweden that triggered its notoriously strict sanctions regime), as well as more nuanced issues (such as the effect of France’s Loi Florange statute on calculation of notifiable voting rights held).
As always, the role of data played a large part in the session. For this critical aspect my colleague Mike Marmo, Product Head at CSS, leveraged the close-knit setting by diving into details on capturing various forms of data required for global compliance. As Mike noted, sourcing regulators’ takeover panel lists, vendor data on listed securities, position limit files issued by trading venues, and pan-European databases created by the European Securities and Markets Authority (ESMA) present their own unique challenges for investment managers. Mike also discussed how changes resulting from Brexit would affect data released by the UK’s Financial Conduct Authority as well as by ESMA. Fresh from a European road show encompassing managers in Stockholm, Dublin and London, Mike enlightened the room by offering real-time information on how the industry is currently tackling these issues.
To learn more about our position limit monitoring and shareholding disclosure solution, please visit our Signal page.
[post_cta header=”What can Signal do for you?” intro=”Read our Shareholding Disclosure case study” button=”Download” button_link=”#casestudy–signal” button_link_type=”modal”]
[post_cta header=”Join the Signal mailing list” intro=”Sign up to our mailing list to have the latest regulatory updates delivered directly to your inbox.” button=”Submit” button_link=”#newsletter–signal” button_link_type=”modal” xclass=”cstrat-product__cta–alt”]
AIMA Forum Takeaways: Technology, Innovation and Change
We’re still digesting all the great takeaways from the recent AIMA Global Policy & Regulatory Forum 2019. The theme was “Technology, Innovation, Change,” which is exactly what firms should be focused on this year.
In the general session, Jeanette Turner, Chief Regulatory Officer of CSS, led a lively panel on “Technology as a Gamechanger” with fellow panelists Matt Siano, Managing Director and General Counsel at Two Sigma; Moad Fahmi, Senior Advisor-Fintech, Bermuda Monetary Authority; Stacey Schreft, Deputy Director, Research and Analysis, U.S. Treasury’s Office of Financial Research; and Stan Yakoff, Adjunct Professor, Fordham University School of Law.
Here are some key takeaways from the discussion:
- Every firm is a technology business. Everyone needs to understand certain concepts and basic coding. You can’t analyze situations and make informed decisions without basic knowledge of technology.
- ABCD – Always be collecting data. Always.
- Firms should think about their culture and create a culture of innovation. Fund managers should be using technology to streamline anything that can be streamlined. If a firm is less tech-savvy, it can start by identifying the “low-hanging fruit,” meaning the simple manual tasks and processes that can be digitized or automated.
- When considering “build vs buy”… also consider whether existing service providers can help. Some have technological solutions in place and already have access to the firm’s data.
- It is an “evolution, not a revolution.” Do not be afraid of future technological change. You will see it coming and the changes will be iterative. For now, understand your business and what viewpoints you need to consider when making changes.
- Data, data, data … Regulator demand for fund manager data is the primary reason many firms started using more technology. Data is always part of the conversation, whether it’s how to collect, aggregate and normalize it, or how to keep it secure, especially after it is sent to the regulators.
- Status Quo – The issues around regulatory reporting are not changing any time soon. Regulators like receiving and analyzing the data.
- Automated reporting – When asked how firms would feel about automated reporting via machine-executable rules or eventually through distributed ledger technology such as blockchain, the panelists did not think that firms would mind automated reporting so long as it wasn’t in real time. To protect data and proprietary information such as investment strategies, information reported to regulators must be sufficiently stale.
How to Be a Wildly Effective Compliance Officer
Being a Compliance Officer is no easy task. Administering a compliance program, implementing controls to help protect clients and the firm, and staying on top of new regulations is only part of the job. Compliance Officers are also expected to be flexible and pro-business. So how do you do it all? How can you be a compliance superhero? In the Ascendant Compliance Solutions Strategies 2019 Spring Conference keynote address, Kristy Grant-Hart outlined many strategies compliance officers can take to be business friendly and to make a positive impression at their firms:
- Create value. No firm wants negative press. Make sure leaders at your firm understand that by protecting the firm’s clients, you’re protecting the firm’s reputation.
- Understand what motivates key personnel. To get the business onboard with compliance initiatives, consider what motivates them. If the person is fearful of their personal image being tarnished, provide them with examples of individuals being personally liable for compliance violations to help get your message across.
- Examine body language. When you’re butting heads on an issue, look at the person’s body language and adjust your tone or message accordingly.
- Find your supporters in the organization. Partner with other leaders in the business to get acceptance from others.
- Be their friend and their fire. Have employees’ backs and fight for them. Assume they are ethical and want to do the right thing for clients.
- Make people know you, trust you and like you. Be relatable, vulnerable and social. Talk to others about your hobbies and family; being vulnerable allows others to be vulnerable with you. When given the opportunity to socialize with colleagues, take it. Show them you are there to help the business. Earn their trust.
Being a former Compliance Officer, Kristy understands that most compliance professionals are strained for resources and gave some great tips for requesting (and getting!) more resources:
- Be explicit and specific. Don’t use acronyms that management may not understand. Speak in plain English about regulatory issues and tie them into your needs.
- Practice what you’re going to say. Prepare for questions and skepticism so you’ll be able to provide a well thought-out response.
- Use stories. Help people feel your concerns and show them how you can help the firm by sharing experiences of other firms.
- Be the fixer. Be solutions-oriented. Show how additional resources can help fix issues within the firm.
- Use visuals to get your message across. Use pictures and charts to help convey your needs.
- Use a “Choice of Yes” Pattern. Don’t present options that are unreasonable and can result in getting told NO. Present different sources for resources that are reasonable.
Many of the consultants at CSS have in-house experience as Chief Compliance Officers and understand the struggles that go along with the job. In addition to offering risk mitigation strategies, our consulting services include strategies to create synergies within the business so you can be wildly effective at compliance.
Mitigating the Risk of Insider Trading
One of the biggest risks affecting investment advisers is the potential that material non-public information (“MNPI”) may be misused, leading to a charge of insider trading. Advisers should implement controls to mitigate these risks.
Steven Stone of Morgan, Lewis & Bockius, LLP, Salvatore Cincinelli of the FBI and David Chaves of Tone at the Top Advisers, addressed the risks of insider trading at the recent Ascendant Compliance Solutions Strategies Spring 2019 Conference held in Miami Beach. During the session, the panel discussed the legal backdrop of the insider trading laws and process of conducting investigations, all of which inform the process of mitigating the risks.
Chaves and Cincinelli noted that insider trading investigations can go on for years, but improvements to data analytics and knowledge of the process significantly improve the chances that someone trading on inside information will be caught. Federal investigators have also built closer relationships with regulators and routinely embed agents with the SEC and other regulators.
The panel offered the following tips for investment advisers to guard against insider trading risks:
- Ensure that you have good policies and procedures in place
- Conduct training with respect to identifying and handling potential MNPI
- Consider developing information barriers to limit the possession of MNPI within the firm
- Review trading activity and identify profitable trades, in both client and personal accounts
- Identify any trends in trading activity against subsequent news releases or other suspicious patterns
- Review policies with respect to the use of expert networks, using only networks with strong compliance controls
CSS TradeSentry streamlines identification of market abuse, insider dealing detection, and best execution, making it an ideal tool for addressing SEC Rule 206(4)-7 and the EU Market Abuse Regulation. For more information, click here.
Compliance 2.0 – Being a Strategic Partner in Your Firm
Compliance as a profession continues to evolve. With Enron, Bernie Madoff and numerous other failures paving the way for rulemaking across industries and nations, the days of drawing a short straw, getting drafted into a compliance role and operating in isolation outside of the business are – or should be – ancient history.
Since the adoption of the Compliance Rule in 2004, compliance officers at investment advisers have had an important and clearly defined role, one that was thoroughly discussed at the recent Ascendant Compliance Solutions Strategies Spring 2019 Conference in Miami. As noted by CSS Executive Director Jackie Hallahan, SEC rhetoric about the importance of compliance bolstered the role of chief compliance officer, resulting in greater opportunities for compliance professionals to attend conferences, and further enhancing view of compliance as a valued profession. In evolved programs, compliance professionals are called upon to provide practical guidance, have a “seat at the table”, and participate in strategic initiatives.
Challenges remain. Sometimes compliance is not appreciated until an exam is going badly and the threat of fines and reputational damage looms. Ms. Hallihan notes, “SEC deficiency letters now will indicate if the Staff determine the compliance function is understaffed, has inadequate resources, or the CCO lacks expertise.”
It is crucial for firms to spend time on structuring roles within the compliance department, from entry level on, with a defined career path. Being able to explain opportunities to grow in a role can help a firm recruit top talent. Since compliance roles typically have touch points with all areas of a firm, staff can develop relationships as a strategic partner and may even be recruited to roles in the business. Mark Happe, CCO, Group Retirement AIG Life & Retirement, says, “That’s a win-win. Then you have someone in the business that truly understands the compliance culture. You have an evangelist at that point.”
Defining roles is a critical step. Look at the organization and think about what rightfully belongs in compliance, where compliance should do monitoring, and where compliance needs lines of sight. Be crystal clear about your roles and responsibilities—what you’re doing, when, and how you are escalating. Define your roles, but just as importantly, define what you don’t do. If you’re not a supervisor, explicitly include that in your compliance manual. Ms. Hallihan suggests, “Take a look at your manual. Search on CCO/compliance and analyze what you are assigned to be doing. It may sound like you’re really powerful, but you’re more powerful if appropriate tasks are being done by the business.”
Being a strategic partner in your firm also requires empowerment, subject matter expertise, access to information and reporting (“line of sight”), appropriate resources, and being proactive. Build credentials, take examinations, attend conferences, embrace technology. Going forward, compliance professionals who don’t effectively use technology will be replaced by those who do. Matt Calabro, Director of Institutional Wealth Manager Services at Compliance Solutions Strategies, notes, “The revolution is sneaking up on us!”
Don’t be left behind. In preparing for the next evolution of the profession – Compliance 3.0 — remember that relationships are critical, so be a supportive member of the team. Define what you do with specificity and elevate yourself. You need to do it for your organization, your staff and yourself.