Asset Management Intelligence - November 2015 - Is Your Annual Compliance Program Review Becoming Too Routine?

Published: Nov 11, 2015
Share

All federally registered investment advisers are required to address actual and potential conflicts of interest inherent in the operations of their advisory business, in accordance with the SEC’s compliance program rule (“Program”). The adviser must also conduct an annual review of the Program to assess its adequacy, accuracy and effectiveness of implementation. This process is intended to help make sure that the procedures and controls underlying the Program have been designed to reasonably ensure compliance with all applicable federal, state, and other laws and regulations, based on the types of advisory services provided to clients and the associated conflicts of interests.

During the year, most advisers perform risk-based periodic forensic testing and monitoring of policies and procedures based on the original assessment and identification of the firm’s actual and potential conflicts of interest. The annual review part at the end of the year includes a look back to see if errors identified during the year have been addressed and whether the controls and additional procedures developed to address the error are achieving their intended purpose, as well as changes in operations, regulations and regulatory initiatives. While advisers that take this approach are technically meeting their annual SEC Program review requirement, the process, more times than not, becomes very routine and anticipatory. It also is somewhat out-of-sync with the purpose for which the annual review was designed.

At the speed with which new regulations are being adopted by the SEC and other standard-setting bodies, what can management do differently to make the review process less routine and predictable?

Managing the Annual Review Process

For investment advisers, managing the annual review process can be challenging. That said, changing the annual Program review process from basically reviewing what had been tested over the year to truly assessing your firm’s advisory business for compliance with all applicable rules, regulations and unearthing never-before identified conflicts of interest will add value to the review. This is best accomplished by performing a deep-dive review of all investment advisory and operational activities. All activities can be mapped to a pre-populated list of all corresponding rules and regulations (SEC, CFTC, ERISA, FINRA, State, etc.). Adding columns to assign a risk ranking, based on your firm’s internally developed risk metrics, procedures and controls associated with the risk, as well as whether the control is meeting its intended design objective(s) is the best way of identifying new conflicts. If you find there are gaps, then you will have to address the gaps in a timely manner, based on its assigned risk ranking. It is best to address all new gaps in consultation with senior management to demonstrate a strong culture of compliance from the top of the firm down.

In addition to meeting the annual review requirement, this process will also go a long way in sending the right message to a regulator when they appear on site for a routine inspection.

Regulatory Initiatives Impacting All Compliance Programs

There are a few initiatives from the SEC and recent developments that will impact all registered investment advisers’ reviews this year. Advisers, if they have not already done so, will want to make changes that are applicable to their program to address the following:

The firm should stay in front of the contemplated changes to the Form ADV amendment to avoid being caught off-guard. This will involve, in most instances, enhancements to most advisers’ procedures in the areas of

branch location review process,
vendor management due diligence,
coordination with operations to capture information required relating to separately managed accounts (percent of SMA regulatory assets under management), number of accounts that correspond to certain categories of gross notional exposure and weighted average amount of borrowing as a percent of net assets, plus weighted average gross notional value of derivatives percent of NAV, in 6 categories of derivatives, for advisers with $10 billion and more in regulatory assets under management. These are just some of the new proposed ADV requirements.

The SEC issued a new risk alert on cybersecurity examinations that may require an update to the firm’s information security program under the direction of a dedicated CTO. Key focus areas include governance, risk assessment, access rights and associated controls, data loss prevention, vendor management, training and incident response, and any other areas uncovered during an examination.
FinCEN’s proposed anti-money laundering (“AML”) rule would require advisers to establish a dedicated AML program and report suspicious activity through the filing of SARs. The proposal, however, excludes the requirement to adopt a customer identification program, which is being reserved for separate rule making by the SEC.
The Second Circuit Court of Appeals has ruled that a whistleblower is entitled to protection from job retaliation whether the whistleblower reports wrongdoing internally or to the SEC. Firms may need to modify procedures and training materials to accommodate what appears to be a caveat with a potential monumental impact.

The above is not an exhaustive list of regulatory matters, both prospective and current, that are unfolding as of the date of this publication.

Asset Management Intelligence - November 2015