As 2016 came to a close, a few investment advisers finally found time to follow up on compliance recommendations that were made months earlier. The problem, however, is that these Registered Investment Advisers (“RIAs”) were noncompliant for many months. Had a securities regulator scheduled an examination, examiners would likely have found deficiencies. Even if an exam takes place at a later date, examiners might question why the RIA did not take action promptly when the firm was told about compliance deficiencies. Examiners could reach the conclusion that compliance is not a priority at the firm. Therefore, in 2017, RIAs should make sure that their words and actions prove that compliance is a high priority at their firm.
Strengthening the firm’s policies and procedures should be a priority. It is not enough for an RIA to review its compliance manual annually. When problems occur at a firm, the Chief Compliance Officer (“CCO”) should evaluate whether policies and procedures can be improved to prevent similar events from occurring. Weak policies and procedures are often the root cause of compliance deficiencies.
CCOs should not make these improvements in a vacuum. Associated persons impacted by these policies and procedures should participate in the process.
When CCOs and principals discuss the firm’s policies and procedures, they should not treat them as a burdensome and meaningless regulatory requirement. A firm’s compliance culture is negatively impacted when CCOs and the RIA’s principals denigrate the importance of policies and procedures. Furthermore, advisory personnel should be disciplined when they violate the firm’s compliance manual.
As firms improve their policies and procedures, they should be aware of the regulatory landscape. In January of every year, the SEC announces its examination priorities. Protecting retail investors is always a priority for the SEC. Examiners are very likely to continue their efforts to protect senior investors and will scrutinize recommendations made to clients relating to life events such as IRA rollovers.
Examiners will question whether compliance is a priority if the firm gives little or no thought to its choice of CCO. The CCO position at an RIA is an extremely important one and should not be handed off to the person who draws the short straw. Too many RIAs undermine their compliance programs by adding the CCO job to the plate of someone who is already overloaded with work. By doing so, the RIA demonstrates that compliance is not a priority at the firm. The person appointed should be knowledgeable regarding compliance, as well as the firm’s business model. The CCO should be empowered to push back on senior members of the firm who want to engage in noncompliant activities.
RIAs show that compliance is a priority when they commit sufficient resources to that function. Firms have been sanctioned for rejecting a CCO’s requests for help in fulfilling the RIA’s compliance obligations. CCOs should be encouraged to attended compliance conferences and to pursue educational opportunities to learn more about securities laws and regulations. If necessary, CCOs should be permitted to hire a compliance consulting firm if a task requires expertise that is unavailable in-house.
The principals of RIAs send the message that compliance is not a priority when they pressure a CCO to approve an advertisement quickly. Compliance should be given sufficient time to review an advertisement, such as a marketing presentation or newsletter, to determine if it is false or misleading in any way.
Cybersecurity and privacy should always be a high priority at RIAs. Aside from implementing robust cybersecurity policies and procedures, RIAs should educate clients and advisory personnel on the steps they can take to combat cyber-threats. Being a small firm is no excuse for neglecting cybersecurity issues. In fact, research has shown that cyber-criminals specifically target smaller RIAs precisely because they know those firms are less likely to devote resources to cybersecurity.
Creating and retaining thorough books and records shows examiners that compliance is a high priority. Without documentation, it is impossible for RIAs to prove that they met their fiduciary obligations to clients. Without solid books and records, advisers might be unable to demonstrate that their recommendations were suitable or that they conducted due diligence of sub-advisers and vendors.
Many advisers fail to realize that if compliance is not treated as a high priority, they increase the risk of run-ins with regulators. When that happens, regulators will take steps to ensure that compliance becomes a high priority for the firm.
Les Abromovitz can be reached at NCS Regulatory Compliance by calling 561-570-1813 or by e-mailing him at labromovitz@ncsregcomp.com. Les is the author of THE INVESTMENT ADVISOR’S COMPLIANCE GUIDE, which was published by the National Underwriter Company, a division of ALM. The second edition will be published in March, 2017.
http://www.ncsregcomp.com/team/les-abromovitz/