Starting a Compliance Program

Starting a Compliance Program

In January 2018, The SEC’s Fort Worth regional office held a teleconference that summarized the SEC’s 2017 exam findings and its focus areas for 2018. The staff noted that some of the common weaknesses in compliance programs for investment advisers include

  • Failure to tailor written policies and procedures to the adviser’s business (i.e., generic compliance manuals)
  • Failure to manage or disclose conflicts of interests, particularly for dual-registered investment advisers/brokers
  • Employee violations of the investment adviser’s code of ethics
  • Failure to conduct a written annual review of the investment adviser’s compliance program
  • Inadequate books and records

We often see similar issues with newer investment advisers. Often these issues are easily avoided if the investment adviser hires the right compliance professionals (either internally as employees or externally as consultants). Here are ten points that investment advisers should consider when starting (or reviewing) a compliance program.

  1. If you don’t have in-house expertise (or enough time to dedicate to compliance), then hire a consultant with experience in your products and business lines. For example, don’t hire a consultant with no mutual fund experience if you are adding funds to your product line-up. It’s entirely possible the consultant is well-versed in the Advisers Act, but not the Investment Company Act.
  2. Beware of any consultant or firm that offers off-the-shelf compliance manuals. These are like bland spaghetti sauces. You’ll need to add your ingredients and spices to make the sauce.
  3. Follow your written procedures, even if they suck. You read the manual (right!) and should know what it says, so do it. Having no written procedures is bad. Having written procedures and then ignoring them is also bad.
  4. If the CCO is going to wear multiple hats, have dedicated compliance support for at least the first 12 months of operations. After 12 months, the CCO should know if she can manage all the requires responsibilities in addition to her day job.
  5. The CCO should never be your portfolio manager, and preferably not your CFO. Why, because who watches the watchmen.
  6. Speaking of CCOs, she should be an executive of your firm. Your secretary, as excellent as he is, should not be your CCO. If he’s that good, then pay the man and promote him. If you use an outsourced CCO, then she should report directly to the CEO.
  7. Have the CCO attend at least one legitimate compliance conference a year. The benefits of increasing her knowledge and growing her network will outweigh the cost of the trip and will likely save the firm time and money.
  8. Document everything. If it’s not in writing, you didn’t do it.
  9. Conduct a written annual review that is thorough. Don’t just change the date from last year. Read each policy, update it if needed, and look for trends or issues in your data.
  10. Conduct a mock SEC exam at least every five years. The SEC will likely stop by within seven years, so be ready.