It's not just a nice name, it's the law for SEC registrants. So, don't be lazy about the annual exercise that can be improving your operations.
As an SEC registered investment adviser, you are required to review your compliance program at least annually to ensure its adequacy and effectiveness. State securities laws vary from state to state, but most mirror federal regulations and have similar requirements. Therefore, it’s best practice for all advisers to conduct an annual review of their compliance program. Many breakaway and startup advisers dually registered with a broker dealer don’t realize that the reviews conducted by their broker dealer do not cover the compliance requirements of their separately registered RIAs. This annual review is in addition to the reviews that your broker dealer may be conducting.
If you’re already aware of the annual compliance program review, congratulations! That’s half the battle. But if you’re like most small to mid-sized advisers, the Chief Compliance Officer (“CCO”) role was not one you were groomed for but one that fell into your lap. Your skills lie in building your business and taking care of your clients, but now you have the dubious title of CCO and are winging it trying to manage a non-revenue generating portion of your business as inexpensively as possible and with the optimism of “do no evil.” You don’t know the Investment Advisers Act back to front. Isn’t creating some policies and procedures adequate? Isn’t putting clients first enough? Unfortunately, it’s not. Those policies and standards of conduct you require your employees to abide by are controls. if you never check to see if the employees abide by them or whether the controls could be tightened, phrased better for clarity, or even some eliminated or added based on business changes, then how do you know they are effective?
The purpose of a review is to ensure that your compliance program is actually working. Given that compliance touches all facets of your advisory business, some like to break testing into manageable chunks that they slowly chip away at throughout the year to aggregate into one year-end report. Others like to conduct it at year end in one fell auditing swoop. There’s no regulatory requirement to complete the review in any specific format, but a report at the end of the review to document and memorialize your findings is standard practice. But, there’s a weakness in both methods: a lack of experience with the compliance details. If you stare at a trade blotter and the trade policy simply states that you will trade in the best interest of clients. It’s great in theory, but you likely have no clue to look for principal transactions, cross trades, window dressing, signs of cherry picking, and perhaps the need to add language in the policy to address how block trades are allocated to prevent one client account from routinely benefiting over another. That’s what a compliance expert is for.
The best way to conduct an annual compliance program review, even if you have a dedicated CCO and/or are a compliance whiz, is through a third party audit. During my time at ACA, this was often carried out in the form of a mock SEC exam with two results: (i) completing the annual review requirement and (ii) preparing the business and its employees for the day regulators come knocking. Even with the best internal compliance expertise, reviewing one’s own work has inherent limitations - it’s easy to miss the gaps when you’re so close to the subject matter. That is why I also recommend getting a fresh set of eyes on your compliance program every few years, no matter how much you love your outside auditor. It may seem tedious answering the same questions, explaining the nuances about your firm, and getting the business version of a colonoscopy. But, all of this is to catch the cancer that may be growing within your business. It could be the rogue employee, the policy that doesn’t remotely match the actual business practices, or the undisclosed activities unearthed in the review. That repetition also ensures preparedness and ease with regulators when the real exam happens.
If you’re already completing your annual compliance program review – kudos! You’re an important step ahead of many of your peers. But you don’t have to go it alone. Let an independent expert help you transform an otherwise daunting process into a routine check-up. It could mean the difference between an ailing business and a healthy and profitable practice.