The year is already more than half over, and if you aren’t already, now is a good time to begin planning your required Annual Compliance Report.
Under Rule 206(4)-7, investment advisors must review their policies and procedures to determine whether they are reasonably designed to prevent and detect violations of the federal securities laws, and to promptly correct any violations. In addition, firms should determine that the policies and procedures are effective in their implementation.
Best Practices for Conducting Your Annual Compliance Review
Conduct a risk assessment. Identify conflicts of interest and risk factors that might create risk exposure to the firm or its clients. Are there new lines of business? New products? New types of clients? New employees who aren’t up to speed? Are there new system implementations? Review all past regulatory findings to ensure they are corrected and to ensure there is no backsliding and that the earlier identified issues are still corrected.
Review applicable SEC recommendations for Advisers to include in the review. The SEC’s annual priorities suggest several issues that advisers should review to the extent they are applicable to the advisers’ businesses. For example, the review should include the portfolio management process including allocation, adherence to client guidelines and applicable regulatory restrictions. Other issues include trading practices, personal securities transactions of supervised persons, safeguarding client assets, marketing material and disclosure, to name a few. The full list and SEC guidance can be found on the SEC’s website containing the adopting release for Rule 206(4)-7.
Review new and updated rules and regulations. Go through the SEC website and take a look at what’s happened in the regulatory environment. Does that apply to your business? If so, did you have a good plan? Did you execute that plan? And, in hindsight, is that plan effective?
Establish topics to be examined each month. You can then roll the findings into the Annual Report. For example, ensure larger projects like email review or branch exams have the dedicated time and resources they need, and recurring tasks like reviewing state registrations are performed regularly. At the end of the year, check to ensure that all monthly reviews are still accurate.
Leverage testing that you do throughout the year and refer to it in your report. What were the findings of that test? What were the recommendations of that test and where are they implemented? What did you do in response to that? Did you offer training to your employees? Did you change some system parameters? It’s a good time to go through and document, “We did this, this is what we found, this is how we dealt with it. This is how we plan on moving forward. And this is our focus for the foreseeable future on this particular topic.”
Review your procedures. Assessing how your procedures are (or are not) being followed helps ensure your program isn’t simply aspirational. Are these procedures being followed in the way that they’re designed, or have people found maybe better ways of implementing them? Or are they just not doing it at all?
Communicate to drive necessary change. Leaders in your organization are concerned about risk and how risk impacts their organization. Leaders need to know if there is a need to change. Usually, they really want to understand what is right, what they have to do to make their firm safer, what they need to do to make sure that when the firm is engaging clients, its doing it really well.
Oyster Consulting’s compliance experts understand how to design and maintain practical and reasonable compliance programs. Our experts will conduct a deep dive into your firm’s policies and procedures to ensure your guides match actual business practices, and will provide reasonable solutions based on your unique business model.