Is there a standard by which you can gauge the effectiveness of your compliance program? Sure, besides the obvious – regulatory exam findings. You can periodically review the following:
• Number of customer complaints • Turnover of client accounts and/or Advisors
• CCO inclusion in new business initiative discussions or product launches • Communication and responsiveness (or lack thereof) with Advisors
• Does the annual Compliance Meeting have several “make-up” sessions? • Is your compliance staff frustrated in its interactions with Advisors?
• Relative level of NIGO rate with account submissions • Is the compliance department overworked and understaffed?
• What is the ratio of Advisors to compliance personnel? Too high? • Annual regulatory requirements met or not met?
These are a few of the potential red flags in measuring the effectiveness of your compliance program. The attributes of a strong compliance program are closely tied to communication and transparency. Many functions of a compliance programs are articulated well. RegMaven has found through experience in building compliance programs that when the Advisor understands not only the “what” but just as importantly the “why” there is a higher probability they will adhere to the requirement. This principle applies to the compliance staff and senior management as well. Understandably this takes time to construct and time is not a luxury in most compliance departments. Developing a Compliance Program that reaches across all operating areas of the company is no simple task. In order to make any progress, the Compliance message needs to explained, taught, supported and embedded into the company – not told. It also needs to be streamlined.
In the early years of Compliance, programs were constructed as a responsive monitoring system inside security firms. Today, regulations are much more complex. The “bad actors” are far more creative, the public can be far too trusting and the regulators appear overwhelmed. So the result is reactive rule creation process as the quickest way to respond to the latest non-compliant event. That does not make this process correct, but it is our reality. Your responsibility is to know your business, the risks your firm faces, and your Registered Representatives and Investment Advisors. It is your responsibility to be knowledgeable about new rules and regulations, know which rules are applicable to your business, how to interpret the rule and have a compliance program that can swiftly adopt and implement new rules or changes.
With new rules, requests for comments, interpretive memos and SEC No Action Letters coming out weekly (and sometimes daily) maintaining your Compliance Manual(s) alone is demanding, along with your Policies and Procedures. Depending upon your business, your manual(s) can be quite complex, which adds a significant challenge to communication and transparency of the effectiveness of the compliance program. It is important to know the contents of your manual(s), especially if you purchased a template manual. More than likely there are sections and procedures which are not applicable to your firm’s business. When a Regulator schedules a routine exam, they base their exam on the contents of your manual – if there is a “gotcha” moment, this will be one of them. So know your manual, know the applicable rules and regulations and remove what is not applicable. You are required to update your manual(s) at least annually. Over the course of the past few years – namely since the merger of the NASD and NYSE, Rule numbers have changed and so your manual should have changed as well. You can carve out sections of the manual that do not apply. For example, don’t have a section on options if the firm is not approved to transact options. This is the ONLY compliance document that the regulators request when conducting your exam – routine, sweep or for cause.
The greater the demand for compliance accountability, the greater the need to understand and design a compliance program for your firm. Your Manual will dictate the – who, what, when, where and how’s of your business. Almost every function of management, sales, marketing, operations and certainly compliance is mentioned in this document. Reducing this to a “plain English” format is just the beginning; educating and training your compliance staff, operations, marketing, sales, finance and executives will be equally challenging. We agree that the Manual is not going to be on anyone’s best seller list and it can certainly be a cure for insomnia. So the question is – how can a firm introduce a Compliance Program that will gain the respect needed to keep the producers, supervisors, managers and executives cognizant of their obligations? The “power” approach doesn’t work, threatening comes off as a joke, ignoring it won’t work because it is here to stay, and “going through the motions” will eventually be discovered – when it is too late. There is one approach that we have found successful; you may explain it. There are many groups who are required to be knowledgeable and respectful of your firm’s compliance requirements – sales (the revenue group), supervision (supervising new accounts and those who bring them to the firm), operations (processing the business) and executive (designing the company model and company culture). As the old adage states, “it starts at the top” and the culture will undoubtedly be defined at this level and as long as compliance is represented equally here it has a chance to be successful.
Don’t take the “wait and see” approach. The British (Regulators) are coming. Depending on why they’re coming could be crippling to your business and your reputation. Today, clients and prospects are far more informed about you, your Investment Advisors, Registered Representatives and firm. This enables anyone to conduct due diligence that may have been more difficult to do in the past. Most of your firm’s information is publicly available including your asset levels, authorized business lines, permitted states, registered personnel and yes – all your disciplinary events.
How does a firm go about creating a proactive, respected and compliant culture? Here are a couple of thoughts:
• Break down the Compliance Manual
• Hold more than one required Annual Compliance Meeting
• Share Compliance responsibilities – delegate some tasks
• Produce a Compliance Newsletter
• Reward those that “get it” – discipline those that don’t
RegMaven designs risk-based Compliance Programs for companies of all sizes and business models. Call us to discuss your firm’s unique challenges with instituting and sustaining a proactive Compliance Culture, from the top down. We will work with you on simplifying your Compliance Program so it can be understood. Reach out to us today – www.regmaven.com or info@regmaven.com
