With Q4 upon us, time is running out to complete your annual compliance reviews on your firm if you have not already done so in 2019. Just as annual reviews can be a great opportunity to reconnect with clients and reassess what’s working, what’s not, risks and opportunities, the same can be said for this review process for your business.
Rule 206(4)-7 requires an investment advisory firm to
- Adopt and implement written compliance policies and procedures
- Perform an annual review
- Designate a Chief Compliance Officer (CCO)
While at first glance, this long-standing rule appears rather straight forward, it continues to trip up investment advisers leading to enforcement actions. By using and developing a risk assessment reflective of your company, your CCO should go through your policies and procedures to identify the biggest business risks from a macro level each year. The goals of this risk assessment process are to ask what risks may be present for the firm, if adequate controls are in place to manage or mitigate these risks and document any modifications that have been made for potential audits.
Conducting a Risk Assessment on Your Firm
Back in 2007, the SEC provided the following 12 points in a Risk Inventory Guide as recommendations for areas you should reviewing and documenting at least on an annual basis as a part of this risk assessment process:
- Marketing and performance
- Form ADV and disclosure
- Invoice and fees
- IPO offerings
- Soft dollar kickbacks
- Objective restrictions
- Trade ticket items
- Trade execution
- Non-public information
- Personal and proprietary trading and
- Cashier and monies and securities being moved to or from a client from a brokerage account
Some additional emerging areas you may consider as part of your risk assessment:
- Books and records maintenance
- Proxy voting
- Branch office supervision
- Disaster recovery / business continuity plan (BCP)
- Business continuity
- Social media usage
Team Compliance Meeting
In addition to the CCO completing these audits, it is advisable to host a meeting with employees at least annually to discuss any relevant regulatory changes and reinforce a firm culture of compliance. Explain an overview of compliance responsibilities that impact team members, any notable updates to your ADV and similar. You may also create a more frequent compliance calendar to meet with the team on a quarterly or monthly basis to address individual topics of concern in more detail. Keeping a record of this meeting agenda and any handouts will also be beneficial, along with signed copies of attestation statements from each employee completing these trainings.
Monitoring and Archiving Communications
As you know, you must maintain a system that monitors and archives all employee emails. A few additional tips to audit for potential compliance concerns would be to randomly select 1-2 employees each week and review a full week of correspondence for any potential concerns. Or complete a keyword search for all employees on a periodic basis for red flag words such as:
Social media usage has also continued to increase across our industry in recent years, despite the lack of modern advertising guidance from the SEC since 1961. If you are using social media for your firm, you should have a policy in your policies and procedures to address it and a system in place for monitoring and archiving activity, while avoiding actions that could be conceived as endorsements or testimonials.
As always, our team at Beacon is here to help. Be sure to visit our Advisor Toolbox for additional resources, or contact your wholesaler today.