As a compliance consultant, I have seen many versions of compliance policies and procedures for both investment advisers and broker-dealers. I have seen compliance manuals that are very short and specific, and some that are hundreds of pages long, covering every regulation under the sun whether applicable to the firm’s business model or not. So what approach is best?
Adopt a manual that speaks to your type of business and specifies what actions you will take to comply with regulations.
Limiting your manual to a few very specific rules and procedures is not good enough. However, adopting a lengthy document that speaks to rules that do not apply to your firm, or that require actions by the firm that are not applicable, is also very dangerous. Your manual should cover the basic regulatory requirements while also including specific policies related to your firm’s business and compliance processes. And most importantly, you should be acutely aware of what your manual obligates you to do and take the appropriate actions as directed by the document.
The SEC, FINRA, and other regulators that perform examinations will typically ask for your compliance policies and procedures and then use that document as the blueprint for their exam. If, for example, your manual states that you will be maintaining a trade blotter, then you should ensure that you maintain a trade blotter. If your firm does not maintain the blotter, at best, the examiner will cite the firm for failing to maintain books and records; at worst, failing to maintain the document could expose the firm to additional rule violations. Conversely, what if your manual requires you to keep a specific document that has no applicability to your particular business line, or you have no reasonable way to maintain such a document? The regulator will likely cite the firm for not having accurate procedures, or having adopted “off-the-shelf” procedures that are not tailored the firm’s business model, and possibly prompt the examiners to further scrutinize your manual and processes.
Most consulting firms, like NCS Regulatory Compliance, use a template to start the process of creating a compliance manual for an investment adviser or broker-dealer. There is nothing wrong with this approach. Good consulting firms are constantly updating their template language to reflect rule changes and/or suggested best practices, as applicable. However, firms must ensure the compliance manual they adopt are further customized to the firm’s business. The problem that regulators have with templates is that an adviser or broker-dealer fails to customize it to their specific business practice. This demonstrates that the firm has not taken the time to thoroughly read and understand their obligations as written into the manual the firm has adopted. Whether you work with a consultant or tackle it on your own, it is critical that your firm customize its policies and procedures.
Consider your manual as a dynamic document that is the source for compliance procedures and policies set by the firm. Too often, an investment adviser or broker-dealer will obtain a manual from a consulting firm and, without careful review, adopt the document as its own. A thorough review of the manual by your compliance personnel is essential to adopting a manual. Often times though, the task of reading such a document gets put off as too time consuming. Let’s be honest, no one really wants to take the time to read the entire manual and then report changes back to their compliance consultant or make the changes themselves. The task often gets pushed aside by many other tasks and years later, when a regulator asks for the firm’s compliance policies and procedures, you recognize that you have never customized the document as necessary and appropriate.
In all my years of compliance consulting experience I have found only one reasonable way to adopt a customized manual – by eating the elephant one bite at a time, or, in other words, by making a commitment to right size and customize the document one piece at a time. Decide on a specific number of chapters to review in a week. Commit to a specific day and time with staff and/or your compliance consultant each week to address just those set chapters. After each review session, make changes to the manual based on the discussion. Keep the commitment and within a month to six weeks, you will have a customized compliance manual and you will truly understand the firm’s (and CCO’s) compliance obligations.
Now that you have adopted a document that reasonably provides the compliance practices applicable to your firm, are you done? Often times we wipe our brow, exclaim “phew”, and park those documents on our shelf or in our computer file and forget about them. Sadly, that is not a wise idea. Both FINRA and the SEC require firms to do an annual review of compliance policies and processes. Most often, review of your compliance manual versus actual in-house processes results in tweaking of either your manual, actual practices, or both. Regulators expect that to happen, either when internal processes, or regulations, change.
NCS Regulatory Compliance offers a number of tools to assist firms in keeping up with this arduous task. They include assistance from compliance experts, updates to compliance procedures, monthly compliance checklists, compliance calendars, news alerts, webinars, in person seminars and more. Take the time now to carefully look at your compliance policies and procedures to ensure that they are working for you, not against you.