Common Deficiencies and Weaknesses in Compliance Programs
The SEC interacts with RIAs throughout the year, sending document requests and conducting exams. During these engagements, the Commission’s leadership begins to see patterns emerge. There are certain areas where many firms struggle to remain in compliance.
Through its Risk Alerts, the SEC actively communicates these exam observations. Over the years, the Commission has identified several common program deficiencies and weaknesses:
- • Inadequate compliance resources
- • Failure to implement tailored compliance procedures
- • Failure to conduct and adequately document annual reviews
- • Failure to adequately supervise employees
- • Conflicts resulting from wearing multiple hats
The Commission has been vocal in its concerns regarding the role of compliance, the impact of exam preparedness (or lack thereof) and the impression they receive when witnessing firm inadequacies.
These three underlying issues remain perennial concerns for the SEC.
1. Chief Compliance Officers Are Not Empowered
In November 2020, then Director of the Office of Compliance Inspections and Exams (OCIE, now EXAMS), Peter Driscoll, highlighted some of the ways in which CCOs are hindered in their ability to build and manage robust compliance programs.
While they are often tasked with creating policies and procedures to adhere to SEC guidance, those same CCOs may not receive the resources they need to execute on them. If CCOs are not given the budget to hire personnel or engage vendors with appropriate systems, the guidelines remain theoretical.
In other instances, CCOs are not included in the firm’s business processes early enough. Leadership must give compliance a seat at the table from day one in discussions regarding firm strategy, such as product development plans. When CCOs are not engaged in a timely manner, they miss out on the opportunity to effect change or identify preventable issues.
Finally, firms sometimes place responsibility on the CCO for an employee or officer’s individual failure to follow a firm policy or procedure. CCOs have the power to set policy, but they don’t have supernatural control over other people’s actions.
2. Incomplete Recordkeeping Leading to Poor First Impressions
We’ve all heard the maxim, “You never get a second chance to make a first impression.” That’s why it’s crucial CCOs greet the SEC with solid evidence of a healthy compliance program in their first interaction with regulators.
Unfortunately, the SEC reports that those first impressions of compliance programs are often weak.
In an October 2018 speech, SEC Commissioner Hester Peirce noted some common issues with recordkeeping and early meetings that erode the Commission’s trust in the firm’s compliance efforts.
It’s common for firms to scramble when they receive a document request. If the firm has to cobble together records reactively, rather than having them on-hand, its day-to-day compliance efforts are likely lacking.
Commissioner Pierce also notes that to identify something as abnormal, you first need to understand what normal looks like. Firms that struggle to create exception reports often lack a baseline understanding of compliance standards.
These issues with recordkeeping come together to create big headaches for CCOs, RIAs and their clients.
3. Chief Compliance Officers Are Overstretched and Underperforming
Even the most talented and competent CCOs only have 24 hours in the day. The SEC finds that many CCOs are overstretched, either in terms of resources or responsibilities (or both). As a result of this tension, important compliance matters can fall through the cracks.
In its November 2020 Risk Alert, the SEC identified two major hurdles overburdened CCOs often encounter.
In some firms, CCOs have other responsibilities and titles. Without a full-time focus on compliance, these individuals find it challenging to dedicate the appropriate time and attention to compliance-related matters.
As firms grow, their compliance operations must keep pace. Another significant deficit the SEC observed is firms’ failure to scale compliance operations to address a larger client population. It’s unreasonable to think that the same team that managed your compliance when you had $5 million in AUM will be able to handle compliance when your firm has $500 million in AUM.
While these challenges are real and pervasive in the world of RIAs, it’s not all bad news. There are several solutions CCOs can engage with to improve their compliance programs and reduce the burden that falls squarely on their shoulders.
Download our ebook to learn more about the solutions that can help you build an audit-ready firm.
Compliance approval code: 0936-OAT-5/26/2022