How To Create and Implement Compliance Policies and Procedures

Financial regulators are consistently updating guidance and laws to reflect the ever-changing reality of our modern financial system. Cybersecurity, robo-advising, and other technological advancements necessitate new rules and regulations.

Whenever the SEC or FINRA issue new rules or risk alerts, it’s incumbent upon CCOs to ensure their firms meet these updated expectations. The best way to maintain firm-wide compliance is to create policies and procedures to address these changes and then establish a culture of adherence.

If you manage compliance operations at your firm, here are some tips to keep your policies and procedures in line with the current regulatory moment.

Stay Up-To-Date on Regulatory Guidance

The SEC and FINRA consistently communicate their regulatory expectations to CCOs and advisory firms. In addition to their annual exam priorities, both regulatory agencies also issue regular risk alerts. These documents highlight gaps they’ve seen across firms they’re auditing and provide other CCOs with a heads up about regulators’ current concerns.

It’s crucial that all firm leadership, especially CCOs, remain abreast of regulators’ latest updates and guidelines. There are several ways to do this:

  • ● Set a Google Alert for SEC and FINRA guidance or policy changes.
  • ● Create a calendar reminder to periodically check the SEC or FINRA websites for newly released risk alerts.
  • ● Sign up for relevant industry newsletters.
  • ● If you are a BasisCode user, you’ll receive automatic updates in the system whenever a new regulatory alert is issued.

Review Your Policy Regularly

Once you know what the regulators wish to see from your firm, it’s time to proactively meet those expectations.

The first step in meeting new requirements is adjusting your current policies and procedures to address the guidelines. Each quarter, set aside time to review your policy and procedure documents and update them as needed.

Making updates is mandatory when a new law goes into effect, but internal policy should also be changed to reflect concerns regulators have flagged in risk alerts. If a regulatory agency tells you it’s essential to do something, your policies and procedures should mandate that behavior.

Taking steps to update your policy proactively means you will be in compliance long before becoming the focus of a regulatory exam.

Share New Documentation With Your Team

If a policy is changed on your hard drive and no one’s around to read it, does it make an impact?

The answer, of course, is no. And that’s why it’s just as important to share your new policies with your team as it is to create them.

Any time you update policies and procedures, take the following steps:

  • ● Send a message to your whole organization alerting them of the change.
    • ○ Share the new document in its entirety.
    • ○Include some bullets at the top, educating the team about substantive changes and how they affect each person’s workflow.
  • ● Create learning modules and quizzes to test your team’s understanding of new policies and procedures.
    • ○A robust compliance tool allows you to easily run trainings and test skills all in one place.

Create Checklists for Adherence

Once your team understands what’s needed from them, build guardrails to make sure they continually adhere to these new policies.

A comprehensive compliance tool can help you create shared checklists. You always have visibility into each team member’s work and can rest assured they’re ticking all of the compliance boxes (literally).

Take the new marketing rules as an example. One of the most substantive changes in this regulation is how testimonials are managed. Suppose your marketing team is used to the old workflow for gathering and approving client testimonials. A checklist that calls out new steps reflective of recent laws reminds them to systematically go through each new procedure.

Prepare for a regulatory exam or document request by being proactive. Updating your compliance policies and procedures in advance ensures you’re meeting regulatory standards long before the SEC or FINRA checks your work. Regular review and revision of compliance policies and procedures are hallmarks of a successful compliance program.