How can RIAs build a sturdy compliance programme?

Small to mid-size registered investment advisers, or RIA’s, have unique challenges in establishing and maintaining a strong compliance programme. To meet the regulator’s requirements under the Advisers Act and keep up with industry best practices, firms must carefully consider all the components required to build a robust compliance programme.

When conducting examinations of RIA’s, the SEC expects policies and procedures to be reasonably designed to prevent violations of the Advisers Act. Core areas of focus include portfolio management processes, trading and best execution, personal trading (Code of Ethics), marketing and advertising, safeguarding of client assets, fees and expenses, and books and records. So, where do you start?

What are the key elements of a robust compliance programme?

A RIA’s compliance programme should generally be tailored to include the following considerations:

• Service offering
• Size and complexity (including number of employees and offices)
• AUM and geographic footprint
• Types of clients being managed
• Firm and employee conflicts of interest
• Use of technology and cybersecurity
• Tone from the top
   

How do you maintain a strong culture of compliance?

Compliance programmes are dynamic in nature, given the fluid, ever-changing regulatory landscape and evolving strategies, including digital assets and ESG-focused investing. It’s not enough to create a strong compliance programme; ongoing evaluation and updating are key to staying compliant with new rules, regulations, and evolving industry standards. Keeping in mind that there’s always room for improvement, Chief Compliance Officers (CCOs) should regularly test various components of the compliance programme periodically and identify room for improvement. For example, when updating policies, crafting new ones, or the utilisation of technology.

What is the role of the CCO in maintaining compliance?

For a small firm, where the CCO typically has a dual role and is often not a CCO by trade, the responsibility and personal liability can be daunting. To be successful, the CCO should ensure that, at a minimum, they do the following:

1. Maintain sufficient knowledge and authority within their organisation: Having a network of legal counsel, consultants and access to conferences, signing up for alerts from the SEC, compliance newsletters, educational forums and other CCO resources is vital. Networking events can be great sources of knowledge where a CCO can consider other firm strategies for handling specific compliance challenges within their own organisations.
2. Conduct 206(4-7) compliance programme reviews: These should be consistently conducted annually, and focus on effectiveness, regulatory changes and business development to support programme evaluation. Documenting the review, findings, and updates are key to a successful review.
3. Regular testing: While the annual review is required and key, ongoing and periodic testing of various components of the programme will allow improvements to be made throughout the year. This helps CCOs balance their time spent on compliance while also focusing on the other aspects of their role within the firm.
4. Maintain all required books and records: Utilising electronic filing systems with secure backup when possible is ideal. Periodically checking the SEC published list of Books and Records to ensure compliance ensures that nothing will be missed.
5. Train staff: Keeping employees trained on at least an annual basis is key to their understanding of responsibilities under the compliance programme. Monitoring for adherence to those policies and resolution of issues should be documented. Periodic reminders during team meetings, email reminders, and quarterly attestations alongside the training sessions can serve as frequent reminders to employees of the firm’s policies and procedures.
6. Utilise external support: Third-party tech platforms, compliance consultants and outside counsel can be vital resources for ensuring a strong compliance programme. This includes support such as creating a compliance programme, conducting mock exams, and performing periodic programme reviews.
7. Maintain a compliance calendar: This should include regulatory filing deadlines and thresholds, as well as required periodic employee certifications, training, and programme reviews. This is a key tool to keep all your requirements on your radar and will help you avoid missing any deadlines or tasks.

CCO’s play a vital role in safeguarding the firm, the employees, and most importantly, the clients. For RIAs where the CCO is also the Founder and/or Managing Partner, or where they hold other key titles (such as the Chief Financial Officer, Chief Operating Officer or General Counsel), prioritising compliance can be a challenge. Allocating the appropriate amount of time to compliance can certainly be accomplished with effort, organisation, and knowing when to seek help. These are some of the not-so-secret ingredients to a successful compliance programme.

How can Bovill Newgate help you implement or improve your compliance programme?

If you’re a small to mid-size RIA, our team can help you better align your business to regulatory compliance obligations. We offer ongoing support options to make sure your compliance function and organisation are fully aware of the latest regulatory updates. This will help your team build a strong culture of compliance with minimal disruption and cost.

We can also help you identify challenges and pursue opportunities by conducting regulatory due diligence reviews, evaluations of your compliance environment, and provide your staff with customised training suited to your unique business needs. If you would like to talk more about how you can strengthen the culture of compliance at your organisation, get in touch.