Developing and Managing an Effective Compliance Program

Transcription

1 Developing and Managing an Effective Compliance Program Pete Driscoll, Chief Risk and Strategy Officer U.S. Securities and Exchange Commission Office of Compliance Inspections and Examination National Exam Program

2 Disclaimer The U.S. Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the author and do not necessarily reflect the views of the Commission or of the author s colleagues upon the staff of the Commission. 2

3 Compliance Overview 3

4 Regulatory Regime U.S. federal securities laws provide for a robust regulatory regime to protect investors, maintain fair, orderly and efficient markets, and facilitate capital formation Three forces at play to achieve this mission: Regulation U.S. federal securities laws comprised of various statutes and the regulations thereunder Common Law principles Examination, chiefly: Advisers (IAs) Broker-Dealers (BDs) Investment Companies (funds, ICs) Enforcement Enforce the law 4

5 Dual Regulatory Regimes BD and IA/IC Broker-Dealers Transaction Based Compensation IA/IC Fee/Account Management Based Compensation Rules Based Regulatory Scheme Principles Based Regulatory Scheme Minimum Qualification No Minimum Qualifications Requirements Order/Execution Services No Order/Execution Services 5

6 Key Areas of Supervision In the U.S., both types of entities must do the following: Make recommendations subject to standards BDs o o IAs o Recommend securities suitable for client in light of client s financial situation and investment experience/objectives (client-specific) Have a reasonable, independent basis for recommending particular securities (security-specific) Fiduciary Standard Disclose conflicts of interests Disclose all material facts Best Execution 6

7 Key Areas of Supervision Investment Advisers Fiduciary: Relationship of trust and confidence Act in best interests of client Avoid or disclose conflicts of interest Best Execution Total cost to client must be most favorable. Consider execution speed, price, commission charged, responsiveness to adviser, and research. Soft-dollar safe harbor: Adviser may pay higher commission if it is reasonable in light of brokerage and research services received. Broker-Dealers Duty of fair dealing Deal with clients fairly, consistent with standards of the profession Duty to execute orders promptly Charge prices reasonably related to prevailing market Best Execution Must seek most favorable terms for each transaction Factors to consider include order execution speed and price 7

8 One Common Goal Prevention of compliance issues Detection of compliance issues Correction of compliance issues 8

9 Best Practices for Effective Compliance Programs In my view, three best practices for effective compliance programs are: 1. Implementing a process that identifies all potential problems or compliance risks to which clients are exposed 2. Creating appropriate risk mitigation/management processes through a system of internal controls and compliance testing 3. Testing risk controls and compliance procedures through ongoing and periodic assessment and making modifications where necessary 9

10 Agenda My opinions regarding key elements of a compliance system Tone at the top Strong CCO role Employee conduct rules Oversight committees Supervisory policies and procedures & Compliance programs Generally BDs, IAs, ICs Annual reviews My opinions regarding compliance issues/challenges Outsourcing Problem compliance practices Compliance bureaucracies Compliance in business lines 10

11 My Views: Key Element Tone at the Top The executive suite is the ethical and moral compass for an organization. The tone set at that level permeates the firm and will guide the behavior of its staff. Negative tones: Compliance is a cost center that interferes with our business; compliance does not really matter. Likely result: The firm s staff will respond to these messages in ways that may bend or completely break the firm s obligations to investors. Positive tone: Top level support with consistent reminders that ethical behavior, putting the client first, and minding the firm's reputation, are equally important to the bottom line (and even help the bottom line, i.e., good compliance is good business). Likely result: Ethical, honest behavior by the firm's staff is increased. Allocation of sufficient resources underscores management s commitment to compliance. 11

12 Key Element CCO Role Broker-Dealers Chief Compliance Officer Each broker-dealer shall designate and specifically identify one or more principals to serve as a chief compliance officer. IA/IC Chief Compliance Officer to administer compliance policies and procedures IA Rule 206(4)-7 FINRA 3130 IC Rule 38a-1 12

13 Key Element Strong CCO Role My views on Important Characteristics of a CCO Independence and integrity Seniority: Tone at the top, recognition of compliance as important function Authority and access to Information Experience and training Responsibility and accountability 13

14 Strong CCO Role (cont d) For broker-dealer CCOs, the governance provisions provide a relationship with the CEO. For fund (IC) CCOs, a relationship with the Board, and especially the independent directors. 14

15 Key Element Employee Conduct Rules Broker-Dealers FINRA Rule 3270 Must provide employer with advance notice of all outside business activities NASD Rule 3040 Must provide employer written notice prior to participation in any private securities transaction NASD Rule 3050 Transactions for or by associated persons Notice of association with a FINRA member Notification of new accounts Duplicate confirmations and account statements Supervision of employee trading activity 15

16 Key Element Oversight Committees (Best Practices) My view: Consider independent oversight committees to complement CCO s work Valuation committees Brokerage practices Best execution AML 16

17 Key Element Supervisory Policies and Procedures Each IA and IC must adopt and implement written policies and procedures reasonably designed to prevent the firm and its personnel from violating applicable laws and rules (emphasis added). Per FINRA Rule 3110, each BD must establish and maintain a system to supervise activities of associated persons reasonably designed to achieve compliance with applicable securities laws, regulations and FINRA rules. 17

18 Supervisory Policies & Procedures (cont d) IA/IC compliance policies and procedures should also be designed to: Detect violations that have occurred, and Correct promptly any violations that have occurred My Views: Also desirable for BDs My Views: Each firm (IAs, ICs, and BDs) should be able to explain how it meets the three goals (prevent, detect and correct) in each risk area 18

19 Supervisory Policies & Procedures (cont d) Prevention I understand that compliance policies and procedures will not prevent every violation of the securities laws But... Prevention should be key objective of all firms compliance policies and procedures 19

20 Supervisory Policies & Procedures (cont d) Detection (Best Practices) In my view, periodic testing of controls and compliance procedures can enable CCOs to evaluate their continued effectiveness and make changes as necessary Compliance tests should review records and analyze data over time looking for unusual patterns Testing could take place through: Internal Audits Self Assessments Outside Consultants/Auditors Mock Examinations 20

21 Detection (Best Practices)(cont d) Periodic tests could include: Review of IPO and trade allocations and account performance, over time, to ensure that no client is favored Checking for conflicts of interest, such as affiliates with companies recommended to clients, financial ties to clients or recommended companies, etc 21

22 Supervisory Policies & Procedures (cont d) Prompt Correction (Best Practices) In examinations, OCIE staff members have seen many corrections: Voluntarily stopping an on-going problem Making customers whole Providing enhanced disclosure Instituting new control procedures 22

23 Supervisory Policies & Procedures (cont d) My views: When designing procedures, consider what books and records will be required Should be practical for regular use Should avoid exceptions Consider how records will be maintained 23

24 Supervisory Policies and Procedures (cont d) BDs: Each BD must establish, maintain and enforce written procedures to supervise the type of business in which it engages and activities of associated persons, reasonably designed to achieve compliance with applicable securities laws and rules and FINRA rules (FINRA Rule 3110(b)). 24

25 Supervisory Policies and Procedures (cont d) Best Practices: Minimum Elements for BDs Topics include: Suitability Order handling and best execution Recordkeeping Insider trading Anti-money laundering Handling customer funds and securities Supervisory system Business continuity plan Communications with public Disclosures to customers (e.g., trading risks, credit terms, fees) Handling customer complaints 25

26 Supervisory Policies and Procedures (cont d) Broker-Dealers Examples of practical application of concepts: Control over communications Order tickets/contract notes Protection of customer assets 26

27 Compliance Programs IA/IC Compliance Rules Investment Company Act of 1940 Rule 38a-1 Investment Advisers Act of 1940 Rule 206(4)-7 My View: IAs should have a strong system of controls in place to help prevent violations of the securities laws and rules, and to protect the interests of advisory clients 27

28 Compliance Programs IA/IC As a part of the Compliance Rules, IAs and ICs are required to: Adopt and implement written policies and procedures reasonably designed to prevent violation of the applicable laws by the entity or any of its supervised persons. Review those policies and procedures at least annually for their adequacy and the effectiveness of their implementation, and Designate a CCO to be responsible for administering the policies and procedures. 28

29 Policies and Procedures IA/IC Compliance policies and procedures should address the practices and risks present at the firm. No one standard set of policies and procedures will address the requirements established by the Compliance Rule. Each IA is different, has different business relationships and affiliations, and, therefore, has different conflicts of interest. 29

30 Policies and Procedures IA/IC (cont d) Adviser should identify its unique set of risks, both as the starting point for developing its compliance policies and procedures and as part of its periodic assessment of the continued effectiveness of these policies and procedures This process of assessing factors is often called a Risk Assessment, a Gap Analysis, or the compilation of a Risk Inventory Failure of an advisor to have adequate compliance policies and procedures constitutes a violation of Rule 206(4)-7 independent of any other applicable securities law 30

31 Policies and Procedures Minimum Elements for IAs Policies and procedures in general should (per SEC s Compliance Rule Release) at a minimum, address the following issues to the extent that they are relevant to that adviser: Portfolio management processes, including allocation of investment opportunities among clients and consistency of portfolios with clients investment objectives, the adviser s disclosures to clients, and applicable regulatory restrictions The accuracy of disclosures made to investors, clients, and regulators, including account statements and advertisements Proprietary trading by the adviser and the personal trading activities of the adviser s supervised persons 31

32 Policies and Procedures Minimal Elements for IAs (cont d) Policies and procedures should address the following issues to the extent that they are relevant to that adviser: Safeguarding of client assets from conversion or inappropriate use by personnel The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction Safeguards for the privacy protection of client records and information 32

33 Policies and Procedures Minimal Elements for IAs (cont d) Policies and procedures should address the following issues to the extent that they are relevant to that adviser: Trading practices, including procedures by which the adviser satisfies its best execution obligation, uses client brokerage to obtain research and other services (referred to as soft dollar arrangements ), and allocates aggregated trades among clients; Marketing advisory services, including the use of solicitors Processes to value client holdings and assess fees based on those valuations; and Business continuity plans. 33

34 Policies and Procedures ICs In addition to the elements for IAs, the Compliance Rule Release indicates that there is an expectation that policies and procedures of funds (or fund service providers) cover the following other critical areas: Pricing of portfolio securities and fund shares Processing of fund shares Identification of affiliated persons Protection of non public information Compliance with fund governance requirements Market timing 34

35 Employee Personal Securities Trading IA/IC Rule 204A-1 - All registered advisers are required to adopt a written code of ethics Section 204A All registered advisers are required to establish, maintain, and enforce written policies and procedures that are reasonably designed to prevent the misuse of material non-public information In order to prevent unlawful trading and promote ethical conduct by advisory employees, advisers codes of ethics should include certain provisions relating to personal securities trading by advisory personnel 35

36 Key Element Employee Personal Securities Trading IA/IC (cont d) Rule 204A-1: Adviser s code of ethics must include the following requirements: Your access persons must report their personal securities transactions to your CCO or to another designated person each quarter. Access persons are any of your supervised persons who have access to non-public information regarding client transactions or holdings, make securities recommendations to clients or have access to such recommendations, and, for most advisers, all officers, directors and partners. CCO or another person designated by the adviser in addition to the CCO must review these personal securities transaction reports. 36

37 Key Element Employee Personal Securities Trading IA/IC (cont d) Supervised persons must promptly report violations of the code of ethics (i.e., including the federal securities laws) to the CCO or to another person the adviser designates (provided your CCO also receives a report on such issues) A record of these breaches must be maintained. 37

38 Key Element Employee Personal Securities Trading IA/IC (cont d) Access persons must submit a complete report of the securities that they hold at the time they first become an access person (and then at least once each year after that) The code of ethics must also require that access persons obtain approval prior to investing in initial public offerings or private placements or other limited offerings, including pooled investment vehicles (except if your firm has only one access person) 38

39 Key Element Annual Reviews of Written Policies and Procedures (WPPs) Broker-Dealers Required to be reviewed annually Must be certified by CEO and given to Board Must update based on the review IAs/ICs Required to be reviewed annually to determine their adequacy and the effectiveness of their implementation For ICs only the CCO must annually furnish the board with a written report on the review 39

40 My Views: Compliance Challenges Include: Outsourcing Problem compliance practices Compliance bureaucracies Compliance in business lines 40

41 My Views: Compliance Challenges (cont d) Outsourcing Turnkey or outside solutions Firm may purchase off-the-shelf compliance programs or outsource aspects of its compliance program In this compliance environment, in my view care should be used to determine how effectively the compliance program relates or maps to the unique risks and conflicts of interest of the individual firm 41

42 My Views: Compliance Challenges (cont d) Problematic Compliance Practices A compliance program with critical weaknesses may encourage the formation of operating subsystems or parallel operations that short-cut or circumvent the established system of internal controls 42

43 My Views: Compliance Challenges (cont d) Compliance Bureaucracies There is a difference between a bureaucratic compliance program and a comprehensive compliance program: Bureaucratic compliance programs are characterized by abstract language, officialism, red tape, verbosity, and a lack of relevance to the subject of the control procedure Comprehensive compliance programs are concise, relevant, use concrete language, and grasp the nature and significance of the subject of the control procedure In practice, market forces trump bureaucratic systems and may birth alternative processes, which may be benevolent or mal-intended, that lack oversight and control 43

44 My Views: Compliance Challenges (cont d) Compliance in the Business Lines Compliance functions that are solely staffed by business line personnel may not be sufficiently independent, informed on regulatory issues or removed far enough from the process to adequately identify and address compliance risks and conflicts These compliance departments tend to be found in smaller firms with dominant individuals, but may also be found in larger firm that have not properly addressed growth in their business 44

45 Questions? 45