- Identification of recent SEC exams including any deficiencies raised and any corrective actions taken;
- Identification of any interim reviews and other audits and any follow-up or corrective action;
- Identification of any serious compliance issues that arose at your firm in the past year;
- Identification of any serious compliance issues that arose in the investment advisory industry in the past year;
- Identification of record if violations reported pursuant to the your firm’s code of ethics;
- Analysis of compliance implications of any new businesses, discontinued businesses and change in the your firm’s operations during the past year;
- Analysis of new statutory or regulatory requirements that impact your firm’s business;
- Identification of “hot topics” identified by the SEC staff;
- Description of how your firm sought to identify risk; and
- Description of how your firm went about assessing the effectiveness of critical controls.
Step 2 – Compare the inventory of compliance obligations against each of your existing procedures and:
- Determine whether the procedure specifies the actions to be taken to achieve compliance;
- Identify any gaps and determine whether new a procedure needs to be developed or the current procedure enhanced to address such gaps; and
- Determine whether new obligations arose as a result of (i) new services or products offered by your firm or (ii) new regulations that were adopted since the last review.
Step 3 – Assess the effectiveness of the existing procedures and how well your firm is implementing the procedures as currently written. For each procedure you must evaluate whether the procedure:
- Makes compliance violations less likely;
- Results in prompt identification of violations;
- Collects in a timely fashion the information necessary to allow your firm to correct problems as they are identified;
- Is written in plain English articulating the goal of compliance and how it is supervised; and
- Is adequately supervised by responsible advisory personnel.
Key points of analysis include:
- Have there been compliance issues because there was not a particular procedure in place?
- Have there been situations in which the required procedures have not been clear?
- Have there been compliance issues even when there were clear procedures but they were not known by the personnel involved?
- Review well-recognized areas of conflicts of interest present in your firm’s operations (i.e. personal trading accounts, allocation of aggregated orders and advertising materials);
- Identify any conflicts that, if left unmitigated, could result in harm to your clients; and
- Develop procedures to mitigate or eliminate these conflicts.
Step 5 – Use testing (forensic, transactional, periodic) to ensure consistency with your firm’s procedures, applicable regulations and disclosures made to clients.