Dear Compliance Professional,
In the first installment of this series on the annual review process, we learned that the primary goals of the annual review are to determine the adequacy and effectiveness of your policies and procedures in light of your firm’s businesses, advisory services, and regulatory requirements.
This installment will discuss the methodology for conducting the annual review. We believe that the annual review can be broken down in 5 steps.
Step 1 – Review the inventory of your firm’s compliance obligations under state and federal laws, SEC rules, contracts with clients and disclosures made to clients. The review should include:
- Identification of recent SEC exams including any deficiencies raised and any corrective actions taken;
- Identification of any interim reviews and other audits and any follow-up or corrective action;
- Identification of any serious compliance issues that arose at your firm in the past year;
- Identification of any serious compliance issues that arose in the investment advisory industry in the past year;
- Identification of record if violations reported pursuant to the your firm’s code of ethics;
- Analysis of compliance implications of any new businesses, discontinued businesses and change in the your firm’s operations during the past year;
- Analysis of new statutory or regulatory requirements that impact your firm’s business;
- Identification of “hot topics” identified by the SEC staff;
- Description of how your firm sought to identify risk; and
- Description of how your firm went about assessing the effectiveness of critical controls.
Step 2 – Compare the inventory of compliance obligations against each of your existing procedures and:
- Determine whether the procedure specifies the actions to be taken to achieve compliance;
- Identify any gaps and determine whether new a procedure needs to be developed or the current procedure enhanced to address such gaps; and
- Determine whether new obligations arose as a result of (i) new services or products offered by your firm or (ii) new regulations that were adopted since the last review.
Step 3 – Assess the effectiveness of the existing procedures and how well your firm is implementing the procedures as currently written. For each procedure you must evaluate whether the procedure:
- Makes compliance violations less likely;
- Results in prompt identification of violations;
- Collects in a timely fashion the information necessary to allow your firm to correct problems as they are identified;
- Is written in plain English articulating the goal of compliance and how it is supervised; and
- Is adequately supervised by responsible advisory personnel.
Key points of analysis include:
- Have there been compliance issues because there was not a particular procedure in place?
- Have there been situations in which the required procedures have not been clear?
- Have there been compliance issues even when there were clear procedures but they were not known by the personnel involved?
Step 4 – Engage in a risk-assessment strategy that targets high-risk areas of your firm’s business.
- Review well-recognized areas of conflicts of interest present in your firm’s operations (i.e. personal trading accounts, allocation of aggregated orders and advertising materials);
- Identify any conflicts that, if left unmitigated, could result in harm to your clients; and
- Develop procedures to mitigate or eliminate these conflicts.
Step 5 – Use testing (forensic, transactional, periodic) to ensure consistency with your firm’s procedures, applicable regulations and disclosures made to clients.
Next Installment: Seeking Clients.