Creating a Culture of Compliance in the Age of Financial Reform
On April 26, 2017, the Financial Choice Act of 2017 (the "2017 Act") was introduced by House Financial Services Committee Chairman Jeb Hensarling. Approved by the U.S. House of Representatives on June 8, 2017, the bill is designed to "create hope and opportunity for investors, consumers, and entrepreneurs by ending bailouts and Too Big to Fail, holding Washington and Wall Street accountable, eliminating red tape to increase access to capital and credit, and repealing provisions of the Dodd-Frank Act that make America less prosperous, less stable, and less free." Though Dodd-Frank is primarily associated with addressing regulatory controls for large financial institutions, investment advisers, particularly smaller, emerging and mid-size firms, need to be aware of the financial and compliance implications of the 2017 Act.
Drafted with the intent to reform the financial regulatory system, the 2017 Act, in an effort to foster industry accountability, enhances the level of penalties for securities law violations. These enhancements, representing in some instances, 100 percent increases, are not inconsequential. If ultimately passed, under the bill, investment advisers will be impacted in the following four areas:
- Increased money penalties in administrative proceedings
- Increased money penalties in civil actions
- Enhanced provisions for the violation of any injunction or other order
- Imposition of penalties for recidivism
Though the Senate's response to the bill is subject to debate and there inevitably will be changes to the legislation, given the financial regulatory landscape, as a matter of best practices, investment advisers should consider the following. First, cultivate a culture of compliance in which it becomes an inherent part of the firm's DNA; one in which compliance is everyone's responsibility and not just the Chief Compliance Officer's mandate. This is a leadership issue, more than any other, and begins with senior management not only recognizing its importance but investing capital resources in the compliance function. A few elements to consider when adopting a culture of compliance include:
- Constant training. This can take many forms, but for smaller and emerging firms, whether it is quarterly meetings, creative training sessions, timely email blasts of applicable regulatory developments, or some combination thereof, it is imperative that the entire firm view compliance as a key core value.
- Compliance Committee. Formation of a compliance committee that meets, at least quarterly (and more frequently if necessary, given the size of the company, the complexity of its portfolio products, and its Assets Under Management), to review compliance-related matters as well as upcoming regulatory issues that may affect the firm's operations. This is meant to be pro-active rather than re-active.
- Enterprise Risk Committee. An enterprise-wide risk committee, with representatives from multiple departments, should include trading, operations, marketing, and portfolio management. It is important not to confine the risk committee to only identifying and examining portfolio risk for mitigation, but rather to assess risk from an enterprise-wide perspective. Marketing and business development are two particularly prominent areas where firms often stretch the boundaries and parameters of what is allowable. Risk lurks everywhere.
- Take the compliance manual seriously. If the Chief Compliance Officer is the only person who has a passing familiarity with the manual, that is a problem. Senior management should never find itself in the vulnerable position of being uninformed regarding the manual's content. This is not, and never will be, an acceptable position if the SEC is ever sitting in your office.
Second, conduct a mock audit. Mock audits provide an excellent neutral, third-party review and survey of a firm's compliance ecosystem. Far better to identify and rectify a problem in advance than to have the SEC identify it for you during an audit. Though mock audits are not inexpensive exercises, they are invaluable, if done well, and solidify management's commitment to and investment in a culture of compliance.
Third, empower the Chief Compliance Officer. The CCO has one role and that is to ensure compliance with the regulatory mandates that govern the firm's operations. If the firm has a structure whereby the CCO reports to the CEO, ensure that there is real corporate parity in the relationship. To minimize potential dissonance, as an alternative, structure the position to report to the Audit Committee of the Board of Directors. This has the potential, in some instances, to mitigate, though not totally negate, the asymmetric information that Board members may receive.
Compliance, unlike portfolio management, is not revenue generating to investment managers. It is, however, one of the best revenue protection mechanisms in a firm's arsenal. Bottom line, notwithstanding all of the attention being devoted to financial deregulation, under the Financial Choice Act's regime of demanding accountability from Wall Street, compliance is still not optional.