From Cipperman Compliance Services LLC
What makes a good compliance program? It seems confusing when executive management listens to SEC speeches, interviews compliance professionals, or reads enforcement actions. Today’s list provides the key characteristics that we examine when assessing a compliance program.
1. A qualified and dedicated Chief Compliance Officer: The CCO should have significant (at least 5 years) Advisers Act regulatory knowledge and experience. Additionally, the CCO should be fully dedicated to the compliance function and not undertake other executive management roles.
2. Tailored policies and procedures: The policies and procedures must be specifically tailored to the firm’s business and continually reviewed and updated. An “off-the-shelf” manual is about as useful as internet-based medical advice.
3. Tone at the Top: How committed senior management is to compliance can be measured by 3 key variables: (1) total firm budget allocated to compliance (should be at least 5%); (2) executive time spent on compliance issues (at least quarterly); and (3) discipline for employees that violate compliance policies and procedures.
4. Training and Communication: A good compliance program must ensure that the entire organization has access to compliance information. Recommended practices include ongoing training and communication.
5. Testing and Reporting: A firm cannot have a good compliance program without requiring its people follow the rules. Firms must annually test all policies and procedures, record the findings and recommendations in a written report for management, and continually follow-up to ensure remediation.
6. Compliance Calendar: A good compliance calendar will serve as the working project plan of every activity required during the year. It should be written so that any new employee could follow the plan.
7. Books and records: Documentation is the hallmark of a good compliance program. Only through well-maintained books and records can a firm log its compliance activities and demonstrate their effectiveness to senior management, clients, and the regulators. If it’s not documented, it didn’t happen.
8. Email review: Very little transpires in an investment management firm without email communications. Email review can un-earth issues that annual testing may not. Email review adds “forensic” to testing.
9. Marketing materials: An investment firm’s marketing materials are its “canary in a coal mine” i.e. if the marketing materials are misleading or omit disclosures, very often the firm has deeper regulatory problems.
10. Outside advisers: The best compliance programs use outside advisers to provide advice and an independent and best practices assessment. The regulatory world has become too complicated to go it alone.