10 Remote Compliance Best Practices

from Cipperman Compliance Services

Today, we offer our “Friday List,” an occasional feature summarizing a topic significant to investment management professionals interested in regulatory issues. Our Friday Lists are an expanded “Our Take” on a particular subject, offering our unique (and sometimes controversial) perspective on an industry topic.

Several C-suite investment management executives have asked for our advice on how to ensure an effective compliance program with everybody, including the Chief Compliance Officer, working from remote locations. We’re glad they asked. Over the last 17 years, we have developed a very effective remote chief compliance services offering that has withstood SEC scrutiny through market highs, market lows, a variety of business models, multiple locations, and, now, a pandemic. Whether you are the CEO worried about what you don’t know or a CCO who is overly reliant on “water cooler compliance,” we offer 10 best practices that we follow to implement an effective remote compliance.

10 Remote Compliance Best Practices:

1. Scheduled and consistent communication. The CCO must ensure a consistent flow of information. We formalize this process by conducting weekly compliance meetings that include detailed pre-meeting agendas and followed with written minutes.
2. Multiple touch points. Accessibility is crucial to an effective compliance program. Many in-house CCOs may now be distracted with home responsibilities and distractions. Our firm deploys a 2+ person team for every client so that somebody is always available to respond to compliance questions or issues. Our clients also can access other members of the team for support.
3. Online tools. Compliance officers can use key on-line technologies for effecting the compliance program. For example, we utilize BasisCode to vet employee trading and ensure Code of Ethics compliance. Other tools that are available in the industry include portfolio monitoring, trading compliance, and email reviews.
4. File sharing. All employees should have immediate access to compliance documents. We utilize Box, an online file sharing tool, so that our clients can review policies, testing, approved marketing materials and disclosure documents.
5. Responsiveness. The CCO should respond immediately to all requests on a 24/7/365 basis. Our firm policy is to respond within 120 minutes and provide an answer within 24 hours. This policy includes reviewing and revising marketing materials within 24 hours.
6. Testing. Much compliance testing can be done remotely. We have developed several compliance tests that involve transaction sampling, document reviews and interviews. We plan to use future on-site visits to confirm our findings.
7. Workload. Many firms have failed to devote sufficient resources to the CCO, who juggle many balls and roles during their workdays. The remote working environment throws the under-resourcing into relief as the remote CCO struggles to answer all the calls. Our firm, by monitoring workloads, hours and fees, makes certain that nobody is so overwhelmed that we can’t meet our service and quality standards.
8. Management involvement. Too many CCOs fail to include senior management in ongoing compliance matters, thereby becoming the proverbial tree that falls in the empty forest. We recommend that every client creates a compliance committee of senior leaders that meets quarterly to address compliance issues.
9. Accountability. What happens if the remote CCO fails to adequately perform his/her function because of other distractions? Is somebody adequately managing the CCO? Can you terminate without another option? By contrast, our firm assumes the CCO liability and executes a service level agreement that holds us accountable for our promises.
10. On-Site visits. Meeting in person helps to verify testing and complete due diligence. We commit to no less than 6 on-site visits per year for every client for whom we serve as CCO. During the pandemic, we will conduct on-site visits via videoconference but plan to go on-site to confirm testing and complete due diligence.
This entry was posted in Uncategorized and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s