Regulators are paying increasing attention to firms’ compliance structures to ensure there is a system of control and supervision in accordance with securities rules and regulations. The system should include internal procedures to detect non-compliance and contain remedies to resolve these issues.
Here’s what should be part of your compliance system.
1. The nature of the firm’s business activities.
This includes the products you sell, who has responsibility for what, and the types of clients you serve. The key personnel that should be in charge are the Ultimate Designated Person (UDP) and Chief Compliance Officer (CCO). The role of UDP lies with the CEO of the firm or the individual acting in a similar capacity. The UDP must ensure there are sufficient resources dedicated to compliance, show visible commitment, foster a culture of compliance and oversee the system. This is done by having regular contact with the CCO on compliance issues and communicating to staff its importance and the risks of failing to adhere to their obligations. This person doesn’t need to be involved in day-to day compliance issues — that responsibility falls to the CCO, who must meet the applicable proficiency requirements.
2. Specific controls to minimize risk and protect client assets.
You can mitigate potential risks by having accurate books and records, ensuring trading is closely monitored, managing conflicts of interest, and having procedures to detect money laundering. Firms must determine areas of non-compliance and have a structure to remediate these problem areas. Day-to-day monitoring includes reviewing trading, approving new account applications and reviewing marketing materials to ensure that the disclosure conforms to securities regulations. The size and scope of the firm will determine how closely involved the CCO needs to be, as certain activities may be delegated to other employees. The CCO may delegate the creation of marketing material, the preparation of regulatory filings and the initial review of a client complaint to Branch Managers or other staff within the Compliance Department. However, the CCO must sign off on all final documentation.
3. A comprehensive policies and procedures manual.
This guide ensures that everyone understands the steps the firm needs to take to function effectively. It should be tailored to actual operations, and closely reflect the firm’s business activities. The manual should set out who does what and when, the steps for new account opening procedures, trading policies, how research is conducted, and what books and records need to be kept. And when conducting these activities, firms must clearly document their actions because that’s what regulators look for when they conduct an audit. It’s not simply a matter of doing it properly; it’s about showing you’ve done it in accordance to internal policies and securities regulations. This includes keeping a folder of marketing material and having the CCO approve each communication. The folder should also include employees’ disclosures of outside business activities, and those disclosure documents should indicate senior management approval where applicable.
4. An annual report.
The CCO is required to provide this report to the board of directors, detailing the firm’s adherence to its compliance responsibilities. It should include what legislative changes took place in the past year, and how the firm made the necessary adjustments to comply. The CCO must reveal whether there have been instances of non-compliance, how they were dealt with, and what future obligations the firm must meet. When a regulator does an audit, being forthcoming will indicate that your firm is serious about its compliance responsibilities.
Maintaining an effective system is a firm-wide responsibility. Each employee must keep compliance in the forefront of their minds to fulfill the requirement in order to operate in the best interests of clients.