By Les Abromovitz, Senior Director
The New York Times reported on December 5, 2021, that there is a cream cheese shortage, which is threatening one of the city’s most treasured local delicacies, a fresh bagel with a schmear. No matter where a Registered Investment Advisor (“RIA”) is located, a bagel topped with cream cheese can make any meeting more enjoyable. Even though cream cheese is in short supply, RIAs should still conduct a compliance meeting at least annually to ensure that supervised persons fully understand their fiduciary and regulatory obligations.
Policies and procedures should always be on the compliance meeting agenda
In many enforcement actions brought against RIAs, firms have been sanctioned for not implementing robust policies and procedures. The SEC determined in those cases that the advisors’ misconduct was attributable in part to weak policies and procedures. In many instances, the RIA lacked policies and procedures to address the risks that led to the firm’s compliance deficiencies.
As an example, on November 10, 2021, the SEC’s Division of Examinations published a Risk Alert containing examiners’ observations regarding RIAs’ fee calculations. Many of the RIAs examined did not maintain written policies and procedures designed to address fee-related issues. In addition, examiners discovered that firms’ policies and procedures did not always specifically address fee calculations. The Risk Alert noted that some of the RIAs examined did not have policies and procedures for testing or monitoring fee calculations. The Risk Alert is available here.
Compliance meetings can be used to review, explain, and reinforce the RIA’s policies and procedures. The firm’s Chief Compliance Officer (“CCO”) can use the opportunity to remind advisory personnel of their obligations, as well as regulatory changes on the horizon. For example, RIAs must gear up to implement the new Marketing Rule by November 4, 2022.
In addition, CCOs can use the meeting to ascertain whether advisory personnel are adhering to the firm’s policies and procedures. At too many RIAs, supervised persons circumvent the firm’s policies and procedures to save time or to avoid inconveniencing clients. Strong and effective policies and procedures are meaningless if employees routinely deviate from them.
Other topics on the compliance meeting agenda
The specific topics to be addressed at the firm’s compliance meeting depend upon the RIA’s business model and the risks arising from it. Nevertheless, cybersecurity should be on every firm’s compliance meeting agenda, since a cyber-attack can cripple an RIA’s operation and cause harm to clients. Many investors hire an investment advisor, because they hope to avoid worrying about money. They are unlikely to gain financial peace of mind if their RIA is the target of a cyber-attack that increases the client’s risk of identity theft. A cyber-breach at a vendor used by an RIA can also compromise a client’s personal information.
Aside from cybersecurity, RIAs should consider using the compliance meeting to highlight the SEC’s latest examination priorities, which are published in the early months of the new year. Furthermore, if the RIA underwent a regulatory examination, examiners’ findings should be reviewed with advisory personnel. This course of action will help to prevent the firm from committing recidivist violations, which will be dealt with harshly by the SEC.
The meeting is also a good time for CCOs to discuss any compliance problems that they have observed. Those problems should also be addressed individually with the person who dropped the ball.
In addition, CCO can take time at the meeting to review any recent revisions to the firm’s policies and procedures, which may have changed in response to the RIA’s annual review of them. Pursuant to Rule 206(4)-7 under the Investment Advisers Act of 1940, SEC-registered advisors must conduct an annual review of their policies and procedures. This review helps to determine whether the firm’s policies and procedures are effective in preventing, detecting, and correcting violations of the Investment Advisers Act, as well as its rules. As a result of this review, most RIAs will revise and enhance their policies and procedures, and these changes should be communicated clearly to advisory personnel.
All supervised persons must attend the firm’s annual compliance meeting. Furthermore, CCOs must keep records to document that everyone attended, whether in person or remotely.
Throughout the meeting, it is imperative that the firm’s CCO, as well as its principals, impress upon attendees that compliance is everyone’s job. The SEC has made it clear that C-level executives must establish the tone at the top. They can accomplish this by involving CCOs in all important business developments, including new products and services.
The meeting is also a good time to remind advisory personnel that customer service and compliance are intertwined. Complaints and customer service issues might be avoided by strict adherence to well-designed and implemented policies and procedures.
And finally, if cream cheese is still unavailable when the firm’s annual meeting is held, consider other bagel toppings. Policies and procedures are easier to digest with a hot beverage and a bagel.