We often wonder why so much angst exists about whether a firm has an adequate compliance program. The requirements are relatively straightforward, even if they do require someone to “roll up their sleeves” to get the job done. As with so much in life there is a process and, if followed, the results will satisfy.
Truth be told, the process is not all that difficult. What can be difficult is the people (and we will discuss this at the end.) But first, the process--which is outlined below:
First, understand the business. It is very important to identify what investors, counterparties and service providers will require and expect of the firm and to understand how investment ideas are originated, evaluated and valued. Look for what you are required to do as a business matter and to understand how your firm gets the job done. Also look for situations where the firm may have to satisfy competing interests (these are considered “conflicts,” regardless of how the firm handles them).
Second, prepare a risk assessment. This is the foundation of any compliance program. Identify every legal requirement that applies to the firm--including those arising outside your home country. These include requirements that apply directly (because of where your firm is chartered, seeking investors, or making investments), as well as those that apply to the firm’s funds and other clients. (Ok, this part is not always so simple. But the concept behind it is.)
Third, develop your written plan. Your compliance manual needs to address the key issues identified in the risk assessment as simply as possible. A legal compendium is not useful. Instead, the manual should describe, in business-friendly terms, what each staff person needs to know to do his or her job effectively. Easy-to-understand lines should be drawn, allowing senior management the opportunity to fine-tune any close call before a step triggers regulatory risk.
The fourth step is training. All employees need to be trained on how senior management has decided to handle the business and legal risks the firm faces. Training sessions should also be conducted “as needed” based on changes in laws, regulations, or the firm’s business activities. For advisers operating in jurisdictions, such as the United States, where senior management has a “duty to supervise”, training demonstrates to regulators that the supervision process has been adequately designed.
The fifth step is testing. The goal is to make sure that the policies in place are effective. Provide senior management with periodic results so that they can fulfill any duty to supervise. In the United States, a testing program also protects the firm by satisfying requirements found in the U.S. Federal Sentencing Guidelines and U.S. Attorneys' Manual. These guide how enforcement personnel will view a firm should an issue arise.
The last step: sustainability. Keep the program up-to-date to reflect business and regulatory changes. This step requires an on-going process to monitor for both types of changes and to make sure that new activities and their implications are identified in advance. In short, the compliance program should “live” with the environment in which the firm operates.
The challenge. The above process is not hard to understand, but it can be difficult to accomplish. In most cases, the difficulty stems from the human element. This aspect also needs to be understood to build an effective compliance program.
First, none of the six steps is a one-person job. No one person understands your firm better than your business team and that understanding needs to be communicated to the compliance staff. This takes ongoing and active communication.
Second, no one person understands all the laws that apply to your firm. Compiling them initially and keeping up-to-date requires expertise. RFG is dedicated to helping its clients manage this in an efficient manner.
Third, no compliance program can change human nature; not all people are well-intentioned. The goal of a compliance program is to make it harder for a bad apple to act; to force them to act alone; and to catch a bad apple earlier in the process.