As the year heads toward a close, chief compliance officers at many regulated financial firms are preparing to conduct their annual assessments.
Annual reviews are one of a CCO's more daunting requirements, as they take considerable time, talent and other resources to complete.
The Investment Advisers Act of 1940 requires each RIA to review its compliance policies and procedures annually to determine the adequacy and effectiveness of their implementation. Similarly, the Investment Company Act of 1940 requires institutions and funds to review their P&Ps, as well as those of their service providers, at least annually.
Regulators also expect registered firms to document the results of these reviews, but while they provide broad guidance, they do not stipulate how the annual review should be conducted or evidenced. So approaches to the annual review will vary depending on a firm's size and resources.
With multiple departments devoted to risk, compliance and audit, large financial firms often have rigorous compliance management regimes, and the financial wherewithal to implement effective and efficient annual reviews.
In contrast, many smaller and midsized firms have fewer resources, and their CCOs wear multiple hats, limiting the time available to complete the review.
A MORE EFFICIENT APPROACH
There are ways of conducting annual reviews that are faster and more efficient than existing approaches, and also equally comprehensive.
The process need not be done all at once, as regulators expect interim reviews are also being conducted.
Interim reviews enable registrants to address various compliance issues, including recent or potential breaches, new business arrangements — such as a merger or use of new service providers — and/or applicable regulatory developments, according to the SEC.
Some facets of a compliance program justify more-frequent reviews already embedded within the program, such as portfolio testing.
Registrants may be summarizing and combining multiple interim reviews throughout the year in lieu of conducting an all-encompassing annual review.
This approach allows CCOs to reduce the time and effort needed to meet their annual review obligation. It provides a framework and discipline to the administration of the compliance program.
Ongoing reviews can help identify compliance issues more frequently, and save time because registrants need only to assemble and re-evaluate interim results at the end of the review period.
Regulators appreciate how resource-constrained firms can be, and that a prudent approach to managing compliance is to focus these resources on the areas of greatest risk.
Indeed, coping with many of the same challenges in terms of resource allocation, regulators are relying more than ever on technology and quantitative techniques to triage their efforts.
For instance, the number of RIA exams has risen in recent years to keep pace with industry growth, yet the SEC budget remained nearly unchanged from the prior fiscal year, according to the regulator.
The SEC plans to draw on data mining and pattern-recognition technologies to focus its resources on threats that represent the greatest market risk.
Likewise for registrants, a case can be made to allocate compliance resources based on risk assessments.
This selective and risk-prioritized approach allows CCOs to focus primarily on the most sensitive risk areas of the firm, and to reduce the time and effort needed to meet their annual review obligation.
USING TECH TOOLS
Technology can play an important role in helping optimize time and resources while easing the annual review process. For instance, automated assessment tools help centralize compliance program testing so results can instantly be accessed.
Technology-powered compliance tools provide another means of expediting a firm's annual review so interim test results can more easily be integrated.
A growing number of firms are turning to outside service providers. Compliance professionals can help registrants leverage technology and interim testing to streamline the annual review.
Because experienced consultants have performed numerous reviews, they can bring broader insight into current compliance issues, industry best practices and areas that regulators will scrutinize. Outside professionals may also be perceived as being more independent in their findings.
The purpose of the annual review is to demonstrate that registrants have effective P&Ps that are regularly tested; that they are documenting their compliance reviews; and that qualified professionals are overseeing these efforts on an ongoing basis.
When the process is overseen by an outside expert, the result can be an expedited annual review that fully satisfies regulators while also making better use of a firm's time and other finite resources.