Professional Certifications for Compliance

Do you need a certification to be compliance professional?

“Need” is not the right answer. Compliance is still a diverse and complex field, where the needs can differ remarkably from firm to firm.

I’m a bit skeptical that a generic certificate program is likely to help me much with my job or professional development. Whatever benefit comes from the program needs to balance the cost of the program and the time spent at the program’s courses (and away from the actual job).

I was contemplating the Society of Corporate Compliance and Ethics programs. They offer a Certified Compliance and Ethics Professional certification. You can combine a multi-day academy offering to meet the classroom requirements and take a test the next day.

With the SEC’s registration requirement for private fund managers, I took a closer look at what the SEC requires for compliance professionals.  Rule 206(4)-7 imposes no particular requirements on a chief compliance officer.  The SEC release for the rule provides a bit a more context on the professional background requirements:

“An adviser’s chief compliance officer should be competent and knowledgeable regarding the Advisers Act…”

So it’s not a lot of context. But you need to show that you understand the Advisers Act.

I switched gears from the CCEP and took a look at the Investment Adviser Certified Compliance Professional co-sponsored by the Investment Adviser Association and National Regulatory Services. I assume this certification and designation would give me the right to say I am “competent and knowledgeable regarding the Advisers Act.” It will even give me a certification that says so.

But it’s a lot of work: 20 courses and a test.

I’m taking care of six of those course over the next two days.

Boston IA Compliance Symposium 2012

Northeastern University Batterymarch Conference Center
Second Floor of the Hilton Boston Financial District

DAY 1 – Tuesday, June 12, 2012

8:30 AM–10:30 AM (ET)

A New Look at the Advisers Act: Registration, Exclusions and Exemptions; Mid-Sized Advisers and Exempt Reporting Advisers; Private Fund Advisers and More

10:45 AM–12:45 PM (ET)

Books and Records Requirements for Investment Advisers

2:00 PM–4:00 PM (ET)

Insider Trading, Contracts and New ADV Delivery Requirements

Day 2 – Wednesday, June 13, 2012

8:30 AM–10:30 AM (ET)

Understanding Fiduciary Duties and the Sweep of the Anti-Fraud Provisions of the Advisers Act

10:45 AM–12:45 PM (ET)

Custody and Pay-to-Play Rules Plus Solicitors and Proxy Voting Requirements for Investment Advisers

2:00 PM–4:00 PM (ET)

Compliance Programs Rules and Strategies for Managing Your Annual Review

 

Job Description For CCOs of Advisers to Private Investment Funds

help wanted join the insanity now

Back in 2005, Associate Director Office of Compliance Inspection and Examinations of the SEC, Gene Gohlke gave a speech addressing hedge funds who would soon have to register under the doomed hedge fund rule. He focused on what the funds needed in a Chief Compliance Officer.

Rule 206(4)-7 requires a registered investment adviser to designate an individual responsible for administering the policies and procedures required to avoid violation of the Investment Adviser Act and its rules. That’s all the rule requires of a CCO.

The release adopting the Rule 206(4)-7 provides some more background on the requirement:

An adviser’s chief compliance officer should be competent and knowledgeable regarding the Advisers Act and should be empowered with full responsibility and authority to develop and enforce appropriate policies and procedures for the firm. Thus, the compliance officer should have a position of sufficient seniority and authority within the organization to compel others to adhere to the compliance policies and procedures. [C.1.]

The release also makes it clear that the adviser does not have to hire an additional person to take on the rule.

Knowledgeable

A CCO must have a good understanding of the requirements imposed by the Advisers Act, the related rules, and other aspects of the regulatory regime for advisers. A CCO should also remain current regarding changes to the regulatory requirements as the SEC changes and adds to them.

Competent

Gohlke lays out the need to have familiarity with the steps needed to create a compliance program:

  • Risk identification and assessment.  Know how to identify conflicts and other compliance factors creating risk exposure for the firm and its clients in light of the firm’s particular operations.
  • Creating policies and procedures. Address the risks identified. The policies and procedures should address all conflicts of interest and other risks the firm is exposed to and not a set of risks that advisers in general may have.
  • Implementation. Recognizing the principles of good management and controls.

Position in Organizational Structure

The compliance officer should have a position of sufficient seniority and authority within the organization to be able to compel others to adhere to the firm’s compliance policies and procedures. CCOs should be a member of the senior management of a firm.

The 24 Functions

Gohlke lays out a list of 24 functions that CCOs of advisers should perform or consider performing. (He admits that this ia an ambitious list and that they are above and beyond what is required by Rule 206(4)-7.)

  1. Advises senior management on the fundamental importance of establishing and maintaining an effective culture of compliance within the firm.
  2. Confers with and advises other senior management of the firm on significant compliance matters and issues.
  3. Is not only available but is sought out on a “consulting” basis regarding compliance matters and issues by business people throughout the firm. Should become known as the “go to person” on compliance matters.
  4. Becomes involved in analyzing and resolving significant compliance issues that arise.
  5. Ensures that the steps in the firm’s compliance process – risk identification, establishing policies and procedures and implementing those policies and procedures – are appropriate and are undertaken timely by staff of the firm to whom those functions have been assigned.
  6. Becomes personally involved in various steps of the process such as serving on risk or policies and procedures committees when necessary and appropriate.
  7. Ensures that compliance policies and procedures are comprehensive, robust, current and reflect the firm’s business processes and conflicts of interest.
  8. Ensures that appropriate principles of management and control are observed in the implementation of policies and procedures. These principles include separation of functions, clear assignment of responsibilities, measuring results against standards and reporting outcomes.
  9. Ensures that all persons within the firm with compliance responsibilities are competently and fully performing those functions.
  10. Ensures that quality control (transactional) testing is conducted as appropriate to detect deviations of actual transactions from policies or standards and that results of such tests are included on exception and other management reports and are promptly addressed, escalated when necessary, and resolved by responsible business people.
  11. Ensures there is timely and appropriate review of material and repetitive compliance issues as indicators of possible gaps and weaknesses in policies and procedures or risk identification processes and facilitates the use of such information in keeping the firm’s compliance program evergreen.
  12. Undertakes periodic analyses and evaluation of compliance issues found in the regular course together with the results of appropriate forensic testing conducted by compliance staff as a means for obtaining additional or corroborating evidence regarding both the effective functions of the firm’s compliance program and the possible existence of disguised or undetected compliance issues.
  13. Ensures that compliance programs of service providers used by the adviser are effective so that the services provided by these firms are consistent with the adviser’s fiduciary obligations to its clients.
  14. Establishes a compliance calendar that identifies all important dates by which regulatory, client reporting, tax and compliance matters must be completed to ensure that these important deadlines are not missed.
  15. Promotes a process for regularly mapping a firm’s compliance policies and procedures and conflicts of interest to disclosures made to clients so that disclosures are current, complete and informative.
  16. Manages the adviser’s compliance department or unit in ways that encourages proactive work, a practice of professional skepticism and “thinking outside the box” by compliance staff.
  17. Manages the adviser’s code of ethics which is a responsibility given to CCOs of advisers by rule 204A-1 under the Advisers Act.
  18. Undertakes or supervises others in performing the required annual review of an adviser’s compliance program. Every adviser is required to conduct at least an annual review of its compliance program. The review should consider any compliance matters that arose during the previous year, any changes in the business activities of the adviser or its affiliates, and any changes in the Advisers Act or applicable regulations that might suggest a need to revise the policies or procedures. Although the rule requires only annual reviews, advisers should consider the need for interim reviews in response to significant compliance events, changes in business arrangements, and regulatory developments.
  19. Reports results of the annual review to senior management and ensures that recommendations for improvements that flow from the review are implemented as appropriate.
  20. Is a strong and persistent advocate for allocating an appropriate amount of a firm’s resources to the development and maintenance of an effective compliance program and compliance staff.
  21. Recognizes need to remain current on regulatory and compliance issues and participates in continuing education programs.
  22. Ensures that staff of the firm is appropriately trained in compliance-related matters.
  23. Is the adviser’s liaison and point of contact with SEC examination staff, both during exams and as part of the SEC’s CCOutreach program.
  24. Is active in industry efforts to develop and implement good compliance practices for advisers to private investment funds.

That’s  a big list of things to take on.

Although the SEC does not require a separate individual to take on the role of CCO, I occasionally hear some skepticism when a person assumes this role as an additional part of their job. The question the SEC asks is “what responsibilities did you relinquish in order to have time to take on the CCO role?”

Sources:

Help Wanted image is by Andi Szilagyi

Disciplinary Actions Against Chief Compliance Officers

The Chief Compliance Officer should be a model for employee conduct. I don’t thing there is any better way to lead and educate than to set an example.

Not all Chief Compliance Officers succeed in this role and some get subject to discipline. Here are some ways to get in trouble.

Participation in Wrongful Conduct

David A. Zwick, chief executive officer and chief compliance officer of Suncoast Capital Group, Ltd. was held liable for participating in a scheme with a salesperson he supervised to provide kickbacks to a bond trader.  In exchange for the kickbacks, Suncoast received securities transactions at prices favoring Suncoast and provided signification compensation to Zwick. He was found to have knowingly or recklessly approved fraudulent prices on Suncoast trades.

Failure to Supervise

In its release for Rule 206(4)-7 SEC Release No. IA-2204 the SEC stated:

Having the title of chief compliance officer does not, in and of itself, carry supervisory responsibilities. Thus, a chief compliance officer … would not necessarily be subject to a sanction by us for failure to supervise other advisory personnel. … Section 203(e)(6) provides that a person shall not be deemed to have failed to reasonably supervise another person if: (i) the adviser had adopted procedures reasonably designed to prevent and detect violations of the federal securities laws; (ii) the adviser had a system in place for applying the procedures; and (iii) the supervising person had reasonably discharged his supervisory responsibilities in accordance with the procedures and had no reason to believe the supervised person was not complying with the procedures.

Clearly a CCO has a role in addressing serious misconduct by employees. For an investment adviser, the CCO could be a supervisor and the failure to adequately supervise could subject the CCO to discipline for failure to supervise.

Pre-packaged policies and procedures manual

Consulting Services Group did that and failed to meet the SEC’s standards. Unfortunately for them, the pre-packaged manual did not match up to its business. They provide consulting services to mostly institutional clients. It helps them search for and select money managers, allocate assets, review performance, and design investment policies. The pre-packaged policies and procedures manual “failed to address adequately the conflicts of interest unique to CSG’s operations as a pension consultant, and many of the sections within these generic forms were completely inapplicable and irrelevant to CSG’s provision of investment advisory services to clients.” I would guess they manual they bought was designed for a retail investment adviser.

Email server

Among the things Richard Campanella was disciplined for was the failure to stop the use of non-company email. He received several emails from an employee and told him to stop using the outside email address. Even after three warnings, he field to discipline the employee. Apparently, the employee used the email extensively for business purposes. The end result was record-keeping failure.

Background checks

Westpark Capital’s Chief Compliance Officer was William Morgan. “Among other things, Morgan was responsible for maintaining and updating the Firm’s written supervisory procedures, supervising the branch office managers, performing background investigations and participating in hiring decisions, and determining whether representatives required heightened supervision and the parameters of that heightened scrutiny.” Unfortunately, the company hired some representatives who engaged in churning and made unauthorized and unsuitable trades in customer accounts.

Reporting

Tim Poulus, the Chief Compliance Officer for Olympia Asset Management, failed to report customer complaints to FINRA. (FINRA Case #2008011806301) That statistical and summary information required by NASD Rule 3070(c). The violation lead to a $10,000 fine.

Sources:

Fail is by Amboo who?

Investment Advisers and Business Continuity Plans

When an investment adviser is designing its policies and procedures you need to identify the risks for their firm so they address those risks. A big risk is missing an applicable requirement under the regulatory scheme. So you sit down with the regulations and tie them to your specific policies and procedures.

An easy one to miss is the requirement for having a business continuity plan. It’s in Rule 206(4)-7.

Oh, you don’t see anything about business continuity in the rule? It’s not in the rule, it’s in the Release for Rule 206(4)-7:

We believe that an adviser’s fiduciary obligation to its clients includes the obligation to take steps to protect the clients’ interests from being placed at risk as a result of the adviser’s inability to provide advisory services after, for example, a natural disaster or, in the case of some smaller firms, the death of the owner or key personnel. The clients of an adviser that is engaged in the active management of their assets would ordinarily be placed at risk if the adviser ceased operations. [SEC Release No. IA-2204]

There is not much in the release to help you understand what is required, but there are two good places to help you.

One is to look at an intragency paper published by The Federal Reserve Board, the Office of the Comptroller of the Currency and the Securities and Exchange Commission on business continuity objectives. They lay out four broad sound practices for core clearing and settlement organizations and firms that play significant roles in critical financial markets:

  1. Identify clearing and settlement activities in support of critical financial markets.
  2. Determine appropriate recovery and resumption objectives for clearing and settlement activities in support of critical markets.
  3. Maintain sufficient geographically dispersed resources to meet recovery and resumption objectives.
  4. Routinely use or test recovery and resumption arrangements.

The other source (more practical source) is the disaster recovery requirements of broker/dealers. FINRA Rule 4370 is their emergency preparedness rule. They have a template for small introducing firms to help start designing a plan.

Sources: