Building a long-lasting culture of compliance

Use your annual review to set the right tone to build a culture of compliance and reduce risk.

From our experience supporting clients, one of the most important but overlooked factors of success is building and maintaining a strong culture of compliance across the organization. The annual review is an important milestone to set the right tone and ingrain the right practices, allowing everyone across the firm to understand, manage and reduce risks.

A culture of compliance is not something that can be easily defined, but can be a powerful tool to nip abusive sales practices in the bud or avoid instances such as the largest ever whistleblower award ever given. Getting things such as supervision over your remote employees can help to build that culture, but it can be difficult to define, with no metric that can say, “you do or do not have a strong culture of compliance.”

It’s something though, that examiners are trained to pick up on, and typically within the first few hours of an examination, they’ll get a good sense of where your organization falls on the scale. This can be a key factor in the type of examination you get; if the regulators determine that your organization does not take compliance seriously, human intuition is for them to probe deeper, expecting to find issues.

Using your annual review

One of the most important exercises organizations can undergo to ingrain a healthy compliance culture is the annual review. As a requirement under Rule 206(4)-7(b) of the Investment Advisers Act, every US registered organization should already be doing this; but how the review is conducted can make all the difference.

It can be easy to check the boxes. You can use the same summary of your company that you have used for the past five years. You can sign off that you have “reviewed” your compliance manual without making any meaningful changes. You can even pick some low hanging fruit areas to test and call it a day. While this approach can be appealing to quickly check one more thing off your ever-growing to do list, it is not one that’s beneficial in the long run.

Organizations that put time, energy, and thought into these reviews are those that reap the rewards. They typically:

  • review any recent regulations that have passed, understanding the changes, and adjusting business processes accordingly;
  • meet with different members at your organization to truly understand how work is being done, to write and embed policies that genuinely reflect how your organization does business;
  • take high-risk areas of the business and complete in-depth testing to identify the root cause of issues and fixing to ensure they do not occur again.

This approach can feel intimidating and time-consuming, requiring the effort and the synchronization of an entire organization. But it pays dividends in the long run. By being more in touch with your organization, compliance can be a proactive force that assists in making work easier, rather than being a roadblock.

Regulator road map

As colleagues understand that Compliance is present, paying attention, and cares, this will reflect in the work they do and make them more comfortable reaching out with concerns before the proverbial mole hill turns into a mountain. And most importantly, issues can be identified and addressed before a regulator does.

Some may be concerned with identifying problems as they feel it can give a regulator the road map of where to dig in. We have first-hand experience during exams where regulators have seen issues, but have recognized the organization has already identified and is in the process of addressing them and decided not to write that client up.

Alternatively, we have seen examiners catch relatively small mistakes, but because there is a lack of awareness in the organization of the issues, they decide to take firmer action over something that could have easily been resolved with an internal memo.

While you can’t control the type of exam, examiners and situations are unique, the constant thing that regulators are looking for are organizations that take Compliance seriously. No one expects an organization to be perfect, but theirs is an expectation to understand those flaws, and demonstrate and actively effort to improve them; your annual review is a key piece in being able to do that.

Action points

Make sure your compliance systems are robust, you could seek advice to:

  • conduct annual reviews,
  • draft new policies,
  • assist with operational compliance, or
  • provide your teams with bespoke training.

Bovill regularly conducts SEC mock examinations to help firms prepare for the real thing.

Ryan Stibich is a consultant in the Americas team at Bovill. He supports investment advisers and broker-dealers on daily operations matters in order to comply with US regulatory requirements.