The more than 1,350 investment advisers that have registered with the Securities and Exchange Commission (“SEC”) since the effective date of the Dodd-Frank Act (July 21, 2011)2 are in a quandary. They are striving to comply with new books and records and compliance program requirements. Consequently, they are retaining emails and tasking their compliance departments with review of emails and other records to identify violations and even poor tone. They are logging departures from their codes of ethics to comply with the new detailed pre-clearance and reporting requirements imposed on registered advisers. And they are creating and maintaining yet other records of their compliance reviews and the actions taken in response to such reviews. At the same time, knowing they face the prospect of onsite SEC examinations, they are worrying that all this new compliance-focused documentation will be the first material the SEC examiners review. As adviser’s counsel, we often are asked whether such efforts at good compliance will simply make the firm “look bad,” and to address how an adviser can approach compliance review and documentation in a manner that puts its best foot forward when the SEC finally does pay a visit.
In the authors’ view, documentation that reflects a robust compliance review process and commitment to remediate identified compliance issues is evidence of strong tone at the top and will foster regulators’ confidence in the firm. This client note discusses strategies for approaching compliance reviews and documentation that we believe, if implemented, will permit firms to create proverbial gold out of what could be viewed as the lead weight of new compliance requirements.
Embrace the notion that any firm with a robust compliance program will find that the firm is not perfect. People are not perfect. Breaches of policies and procedures occur from time to time. Personnel misread policies and neglect to follow procedures, even when they have been well trained. Further, policies and procedures are subject to correction and enhancement — sometimes, with experience, they are found to be unclear or inadequate.
Even before registering with the SEC, firms identified breaches and remediated them, and firms evaluated their policies and periodically modified or added to their compliance manuals and recirculated them. This critical work needs to continue — firms must continue to be vigilant about getting to the heart of the reason for breaches they identify, and about addressing matters as appropriate. This may be through retraining or discipline, or a determination that a procedure is vague or insufficient and needs to be revised and recirculated within the firm. Firms also must continue to engage in ongoing evaluations of the effectiveness of their compliance programs and to institute changes when warranted.
Recognize that most registered firms actually benefit from identifying compliance issues and having their findings reviewed during a firm examination. The SEC examination staff has indicated repeatedly that the real test of a firm’s compliance system and controls is whether the firm identifies breaches of its policies and procedures and whether it addresses those breaches timely and effectively.
Compliance documentation is created day-by-day and month-by-month. When reviewed as a compilation, it paints a picture of the firm and its compliance orientation. Regulators will gain confidence in a firm after reviewing compliance documentation that reflects rigor and commitment to remediation and improvement, and this confidence can translate into a speedier, and accordingly less disruptive, on-site examination.
Facilitate the firm’s identification of compliance issues, instead of waiting for them to be identified by regulators during an on-site examination. Publicizing to all personnel the avenues for asking questions and raising concerns is an imperative. Firms also need to create unscripted opportunities for personnel to ask questions or raise issues that may alert the firm to new conflicts or risks or areas for compliance follow-up.
As a general matter, the approachability of a firm’s owners, senior managers, and legal and compliance staff is enhanced when responses to compliance questions and concerns are provided timely and appropriately measured. To that end, we suggest that firms forge relationships with practical outside counsel who can help them objectively assess the significance of breaches of compliance requirements and develop these appropriately-measured responses. The Dodd-Frank Act provides whistleblowers substantial financial incentives to come forward to the SEC directly. Accordingly, it is even more critical today that firms demonstrate that they will support those personnel who bring compliance issues directly to their firms.
Find opportunities to drive home compliance-focused messages and ensure that all such efforts are noted in the firm’s compliance documentation. Firm owners and senior managers can set aside time during team and group meetings to address topical compliance issues directly or can make time for remarks by legal and compliance staff. Legal and compliance staff, for their part, should take all such opportunities presented to deliver focused, audience-appropriate messages. Compliance training goes beyond delivering formal training on matters such as insider trading prevention and firms should take credit for their efforts by noting them in compliance documentation.
Develop email (and other document) review protocols to meet examiners’ expectations, to better position the firm to address compliance risks, and even to head off violative conduct. SEC examiners expect to find among the compliance documentation of registered firms evidence of email reviews. Examiners also commonly inquire about firms’ review procedures.
We believe that firms may benefit substantially from adopting and following email review procedures. From a controls perspective, email reviews help a firm develop an understanding of how electronic communications are being used by its personnel. This understanding can help the firm tailor its policies and procedures to ensure that firm personnel are appropriately thoughtful in their use of electronic communications. This is critical given that the SEC typically views those communications afterthe- fact and out of context.
The adoption of an email review policy, further, signals to personnel the seriousness with which the firm views communications within and outside the firm, compliance with firm policies and procedures, and the appropriate use of the firm’s technology resources. The existence of an email surveillance policy may itself deter improper conduct. Further, regular email surveillance puts the firm in a better position to uncover conduct that may be illegal (e.g., insider trading), inconsistent with the firm’s policies and procedures (e.g., failure to maintain the confidentiality of firm information), or otherwise inappropriate. And review of personnel’s notes and other documents can protect the firm, as well — for example, for firms that utilize expert networks, compliance review of an investment team’s research notes taken in connection with their consultations can alert the firm to the troubling situation in which discussions occur on topics other than those on which the consultant was engaged.
As a risk measure, some firms review the emails and documents of personnel who engage in repeated departures from code of ethics requirements and from what is required by other firm policies and procedures. The objective of such reviews is to better assess such personnel’s compliance orientation and the level of risk they pose to their firms. Over time, firms consider whether there is a need to change the scope or methodology of their email and document reviews so that the reviews remain an effective tool.
Further, follow-through with respect to what is found as a result of such reviews is critical. SEC examiners will expect to see active engagement with personnel whose emails and documents suggest possible wrongdoing. Similarly, examiners expect firms to keep close watch on the trading activities of personnel whose communications raise doubt about their commitment to compliance. All of these efforts will serve to protect a firm and its clients and, when reviewed during a routine examination, will reflect to the examiners that the firm embraces compliance as a core principle.
Ensure that compliance documentation is thoughtfully assembled and can be readily furnished to an SEC examiner on request. When drafting compliance documentation, firms should be mindful of the scope and amount of detail provided. Examiners will get bogged down in a detailed exposition of how an issue was uncovered and who said what when. Confusion may result. The more effective approach is to identify briefly the compliance issue and personnel involved, the conclusions reached, and the remediation effected. Documenting in this manner will also better serve the firm’s legal and compliance staff and senior managers. Concise documentation can serve as the foundation for the firm’s annual compliance review and permit the firm to look beyond the particular issue addressed to identify any patterns of non-compliance and whether the remediation efforts undertaken have been successful.
A firm also should ensure that it maintains a set of nonprivileged compliance records that can be handed over to its examiners promptly on request. Some firms have a single person serving as both general counsel and chief compliance officer. We urge these firms to develop a protocol for separating the analytic, pre-decisional documents on compliance matters that they are creating and with respect to which the firm wants to assert privilege, from the documents that reflect the facts found, conclusions reached, and any remediation undertaken.
Be ready to answer in the most effective manner the fundamental, compliance-focused questions that will be posed by regulators and by the firms’ investors. That first SEC examination is inevitable. The SEC staff has indicated it is preparing to conduct “a coordinated series of examinations of a significant percentage of the new registrants that will focus on the highest risk areas of their business and help to risk rate the new registrants.”3 Further, post-Madoff, institutional investor inquiries directed at a firm’s compliance program and bona fides are becoming routine.4 We suggest that firms take the time now to develop a thoughtfully considered orientation document for use during that first SEC examination and to guide the firm’s discussions with investors. The document should focus on the firm’s highest risk and conflicts areas and on the firm’s methods for addressing these. In putting together such an orientation document, the firm may uncover gaps in the firm’s compliance initiatives; starting now will afford the firm the opportunity to fill those gaps. Further, as part of this readiness process, we also suggest that firms identify key personnel that they will identify as their spokespersons in introductory meetings with the SEC examination staff.
Readiness also includes (1) reviewing with all personnel the seriousness of the regulatory examination and investor diligence processes and the types of questions they can anticipate being asked, and (2) careful consideration of who will be designated as the main contact with whom the examiners will primarily interact during routine SEC examinations. Engaging in a dialogue with personnel now will help ensure they are prepared and professional when discussing their responsibilities and the firm’s related compliance processes and procedures. And if the main contact for SEC examiner interactions is not the General Counsel or the Chief Compliance Officer, the contact should be a trusted designee. The contact should have the authority needed to ensure that firm personnel timely address document and interview requests from the examiners, and the ability to keep careful track of requests and responses given. Designating a main contact person will help ensure that a firm sends a consistent message. Ensuring that the person designated can command the resources needed to timely fill requests for documents and demonstrations of firm systems will foster good communication with the visiting examiners and will evidence the firm’s good controls.