Alternative Investment Management Association Representing the global hedge fund industry
ARA Compliance Support
Securities registrants usually get into regulatory trouble due to a poor application of the applicable rules and requirements, rather than a poor understanding of them.
Perhaps this is because the compliance issues are often handled like legal matters. While the legal function is an intellectual exercise in divining the true intent of a particular rule (or perhaps interpreting what one can “get away with”), compliance isn’t simply an intellectual exercise. Compliance is about making the applicable rules and market practices live in a firm and its daily business environment. Poor application, even with the best of intentions, is the real compliance risk for member firms.
In this article, I would like to share three common traps that many small and mid-size firms fall into when applying their regulatory requirements:
When a new or amended rule or requirement is implemented, the compliance officer will often address it by developing a written policy or compliance bulletin and distribute to all concerned staff within the organization. However, by developing compliance policies in isolation from the rest of the firm, many firms end up creating legal documents, rather than policies that reflect their business. They also miss the opportunity to design policies that will have greater acceptance from all staff within the firm.
This is unfortunate because many significant regulatory requirements are concepts rather than specific rules. For example, the Provincial Securities Commissions do not define “suitability” or what a “fair and not misleading” sales communication should look like. In fact, when pressed on specific applications, most regulators prefer that management make a determination on what is “reasonable in the circumstances”.
Furthermore, if a firm’s internal policies don’t reflect the realities of its business, over time staff will simply stop following them.
This harmless practice can be very costly if the firm is subject to an enforcement or legal action. In such cases, the firm may find that it is held to (or perhaps hung by) policies and procedures that were written and forgotten in the distant past.
The development of compliance policies should truly be a shared responsibility that includes input from, management, and other staff on how the rule can best fit into their business.
Industry participants often joke that being a compliance officer is akin to having a “target on your back” or being the designated “fall guy or gal”. However, this attitude reflects a fundamental misunderstanding about compliance. People incorrectly assume that compliance should be the sole responsibility of the compliance officer.
Unlike IT or finance, the compliance function does not simply provide support in a specific functional area. It gives guidance on a topic that permeates and penetrates every aspect of a regulated firm’s business, from strategic considerations (i.e. the markets the firm will participate in) and business decisions (i.e. product and service offerings) to sales strategy (i.e. client segments the firm will pursue).
Furthermore, it is important to understand that each salesperson and officer effectively carries the firm’s regulatory responsibility and reputation whenever it deals with clients and the investing public. They, and their direct supervisors, will be held personally accountable for regulatory violations or unethical conduct.
An appointed compliance officer is not much different than the office designated “fire warden”. This individual must have a plan for evacuation in the event of a fire, communicate this plan clearly to all staff and be ready to address any related queries. However, in the event of a fire, the fire warden can’t be held responsible if a staff member decides to take the elevator, or leap out the window rather than walk down the stairs in an orderly fashion.
Regulated firms should recognize that everyone in the organization is effectively a compliance officer. Management should encourage staff to take ownership of compliance related responsibilities and recognize that the compliance officer is a source of guidance, rather than a policing function.
In 1) above, I highlighted the risk of having the compliance officer develop policies and procedures in isolation from the rest of the firm. However, many small and mid-size firms develop compliance policies without much input from the compliance officer either. In other words, such firms often “borrow” and apply compliance manuals and documents that were adopted by other firms.
Admittedly, this allows firms to save the time and cost of developing their own manuals. It may also give them the satisfaction of having a manual that addresses the topics that a Commission Compliance Department Reviewer will expect to see in a manual.
However, borrowing compliance policies and procedures from another firm that was created at a different point in time, is a bit like exploring Calgary today, with a map of Edmonton that is several years old. A “borrowed” policies and procedures manual may not reflect recent regulatory changes. More importantly it may not reflect the firm’s circumstances.
This can be a huge risk, because in the event of a litigation or enforcement action, the firm may find that it is questioned on why it did not comply with a manual that is effectively an irrelevant or out of date regulatory map.
Firms should invest time and effort necessary to develop compliance policies and procedures that fit its needs and circumstances.
Compliance traps don’t arise because of a failure to understand the technical nuances of a rule, but from a failure to apply rules and requirements. To implement compliance effectively, all key staff must participate in the formulation and take ownership of the Firm’s compliance policies and procedures.Back to Listing