Ideal Compliance Procedures
I. Sources of Authority -- Legal Bases for Policies & Procedures
Pursuant to Section 203(e) of the Investment Advisers Act of 1940, the SEC may sanction anyone who " has failed reasonably to supervise, with a view to preventing violations of the provisions of such statutes, rules and regulations, another person who commits such a violation, if such other person is subject to his supervision."
For the purposes of Section 203(e), no person will be deemed to have failed reasonably to supervise any person, if -
(A) there have been established procedures, and a system for applying such procedures, which would reasonably be expected to prevent and detect, insofar as practicable, any such violation by such other person, and
(B) such person has reasonably discharged the duties and obligations incumbent upon him by reason of such procedures and system without reasonable cause to believe that such procedures and system were not being complied with.
II. Hallmarks of an Effective Set of Compliance Policies & Procedures
Effective compliance policies and procedures share similar characteristics. They should always be:
- Reflective of the operations of the particular organization (individually tailored)
- Organic, constantly evolving (not static)
- Tested, monitored & updated (through effective internal controls)
- Supported by upper management and departmental heads
- Effectively communicated to all covered persons
- Effectively carried out & overseen by clearly designated personnel
- Enforced in a fair and consistent manner
Considerations for Creating Effective Policies & Procedures
When creating policies and procedures drafters should strive to ensure that the policies and procedures are:
- Reflective of the firm's actual practices and operations. If you buy an off-the-shelf policy manual, be sure to tailor it to fit your firm's size, structure and business .
- In writing. Assume that if policies or procedures are not in writing, they don't exist. It is difficult to demonstrate that procedures exist and are being followed if they are not formally documented.
- Readable & understandable. Keep them simple; use plain English whenever possible.
- Developed with input from operational staff. It is important to enlist the assistance of the business staff when developing the procedures so that they reflect actual business practices.
- Practical and designed to be as unobtrusive on operations as possible
Considerations for Implementing Policies & Procedures
When the time comes to implement new policies and procedures those responsible must ensure that the policies and procedures are:
- Accessible to all covered persons
- Clearly communicated to all covered persons - a secret policy is not a good policy
- Acknowledged by each covered person through a written, signed Acknowledgement of receipt, understanding and adherence
- Supported and approved by senior management and appropriate department or area heads
- Phased in over time if/when appropriate
- Accompanied by training, if necessary, for those who will be using the procedures, as well as those who will be overseeing their implementation
Considerations for Testing and Reviewing Policies & Procedures
Policies and procedures must be regularly monitored, reviewed and updated as appropriate. Some things an adviser should consider to achieve this goal are:
- Establishing internal controls that provide for established, periodic review and testing
- Conducting mock inspections and self-auditing
Considerations for Documenting Policies & Procedures
The proper documentation of policies and procedures is of critical importance to all registrants. Proper documentation is necessary in order to ensure that all covered persons understand what is expected of them. Regulators routinely ask to see a firm's policies and procedures when conducting an examination. When developing policies and procedures, an adviser should determine:
- Who will be responsible for documenting the firm's policies and procedures
- Who will be responsible for updating policies and procedures, as well as archiving past ones after they are revised
- Whether the organization is better suited for documenting policies and procedures in paper or electronic format (including the use of such things as intranets)
- Whether exception reports will be generated and, if so, who will be responsible for creating and maintaining them
- Who will be responsible for conducting and documenting internal audit/compliance review, and how will such reviews be memorialized to ensure that regulators or litigants do not use them offensively against the firm
Considerations for Enforcing Policies & Procedures
When violations of a firm's policies or procedures have occurred, it is essential that the designated individuals in the firm take appropriate action in terms of correcting the violations, considering the need to report the violations to regulators and imposing discipline on the violator(s) to the extent appropriate. Among the considerations in this area are the following:
- Maintaining a record of violations
- Fairness considerations
- U-4/U-5 reporting
- Defamation concerns
- Collateral consequences (litigation)
III. SEC Proposed Rules for Investment Adviser Compliance Programs:
On February 5, 2003, the SEC proposed new rules that, if implemented, will require all investment companies and investment advisers registered with the SEC to:
- Adopt and implement policies and procedures designed to prevent, detect, and correct violations of the securities laws;
- Review those policies and procedures at least annually for their adequacy and the effectiveness of their implementation; and
- Designate a chief compliance officer responsible for administering the policies and procedures.1
SEC Release Nos. IC-25925, IA-2107 (February 5, 2003).
Goals of the Compliance Program
The proposed rules would require that the procedures be written and would have to be designed to prevent, detect and correct violations of the securities laws by advisers, funds and supervised persons.
The proposed rules call for an annual review of policies and procedures to determine their adequacy and whether they have been implemented effectively. Advisers would be required to maintain a copy of their policies and procedures.
Designation of Chief Compliance Officer
The proposals would require each adviser to designate a Chief Compliance Officer who would be responsible for administering the compliance policies and procedures. The individual selected as "Chief Compliance Officer" would need to possess or obtain the appropriate level of training and experience in order to discharge his or her responsibilities under the compliance program.
Elements of the Compliance Program
Specific elements for policies and procedures are not identified in the proposed rules. The SEC did, however, list in the release the following areas that an appropriate compliance program might cover:
- Allocation of investment opportunities among clients and consistency of portfolios with guidelines established by clients, disclosures and regulatory requirements
- Trading practices, including procedures for best execution, soft dollar arrangements and allocation of trades among clients
- Proprietary trading of the adviser and personal trading activities of supervised persons
- Accuracy of information in advertisements and disclosures
- Safeguarding client assets from conversion or inappropriate use by advisory personnel
- Records creation and Maintenance
- Valuation of client holdings and fees
- Protection of client information and records
- Business Continuity plans
The release also identified several fund-specific areas including:
- Pricing of portfolio securities and fund shares
- Processing of fund shares
- Identification of affiliated persons with whom the fund cannot enter into certain transactions, and compliance with exemptive rules and orders that permit such transactions
- Compliance with fund governance requirements
- Prevention of money laundering2
SEC Request for Further Comment
The SEC has also proposed approaches that would involve the private sector to enhance compliance by investment advisers and funds and has requested comment on several specific items.
One suggestion is to require each adviser to undergo periodic compliance reviews by a third party that would produce a report of findings and recommendations.
A second approach is to expand the role of auditing by independent public accountants which audit fund financial statements to include an examination of fund compliance controls.
A third approach is the formation of a self-regulatory organization (SRO) for funds and/or advisers. This SRO would function much like the NASD in that it would establish practice rules and ethical standards, conduct routine examinations, require minimum qualification standards, and bring disciplinary actions. The Release makes it clear that the SEC would continue to examine the activities of advisers as well.
A fourth approach to enhance compliance would require investment advisers to obtain fidelity bonds from insurance companies, theoretically resulting in additional oversight of advisers by insurance companies.
IV. IA Compliance Procedures Inventory
Regardless of whether the SEC's proposal for adviser compliance programs is approved, an adviser should have written policies and procedures for the following areas:
- Registration Requirements
- Updating Form ADV and Annual Filings
- State Requirements
- Written Disclosure Statements
- Initial Delivery of Brochures
- Periodic Delivery of Brochure
- Promotional Activities:
- Compensation for Client Referrals
- Investment Advisory Contracts
- Advisory Fees
- Performance Fees
- Operating Procedures
- General Fiduciary Considerations
- Outside Activities
- Conflict of Interest
- Allocation of Orders
- Best Execution
- Insider Trading
- Confidential Information - Consumer Privacy, Reg S-P
- Prohibited Transactions
- Proxy Voting
- General Fiduciary Considerations
- Recordkeeping (Rule 204-2)
- Monitoring Disqualifying Conduct and Certain Legal Matters
- Compliance Violations
1. SEC Release Nos. IC-25925, IA-2107 (February 5, 2003). Release is available at http://www.sec.gov/rules/proposed/ic-25925.htm.
*Kathleen D. VanNoy-Pineda, Esquire
Chief Compliance Officer, Insurance & Investment Products TIAA-CREF
730 Third Avenue
New York, NY 10017
Telephone: 800.842.2733, Ext. 5195
* Comments and opinions are not intended to reflect those of TIAA-CREF.