Staying compliant with ever-evolving regulations is a constant challenge for investment advisers and financial services firms. Conducting regular compliance reviews is a critical part of managing regulatory risk and ensuring your firm operates legally.
Recent changes to SEC rules now formally require all SEC-registered advisers to document their annual compliance reviews in writing.
In this post, we’ll explore the significance of the annual review process and provide best practices for conducting and documenting these assessments.
The Importance of Annual Compliance Reviews
The annual compliance review is a cornerstone of any effective compliance program. It provides an opportunity for firms to step back and evaluate the current state of their compliance policies, procedures, and controls.
The review serves several key purposes:
- Identify any gaps, inadequacies, or inconsistencies in your firm’s compliance regime
- Assess the effectiveness of compliance implementation and enforcement
- Determine if updates are needed based on changes to regulations or the firm’s operations
- Surface any compliance issues or violations that occurred over the past year
Documenting the review creates a record showing regulators you are meeting your fiduciary obligations. It also helps institutionalize the process so it becomes ingrained in the firm’s culture rather than an ad hoc exercise.
Under the Investment Advisers Act of 1940, SEC-registered advisers are required to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act. The annual review requirement was intended to have advisers periodically evaluate whether their compliance policies and procedures continue to work as designed and if any changes are necessary.
However, up until now, advisers have not been explicitly required to evidence this review in writing.
New SEC Rules Formalize Documentation Requirements
In August 2023, the SEC adopted amendments to 17 CFR § 275.206(4)-7 under the Investment Advisers Act. The new rules now mandate SEC-registered advisers to document in writing their annual review of compliance policies and procedures.
While many firms already generate some form of review documentation as a best practice, it is now an official regulatory requirement.
The SEC believes formally documenting the review will provide examiners better insight into advisers’ compliance practices and facilitate enforcement.
Reports should describe:
- The scope and dates of the review
- Compliance deficiencies identified
- Any changes made to policies and procedures
The SEC emphasizes firms have flexibility in how they conduct reviews and the specific format of documentation. The rules don’t prescribe a rigid process advisers must follow.
However, to comply, advisers will need to implement more structured annual review procedures if they have mainly relied on informal reviews up until this point.
When Should the Annual Review Be Completed?
While the compliance review is dubbed “annual,” the SEC does not prescribe a specific timeframe for when it must be conducted. The review period does not have to follow the calendar year.
Many advisers choose to align their compliance review with their fiscal year-end or the CCO’s appointment anniversary date. Others opt to review different compliance areas on a rolling basis throughout the year via quarterly or monthly assessments.
No matter how you schedule it, just be sure your full annual review is completed at least once during a 12-month period. Also, document your selected timetable in your firm’s compliance policies and procedures.
Best Practices for Conducting Annual Compliance Reviews
To conduct a compliant and comprehensive annual compliance review, advisers should follow these best practices:
- Develop a formal review plan
Outline the scope, timeline, responsible parties, and methodology you will use for the review. Having a documented plan in place makes the review process more structured and repeatable year-over-year.
- Examine all key compliance areas
Assess your:
- Compliance manual, codes of ethics, and policies
- Proxy voting and trade allocation procedures
- Marketing and performance advertising
- Safeguarding client assets and custody procedures
- Data protection and cybersecurity programs
- Financial reporting and accounting
- Compliance monitoring and testing results
- Review changes in regulations
Evaluate if recent regulatory changes necessitate updates to your compliance policies and procedures. This includes changes to SEC rules along with other applicable federal and state regulations. You can leverage quarterly updates from legal counsel or compliance consultants to identify changes to monitor.
- Assess previous compliance issues
Analyze any compliance shortcomings, violations, or examination deficiencies identified over the past year. Verify appropriate corrective actions were implemented to remediate the issues.
- Interview personnel
Conduct interviews with key compliance, operations, and management personnel to gain insights into day-to-day compliance practices and identify any potential gaps.
- Review compliance monitoring and testing results
Examine reports from the previous year’s compliance testing activities. Follow up on any adverse findings that indicate procedures may not be functioning as intended.
- Update policies and procedures
If the review reveals needed enhancements, update your compliance policies and procedures accordingly.
- Document the review process and results
The documentation should summarize:
- Review methodology and scope
- Key areas examined
- Compliance weaknesses identified
- Changes made to policies and procedures
- Plans to address unresolved issues
Who Should Be Involved in the Compliance Review Process?
While the CCO leads the compliance review, it shouldn’t be a solo activity. Input from personnel across your firm’s various departments provides important operational insights.
Be sure to loop in key stakeholders like:
- Executive management – Can speak to the firm’s strategic direction and risk appetite.
- Portfolio managers – Familiar with day-to-day investment operations.
- Trading/operations – Close view of processes like trade flows and custody.
- Marketing/sales – May identify risks related to communications and promotions.
- Technology – Understands the firm’s data, systems, and cybersecurity landscape.
- Legal/compliance – Brings regulatory knowledge and compliance insights.
Their diverse perspectives allow for a more well-rounded assessment of potential compliance vulnerabilities. Just be sure to document who participated for your records.
Don’t Delay Your Compliance Checkup
While an annual compliance review requires effort, it’s time well spent identifying and addressing potential regulatory pitfalls in your business.
Following SEC guidelines isn’t just about playing by the rules. A robust compliance program fosters operational excellence, investor trust, and business growth.
Partnering with experienced RIA compliance lawyers at My RIA Lawyer further protects your interests so you can focus on your clients. Contact their team today to learn more about our compliance review support services. Investing in compliance means investing in your firm’s future success.
