On episode 80 of the CCO Buzz, Core Compliance discuss vital considerations for conducting an Annual Review.
CCO Buzz: Hello and welcome back to the CCO Buzz! Can you believe it’s already October? Not only has working remotely made it difficult for me to discern what day of the week it is, but 2020 is zooming by in a flash. To kick off the fourth quarter we have a Senior Compliance Consultant. He [has] joined us today to discuss vital considerations for conducting an Annual Review. With that, let’s begin.
So, as many of our listeners range on the familiarity of the industry, can you enlighten us with what an Annual Review is, and its importance to the industry?
Senior Compliance Consultant: Oh, of course. Under Rule 206(4)-7 of the Advisers Act, Registered Investment Advisers (“RIAs”) must perform an annual review of their policies and procedures to ensure those policies and procedures are reasonably designed to prevent violations of applicable federal and state securities regulations.
This requires more than a simple read-through of the firm’s manual. Firms must perform comprehensive testing of their policies and procedures and internal controls. Additionally, the review needs to take into consideration any changes to the firm’s business practices, along with new [and]/or amended regulations.
Now on the other hand, Broker-Dealers (“BDs”) also have a similar required process. Under FINRA Rule 3120, a BD is required to annually test and verify [that] their written supervisory procedures are reasonably designed with respect to the activities of the firm and its associated persons to achieve compliance with those applicable securities laws, regulations and FINRA rules. And then to update those supervisory procedures where the need is identified by such testing and verification.
The designated principal(s) of the BD must also submit a report for the firm’s senior management, detailing the BD’s systems of supervisory controls, the summary of the test results, and the updated supervisory procedures drafted in response to the findings.
And as we wind down and close out the year, under all of these environmental changes due to the pandemic – both forms, the Annual Review and the BD 3120 testing, need to be more comprehensive than ever.
CCO Buzz: In your upcoming Risk Management Update, you go into further detail and break down steps for dual registered firms on how to complete their annual requirement. Could elaborate on those steps?
Senior Compliance Consultant: Sure. My upcoming article, titled “Dually Registered Firms: Steps for Performing an Efficient Annual Review and Gap Analysis,” simplifies and enlightens the process for firms as I break it down into a simple 4-step process to increase the overall efficiency of performing these reviews.
Each step, although somewhat easier said than done, also provides additional considerations that firms may forget, and not consider, when completing their reviews.
CCO Buzz: Wow, you were feeling a bit generous with the information when you were drafting this article! Let’s breakdown some of those steps. Shall we?
Senior Compliance Consultant: Sure, now, I won’t give away everything – they’re going to have to read my article later this month, but I’ll be willing to share some of the information…
Step one is something I call the decision phase. Effective Annual Reviews and Gap Analysis assessments need to be based on testing that is performed and reviewed throughout the year. Since a firm’s written policies and procedures generally cover a significant number of applicable federal, state, and FINRA rules, it can be a daunting task to prioritize these testing areas. So, to begin, a firm should identify its highest areas of risk. Although not required, performing a risk inventory prior to, or in conjunction with, performing these reviews can help this process be more effective and increase the efficiency.
Step two is what I call the design and test phase. Once a firm has determined their high-risk areas, they should design specific tests for those areas. In the article I provide examples of tests for certain focus areas, but one example would be Periodic testing, which is testing that is performed at certain times or intervals. An example would be quarterly email correspondence reviews.
CCO Buzz: That’s a lot to unpack, I can’t wait to read the rest of the steps in this month’s Risk Management Update.
Senior Compliance Consultant: In the rest of the article I detail documenting and reviewing as well as implementation from the preformed reviews. Although steps one and two are important, dually-registered firms should note that examiners will not only pay attention to the changes your firm has implemented due to the pandemic, but also how you have tested, documented, addressed and changed after learning the efficacy of your program.
CCO Buzz: Well I know I can speak for the rest of us when I say I can’t wait to read your article. Anything else you’d like to add?
Senior Compliance Consultant: Yes, I don’t think I can stress enough to my clients and the industry that Annual Reviews and Gap Analyses are not just regulatory requirements to fulfill, but rather, they are important processes that allows firms to not only assess the effectiveness of their policies and procedures, but to help ensure that the controls in place adequately address risks and conflicts. Performing testing throughout the year allows firms to promptly correct any gaps found in their Compliance Program, which in turn can potentially result in cost savings to the firm. The annual testing performed should be varied in order to meet the changing regulatory requirements and firm business practices. Chief Compliance Officers should have a thorough understanding of the responsibility they have for administering this important part of their firm’s Compliance Program.
For more insight, be on the lookout for my article later this month.
If you or your firm need any help addressing your Annual Review or BD Gap Analysis, the team at Core Compliance is always ready to help and guide your firm. You can contact our team at www.corecls.com or call us at 619-278-0020.
CCO Buzz: Thank you so much for joining us today.
Senior Compliance Consultant: Oh, the pleasure was all mine.
CCO Buzz: Well that’s it for this week’s episode. If you’d like additional information, please check out our website at www.corecls.com. You can also follow us on Facebook, LinkedIn, or Twitter @CoreCls. Thank you, and we hope you tune-in to next week’s episode of the CCO Buzz.