Every registered investment adviser and employees of the adviser have a fiduciary duty to put their clients’ interests ahead of their own. The Securities and Exchange Commission (“SEC”) has often emphasized that the key to a successful compliance program is having a strong culture of compliance embedded in the firm. Meaning that it is not sufficient enough to have policies and procedures for all employees, but that it is critical that they understand their compliance obligations and apply them on a daily basis in the best interest of their clients. As a former OCIE Director once said, “you know it's not enough to have policies, it's not enough to have procedures and it's not enough to have good intentions. All of these can help. But to be successful, compliance must be an embedded part of a firm's culture”.
What is a Culture of Compliance?
According to many industry experts, including the SEC’s current OCIE Director, establishing defined expectations, a culture from the top of the organization down, as well as an overall environment that fosters ethical behavior and decision-making is integral in a compliance programs’ overall success. Simply put, organizations should instill an obligation to do what's right within every employee. This will underpin all that the firm does and must be part of the essential ethos of the firm. So, when employees make decisions - large or small; regardless of who's in the room, and whether lawyers or regulators or clients or anyone else is looking - they are guided by an ingrained business culture that reinforces doing what's right. It’s important to understand that a firm's culture of compliance exists outside the compliance department — it should live throughout the firm. Understanding these considerations, most firms are now also implementing a new practice known as the “mood in the middle,” which encourages mid-level managers to be trained to supervise the firm’s compliance requirements for their teams.
In this Risk Management Update, we discuss how firms can create and/or maintain a strong culture of compliance within their own organizations.
Tone at the Top
What does it mean for a firm to have an established “tone at the top?” The term refers to a uniform strong message regarding the importance of compliance from the head of the organization or the highest level in the firm. Usually this is initially established by the CEOs, the Board of Directors or Managing Partners of a firm that believe and preach the importance of compliance. This, in a sense, establishes the right “tone at the top,” when Senior management shows the organization’s overall buy-in on compliance and creates a call to action and the firm’s need for a highly ethical culture that results in the “culture of compliance.” Below are some best practices firms may implement to demonstrate “tone at the top”:
- Executive leadership and senior managers across the organization should encourage employees and business partners to behave legally and ethically, and in accordance with compliance and policy requirements.
- Employees across the firm need to feel comfortable in coming forward with any legal, compliance, and ethics questions and/or concerns without fear of retaliation.
- Organizations should reward and promote their talent based, in part, on their adherence to the firm’s ethical values. As smart and moral business practices are expected and should be rewarded; additionally, firms need to also consider rewarding employees who report unprincipled business activity or report when an error or violation is committed (self-reporting).
- CCOs should be part of critical committees within the firm. By empowering the CCO with the authority to implement the compliance program, as well as having a seat at the table. CCOs should also be provided enough internal and/or external resources in order to construct an ideal culture of compliance.
- Lastly, regular and consistent messaging from the CEO reminding employees of the organization’s expectations toward compliance can help reaffirm the importance of compliance.
Factors for Demonstrating a Strong Culture of Compliance
Creating and maintaining a strong culture of compliance requires sustainable effort within any firm. Applying the “rule of minimums” within the organization will help reaffirm and strengthen the messaging throughout the business year. This could include the simple implementation of periodic training for all directors, officers, and employees; which could include topics covering compliance policies and procedures, relevant laws, and best practices that encounter ethical decision making.
Below are a few considerations that firms may include within their own compliance programs to enhance their own corporate culture from Training and Communication, Governance, among Other Practices for CCOs.
Training and Communication
- As part of the onboarding process, it should be mandatory that new employees attend or receive compliance orientation/training to discuss the firm’s compliance policies, procedures and Code of Ethics.
- To stay abreast of business model changes or developments within the business, firms should develop a mandatory firmwide annual compliance training, covering all high-risk compliance areas of the firm.
- Firms should implement on-going and regular communications about regulatory matters and SEC enforcement actions that would be pertinent to the employees (g., insider trading, Code of Ethics etc.).
- This could also include a seasonal compliance newsletter with current regulator environment and hot topics.
- Organizations should also offer ad-hoc training for high risk business areas (g., Sales, Portfolio Managers, Traders).
- The addition of an annual, or biennial (every 2 years), training for Investment Team and Sales staff (follow the money concept) by an industry expert, provides additional insight to compliance needs within firms.
- Firms should ensure that all compliance policies and procedures are easily available to the employees (g., via an intranet).
- Compliance programs should include training for employees as to not to make isolated decisions on compliance matters.
- Not as an afterthought, but the implementation of a professional compliance mentorship program provides firms with a developing compliance program for the future.
- Organizations should consider the addition or creation of a Compliance or Ethics Committee, which can provide oversight of the overall compliance program and should include members from the C-suite.
- Members of the C-suite should be involved and participate in the initial presentation to the regulators during the first day of SEC exam.
- To reinforce messaging, Human Resources should also include ethics and compliance part of individual annual performance reviews.
- Firms should also include ethics as an integral part of the organization’s mission statement.
- Overall, a strong governance structure will also present and be documented with formal charters; which can establish and memorialize the tone of compliance at any firm.
Other Practices for CCOs
- Build an alliance with senior business partners at the firm. Firms should encourage their CCOs to be included and viewed as a team player and collaborator – not an invader.
- Firms should partner with a good, reliable and strong compliance teams or external resources. Companies shouldn’t be afraid to replace employees/talent if they don’t know the applicable rules and regulations or cannot deliver to expectation.
- Another key consideration is an open access to external legal counsel or consultants; an outside perspective will often assist in strengthening firm’s overall programs.
- Don’t fight but embrace and implement the technological advancements of the industry. Firm that utilize the latest advancements of technology often gain knowledge, efficiency and can reflect and report on their own efficacy.
- Think deeply and analyze. When it comes to compliance and compliance issues, CCOs need to be knowledgeable, correct and critical.
- Establish and standardize reporting and surveillance protocols. Upon establishing a strong culture of compliance, firms need to also create an expectation and standard for all business practices.
- Upon every yearend CCOs should spend time reflecting and analyzing the efficacy of their annual compliance budget. Assessing the needs and value or all factors to the program will be assist in establish a formal compliance budget
- Network with other CCOs. Firm and their CCOs should network and join local trade associations or compliance chapters. This will provide ample knowledge to your compliance program, especially if the CCO regularly attends roundtables, compliance conferences, and SEC outreach meetings.
As fiduciaries, investment advisers are tasked with ensuring that they always act in the best interest of clients. There are many elements to a strong culture of compliance that can promote behavior to assist businesses growth and achieve the organizational and regulatory goals. A strong culture of compliance also can be an indirect revenue source, as it maintains a firm’s great reputation and preserves assets.
Even if you feel that your program demonstrates a strong culture of compliance, it always helps to get a second opinion. The team at Core Compliance has extensive experience in advising firms on how to create and/or maintain strong cultures of compliance, as well as how to build effective compliance program in general.
Author: Core Compliance & Legal Services (“Core Compliance”); Editor: Tina Mitchell, Lead Sr. Compliance Consultant; Aimee Lastrella, Marketing Specialist. Core Compliance works extensively with investment advisers, broker-dealers, investment companies, hedge funds, private equity firms and banks on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer and/or tax professional.
 Speech by SEC Staff: The Culture of Compliance by Lori A. Richards Former Director, Office of Compliance Inspections and Examinations U.S. Securities and Exchange Commission https://www.sec.gov/news/speech/spch042303lar.htm