How to Build an Effective Culture of Compliance

Often, when broker-dealers and investment advisory firms are sanctioned by the regulators, the question on everyone’s mind is: where was compliance? While most firms are required to have a designated Chief Compliance Officer (“CCO”), few have more than one compliance professional, and for smaller firms the CCO is usually also serves as the CEO or other C-level position. While each firm may have individuals who are responsible for the daily activities of compliance as defined by the regulators, compliance is everyone’s responsibility. Investment advisers and broker-dealers are relegated to a strict compliance standard and are bound by their duty to act ethically and in their clients’ best interest as a core tenet to their business.



Culture of Compliance Defined

Lori Richards, former Director of the Office of Compliance Inspections and Examinations (“OCIE”) for The Securities and Exchange Commission (“SEC”), defined the Culture of Compliance in a speech given in 2007:

 “We at the SEC have often talked about the need to instill a strong Culture of Compliance within firms — this means establishing, from the top of the organization down, an overall environment that fosters ethical behavior and decision-making. Simply put, it means instilling in every employee an obligation to do what’s right. This culture will underpin all that the firm does and must be part of the essential ethos of the firm, so that when employees make decisions, large and small, and regardless of who’s in the room when they make them, and whether or not lawyers or regulators or clients or anyone else is looking, they are guided by a culture that reinforces doing what’s right. Importantly, a firm’s Culture of Compliance exists outside the compliance department — it exists throughout the firm.”[1]

Understanding and adopting this practice takes time, commitment and involvement across the firm and from top to bottom. In this Risk Management Update, we will discuss how firms can develop and maintain a strong culture of compliance.


Executive Buy-In

Executive or senior management buy-in is commonly referred to as the “tone from the top”. This element is crucial in establishing a true culture of compliance. In order to be successful in compliance efforts, it is vitally important that the CEO and senior leaders exhibit the behavior, which indicates that non-compliance with policies and procedures, applicable regulations, ethics and the firm’s undivided  loyalty to clients will not be tolerated. Here are some best practices that firms should consider when demonstrating their “tone at the top”:

  •  Executive leadership should ensure that compliance has a “seat at the table” for all conversations, including standing committees, related to the firm and its business practices. Providing valuable input and guidance during strategy discussions helps position the firm for success. Peter Driscoll, Director, OCIE, recently stated the following during the SEC’s 2020 Compliance Outreach program,

 Through our examination observations and discussions, we notice CCO access and interaction with senior management, prominence in the firm, and when they are valued by senior management. We notice demonstrable actions, not just words, supporting the CCO and compliance.”[2]

  •  Senior management should encourage employees to act legally and ethically as well as in accordance with their fiduciary obligation. Consistent messaging from leaders reminding employees of the firm’s expectations toward doing what’s right can instill a solid culture of compliance.
  • Management should be involved in the notification of and resolution of violations of firm polices.
  • Senior management should attend and participate in required training for employees, alongside the employees. This will demonstrate to those in attendance the importance of compliance.


How do you demonstrate a culture of compliance?

Under FINRA and SEC regulations, the CCO should be empowered, have sufficient seniority and authority within the organization to compel others to adhere to the compliance program. The CCO is responsible for administering the firm’s Compliance Program, but the staff is responsible for complying with all the policies and requirements under the Program, including reporting any violations. Here are some ways to further this culture within the firm:

  •  Build a strong compliance program tailored to the firm’s business practices including a code of conduct/ethics setting forth the expectations of behavior.
  • At least annually, perform an analysis of compliance violations and determine if there are systemic issues or patterns of conduct within the firm that may need to be addressed through enhancements to policy or procedure.
  • Require all employees to make an attestation upon hire and then annually thereafter, that they will abide by the firm’s policies, procedures, and code of conduct practices.
  • Establish a committee dedicated to compliance and ethics to assist in oversight of the compliance program and violations thereof. Include members of senior management as well as managers from all functions of the firm. Make compliance a part of the business responsibility.
  • Develop, implement and maintain a strong supervisory structure. Oversight of activities by managers and supervisors enhances a firm’s ability to stay ahead of violations and issues related to risky behavior
  • Remind employees regularly that compliance is a firm-wide responsibility and that clients expect that employees will act compliantly and ethically.
  • Embed compliance in all aspect of the firm’s operations. Develop a mission statement and core values that emphasizes doing the right thing. Then view all firm decisions through the lens of the company values, the mission statement and ultimately, the client’s perspective.
  • Consider a culture of self-reporting and reward employees accordingly for reporting unethical behavior. Promote employees not only on their talent, but their dedication to doing what’s right for the firm and its clients.


What can the CCO do to further the culture?

  •  Establish open lines of communications with all levels of employees including management, by creating an open-door policy in order to build trust of compliance personnel. This action can lay the groundwork for employees to feel they can share concerns about compliance issues with the CCO, and any other members of the compliance team
  • Stay abreast of the regulatory environment and the rules that apply to your business to be able to provide guidance on new business initiatives the firm may wish to engage in. Be knowledgeable and educated about those rules and industry best practices.
  • Establish protocols for reporting and surveillance. Adhere to deadlines and consequences for failure to act as defined in policy and report appropriately. Maintaining consistency is necessary in the success of a culture of compliance.
  • Report all compliance violations to senior management and the employee’s manager and suggest appropriate steps and sanctions.
  • Join a local compliance roundtable, compliance organization or find ways to network with other CCOs. These individuals can lend support and guidance when difficult situations arise. Attendance at industry conferences, SEC Outreach program, and other industry associations will provide crucial insight into regulatory expectations.
  • Be a collaborator and a problem solver. Take an interest in the situation and ask questions to be clear on the underlying request or “need”. Provide compliant solutions to business ideas that consider associated risks, limitations, and potential changes needed to policies, procedures, and disclosures to clients.
  • Educate employees on the “why” behind the rules when questioned. Sometimes understanding the context or background provides an opening for dialog, which builds trust, which in turn, elevates the culture of compliance.
  • Embrace technology to enhance compliance workflows. Technology can make it easier and more efficient for employees to comply with their obligations and for the firm to detect compliance issues.
  • Ensure every employee has easy access to the firm’s policies and procedures, code of ethics and any other important documents, such as the mission statement, company values, etc.
  • Work closely with human resources to include compliance obligations during new hire orientation, as well as action plans for those failing to meet obligations.



  •  Administer training that includes elements of ethics and fiduciary responsibility, along with at least annual training regarding the firm’s policies and procedures, and the regulatory environment and hot topics.
  • Provide learning opportunities such as a lunch and learn or a compliance quick tip that focuses on the positive effects of compliance.
  • Develop a periodic compliance newsletter that highlights changes in policy or regulation, reminds employees of upcoming due dates and spotlighting difficult to understand topics.
  • Invite senior management to provide training or keynote speaking opportunities.
  • Provide ad-hoc training as needed as it pertains to specific individuals or specialized topics in the industry. Develop a toolbox of go-to training resources for such occasions.



Investment advisers and broker-dealers are tasked with ensuring that they are acting in the best interest of their clients. There are many aspects to a culture of compliance. Having a strong compliance program in and of itself is a good start to a culture of compliance; however, it is not enough. Firms should enhance their supervisory structure in order to be vigilant about the activities taking place by employees. This is especially true in current times with most employees working remotely.

Developing and implementing a culture of compliance begins with the basics of compliance. Senior management should define and educate on their expectation and then require the behavior. Leading by example is key to helping ensure adherence.

If you need help with your compliance program and/or training of employees, Core Compliance can help. Our consultants have extensive knowledge and experience in advising firms on how to create and/or maintain a strong culture of compliance and compliance program, as well as providing educational training to employees on compliance requirements.   For assistance, please contact us at (619) 278-0020, or visit us at

Author: Core Compliance & Legal Services (“Core Compliance”). Editor: Tina Mitchell, Managing Director, Consultation, Core Compliance. Core Compliance works extensively with investment advisers, broker-dealers, investment companies, hedge funds, private equity firms, and banks on regulatory compliance issues.

This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer and/or tax professional.

[1] Speech by SEC Staff: Working Towards a Culture of Compliance: Some Obstacles in the Path by Lori Richards, Former Director, Office of Compliance Inspections and Examinations U.S. Securities and Exchange Commission


[2] Speech by SEC Staff: The Role of the CCO-Empowered, Senior and With Authority by Peter Driscoll, Director, Office of Compliance Inspections and Examinations.


Leave a Reply

Your email address will not be published. Required fields are marked *