• Compliance Reviews of an Extraordinary Year
  • February 3, 2009 | Author: Nancy M. Persechino
  • Law Firm: Bingham McCutchen LLP - Washington Office
  • It soon will be time for Chief Compliance Officers of registered investment advisers and investment companies to sketch out this year’s annual compliance review. Given the market turbulence of the past year and the rapidly changing business and regulatory environments, many CCOs may wish to do more than simply dust off last year’s review and update its contents.

    At least one thing remains the same: the purpose of the annual review is to assess the adequacy of the firm’s policies and procedures in ensuring compliance with securities laws and the effectiveness of their implementation. Nothing tests the adequacy of policies and procedures quite like a crisis. So, why not treat the extraordinary events of the last year as a great “forensic test” and ask, “What went right? What didn’t?”

    Revisiting “Risk”

    Some of the big questions clearly reach beyond the scope of the annual review but may have a compliance component. For example, the industry is taking a hard look at risk management on an enterprise-wide basis and trying to assess, often with the aid of consultants, how better to manage risk going forward. One component of enterprise risk is, of course, compliance risk, and a CCO may wish to assess in the annual review the role the compliance group has had in risk management processes and perhaps include recommendations for greater or different involvement. A CCO also may be able to use the risk management analysis to identify potential compliance risks that could accompany market and business risks.

    With the help of personnel from various business units, the CCO may want to review the firm’s compliance risk profile to determine that new, evolving or re-emerging compliance risks are addressed. A re-prioritization of compliance risks as “high” likely would require a reallocation of compliance resources and additional monitoring and testing. 

    Remember that the Office of Compliance Inspections and Examinations has included in its “Core Initial Request for Information,” published in November 2008, a copy of an adviser’s inventory of compliance risks and a mapping to the adviser’s policies and procedures.  If your firm, whether an investment company or adviser, has not prepared a compliance risk matrix of this kind, this year’s compliance review is a good opportunity to create one.

    Assessing Your Firm’s Response

    Of course, there are many other questions a CCO may wish to ask in framing this year’s reviews. Depending on your firm’s business, those questions may include: Have firm management, investment personnel and others reacted promptly to changing market conditions, and have the firm’s disclosure documents been revised when necessary to reflect actions taken in response to changing conditions? Are the tough questions being asked and answered, for example, whether a fund should be closed to new investments because additional money may be detrimental to existing investors? Mutual funds and hedge funds have found their assumptions about adequate sources of liquidity tested as investors submit redemption requests at unprecedented levels; is the firm considering whether there may be circumstances where paying investors entirely in cash could be detrimental to remaining investors?

    Have the firm’s valuation processes withstood the challenges of market volatility and reduced liquidity?

    Did the firm’s processes for escalating compliance concerns work during the recent months, when market conditions changed almost daily, counterparties began to fail, service providers ceased operations or suffered significant business or organization events, and the government took unprecedented steps to buy up troubled assets and shore up credit markets?

    Has the firm’s “compliance culture” proved to be strong? Have personnel acted in uncharacteristic ways, perhaps to avoid delivering bad news? Has management supported the CCO when he or she has had to insist on strict adherence to policies and procedures, or when compliance and legal personnel have had to reject a proposed course of action? 

    The Office of Compliance Inspections and Examinations recently published an open letter to chief executives of investment companies and advisers, among others, reminding them of their legal obligation to maintain adequate compliance programs, even when faced with tightening budgets and cost-cutting requirements. Even so, many companies have had to reduce resources. A CCO may find it awkward in the current environment to report to management and the Board that compliance resources may need to be enhanced, but the annual report should address whether compliance resources have been sufficient to meet the challenges of the past year. If the answer to this is not an unqualified “yes,” consider whether it is possible to get more out of existing firm resources. For example, might existing technology be redeployed to assist with compliance testing? Is information being collected in the business units that might be useful in compliance oversight but has not traditionally been shared with the compliance group? Are there different ways to use the information that is available? Are the limited resources available being focused on the areas of highest risk? As mentioned, reallocation of compliance resources to newly identified high risk areas might be required.

    Suggestions from the SEC

    In her speech at the National Meeting of the National Society of Compliance Professionals in October 2008, Lori Richards, Director of the Office of Compliance Inspections and Examinations, summarized focus areas for OCIE examiners that are “particularly critical in today’s market environment.” CCOs would do well to ask similar questions in connection with this year’s annual review:

    • Are your compliance measures adequate to identify any aggressive trading or deviations from investment objectives that might occur if portfolio managers try to make up losses and perhaps catch up on performance based fees?
    • Have your procedures been effective in identifying and pricing illiquid or difficult-to-price securities, or in overseeing pricing by service providers? Has there been any reluctance to fair value or mark down prices? Have you compared actual prices realized on sales to fair values assigned?
    • Have you reviewed the adequacy of disclosures concerning credit risk, liquidity and investment risk, particularly relating to structured products? Some investments once described as “safe” may no longer merit that characterization.
    • If your firm has recently merged with another, or acquired a firm, is the risk profile of the combined firm different, and have your policies and procedures been revised to address any new areas of “high risk” of violations of laws?
    • If your firm manages or sponsors a money market fund, are your procedures adequate to uncover any “stretching for yield” and related undisclosed risks?
    • If your firm engages in short selling, have you adopted procedures for compliance with Regulation SHO and filings of Form SH?

    In the same speech, Ms. Richards reminded compliance officers to continue to focus on several other compliance risks: appropriateness of investments for advisory clients, adequacy and accuracy of disclosure in ADVs, performance advertising, marketing, fund prospectus and other information provided to clients (ask, for example, if steps the firm has taken to deal with the credit crisis have been consistent with the disclosure, or whether the disclosure continues to describe adequately investment risks relating to hedging techniques, portfolio diversification and portfolio liquidity), adequacy of controls to prevent insider trading, consistency of brokerage arrangements with disclosure, quality of trade execution in current markets, undisclosed payments made to increase fund sales or assets under management, adequacy of controls for protecting client assets and customer information, adequacy of procedures to detect money laundering activities, adequacy of supervision of advisory branch offices.

    Keeping Policies and Procedures Current

    The past year brought many changes in laws and rules, new guidance issued by regulators and enforcement proceedings that might require or suggest new or updated policies and procedures. The annual compliance review should include an evaluation of changes in the legal and regulatory framework and the impact on the firm’s compliance policies and procedures. Attached is an outline that might be helpful in conducting that evaluation. Of course, each firm has different circumstances, and other or different issues may also apply.

    Final Note

    Some compliance challenges in the new year are known, such as the need to prepare for data tagging of mutual fund filings, electronic filing of Form D, and use of the new summary prospectus. Other changes, for example, the adoption of revisions to Form ADV and the launch of clearinghouses for credit default swaps, seem likely. Scrutiny of hedge funds and funds of funds is expected to increase. These initiatives may require additional investments by advisers, funds and sponsors in technology and personnel, and the annual compliance review should address the compliance aspects of these new obligations where they are relevant to your firm.

    Finally, consider whether your compliance program includes an effective process for identifying changes in laws, regulations and interpretations. Most in the industry are anticipating further and perhaps substantial changes in the regulatory landscape, but there seems to be little consensus as to what those changes may be and how soon they may be adopted. Even with the uncertainty, an analysis of the successes and failures of a firm’s compliance infrastructure in dealing with the turmoil of the past year may help build a stronger foundation for weathering the economic storm ahead.