The top five compliance program deficiencies found at investment firms and brokerage firms

Regulators have been vocal about their concerns regarding the role of compliance and what they witness during examinations, often sharing these observations through risk alerts released to the public. A recent example being the Securities and Exchange Commission (SEC) risk alert directed at broker-dealers and registered investment advisers (RIAs).

While the SEC recognizes broker-dealers and RIAs have had to quickly adjust to new regulations, such as the new marketing rule for investment advisers and the agency’s heightened focus on books and record-keeping regulations, it expects financial firms to learn from their peers and adjust compliance programs accordingly.

To help you avoid significant fines and penalties, we’ve reviewed recent risk alerts and communication from the SEC and other regulators to create this list of top five compliance program deficiencies.

Top five financial compliance program deficiencies

Whether you’re a brokerage firm or an investment firm, your compliance professionals have their work cut out for them. Review the compliance program deficiencies below to ensure you are addressing your compliance risk holistically and remaining in compliance with regulator expectations.

1.Navigating the SEC’s new marketing rule 206(4)-1 for investment advisers.

The SEC’s new marketing rule modernizes the rules regulating investment advisers’ marketing communications. Plain English? The new marketing rule allows investment firms to include customer testimonials in their marketing materials. However, while the rule presents firms with an exciting opportunity to be creative and attract more clients, not all firms have a clear understanding of how to implement the new rule, making compliance a difficult task for even the most thorough of compliance teams.

2. Navigating the SEC’s books and record-keeping regulations.

SEC rule 17a-3, or the SEC’s books and record-keeping rule, requires financial firms to maintain, preserve and produce communications and records. The more recent SEC rule 17a-4 modernizes the rule and sets forth the electronic record-keeping and prompt production of records requirements for broker-dealers.

Compliance with these regulations has been a major focus of the SEC as seen by recent costly enforcement actions against a brokerage firm, as well as the agency’s stated intention to focus on books and record-keeping in upcoming examinations.

3. Overlooking the importance of cybersecurity.

As cyber-attacks become more sophisticated, regulators pressure compliance professionals to prioritize cybersecurity at their firms. While compliance professionals already have a lot on their plates, they cannot afford to overlook the importance of regulatory cybersecurity.

Cyber-attacks can wreak havoc on firms and their clients, and they can come from anywhere, even within a firm. This means compliance teams will have to do their due diligence in implementing protective measures, including thoroughly training its staff and creating thorough policies and procedures to mitigate cybersecurity risk.

4. Failure to conduct and adequately document annual compliance reviews.

In accordance with SEC rule 206(4)-7, investment advisers are required to perform an annual compliance review of all compliance processes. However, investment firms should not treat this requirement as a check-the-box initiative. Common deficiencies include not conducting an annual review, simply copying and pasting the review from past years and failing to implement changes to address risk points found during the review process.

5. Failure to adequately supervise employees.

Even with the best of compliance teams, some details fall through the cracks. Failure to adequately supervise employees can lead to compliance risks which can be detrimental to your firm. Although compliance professionals cannot be everywhere at once, there are solutions available to spot and address red flags in employee activity.

In order to mitigate risk and comply with all SEC standards, compliance programs must lean into their resources, including technology, consulting and education. At NRS, we can help you meet regulatory requirements and remain in compliance while minimizing burdens on business processes. Let’s talk about how we can improve your firm’s compliance program!