Not an issue until it becomes an ENORMOUS issue…
A mantra that I often use in my work with registered investment companies, investment advisers and broker-dealers is that your compliance program should be proactive as opposed to reactive. The new Director of the SEC’s Division of Enforcement stressed the same message earlier this month. The primary reason is that regulators, including the SEC and FINRA, expect firms to self-regulate and maintain strong, agile and ever-evolving compliance programs. Such self-regulation could mean self-reporting material issues with the increased likelihood of more lenient treatment or otherwise favorable treatment if firms take corrective action in advance of any regulatory findings of violations, weaknesses or deficiencies.
When I discuss some of the hot button issues below with principals of small to medium-sized firms, the common refrain is that we know our clients and we trust our staff, and/or we just don’t have the bandwidth or resources to overhaul certain of our processes or systems:
- Senior investors
- Personal securities transactions monitoring/front running
- Cybersecurity/Privacy
- Custody
- Advertising/Marketing
It comes as no surprise that regulators are laser-focused on these issues, as they often are tied to legitimate concerns of protecting retail investors and the integrity of the markets. However remote you think it is that one of your employees is engaged in a front-running scheme or some other nefarious activity, it happens. Firms need to monitor, review and document personal securities activity in all investment accounts that an employee/access person owns or has beneficial ownership. Instances of senior abuse/exploitation and outright criminal fraud are rampant. Regulators, state governments and Congress are acutely aware of the threats posed and have a framework for firms to follow to protect elderly clients, yet many firms have not prioritized the issue or otherwise implemented the necessary practices.
We wrote about cybersecurity concerns a few weeks ago and protecting client and institutional sensitive information, especially in the age of cloud computing and mobile/remote capabilities, is paramount.
I’m not going to say these issues should keep you up at night, but I will say you’ll probably sleep more soundly if you properly address them and strengthen your compliance program accordingly. Peace of mind is not the only potential benefit – it’s fair to say that being proactive and trying to prevent issues such as these in advance could cost pennies on the dollar as compared with a large regulatory fine, remediation effort after the fact or devastating financial impact on your business resulting from criminal activity or a cybersecurity breach. And most importantly, you will be protecting your clients.
Nottingham takes these issues seriously and we have a firm understanding of what’s expected from a compliance perspective and how to strengthen your compliance program.
If you have any questions about cybersecurity issues, 40 Act or Advisers Act compliance, starting a fund or other compliance or consulting solutions, please don’t hesitate to reach out.
The information contained herein is made available only for your assistance and convenience and for informational purposes. Nothing herein is designed to provide, and does not constitute, legal advice on any matter and should not be relied upon for that purpose. Any opinions included herein are those of the author and not attributable to the Nottingham Company, its management or affiliates. We do not attest to or otherwise assume responsibility for the accuracy or content of any links or external sources referenced.