• Home
• Products
  • Compliance Management
  • Personal Trading System
• Compliance Software
  • Investment Advisers
  • Hedge Funds
  • Broker Dealers
  • Private Equity
  • Investment Managers
  • Stockbrokers
• Compliance Insights
• faq
• About
• Contact Us
• Customer Login

Regulatory Compliance Software for Investment advisers

Opinion Article

Navigating The Evolving Regulatory compliance Maze – Compliance Management In a Changing World

By Brian Fahey & Marc Rinaldi

Purpose: To assist investment managers in pro-actively navigating the risky and ever-changing market and regulatory compliance environment and to provide an outline for a flexible and robust risk-based compliance management methodology.

Background: The speed at which new market risks are confronting our financial institutions is alarming and far reaching. Such changes and risks create both actual and potential compliance risks on a real-time basis.

At the same time, the recent collapse of the mortgage credit markets and resulting effects on other asset-based global markets has jarred the very foundation of our regulatory and financial system. The effectiveness of the regulations and related controls currently in place are being questioned by its participants, regulators and legislators. The end result may be a reassessment and modification of existing rules but, more likely, there will be new and sweeping regulation as proposed by the Treasury Secretary. Companies are already responding. The Wall Street Journal reported on April 2, 2008 that “A survey shows that companies will spend 7.4% more on governance, risk management and compliance this year than they did in 2007”.

Conclusion: Compliance risks have attained a new level of visibility. To minimize potential hazards, current and evolving risks must be identified, documented and effectively managed by investment firms, regulators and legislators.

How to pro-actively navigate the ever-changing market and regulatory environment:

How to Confront Compliance Risks?

While it is unclear in which direction regulation will evolve , it is reasonable to suggest that firms that take a pro-active approach to risk management will not only manage those risks effectively, but will be positively recognized for doing
so - by investors, counterparties and regulators. While investment firms may have both the appropriate compliance culture and "tone at the top," they may not always have the means to execute. A proactive and systematic risk-based compliance methodology is necessary to effectively manage risk. The following is an outline for a proactive methodology to meet this need:

• Reassess your key Compliance Management goals and objectives at least semi-annually;
• Ensure that your "Risk Management Policy," risk factors, and inventory of risk scenarios and related compliance "events" are current, relevant and comprehensive;
• Update compliance policies and related compliance manuals where appropriate
• Document and periodically update a formal system of controls or "tasks" designed to mitigate your inventory of compliance risks;
• Ensure that your compliance management system is not only robust, but also flexible and responsive to the ever-changing market environment;
• Conduct periodic reviews and document risks, events, tasks and the functionality of the Compliance Management system. Consider an annual compliance review by an independent third party to support the CCO's annual report.

A discussion of the outlined items regarding a system and methodology of compliance management follows:

Become familiar with best practices in internal controls and regulatory trends

Pro-active analysis and assessment of risks, together with related policies, procedures and "best practices" are addressed in the following key sources:

• Executive Order 2631 - Working Group on Financial Markets, Source: the provisions of Mar. 18, 1988, appear at 53 FR 9421, 3 CFR, 1988 Comp., p. 559, unless otherwise noted;
• Presidents Working Group (PWG) on Financial Markets (Investors' Committee & Asset Managers' Committee Mission Statements) - Principles and Practices for Hedge Fund Investors - Highlights of Recommendations - Russell Read - Chairman, PWG Investors Committee, as presented in Managed Funds Association, Networking 2008, Feb. 12, 2008;
• Committee of Sponsoring Organizations of the Treadway Commission (COSO) -- (Enterprise Risk Management (ERM) - Integrated Framework, Sept. 2004) and Internal Control Issues in Derivatives Usage, 1996; and
• Managed Funds Association (MFA) - Sound Practices for Hedge Fund Managers - 2007.

These seminal works identify broad, overarching principles as well as highlight specific risks. Developing best practices is the first task of the Presidents Working Group (PWG) and its related committees. The PWG Investors' Committee will "foster efforts to enhance market discipline, mitigate systemic risk, augment regulatory safeguards regarding investor protection and complement regulatory efforts regarding investor protection, and complement regulatory efforts to enhance market integrity." Through best practices and other available methodologies, these risks can be identified and dealt with. Best practices (such as those outlined by COSO and the MFA) can be used to identify, analyze and assess such risks to ensure that related controls are operating effectively.

Reassess your key Compliance Management goals and objectives at least semi-annually.

The COSO literature is an essential reference point for developing compliance risk goals and objectives. Understanding the business of the investment firm is the starting point for setting "Entity-Wide Objectives." "Tone at the Top" and the "Control Environment" are familiar terms that provide the foundation for regulatory compliance management objective setting and a comprehensive regulatory compliance risk management policy. The mission statement and code of ethics of the firm are critical communications for establishing and disseminating regulatory compliance policies. (3).

The Asset Manager Code of Professional Conduct published by the CFA Institute outlines the ethical and professional responsibilities of firms that manage assets on behalf of investors. Key regulatory compliance and support tasks are outlined therein. One of those key objectives must be that the Chief Compliance Officer is authorized and empowered to effectively facilitate policy setting and the execution of regulatory compliance tasks. See general and specific tasks as outlined below.

Ensure that your "Risk Management Policy," risk factors, and inventory of risk scenarios and related regulatory compliance "events" are current, relevant and comprehensive.

The risks inherent in our financial system have increased in number and complexity based upon globalization and related regulation. The rate of change of regulation and compliance has also increased as new markets have opened and as technology has enabled rapid financial information dissemination. New and existing compliance risks are actualized on a real time basis as new transactions, changing market conditions and prices change. These market factors have created tension between existing fixed compliance policies, procedures and controls. As a result, evolving regulation needs to address risk. The need for a Compliance Risk Management Policy is evident, and such a policy should include:

• Documentation of business processes;
• Determination of risk factors and possible risk events; and
• Assessment of the impact of possible risk events upon the compliance goals and objectives of the investment firm (first complete compliance risk scenarios work below).

Risk Management policy and its compliance applications can be facilitated by reviewing the guidelines for compliance outlined in COSO and Sound Business Practices, (3 & 4).

Identify various scenarios and compliance events and analyze their impact upon your business and related compliance goals and objectives.

The various compliance risk scenarios and related compliance events can be developed from the compliance risk factors previously identified. The nature of these factors can be used to determine any conceivable regulatory compliance event. For example, heavy market selling of private equity assets has led to redemptions in XYZ Hedge Fund. This has in turn pressured XYZ traders into selling short the named publicly traded stock against the PIPE restricted stock. The resulting short sales are in violation of holding period restrictions imposed upon these specific investments at purchase. The occurrence of such a regulatory compliance event is potentially very damaging to the Fund. The risk assessment of what impact this Regulatory compliance violation would have on the Fund is complex and follows:

• How has compliance management dealt with the event and was action timely?
• Has the trader violated the pre-execution authorization controls in place regarding trading the stock?
• Will the Fund self-report this violation to the appropriate regulatory authorities?
• What disciplinary actions will be taken regarding the trader and trading management and has appropriate supervision taken place?
• Has the Fund subsequently assessed the event and established appropriate compliance and trading controls to prevent the event from occurring again?

The impact of such events on a Fund can be devastating if negative press, fines or lawsuits ensue. Clearly, anticipating such compliance risk events and establishing controls preemptively is superior to reacting after the fact.

Update compliance policies and related compliance manuals as appropriate. Document and periodically update compliance events and tasks using a formal system of controls or "tasks" designed to mitigate your inventory of compliance risks.

An investment firm must continuously update its compliance policies and compliance manuals. A log of the occurrence of risk events, their resolution and the execution of compliance tasks is an essential component of a Compliance Management System. Key procedures should be in place and performed daily, weekly and monthly. In addition, the following should be performed at least semi-annually to identify and analyze new or changing compliance risks:

• Review the impact of current market conditions and prices upon the compliance associated with existing and proposed investment products, investment strategies, responsibilities to investors, operating systems/controls, compliance systems, method of net asset value determination and business continuity plans, 4.
• Reformulate Compliance Risk Management Policies (as identified above); and consult with regulators, market participants and internal management regarding changing market conditions and their impact upon the firm and the industry as a whole.

Ensure that your compliance management system is not only robust, but also flexible and responsive to changing requirements.

A flexible and robust compliance management system can perform the following functions:

• Manage change in compliance policies, procedures, events and tasks;
• Communicate current policies, procedures and tasks to relevant personnel;
• Track and report the status of all compliance tasks and events and
• Update and document all components of your Compliance Management Methodology and system daily;
• Review and, if necessary, modify such controls and tasks on an ongoing basis;
• Document the execution of such control tasks and related modifications daily.

Conduct periodic reviews of risks, events, tasks and the Compliance Management system and document results.

• Summarize the compliance goals and objectives of the firm;
• Identify compliance risks faced by the firm;
• Identify policies and procedures in place to address identified compliance risks and events;
• Review the documentation of these compliance risks, goals, and objectives;
• Review the documentation of executed compliance tasks and in particular the resolution of compliance events;
• Document findings in a report to senior management and other governing bodies; and
• Consider holding an annual compliance review by an independent third party.

Summary: In conclusion, the combination of current, relevant and comprehensive Risk Management Policies, together with a flexible and robust Compliance Management System is essential to effectively manage compliance risks in an ever-changing market and regulatory environment.

Brian Fahey is the chief executive officer for TerraNua, a leading provider of web-based compliance management systems. Marc Rinaldi is the chief executive officer of O'Connor, Davies, Munns and Dobbins, a public accounting and consulting firm specializing in compliance and risk-based due diligence consulting.

Back »