Building an effective SEC compliance program involves a great deal of effort and expense. If you are going to invest this effort and expense, then at a minimum, you should make sure that the program meets the requirements that the Securities and Exchange Commission have laid out. I have detailed below the five main steps that you need to have in place if you are going to build an effective compliance program. This is not an exhaustive list but it does cover the main areas that you should consider.
Conduct an effective “risk assessment” of your business (i.e., evaluate how your activities, arrangements, affiliations, client base, service providers, conflicts of interest, and other business factors may cause violations of the Advisers Act or the appearance of impropriety).
Write and implement effective policies and procedures which are designed to manage and control the compliance risks identified in your risk assessment and which reflect good principles of management and control.
Policies and Procedures should cover at a minimum the following:
Conduct quality control and forensic testing to determine whether your compliance activities are consistent with your compliance policies and procedures. Test to see if your procedures can be easily circumvented. Implement reports which track exceptions found during the tests and make sure that any exceptions are followed up in a timely manner.
Conduct an annual review of everything that has happened in the compliance program during the previous year. Update your policies and procedures to take into account any changes within your business during the year. Share the results of the review with senior management. Ensure documentation or other output is generated from the review to substantiate that you obtained and reviewed all related information in a timely, accurate, and complete manner as pursuant to Rule 204-2(a)(17)(ii). Confirm that this information is preserved and protected from unplanned destruction or loss.
Ensure your CCO is knowledgeable regarding the Investment adviser act. Validate that there are no conflicts between the CCO role and other roles the CCO plays within the business. If there are any conflicts certify that they are clearly documented. Confirm the CCO and all compliance staff are comfortable asking the hard questions, questioning anything that goes on within the firm.