Why are firm-wide risk assessments and annual reviews of your compliance program important? The answer is pretty cut and dry.
The Compliance Program Rule (Rule 206(4)-7 of the Advisers Act) requires all registered investment advisers to:
Appoint a competent, knowledgeable, & empowered Chief Compliance Officer;
Establish a set of written policies and procedures (a Compliance Manual) “reasonably designed to prevent violation of the Advisers Act”; and
Review, no less than annually, the adequacy of their policies and procedures and the effectiveness of their implementation.
To display competency to regulators, it is crucial that all advisory firms implement a process to effectively evaluate areas of risk that may threaten the firm, the firm’s clients, and the firm’s professional reputation.
The bottom line? Understanding how to evaluate risks will be critical in decision-making processes that may make or break your firm’s profitability.
Let’s revisit the notion of designating a competent, knowledgeable, & empowered Chief Compliance Officer (CCO). The person in the CCO position should be competent and knowledgeable as per the Advisers Act and empowered with full responsibility, authority, and resources to develop and enforce the firm’s policies and procedures.
The CCO needs to maintain a position of sufficient seniority within the firm in order to compel individuals within the firm to remain compliant. In instances where the firm maintains a compliance department comprised of several individuals, the CCO may assign tasks to other individuals as they see fit but should complete the Annual Review independently. (We’ll discuss the Annual Review (Rule 206(4)-7) in more detail a little further down.)
Our objective is risk management, the process is a risk assessment, and the risk matrix is a tool we can use to assist us in accomplishing our objective.
Risk assessment is a 4-step process:
INVENTORY – Compile a list of risks posed by the firm’s business practices.
RATE – Assign a “rating” to each risk using a risk matrix to determine the significance of each inventoried risk. The risk matrix assigns a score to each risk based on the probability that the risk will occur and the severity of the risk, should it occur.
MITIGATE – Implement policies and procedures that are designed to mitigate the risks you’ve identified. Prioritize the risks based on their ratings.
REVISIT, REVIEW, REVISE – As things change in your business, revisit the risk assessment and make revisions as needed.
A successful risk assessment will help you determine where the risks reside within your firm, which of those risks take priority in your mitigation tasks, who is responsible for conducting and documenting these tasks, and how frequently the tasks should be completed.
Here are some sample categories of risk as well as some sample associated risks within each category:
Compliance Oversight
Regulatory
Code of Ethics
Portfolio Management
Client Processes
Marketing/Advertising
Business Continuity Planning & Data Security
Books & Records
Don’t forget to use your intuition! If there is something making you uncomfortable and/or keeping you up at night, consider it a high-priority risk (even when you aren’t sure whether or not you’re “breaking the rules”).
Here is a sample risk assessment table:
Periodic risk assessments help ensure that the policies and procedures of your firm are up-to-date in all areas which could result in potential regulatory compliance deficiencies or violations.
Conducting an Annual Review by the CCO satisfies the requirement to review the firm’s policies and procedures for effectiveness of implementation on at least an annual basis. The Annual Review is a running document that may be updated throughout the year and should contain:
I can’t emphasize enough the importance of conducting regular risk assessments and how much better you’ll sleep at night knowing you have a plan in place to identify and mitigate risks associated with your firm.
Here are some key takeaways to consider:
Shelby’s Investment Advisor Certified Compliance ProfessionalÒ (IACCPÒ) designation, earned in 2016 through National Regulatory Services (NRS), certifies that she is equipped with the knowledge and tools necessary to implement and manage a successful compliance program at any investment advisory firm.
Growing up in Lake Tahoe, Nevada has instilled a love of the outdoors in Shelby. You can find her on the golf course, at the beach, or in a campsite in the summer and snowshoeing, crafting, or soaking up a good book by the fire in the winter. Home is where the heart is, but Shelby and her husband also love to travel and take photographs to display around their home. They are always planning their next adventure!