How to Play "Catch-Up" (the Right Way) on Past-Due Compliance Tasks

5 min read
May 31, 2018

As a firm owner launching and operating an RIA, you must find, become familiar with, and implement a technology solution for your firm’s compliance program. As with every other aspect of your business (investment management, marketing, accounting, you name it), the use of technology increases efficiency, streamlines operations, and maximizes productivity. In fact, it is nearly impossible to keep track of ongoing compliance tasks without the use of a compliance task management system.

An effective Compliance Task Management System will be proficient in:

  • Storing documents
  • Maintaining compliance tasks in an editable format
  • Providing regulatory background for compliance tasks
  • Allowing for records to be exported or downloaded for regulatory review

Once a technology solution has been implemented, the effectiveness of the solution is only as good as the execution. One popular quote suggests that “technology is only as good as its user”—this idea makes perfect sense. It’s natural to get busy with the various aspects of operating an RIA. Consequently, some operational tasks may fall through the cracks. Maintaining a rhythm of visiting and completing compliance tasks on a regular basis is critical to the success of any compliance program. But what if you fall behind, or even miss a few months? Here are a few things to consider if you find yourself in this situation.

Understand the Past-Due Tasks

Often compliance tasks are not completed promptly due to a lack of understanding of the task at hand. There are two primary factors to understanding a compliance task. The first is regulatory background. Compliance tasks are necessitated by regulations. Behind every compliance task is a regulation that creates the need for the task in the first place. You must be familiar with the underlying regulation to understand the context of the task.

This leads to the second factor, which is practical application. By understanding the regulatory background, you can contextualize the task and create a practical and repeatable process for completing the task in a way that is customized to your firm’s business practices. This includes updating frequencies upon which tasks will be completed, and potentially eliminating some tasks altogether. The most popular example applies to firms that only provide financial planning services to remove tasks specific to reviewing trading activity. For this, an annual review and attestation that the firm does not provide portfolio management or investment supervisory services would be more appropriate than a monthly review of trading activity.

You don't want to be your own CCO, and we don't blame you. Check out how much  simpler Registering your RIA with XYPN can be

Design a Repeatable Process 

This is perhaps the most challenging aspect of dealing with past-due tasks for inexperienced compliance officers. The value in having compliance experience is having been exposed to industry best practices and processes that make regulators happy. Generally speaking, this hurdle can be overcome by taking a combination of two approaches.

The first approach is a documentation-centered approach. This involves compiling, sampling and reviewing documentation that is referenced by the task at hand. For example, if the task is to review correspondence files, then compile, pull a sample, and review the correspondence files.

If there is no physical mail or fax correspondence, then the second approach comes into play, which is the process-based approach. Perhaps there is no documentation available for a particular task. That’s fine—simply document the process by which your compliance officer (or you, if you are the CCO of your firm) has executed proper supervision and determine that documentation for the task is not necessary. By combining a documentation-centered approach with a process-based approach, you will always have something to provide to the regulator in an audit or examination.

Execute the Repeatable Process on Schedule Going Forward

Now it gets easy! By gaining a strong understanding of the regulatory background behind your compliance tasks and designing a process that customizes those tasks to your firm’s operations, you’ve created an easily repeatable process—congratulations! Your compliance officer can simply set their calendar and schedule a date and time each month to spend 30 minutes to an hour going through the tasks—and repeating the same process over (and over). Before long, it will become second nature.

Now let’s take a look at a few things to avoid when catching up on past-due tasks.

Don’t Mark Tasks “Complete” If They Were Not Actually Completed

When compliance tasks have been missed, it is tempting to go back in time and simply mark the task complete to remove it from the list of past-due tasks. This is a mistake. For starters, marking a task complete implies that proper supervision is being maintained for the compliance program and sufficient supporting documentation or a summary of process can be provided if requested by a regulator. There’s nothing worse in an audit than appearing to have attested to something that is categorically untrue—and having a regulator uncover this by lack of documentation.

Secondly, effective compliance task management software will be designed to filter and sort when providing reports. If a compliance officer is unable to filter by “completed tasks” and trust that the records provided on that report are accurate, then the integrity of the entire reporting system is compromised. Bad habits are created by shortcuts that allow for a false sense of completion. It’s too easy to simply mark a task “complete,” and if this practice is utilized for instant gratification initially, then it may become habitual behavior to the detriment of the compliance program.

The proper way to handle past-due tasks for which there is no intention to complete them is to delete the past-due task from the system altogether and document the “as of” date that commemorates the point at which the software is being correctly leveraged.

Actually Completing Past-Due Tasks

This can be tricky because it’s difficult to go back into the past to execute proper supervision. However, there are some cases in which there is sufficient documentation for a historical review to be completed. For instance, review of advisory contracts is a task that can be completed a few months after the task has been listed as past due. Because advisory contracts are dated at the time they are signed, it is relatively easy to pull a list of contracts and manually sort them by date. Your compliance officer can review the documents in the order in which they were executed and make notes.

However, there is no need to backdate the review!

In other words, use the current date (not the date the task was actually due) when completing a past-due task. It does no good—and is bad practice—to try to make it look like you reviewed the task and completed it on time by backdating any documentation or comments that you place on the task. As a general rule, there should never be the need to backdate anything in compliance.

Executing ongoing supervision using compliance task management software is just like riding a bike. At first, there is a lack of balance. It’s challenging to learn how to pedal and steer at the same time. There will be falls and scraped knees, but with persistence and practice, it is a skill that once learned will quickly become second nature.

New call-to-action


About the Author

Scott is a licensed Securities Principal with experience in both RIA and broker-dealer compliance. He began his financial services career in 2006 as a Registered Representative with E*Trade Financial in Alpharetta, GA. He has also worked with J.P. Morgan Private Banking in Chicago, IL and with Wells Fargo Advisors in Chapel Hill, NC.

Scott’s most recent role before joining Team XYPN was as Compliance Officer of Carolinas Investment Consulting, in Charlotte NC. He’s a graduate of The University of North Carolina at Chapel Hill and holds FINRA Series 63, 65, 24, 4 and 53 Licenses.

Scott lives in Charlotte NC with his wife Meredith, and their two Sons Tyson and Jackson. In his free time, Scott enjoys watching sports, exercising, and operating the charitable organization he created upon his father’s passing.

You can connect with him on LinkedIn.

Subscribe by email