What makes a good
compliance program?

It seems confusing when executive management listens to SEC speeches, interviews compliance professionals, or reads enforcement actions. Today’s list provides the key characteristics that we examine when assessing a compliance program.


A Qualified and Dedicated Chief Compliance Officer

The CCO should have significant (at least five years) Advisers Act regulatory knowledge and experience. Additionally, the CCO should be fully dedicated to the compliance function and not undertake other executive management roles.


Tailored Policies and Procedures

The policies and procedures must be specifically tailored to the firm’s business and continually reviewed and updated. An “off-the-shelf” manual is about as useful as internet-based medical advice.


Tone at the Top

How committed senior management is to compliance can be measured by three key variables: (1) total firm budget allocated to compliance (should be at least 5%); (2) executive time spent on compliance issues (at least quarterly); and (3) discipline for employees who violate compliance policies and procedures.


Training and Communication

A good compliance program must ensure that the entire organization has access to compliance information. Recommended practices include ongoing training and communication.


Testing and Reporting

A firm cannot have a good compliance program without requiring its people to follow the rules. Firms must annually test all policies and procedures, record the findings and recommendations in a written report for management, and continually follow up to ensure remediation.


Compliance Calendar

A good compliance calendar will serve as the working project plan of every activity required during the year. It should be written so that any new employee could follow the plan.


Books and Records

Documentation is the hallmark of a good compliance program. Only through well-maintained books and records can a firm log its compliance activities and demonstrate their effectiveness to senior management, clients, and the regulators. If it’s not documented, it didn’t happen.


Email Review

Very little transpires in an investment management firm without email communications. Email review can unearth issues that annual testing may not. Email review adds “forensic” to testing.


Marketing Materials

An investment firm’s marketing materials are its “canary in a coal mine,” i.e., if the marketing materials are misleading or omit disclosures, very often the firm has deeper regulatory problems.


Outside Advisors

The best compliance programs use outside advisers to provide advice and an independent best practices assessment. The regulatory world has become too complicated to go it alone.