Creating a culture of compliance through training

Compliance training could be the difference between a strong compliance program and one that would have regulators knocking at your door.

The SEC first proposed changes for registered investments advisers in 2003 that would later become known as new rule 206(4)-7. This rule had three key requirements:

  1. Adopt and implement policies and procedures reasonably designed to prevent violation of the Investment Advisers Act of 1940, as amended (the “Advisers Act”).
  2. Review those policies and procedures annually for their adequacy and the effectiveness of their implementation.
  3. Appoint a Chief Compliance Officer (CCO) responsible for administering the policies and procedures.

As with most SEC rule requirements, the general guidance is written in the language of the release, but the “how to implement” part is left up to the internal teams at the registered investment advisers (RIAs) to decide. But how exactly does an RIA implement policies and procedures that are reasonably designed to prevent violation of the law? How do they ensure its adequacy and effectiveness? And lastly, how does a CCO get assurance that employees of the firm would actually follow those policies and procedures?

The answer lies in creating a culture of compliance through training.

The importance of compliance training

Bad actors are not the majority in the business world. When an employee fails to comply with a firm policy or regulatory requirement, it’s usually because that individual didn’t know or understand the requirements of the policy/rule. They might not have known the steps that they as an employee have to take in order to remain in compliance with those requirements. If an individual does not know the ‘why’ or ‘how’ of the requirement, it’s very difficult to be compliant with a rule.

To create a lasting culture of compliance, RIA firms need to build a robust compliance training program that includes the following:

  • ‘The What’ – What is the rule/policy? Which regulatory body is enacting these requirements?
  • ‘The Why’ – Training should always include explanations of the policy and rule requirements, and why it is important to follow them.
  • ‘The How’ – How exactly does an employee of the firm meet these requirements and remain in compliance with the rule/policy?
  • ‘The When’ – Timing and repetition, where quarterly and annual training can serve as key reminders to employees on compliance requirements. It also allows for the information to be top of mind throughout the year.
  • ‘The Where’ – Where are these trainings, policies and procedures housed at the firm? Is the information accessible to all employees? Where can employees report and escalate issues?

Robust compliance training programs result in active risk mitigation. In short, informed employees are usually compliant employees. When an individual knows and understands the rule/policy requirements, and why it is important to follow them, regulatory risk exposure is reduced. They are also better equipped to identify misconduct and report/escalate issues.

How can we help?

Our specialized team can help you understand which regulatory changes apply to you and design and implement regulatory training programs. We can also support your ongoing compliance and work with you to develop risk assessments and compliance monitoring programs to make sure your framework is robust. We offer a range of training packages including code of ethics training, reviews, code of ethics approvals (such as Outside Business Activities, Private Investments, Personal Account Dealing, Pay-to-Play, annual attestations, etc), Investment Company Rule Requirements and email surveillance services.