More On Legal & Compliancefrom The Advisor's Professional Library
- Privacy Policies and Rules Whether an RIA is SEC or state-registered, the firm must have policies and procedures in effect to protect clients privacy. Policies and procedures should explicitly require an RIA to send out its privacy notice each year.
- Nothing but the Best Execution Along with the many other fiduciary obligations owed by RIAs, firms owe a duty to seek best execution of clients transactions. If they fail to do, RIAs violate Section 206 of the Investment Advisers Act.
There is no specific regulatory requirement that says registered investment advisors must provide “mandatory” training to their employees. However, identical and related training questions are prominent on the current SEC regulatory examination. In addition, the preparedness, ability and experience of the firm’s CCO is now a very relevant issue during examinations, especially if the SEC is concerned that the CCO position is not filled by an individual who has the requisite knowledge, ability and authority within the firm to adequately discharge his or her duties.
It would be prudent for advisors to adopt a training process for their employees. I have devised our clients’ policies and procedures such that the firm will provide initial training and information to new employees and a mandatory annual meeting for the entire staff (participation via teleconference or video conferencing is sufficient for firms with branch offices). Of course, many firms do and will continue to hold compliance-related meetings more often than annually.
The annual meeting should entail a general firm-wide discussion of various firm policies and any changes or proposed changes thereto since the last annual meeting. The meeting should correspondingly permit employees to ask questions regarding the firm’s polices and related issues. There should be a formal agenda and a sign-in sheet that should be retained as part of the firm’s records. I generally provide a sample agenda as part of our policies and procedures, which will include topics such as the code of ethics, including personal securities transaction reporting requirements; confidentiality and privacy obligations, including information security; use of social media; a discussion of The Patriot Act (AML) and issues that employees should be made aware of; and business continuity issues.
Finally, as to the person leading the discussion during the annual compliance meeting—the firm’s CCO: As indicated above, the preparedness, ability and experience of the firm’s CCO are now very relevant issues during examinations. The CCO should be the point person directly interacting with the SEC during examinations. If your CCO is not up to the task, either provide training (such as compliance reviews like those that I conduct throughout the country on a weekly basis to prepare firms for regulatory examinations) or find a successor who will be better suited for the position. An unqualified or unprepared CCO will frustrate the Commission and could potentially lead to deficiencies or actions that would otherwise be unwarranted. CEOs, the buck stops with you. You can’t blame the CCO; you should know if the CCO is not up to the task, was not provided with appropriate training, was not given the requisite authority to discharge his or her responsibilities, or is not privy to firm practices or operations that involve (or could involve) compliance-related issues.