SIFMA (the Securities Industry and Financial Markets Association) has released its White Paper on the Role of Compliance. Published internally in 2005, and released to the public recently, the white paper nonetheless contains pertinent and timely guidance for compliance departments at financial services firms. Let’s examine the key points of SIFMA’s white paper.
Compliance departments at firms are critical to the investor protection function. The white paper states the critical importance of having a “well-staffed, experienced and adequately funded” compliance department. That department also should coordinate with the firm’s legal department as well as the internal audit and risk management departments at the firm in order to order to “maintain an effective overall compliance program.” According to the white paper, the compliance department should report to the firm’s general counsel, risk management or directly to the executive
office. Notwithstanding, the white paper observes that securities regulators are looking to compliance officials to act “proactively” to detect and prevent wrongdoing, and have “urged” compliance personnel to move beyond their traditional advisory roles.
So what are the typical compliance functions? According to SIFMA’s white paper, there are several. Let’s highlight the more important ones. First, compliance department personnel “provide regulatory and compliance advice to business and control units on an ongoing basis.” According to the whitepaper, in essence that means that the compliance department must respond to questions and issues as they arise. It also means that the compliance department must proactively keep business
units of the firm apprised of regulatory developments and firm policy changes.
Another important function is to assist firm management with the “development of policies, procedures and guidelines designed to facilitate compliance with applicable laws and
regulations.” Compliance also needs to disseminate compliance alerts and notices to firm business units. Finally, compliance needs to work with business units to design policies and procedures that reflect new business products, services or trends.
Third, monitoring and surveillance is a “critical ongoing” compliance department function. What this involves, according to SIFMA, is a detailed review of business activities, as well as surveillance of business transactions as well as communications, to identify potential issues relating to, among
other things, the handling of customer accounts, proprietary trading, employee/employee-related training and employee communications. One particular aspect is the goal to help “identify, at their early stages patterns of improper behavior or activities, material or systematic weaknesses and potential product-related problems.” Notably, compliance personnel (as well as business line management) should “escalate” red flags to senior compliance officers or the chief compliance officer of the firm, and if the response is perceived to be insufficient, then up through the chain of command including to senior management and/or the Board of Directors.
A fourth function of the compliance department is to conduct business unit compliance reviews. According to the white paper, those reviews must be proactive, designed to identify potential regulatory, compliance and reputational risks, and designed to minimize such risks. Furthermore, the reviews should be documented and should be reported to management. One type of compliance review is the annual branch office examination. The white paper makes several recommendations in that regard, including that the examination be carried out by personnel independent of the examined branch. Additionally, a “surprise” branch office examination may be appropriate under certain circumstances, “especially where the firm has some indication of inappropriate behavior or inadequate controls.” Finally, SIFMA’s white paper states, “Firms must be vigorous about reviewing branch office activity, even if offices have only a few employees or are in remote locations.”
Another important compliance function is to perform internal inquiries and investigations. The focus normally is on whether a given activity or transaction has violated firm policies or procedures, laws, rules or regulations, or industry standards. In conjunction with the legal department, a report normally is made to senior management and, if necessary, to the regulators. In that regard, the white paper notes that the role of the compliance department is not to remediate wrongful conduct. Nor does the compliance department have the power to fire or discipline personnel.
One more important compliance department function is to promote a “culture of compliance” within the firm. Compliance must be viewed as a “crucial institutional value”, and business personnel must value the compliance department. The “Tone from the Top” must allow for putting in place the people and systems necessary to achieve compliance. The white paper states that, “This includes allocating sufficient resources to build effective compliance systems (including technology), creating incentive structures that reward compliant behavior (and penalizing behavior that sacrifices compliance principles), and giving compliance personnel regular and unfettered access to
senior management.”
As one can see, those compliance objectives and functions are as relevant today as they were in 2005. Investors should be pleased that SIFMA has promoted and continues to promote a strong and effective compliance department function.