When the regulators come calling (and they will come calling, eventually), how will you demonstrate your firm’s compliance with applicable regulations? What if, instead of the regulators, it’s the board of directors asking for proof that the compliance department has taken adequate steps to mitigate the firm’s risk? Being prepared to “show your work” by having the right documentation at your fingertips can demonstrate your firm’s commitment to preventing, detecting, and correcting potential rule violations.
A Lack of Violations Doesn’t Prove You’re Compliant
If your firm takes compliance seriously, you probably already know the risks you face. Those are different for every firm, of course, and depend to a large extent on the types of products and services the firm offers and who its clients are. Compliance-minded firms know they need to create, tailor, and implement firm-specific policies and procedures designed to address those risks.
However, without adequate compliance processes and systems to monitor, test, and document the steps taken, you cannot prove that there have not been any violations. That is to say, simply pointing to an empty spreadsheet labeled “violation log” or citing the firm’s clean regulatory record doesn’t mean there haven’t been any violations; it could actually indicate that your procedures for identifying issues aren’t working.
Showing Your Work Can Protect the Firm – and the CCO
Unfortunately, you didn’t leave the need to “show your work” behind when you finished school. Simply telling the regulators or the board that you monitored for compliance is not enough if you can’t show evidence that you did so.
Regardless of the firm’s size, compliance professionals should be able to quickly and easily review historical supervisory and oversight activities including employee personal trading logs, gifts and entertainment records, political contributions, outside business activities, and more. Actions taken to investigate questionable or flagged activities should be documented and readily available for review later. Documentation should include, at a minimum, information about the matter including relevant dates and employees’ names, the compliance staffer’s notes and research, the employees’ responses to inquiries (if applicable), and how each matter was ultimately resolved.
Remember the End Goal: A Compliant Firm (Not Necessarily a Violation-Free Firm)
Striving for a firm with a clean and clear compliance record is admirable, but it’s not necessarily a realistic goal. There will always be factors and circumstances outside the compliance department’s control that can impact the firm. Human errors can occur, rogue employees bent on obscuring rule violations will find ways to do so, and risks that haven’t even been contemplated yet can suddenly come to light.
Instead, compliance departments should devote sufficient resources to ensuring they have the tools and resources needed to monitor transactions (potentially voluminous amounts of data), test that policies and procedures are being adhered to, and effectively document actions taken to ensure compliance. That way, when asked to demonstrate how the firm is complying with Rule XYZ, you’ll be able to point to concrete evidence of your actions rather than banking on an absence of violations as proof that none occurred.