It’s no secret…the pace of regulatory change over the last few years has been challenging to say the least. Just as your firm is finally catching up with new Marketing Rule requirements – BAM – another new rule, like the new AML Rule for RIAs and ERAs, hits and you’re back to square one.
During a recent webinar, The Changing of the Compliance Guard, COMPLY Chief Regulatory Officer, Jamila Mayfield; COMPLY VP, Private Fund Advisory Consulting, Mederic Daigneault; and the Investment Adviser Association (IAA) General Counsel and Head of Public Policy, Gail Bernstein discussed the implications of such unprecedented regulatory activity and what we expect to see under the new SEC Chair.
A Look at the Numbers: Assessing How Regulatory Activity is Impacting Firms
Let’s lay the groundwork.
By now, we all know, in FY 2024, the SEC brought 583 enforcement actions that resulted in a whopping $8.2 billion in fines. And at the same time, they proposed and adopted numerous new rules and amendments covering a broad swatch of topics, which have the potential to significantly impact the market:
- Cybersecurity Rules IA/BD
- Outsourcing by Advisers
- Custody
- ESG Disclosures
- Use of Predictive Data Analytics
- Customer Identification Programs
And how are firms feeling after such an active few years?
- 15% stated they had no difficulty keeping up with regulatory activity
- 45% said they were somewhat able to keep up, stating they occasionally lagged behind
- 26% said they definitely felt the strain
- 7% struggled significantly
- The rest were unsure
And it comes as no surprise, given the vocal stance the industry has taken on the pace of change and, in some cases, the perceived overreach of the regulatory. Overreach, which has transitioned from perceived to actual following a slew of court cases involving the SEC, FINRA, and DOL.
What Firms are Doing to Meet Heightened Regulatory Requirements
While we currently, we find ourselves in a sort of “wait and see” stage, t the Acting SEC Chair, Mark T. Uyeda,has already begun taking action, notably announcing a new crypto task force led by Commissioner Hester Peirce.
“To date, the SEC has relied primarily on enforcement actions to regulate crypto retroactively and reactively, often adopting novel and untested legal interpretations along the way. Clarity regarding who must register, and practical solutions for those seeking to register, have been elusive. The result has been confusion about what is legal, which creates an environment hostile to innovation and conducive to fraud. The SEC can do better.
The Task Force’s focus will be to help the Commission draw clear regulatory lines, provide realistic paths to registration, craft sensible disclosure frameworks, and deploy enforcement resources judiciously.”
However, it should be stated that while the regulator may choose to abandon or significantly overhaul proposed rules and some recently approved rules may be rolled back through Congressional Review Act (CRA) actions, any rule approved before June 2024 will remain effective until reversed by a new regulation.
Which means?
Firms must take the necessary steps to evolve their program and address any potential gaps before they become a deficiency.
So, what can you do? While not a complete list, here are a few immediate and more long-term tactics you can incorporate to help maintain a robust and comprehensive compliance program.
Immediate: Open lines of communication within your firm. We cannot overstate this, while your CCO may play quarterback for your compliance program, they aren’t the only player on the field. Ensuring your entire firm has open lines to your compliance team to ask questions, address issues, and bring potential compliance gaps to light is critical. And that communication goes both ways, your compliance team should use this channel to share updates, news, and resources for the firm.
Long-Term: Conduct regular risk assessments and internal audits.
Investment advisers are required to conduct a review of their compliance Policies and Procedures annually, according to Rule 206(4)-7. Doing so helps ensure each firm’s program operates adequately and effectively as determined by the SEC.
However, and this is a big however, you may find it necessary (and helpful) to thoroughly review your compliance program by conducting an internal audit outside of your typical annual review time period. When exactly could this be the case?
- When a new rule is adopted
- When a Risk Alert is issued
- When someone on your team identifies a potential violation
Immediate: Review SEC/FINRA Priorities, Risk Alerts, and recent enforcement actions. Both the SEC and FINRA do a good job of providing the market with their annual priorities. This wasn’t always the case and market participants didn’t have the opportunity to review certain aspects of their compliance program prior to an examination. We at COMPLY take heed of the annual priorities letters and advise our customers to do the same. However, any area of a firm’s operations is subject to examination whether a stated priority or not. Regulatory Risk Alerts are also a great tool that regulators have adopted in recent years, acting as a signal for changes to priorities based on the real-time results of examinations. If deficiency patterns emerge during examinations, the regulators are now telling the market and giving notice that it is a new priority. Therefore, the examination programs are always evolving and now, more than ever, the regulators are keeping the market updated on their focus areas.
Enforcement is altogether different. Since enforcement actions take 12-24 months to become public and often deal with activities that happened in the past, they normally reflect past priorities, not necessarily current priorities. They are a useful reminder of potential oversights or missteps in a compliance program, though.
Long-Term: Consider investing in or upgrading your compliance technology. Fact: If you’re conducting the majority of your compliance processes manually (or even with outdated technology), you are wasting precious hours and opening yourself up to error. The pace of change within the regulatory landscape demands tools and technology that grow with you, instead of holding you back.
Ready to make the move? Download our 2025 Compliance Buyer’s Guide for more information.
Immediate: Ask the experts. You don’t know what you don’t know, and that’s ok, but you do need to take steps to answer your questions and ensure your program is up to par.
When searching for the right external consultant, be sure to review their experience and credentials, ask about their auditing process, and read any client testimonials. Once you find a trustworthy and knowledgeable expert, they can help you enhance the effectiveness of your program by identifying potential risks, preparing relevant documentation, and focusing on the SEC’s top examination priorities.
The good news about all of this? You don’t have to navigate these uncertainties alone. Partnering with a firm like COMPLY provides the technological and regulatory resources to help you streamline processes, scale your program, and stay ahead of the regulatory curve.
Ready to learn more? Let’s talk.