Regulator audits and exams are commonplace in the compliance space. Are you prepared? Or more specifically, how will you show regulators that your firm has been complying with the applicable regulations? Being prepared to “show your work” by having the right documentation at your fingertips can demonstrate your firm’s commitment to preventing, detecting and correcting potential rule violations.
Firms are routinely penalized (and potentially fined) for failing to maintain required records, retaining records that are inaccurate or incomplete and for general record-keeping inconsistencies. Most financial firms understand the importance of a tailored approach to their compliance program, implementing and supervising over the appropriate policies and procedures designed to protect investors, as well as lowering company risk. However, it is not enough just to have a solid procedural framework in place. If your firm cannot demonstrate its supervisory efforts and provide hard evidence to prove supervisors, and the compliance department at large, are meeting their regulatory obligations, firm leaders will likely have a difficult time convincing the regulators your policies aren’t simply just for show.
Simply put, if you don’t take documentation seriously, you run the risk of regulatory action – even if your compliance program is otherwise sound.
Six tips to help Your firm comply with record-keeping regulations
Here are some things to keep in mind as you try to get your firm to comply with record-keeping regulations.
1. Know your obligations
All UK financial firms are bound to comply with the Financial Conduct Authority (FCA)’s regulations, however many firms are subject to additional regulators and therefore regulations Each regulator has its own list of required books and records and its own expectations for how firms supervise their associated persons and operations. Before you can conduct a books and records review or supervision risk analysis, you need to know what your obligations are. Once you understand the targets you need to hit, you can evaluate how well you’re meeting your obligations.
2. Keep in mind that a lack of violations doesn’t prove you’re compliant
If your firm takes compliance seriously, you probably already know the various risks you face, including the specific risks associated with the types of products and services your firm offers and who your clients are.
However, without adequate compliance processes and systems to monitor, test and document the steps laid out in your policies, your firm will struggle to prove there have not been any violations. That is to say, simply pointing to an empty spreadsheet labeled “violation log” or citing the firm’s clean regulatory record doesn’t mean there haven’t been any violations; it could actually indicate that your procedures for identifying issues aren’t working.
Compliance-minded firms need to create, tailor and implement firm-specific policies and procedures designed to address their risks….and accurately document all supervisory action taken.
3. Create an inventory of rules for your firm
What products and services do you offer? For each product and service, go to the applicable regulators’ rulebooks to determine what type of documentation you need to maintain.
4. Know that evidencing doesn’t just protect your firm, but also your chief compliance officer (CCO)
Regardless of the firm’s size, compliance professionals should be able to quickly and easily review historical supervisory and oversight activities including employee personal trading logs, gifts and entertainment records, political contributions, outside business activities and more.
Actions taken to investigate questionable or flagged activities should be documented and readily available for later review. Documentation should include, at a minimum, information about the matter including relevant dates, associated employees’ names, the compliance staffer’s notes and research, the employees’ responses to inquiries (if applicable) and how each matter was ultimately resolved.
5. Remember that you are striving to create a compliant firm
Striving for a firm with a clean and clear compliance record is admirable, but it’s not necessarily a realistic goal. There will always be factors and circumstances outside the compliance department’s control that can impact a firm’s records. Human errors, rogue employees and risks that haven’t even been thought of can create sudden and unexpected risk.
Instead, compliance departments should devote sufficient resources to ensuring they have the tools and resources needed to monitor transactions (potentially voluminous amounts of data), test that policies and procedures are being adhered to and effectively document actions taken to ensure compliance. That way, when a regulator asks you to demonstrate how your firm is complying with Rule XYZ, you’ll be able to point to concrete evidence of your actions rather than banking on an absence of violations as proof that none occurred.
6. Consider implementing regulatory compliance technology
If your compliance program is built around excel spreadsheets, homegrown databases, paper records or some combination of the above, evidencing compliance with your supervisory obligations and books and records requirements will likely be an uphill battle.
Once you know your firm’s risks and obligations, you can leverage regulatory technologies created specifically to help you meet record keeping regulations and obligations. Implementing regulatory compliance technology not only helps firms show their work, it also enables real-time report generation for audits and exams. Today’s compliance technology solutions provide a simple, yet extremely effective, means of documenting supervision and compliance efforts.
Don’t leave the demonstration of your firm’s supervisory efforts and books and records compliance to chance – be prepared when the regulators come calling. By understanding your obligations, inventorying your risks and implementing an automated solution to help your firm with the supervision and documentation process, you can lower your firm’s risk.
The ComplySci® Platform is designed to provide authorized firm personnel with readily available access to the documentation your firm needs, in a format that is clear, user-friendly and up-to-date.
Interested in learning more about the ComplySci Platform? Schedule a demo today!