Code of Data Ethics Decision Tree
This code of data ethics Decision Tree may be of interest to help you decide if a strategic change would be helpful as you are challenged to do more.
-->
This code of data ethics Decision Tree may be of interest to help you decide if a strategic change would be helpful as you are challenged to do more.
With so many challenges and distractions, we decided to dedicate this post to a back-to-basics theme focusing on updating your compliance program as operational processes and business plans change, regulators announce new guidance and privacy and data governance remain a top priority. We offer three important reminders.
It’s that time of year again – time to prepare for your annual Form ADV Review.
Disclosures to clients and prospects are even more important this year in light of new requirements announced last summer.
This is arguably the most important compliance project for the quarter.
As you conduct your annual review, I have laid out some reminders based on recent enforcement cases, guidance about the new Regulation Best Interest (Reg BI) requirements and resources to help you address the details. This can serve as your ADV Review checklist.
• Review Regulatory Expectations
Don’t rely on your memory. Make sure to consult the glossary and frequently asked questions to make sure you understand terms and regulatory expectations. They change over time and it’s important not to guess when it comes to the technical details in Part I of the Form ADV. Also see SEC Instructions.
• Involve the business
Review a draft of the Form ADV filing with the business and document the process, especially private funds disclosures, regulatory assets under management (RAUM) calculations and AUM against marketing claims. If you need support to help prioritize this work, review some of the recent enforcement cases highlighting Form ADV mistakes. Feel free to highlight these cases on your annual training or periodic compliance alerts:
• Start early
Prepare the new Part III – Form Client Relationship Summary (CRS) – before June and review disclosures related to Reg BI and recently announced SEC OCIE Exam Priorities (pages 9-12 regarding seniors, retail and retirement accounts)
• Collaborate and Document
Create a forum so it is easy to gather feedback on this complex filing. For example, in a cross functional meeting or call, HR and others can more easily contribute for compensation and conflicts disclosures while Finance and others can contribute for disclosures related to valuation and expenses.
• Avoid Mistakes
By collaborating you can avoid inadvertent inflation of calculations in Part 1 and confirm revenue sharing and inaccurate fee and conflicts of interest disclosures in Part II. See Deer Park Road Management case as an example of compliance failures related to fund asset valuation. Also see FAQs Regarding Disclosure of Conflicts Related to Investment Adviser Compensation.
• Review Vendors and Data
Review vendor sections in Part 1 and make sure your description of cybersecurity, cloud, record retention and other data management oversight is solid.
• Review Ethics
Review the code of ethics description In Part II and consider whether it is prudent to add data ethics as well. Likewise, review your risk disclosures in Part II and consider adding cybersecurity and data protection risks.
• Consolidate Delivery
With so many new privacy laws (GDPR, CCPA), check to see if your privacy policy or privacy practices have changed. If they have, and your company finds itself treating non-public personal information more stringently or differently than is required under Reg S-P, consider delivering your updated privacy policy and Part IIA to your clients at the same time to meet both annual requirements. See SEC 2020 Cybersecurity Guidance for more.
• Support ESG Investment Claims
If you have any investment analysis claims about impact, ESG or sustainability investments, confirm they are supported by objective investment methodologies and avoid unsubstantiated claims or claims that conflict with any Corporate Social Responsibility (CSR) or sustainability reports. You can visit the SEC OCIE Exam Priorities to find evolving investment themes on pg. 15. Also see the Columbia Law Review Article if you are interested in the history of disclosures related to environmental claims.
Keeping current with regulatory changes while also doing your job and running your business is difficult. Existing registered advisors must update and file an amended Form ADV within 90 days of their fiscal year-end – the due date for 2020 is March 30, 2020. The time is now to start thinking and preparing for this important compliance deadline.
It is generally considered a best practice to complete the annual compliance review by the end of the first quarter or early in the second quarter of the year – but not required. Investment advisors should review their compliance policies, code of ethics, and overall compliance program.
Are you taking proper actions to remain compliant? Feel free to reach out if you have any questions.
Strong governance trends continue to gain momentum increasing the need to review and potentially upgrade testing of ESG claims, data privacy and business ethics controls.
Today on the blog we’re highlighting data governance and privacy. We’ve provided takeaways for your compliance program. We hope you find these helpful. Let us know what you think!
In the coming year, regulators will continue to prioritize review of innovative products and new technology.
● Expect a more nuanced approach for scrutiny of digital advisors and assets including review of the adequacy of compliance programs, use of service providers and mitigation of conflicts of interest. SEC Exam Priorities for Virtual Assets
● Recently, the NY DFS also issued proposed guidance on the adoption or listing of virtual currencies, updating its 2014 guidance on the regulatory framework for virtual currency (VC) firms. The NY DFS is accepting comments on two proposed coin/listing options that it wishes to make available to VC licensees. Read the guidance at the following link: comments are due by January 27, 2020! DFS Proposed Guidance
● Another important development to watch: This month in Paris, FATF organized a supervisors forum to make progress on global consistency for supervising digital assets and related service providers. Supervisor Forum 2020
● Check out the latest What’s Ethical podcast with Matthew Blake. Matthew shares his insights as Head of the Future of Shaping Financial and Monetary Systems at the World Economic Forum (WEF).
On June 4th, the SEC settled a case against the hedge fund investment adviser Deer Park Road Management Company LP (“Deer Park”). Deer Park’s missteps create a uniquely teachable moment for compliance-oriented professionals whose controls may not always focus as intently as they should on the technical details of their organization’s models and processes. While Deer Park’s compliance processes were unusually deficient, such professionals should take caution when deferring to the business on technical matters such as valuation. The devil often resides in such overlooked details.
In particular, Deer Park and its CIO were censured and fined for failing to maximize observable inputs while developing GAAP-compliant valuations for a portion of the residential mortgage-backed securities it managed. In such cases, traders were given undue authority to undervalue such securities or to misreport their value to the investment adviser’s outside pricing vendors. The CIO signed off on these valuations, directly implicating himself. As Daniel Michael of the SEC Enforcement Division’s Complex Financial Instruments Unit said of the case, “Deer Park’s pervasive compliance failures allowed its traders to mark assets up gradually instead of marking them to market, in violation of the accounting principles they were required to follow.”
Deer Park’s program also suffered from insufficient oversight of the valuation process, despite the firm’s pricing expertise. In this case, the SEC focused on the inadequacy of Deer Park’s valuation procedures and conflicts of interest that arose when the firm’s traders and CIO allowed themselves to disregard observable market inputs.
Moreover, it acknowledged Deer Park’s retention of a new CCO with relevant experience after the firm’s violation period as a remedial action. This specifically underscores this case’s relevance for Compliance: the case implies in order to avoid regulatory action, the CCO needed the expertise to confirm the adequacy of the controls.
Deer Park reminds us that what compliance professionals don’t know about the underlying business can hurt them. But help is always available.
Outside resources exist to help you stay current and informed. Know when to ask for help!
Beth Haddock is the author of Triple Bottom-Line Compliance – How to Deliver Protection, Productivity and Impact. She advocates delivering sustainable compliance that increases brand protection, risk mitigation, productivity, and employee engagement.
In the wake of the SEC’s dual release of Regulation Best Interest (“Reg BI”) for broker-dealers and its Interpretation of Standards of Conduct for investment advisers (“RIAs”), this is an opportunity to consider the efficiency and impact of compliance controls. For instance, are programs designed to quickly detect and prevent conflicts of interest (“COI”) that either act against the best interest of the retail investor, in the case of broker-dealers, or violate the fiduciary duty of RIAs? If not, Compliance Officers should implement strong behavioral incentives throughout the organization that can detect and/or eliminate COIs when they first arise.
Both Reg BI and the SEC Interpretation indicate the importance of such proactive measures in Compliance programs going forward. Take, for instance, the Interpretation’s mandate to “eliminate or at least expose through full and fair disclosure all conflicts of interest which might incline an investment adviser—consciously or unconsciously—to render advice which was not disinterested.” A top-down, reactive approach to compliance detection may cause friction without effectively addressing this comprehensive requirement. Before the implementation date, Compliance can begin to assess COI exposure using a sustainable governance framework during annual reviews, compliance testing and new product and business projects.
By implementing these six COI review projects early, Compliance departments can not only determine the impact of the SEC pronouncements, but buy precious time to efficiently align Compliance, operational and business controls:
With an emphasis on horizontal engagement across departments, Compliance can assess the prevalence of COIs within business processes and design incentives, so COIs aren’t only found after they are baked into existing work flows.
Working alongside financial, product and sales experts, Compliance can use the results to assess and enhance Compliance and sales practices controls as needed; moreover, they can prepare to draft, file and deliver the new Form CRS Relationship Summary and other revised disclosures with greater confidence.
Finally, the effectiveness of Compliance efforts can be measured and fortified by the application of Compliance ROI calculations. These calculations not only illustrate how the investment of time and resources mitigates risks, but also reveals productivity gains and increased business opportunities afforded by the Compliance efforts. Metrics on prospective client inquiries, business engagement, behavioral incentives, efficiencies within operational processes, errors mitigated and IT and staffing budgets can substantiate the return on investment made on an improved COI framework.
Fraud and corruption exhibits a stubborn persistence throughout the world economy. Two-thirds of the world’s nation’s received a failing score on Transparency International’s CPI Statistics; all told, the world averages 43 out of a scale of 100. Prevention alone cannot shift these numbers; rather, financial professionals must be incentivized to do the right thing. Indeed, Reg BI and the Commission Interpretation indicates the time has come for a new approach to fighting COI; that’s where sustainable governance, horizontal engagement and Compliance ROI can improve our scores and our businesses alike.
Beth Haddock is the author of Triple Bottom-Line Compliance – How to Deliver Protection, Productivity and Impact. She advocates delivering sustainable compliance that increases brand protection, risk mitigation, productivity, and employee engagement.
Federal, state and industry regulators mandate the timely and comprehensive execution of compliance risk assessments and conflicts of interest (COI) inventories. Naturally, compliance-minded professionals focus on performing due diligence and analysis of new laws and regulations these reports require. Yet merely presenting the risks, for instance, that a new global initiative or marketing campaign poses for the company can fall short. That’s where ROI assessments for compliance come in.
ROI assessments simultaneously test and enhance the effectiveness of your compliance risk assessments and COI inventories in important ways. For compliance risk assessments, ROI assessments confirm business priorities and where compliance is spending its time while proactively finding efficiencies within business processes. In addition, ROI assessments can help create or update a COI inventory or identify a plan to address conflicts of interest. With Reg BI, conflicts of interest management will continue to be scrutinized.
Compliance risk assessments also endeavor to deter fraud and corruption. Deutsche Bank’s recent KYC initiative, affecting 1000 investment bank clients, highlights the urgency to these tasks. ROI assessments can demonstrate the wisdom a pre-emptive compliance program brings to your business. They suggest models for robust anti-corruption programs which meet evolving standards and ensure that conflicts are addressed and avoided.
In the meantime, as you approach midyear, you may find Blackrock CEO Larry Fink’s letter to CEOs to be a helpful resource. Fink covers how best practices and good compliance initiatives may help with recruiting and long-term profitability.
Beth Haddock is the author of Triple Bottom-Line Compliance – How to Deliver Protection, Productivity and Impact. She advocates delivering sustainable compliance that increases brand protection, risk mitigation, productivity, and employee engagement.
A Compliance ROI is the foundational component of Compliance as a Competitive Advantage, and like any new initiative, it requires a shift in perspective and focus. It requires a shift in emphasis away from one-day-at-a-time responsiveness towards building sustainable processes that also contribute to the business bottom-line. Federal authorities already recognize this value. The U.S. Department of Justice (“DoJ”) routinely instructs federal and state prosecutors to gauge the proactiveness and sustainability of a given firm’s compliance program when a violation is detected or reported. As the recently updated DoJ Guidance on Corporate Compliance Programs makes clear, the more sustainably a business is governed, the less likely it will be required to spend on fines and remediation.* Compliance programs can effectively demonstrate their ROI by mitigating such risks.
An organization’s routine compliance functions such as training, testing and the quarterly/annual reporting can serve as prime opportunities for evidencing a Compliance ROI.
But as the DoJ’s evaluation reminds us, this assessment should be ongoing so your compliance program is not static. Compliance issues, such as a cyberattack, can arise quickly. Internalizing Triple-Bottom Line Compliance means stretching any response above and beyond what is expected with a protection-only approach and applying new visions to find business benefits and operational efficiencies as well. That vision should be spearheaded by you, but fortified by experts and allies both within and without your organization. ROI is not only a proactive initiative, but a shared one as well.
*Further information on the DoJ guidelines can be found here.
Also consult Episode 10 of Warburton’s What’s Ethical podcast, where Craig Salm of Grayscale Investments gives valuable advice on how he delivers a ROI advising on digital assets.
Beth Haddock is the author of Triple Bottom-Line Compliance – How to Deliver Protection, Productivity and Impact. She advocates delivering sustainable compliance that increases brand protection, risk mitigation, productivity, and employee engagement.