Compliance 101: Your First Year as Chief Compliance Officer

5 min read
September 18, 2017

Compliance is one of the biggest concerns for new firm owners. Many advisers and financial planners are coming from the broker-dealer world, where compliance is presented as a Big Scary Monster. Others are career changers, and have no frame of reference at all for what RIA compliance entails. Regardless of the circumstances surrounding the adviser’s knowledge of the industry, the word “compliance” is usually associated with terms such as “rules and regulations” and “enforcement, fines and deficiencies.” These terms can cause anxiety, and as a result, there is great apprehension for first-year compliance officers.

Despite these pitfalls and challenges associated with a first-year compliance program, there are plenty of ways to address and resolve any issues that firm owners may face in their role as Chief Compliance Officer. Let’s take a look at 3 common pitfalls and challenges for the first-year compliance program, and discuss how to address them.

Apprehension—It is common for inexperienced compliance officers to feel apprehensive about their first year. For one, the firm owner is stepping into unfamiliar territory. Most often, new firm owners will have financial planning or investment advisory backgrounds and will be familiar with sales, investment management, and financial planning processes. However, lack of compliance experience creates a hurdle that many find difficult to overcome. There is also a tremendous amount of regulator “red flag anxiety.” A lack of experience communicating with regulators coupled with unfamiliarity with regulatory statutes can lead to anxiety that a CCO’s action or decision will throw up a red flag about their firm. Additionally, new firm owners face an overwhelming amount of documentation while going through the registration process. While drafting and reviewing these documents, the firm owner is introduced to the ambiguous nature of regulatory communications and statutes. The inability to get straightforward answers from regulators, coupled with the vast amount of documentation, only adds to the first-year CCO’s lack of confidence in their compliance knowledge.

You don't want to be your own CCO, and we don't blame you. Check out how much  simpler Registering your RIA with XYPN can be →

Organization—Many new firm owners struggle greatly with time management. There are so many moving parts, including website and marketing efforts, selecting third-party managers, initiating relationships with outside vendors, addressing finance and accounting issues, and selecting a custodian. Therefore, compliance creates a conflict when trying to prioritize compliance items along with the other first-year items that must be completed.

Motivation—Let’s face it, it’s hard to get motivated to work on compliance items. Compliance is not as “sexy” as marketing and sales, as there is no direct connection between compliance and revenue. In fact, compliance usually presents itself as more of an expense than a revenue generator for firms. For firms being founded by a single adviser, this leads to the question: “Is self-supervision really necessary? Do I really have to supervise MYSELF?” The answer is that most state regulatory offices want to see that the compliance program is adequately managed, even for one-person firms. Then, another question: “What if I don’t have any clients yet? Do I still need to do compliance?” The answer is yes. When the firm is registered, it is assumed that there will eventually be clients, so regulators want to see that the compliance program is prepared to handle any future clients that will be serviced by the firm. So the basic theme here, is that it’s not only about the act of supervision, but it’s about setting the stage for the future of your compliance program.

So how do you handle these common pitfalls and challenges?

Leverage Technology—While in the process of launching your firm, it is imperative that you locate, become familiar with, and implement a technology solution. As with every other aspect of the business (investment management, marketing, accounting, etc.), the use of technology increases efficiency, streamlines operations, and maximizes productivity. It is nearly impossible to keep track of ongoing compliance tasks without the use of a compliance task management system. An effective compliance task management system will store documents, maintain compliance tasks in a calendar format, be customizable, provide regulatory background/commentary, allow for multiple users at different levels of access, allow records to be exported or downloaded for regulatory review.

FINRA Firm Gateway—This is the website where your compliance program will be administered. On Firm Gateway, firms will execute forms and filings, review historical forms and filings, and pay for annual registration renewals. Becoming familiar with this website relieves some of the stress associated with the “how tos” of first-year compliance. New firms are encouraged to log onto the website, and call FINRA to ask them to walk through the following functions:

▪ Viewing Historical ADV Part 1 Filings

▪ Viewing ADV Part 2 Brochures

▪ Accessing, Updating, and Filing U4

▪ Accessing, Updating, and Filing ADV Amendments

▪ Viewing CRD (Central Registration Depository) balance, renewing statements, and setting up      

  CRD email notifications for important items

▪ Any other questions about the website deemed necessary

Risk AssessmentAn effective compliance program revolves around risk management. The purpose of a risk assessment is to identify risks that make the firm vulnerable to violations and evaluate significance of each risk to properly allocate time and resources. There are both practical and regulatory benefits associated with completing a risk assessment. Practically, it saves time for CCOs to shift focus to compliance items that propose the most risk, as opposed to spending an equal amount of time on all items. From a regulatory perspective, it reinforces a regulator’s view on the competency of the CCO, when an overall risk assessment is being performed on a regular basis.

Completing a Risk Assessment Involves a Four-Step Process:

  1. Create an Inventory of Risks—Create a list of compliance risks posed by the firm’s business. Sample risk categories may include portfolio management processes, proprietary and personal trading/trading practices, client documentation (advisory contracts etc.), disclosures, safeguarding client assets (custody), books & records, marketing/solicitors, financial planning deliverables, privacy, business continuity plans, ERISA, and tax.
  2. Assign a Rating to Each Risk—How significant is each inventoried risk to the firm? CCOs can use a color coded or numerical system to assign risk ratings.
  3. Map Risks to Policies and Procedures—Make sure WSPs (written supervisory procedures or compliance manual)  address the areas of high risk and evaluate other areas for procedures and controls.
  4. Revisit and Revise—As things change for the business, revisit this process and revise as necessary.

Starting a firm is stressful and compliance tends to add to that stress exponentially. But by recognizing the pitfalls and challenges associated with first-year compliance items, and taking the necessary steps to address them, Chief Compliance Officers can experience a smooth and effective first year for their compliance program.

New call-to-action

Scott-Gill-Square-Color.jpg

About the Author

Scott is a licensed Securities Principal with experience in both RIA and broker-dealer compliance. He began his financial services career in 2006 as a Registered Representative with E*Trade Financial in Alpharetta, GA. He has also worked with J.P. Morgan Private Banking in Chicago, IL and with Wells Fargo Advisors in Chapel Hill, NC.

Scott’s most recent role before joining Team XYPN was as Compliance Officer of Carolinas Investment Consulting, in Charlotte NC. He’s a graduate of The University of North Carolina at Chapel Hill and holds FINRA Series 63, 65, 24, 4 and 53 Licenses.

Scott lives in Charlotte NC with his wife Meredith, and their two Sons Tyson and Jackson. In his free time, Scott enjoys watching sports, exercising, and operating the charitable organization he created upon his father’s passing.

Subscribe by email