Hot Topics From the 2022 SEC Exam Priorities

Each year, the SEC releases its Exam Priorities toward the end of the first quarter. The document is a regular reminder that compliance is not a one-and-done endeavor. The world we work in is constantly changing, and regulatory expectations often shift to adjust to new realities.

Reflecting on the latest Exam Priorities can help compliance officers decide where to direct their energy in the coming year. Here, we dive into the SEC’s priorities released at the end of March 2022 and flag some of the areas CCOs should think about.

Standards of Conduct

The SEC takes its mission of protecting investors seriously. That’s why firms’ standards of conduct are a perennial focus of SEC Exam Priorities.

This year, the document was especially focused on ensuring firms are acting in clients’ best interests and communicating those efforts to clients.

Maintaining appropriate standards of conduct starts with fiduciary duty. The SEC reminds firms that the client’s best interest should be at the heart of every decision. Each investment must be considered with respect to a client’s risk tolerance, potential upside and downside, and costs associated with each asset.

It’s also crucial firms keep an eye on their internal actions. The SEC affirms that firms should be focused on managing conflicts of interest and staying honest about any incentives they receive for recommending certain products or strategies.

The final component of acceptable standards of conduct is sharing your firm’s practices with clients. You must disclose incentives. You must share information assembled for Form CRS and Form ADV with clients. That’s how they develop a clear understanding of how you run your business. Clients need to know about any potential conflicts of interest, disciplinary history, and fees and costs.

RIA and Broker-Dealer Regulatory Exams

For both RIAs and broker-dealers, the SEC’s regulatory exams focus on ensuring you have a robust, effective compliance program. The SEC wants to see programs with clear documentation, testing, and employee training.

For broker-dealers, the SEC places particular emphasis on:

  • ●The firms’ recommendations and sales practices around more complex or risky asset classes. This includes SPACs, structured products, leveraged and inverse exchange-traded products (ETPs), REITs, private placements, annuities, municipal and other fixed-income securities, and microcap securities.
  • ●Practices, policies, and procedures related to evaluating cost and reasonably available alternatives. Is your firm recommending products that are genuinely in the investor’s best interest?
  • ●Compensation structures for your team. The SEC is concerned with conflicts that these structures may create. If you are tapped for an exam, the SEC may focus on securities sales conducted by your highest-compensated team members.

For RIAs, the SEC is focused on:

  • ● Fiduciary duty. Are you acting in your clients’ best interest, providing impartial advice, disclosing conflicts of interest, and maintaining duties of care and loyalty? If you’re missing critical components of the standards of conduct guidelines outlined above, you’re likely not meeting the SEC’s expectations.
  • ● Advisory fee errors. This includes everything from a failure to adjust fees as promised in investor agreements, to mistakes in calculating tiered fees to a failure to refund prepaid fees on accounts that had been closed or pro-rated fees for new clients.

Information Security and Operational Resiliency

Technology is an essential part of business today. There are significant advantages to using digital solutions in your organization, but it also means you must have a plan to protect personal information and maintain operational resiliency.

The SEC expects firms to implement measures to prevent service interruptions and protect clients’ personal identifying information (PII).

There’s a lot to consider regarding technological risks, from creating secure client-facing accounts to establishing airtight connections between your distributed team in our new work-from-home reality.

On the client-facing side, you should:

  • ● Help clients maintain account security. Consider implementing features like multi-factor authentication for your accounts.
  • ● Verify investors’ identities and work to prevent unauthorized account access.
  • ● Prevent and disclose any account intrusions or data leaks.

Internally, it’s essential to:

  • ● Address any phishing scams or potential hacking incidents resulting from suspicious emails sent to your team.
  • ● Keep an eye on red flags related to identity theft, and communicate with clients about risks or leaks.
  • ● Respond to incidents promptly.
  • ● Establish best practices for your distributed team, such as using VPNs and secure cloud-based applications.
  • ● Vet the security practices of your vendors and service providers to ensure they meet your standard.

Even if you’ve read through countless SEC Exam Priorities of years past, there is always something new to focus on. Every firm has its strengths and weaknesses, so it’s wise for compliance officers to review the latest document with an eye toward SEC expectations your firm might struggle to meet. The best way to remain audit-ready is to be proactive about addressing regulatory concerns.


Filing Deadlines: How To Proactively Prepare

The start of the calendar year is a hectic time for compliance officers. There are numerous deadlines firms must hit, from Form 13F to Schedule 13D to financial statement state filings.

If you don’t already have a streamlined process for tracking and gathering the information you need for these filings, you’ve probably experienced a stressful past few months.

The bad news is that there are key filing deadlines to hit throughout the year, so the scramble could continue. The good news is that there are ways to proactively prepare for filing deadlines so you can hit them all without breaking a sweat.

Know Your Deadlines

This may seem obvious, but the first step to hitting your deadlines is knowing when they are. Some deadlines, like Form 13F, are the same for everyone–45 days after calendar year-end and the end of every quarter. Others are dependent on activities within your firm, like Form 8-K, which must be filed four business days after a triggering event.

Finally, some reports have different annual and quarterly filing dates based on firm attributes. Annual Report on Form 10-K and Quarterly Report on Form 10-Q set different due dates for large accelerated, accelerated, and non-accelerated filers.

Compliance officers must have a handle on when each of their filings is due. Creating one calendar for the compliance team with all key deadlines establishes a shared understanding of dates to hit.

With all of the deadlines in the calendar, you and your team can work backward to set internal dates for checking paperwork and reviewing forms before final submission.

For forms triggered by a specific event, it may be helpful to create a shared worksheet that you and the team can reference for reminders of requirements and deadlines when a triggering event occurs.

Gather Paperwork All Year

One of the major causes of panic around filing deadlines is the need to track down certain internal forms and paperwork. Often, relevant documents are stored on an individual’s hard drive and are not easily accessible to the CCO or other compliance officers.

Instead of waiting until the filing is nearly due, create a repository of necessary documents all year round.

This may start with drafting a shared checklist, where your team can see a list of the documents needed to complete each regulatory filing. Whenever someone on your team completes or obtains a necessary document, they immediately drop it into the shared file and check the item off the list.

This provides compliance officers visibility into where each filing stands and who has contributed. The CCO can rest easy knowing the forms are easily accessible, or they can track down team members who may owe relevant paperwork.

Monitor New Filing Requirements

Regulatory agencies often update filing requirements to address new concerns. For example, the SEC recently changed its Form ADV to fit the new marketing rules.

The world will continue to change around us, and the SEC and FINRA will adjust filing requirements accordingly. Compliance officers must remain abreast of the latest regulatory changes and make the appropriate adjustments to internal policies and procedures to ensure the team complies with these new expectations.

Setting a Google alert for SEC and FINRA risk alerts or press releases is one way to watch for new information. Certain compliance software tools, like BasisCode, will also issue alerts when relevant policy changes occur.

Choose the Right Tool

The pandemic has accelerated a global shift toward digitalization, and regulatory agencies are no exception. The SEC has proposed amendments to expand its online filing to make it more efficient for everyone involved.

In this new digital-first world, a comprehensive compliance tool is vital. A platform like BasisCode can not only achieve the above tasks–creating shared checklists, monitoring employee form submissions, and serving as a repository for necessary paperwork–it also makes digital filing seamless.

Form 13F can be compiled securely in the BasisCode platform and quickly submitted digitally to the SEC or FINRA. The platform will notify you when you have reached thresholds for other filings.

When you work in financial services, regulatory filing deadlines are a fact of life. Delaying your preparation won’t make them go away–it will only cause stress for you and your team. A proactive approach is the best way to ensure you hit your many filing deadlines throughout the year.


Why You Need To Document Your Compliance (And How To Do It)

Advisors wince at the prospect of an SEC or FINRA exam. The fear of the unknown is part of the apprehension. What will they look for? What if they find something? And how do we know we’re in compliance?

While you can’t foresee what aspect of your firm’s work the regulators may choose to audit, you can be sure that your exam will begin with a document request.

The documentation and records that you keep on your firm’s activities are how you know you’re in compliance. And perhaps even more crucially, that paperwork is how the SEC or FINRA knows you’re in compliance.

The best time to ensure your documentation is in place is before the regulators ever knock on your door. Here’s how to keep your documentation in order all year round.

Educate Your Team

Your Chief Compliance Officer – or the person given that responsibility – cannot be the only person in the firm who’s responsible for documenting compliance efforts. Each of your colleagues touches work that must be recorded. From their personal trading records to interactions with clients, every employee has a role in creating and maintaining compliance-related documentation.

That’s why a robust compliance program begins with education. Your team must be up-to-date on what paperwork is required by regulators.

CCOs can create training modules and quizzes to test the entire team on various aspects of regulatory compliance. Running skills and drills with your team ensures everyone in your organization is aware of these documentation requirements.

Regularly Audit Your Policies and Procedures

For CCOs, it’s not just about testing your team. You should be regularly testing yourself, too. That includes internal audits of your existing policies and procedures.

Start by setting dates in your calendar to review your written compliance policies quarterly.

The SEC and FINRA regularly release risk alerts and make policy updates. Each review session of your documentation should occur with an eye toward the latest information from regulatory agencies.

Is there something the SEC or FINRA has highlighted in a recent risk alert that you notice is lacking in your documentation? It’s not enough to say you’re committed to improving in that area–you need to update your written policies to create a more robust framework around those areas of concern.

Once you’ve updated your policies and procedures, it’s time to highlight those changes with your team. Any time you update your operations, run drills to get everyone up to speed.

Select the Right Compliance Tool To Maintain Your Records

Staying up-to-date on your firm’s paperwork and the latest regulatory expectations can be demanding. A comprehensive compliance tool can help CCOs automate certain processes and prevent tasks from falling through the cracks.

A robust compliance tool is designed to:

  • ●Create a secure, shared space for your entire team to access policy and procedure documents.
  • ●Track each team member’s individual paperwork around items including personal trading, gifts and entertainment, and client management.
  • ●Establish shared checklists so the whole team has visibility into the status of compliance-related projects.
  • ●Share risk alerts from regulatory bodies, so everyone is up on the latest expectations.
  • ●Build out a compliance calendar to ensure the team is working toward hitting all filing deadlines.

With all this information in one secure tool, CCOs know precisely where to go if and when a document request arrives from the SEC or FINRA. There is no last-minute scramble to hunt down paperwork stored on hard drives, in file cabinets around the office, or in folders at home.

An advanced compliance tool can eliminate some of the anxiety firm leadership feels around an exam request. While it’s impossible to know when one will come, knowing that your documentation is ready and waiting to meet any regulatory request provides peace of mind.


How To Create and Implement Compliance Policies and Procedures

Financial regulators are consistently updating guidance and laws to reflect the ever-changing reality of our modern financial system. Cybersecurity, robo-advising, and other technological advancements necessitate new rules and regulations.

Whenever the SEC or FINRA issue new rules or risk alerts, it’s incumbent upon CCOs to ensure their firms meet these updated expectations. The best way to maintain firm-wide compliance is to create policies and procedures to address these changes and then establish a culture of adherence.

If you manage compliance operations at your firm, here are some tips to keep your policies and procedures in line with the current regulatory moment.

Stay Up-To-Date on Regulatory Guidance

The SEC and FINRA consistently communicate their regulatory expectations to CCOs and advisory firms. In addition to their annual exam priorities, both regulatory agencies also issue regular risk alerts. These documents highlight gaps they’ve seen across firms they’re auditing and provide other CCOs with a heads up about regulators’ current concerns.

It’s crucial that all firm leadership, especially CCOs, remain abreast of regulators’ latest updates and guidelines. There are several ways to do this:

  • ● Set a Google Alert for SEC and FINRA guidance or policy changes.
  • ● Create a calendar reminder to periodically check the SEC or FINRA websites for newly released risk alerts.
  • ● Sign up for relevant industry newsletters.
  • ● If you are a BasisCode user, you’ll receive automatic updates in the system whenever a new regulatory alert is issued.

Review Your Policy Regularly

Once you know what the regulators wish to see from your firm, it’s time to proactively meet those expectations.

The first step in meeting new requirements is adjusting your current policies and procedures to address the guidelines. Each quarter, set aside time to review your policy and procedure documents and update them as needed.

Making updates is mandatory when a new law goes into effect, but internal policy should also be changed to reflect concerns regulators have flagged in risk alerts. If a regulatory agency tells you it’s essential to do something, your policies and procedures should mandate that behavior.

Taking steps to update your policy proactively means you will be in compliance long before becoming the focus of a regulatory exam.

Share New Documentation With Your Team

If a policy is changed on your hard drive and no one’s around to read it, does it make an impact?

The answer, of course, is no. And that’s why it’s just as important to share your new policies with your team as it is to create them.

Any time you update policies and procedures, take the following steps:

  • ● Send a message to your whole organization alerting them of the change.
    • ○ Share the new document in its entirety.
    • ○Include some bullets at the top, educating the team about substantive changes and how they affect each person’s workflow.
  • ● Create learning modules and quizzes to test your team’s understanding of new policies and procedures.
    • ○A robust compliance tool allows you to easily run trainings and test skills all in one place.

Create Checklists for Adherence

Once your team understands what’s needed from them, build guardrails to make sure they continually adhere to these new policies.

A comprehensive compliance tool can help you create shared checklists. You always have visibility into each team member’s work and can rest assured they’re ticking all of the compliance boxes (literally).

Take the new marketing rules as an example. One of the most substantive changes in this regulation is how testimonials are managed. Suppose your marketing team is used to the old workflow for gathering and approving client testimonials. A checklist that calls out new steps reflective of recent laws reminds them to systematically go through each new procedure.

Prepare for a regulatory exam or document request by being proactive. Updating your compliance policies and procedures in advance ensures you’re meeting regulatory standards long before the SEC or FINRA checks your work. Regular review and revision of compliance policies and procedures are hallmarks of a successful compliance program.


5 Benefits of an Integrated Compliance System

All robust compliance programs share a few key elements:

    • ● Thorough documentation
    • ● Up-to-date policies and procedures
    • ● Regular monitoring of firm activities
    • ● A well-trained and informed team

While this list looks short on paper, a lot of effort goes into ensuring your firm hits all of the requisite marks. When you’re a CCO, it’s up to you to execute flawlessly on these goals. Between regular filings and unexpected audits, you must be ready to demonstrate your compliance bona fides to regulators at any time.

Fortunately, today’s technology means you don’t need to go it alone. A comprehensive compliance program can help CCOs manage employee behavior, streamline training, create a clear paper trail, and monitor ongoing firm activities. Here are five of the ways an integrated compliance system keeps your firm’s compliance program on track.

1. Create a Centralized Information Platform

Regulators want to see documentation of your compliance efforts. Whether it’s paperwork to support a regular filing deadline or information associated with a document request, demonstrating compliance is much easier when all of your data is in one place.

An integrated compliance system houses your information under the same digital roof. If you need to pull your team’s gift and entertainment reporting paperwork, it’s in your compliance tool. 

Want to access your firm’s policies on marketing and testimonials? That’s in your compliance tool, too.

Keeping all of your compliance information eliminates the guesswork around where to find relevant documentation. An audit or document request is stressful enough without a mad dash to track down the paperwork you need. Maintaining your records in your compliance platform means you know right where to go.

2. Receive Automatic Updates

The other key component of documenting your policies, procedures and compliance activities is keeping your paperwork up-to-date.

This is no easy task if you’re managing it manually. You have training and certifications from your team, paperwork tracking employees’ trading and gifts and entertainment, firm-wide policies and procedures, and information on your clients.

With a comprehensive compliance platform, all of this information syncs automatically.

BasisCode uses a REST-based API that allows for easy integration with your other internal and third-party systems. Our app makes it easy for your team to update their information on the go, and our security features mean that your data is always protected.

BasisCode’s platform even pulls in up-to-date regulatory alerts so that you remain abreast of the latest expectations for your compliance program.

3. Undertake Constant Monitoring

Before the days of compliance technology, a heavy burden was placed on CCOs to monitor various documentation and systems manually.

Keeping a watchful eye on your employee’s personal trading is a prime example. With manual monitoring, individuals’ statements were reviewed periodically. If suspicious activity was detected, it was in previous months’ trades.

With a comprehensive compliance platform, this monitoring happens constantly and automatically. Now, red flags are spotted right away and can be dealt with immediately.

Regular, automated monitoring reduces the risk for delayed reactions and missed issues due to human error. Instead, CCOs can rest assured that problems will be flagged, and they can turn their attention away from tedious monitoring and toward more pressing compliance concerns.

4. Build a Shared Workspace

An essential component of a successful compliance program is keeping everyone on the same page. With an integrated compliance system, you can corral your team in one digital arena.

The benefits of a shared workspace go both ways. Your team can place all necessary documents in one location, meaning you always have access to the paperwork and information you need. 

Similarly, it empowers you as CCO to push out new and pertinent compliance information to everyone on your team. From the latest risk alerts to your firm’s new marketing policy, you know your entire firm is well-educated about your latest compliance updates.

And with a shared workspace protected by top-of-the-line security measures, there’s no need to worry about hackable Google Docs or email attachments. All documentation lives on a secure platform that you and your team can access from anywhere.

5. Manage Employee Training and Education

The final piece of a robust compliance program is ensuring that your team knows how to remain in compliance and can document their actions in real-time.

It’s not enough for you to share a new risk alert and assume your team will read it. An integrated compliance tool allows you to test your team on its knowledge.

With a tool like BasisCode, you can develop training and quizzes for your team to educate them about what compliance looks like in real-world scenarios. You can also create checklists to keep your team on track in updating any existing paperwork or procedures to comply with new rules.

All of this information is visible to you in a shared system. You always know where each of your colleagues is in their compliance journey. This empowers you to follow up with folks who need an extra nudge or provide additional training to individuals who are struggling to grasp a new compliance concept or expectation.

CCOs are expected to meet regulatory demands, monitor employee behavior, provide updates to firm leadership, and ensure everyone remains informed about the latest compliance alerts.

To succeed in building a robust compliance program, it can feel like you need to be in several places at once. An integrated compliance system allows you the next best thing, helping you keep an eye on your team’s behaviors, customer portfolios, and regulatory expectations simultaneously. Reach out to schedule your demo today!


New Marketing Rules: What CCOs Need To Do Now

In December 2020, the SEC announced the first substantive overhaul to Rule 206(4)-1 under the Investment Advisors Act in nearly 60 years.

It makes sense–a lot has changed since the 1960s. The new SEC marketing rules reflect the realities of how integrated digital marketing strategies allow us to engage with consumers.

The SEC finalized the rules on December 4, 2020, but they provided a compliance grace period for advisors. Come November 4, 2022, firms will be responsible for adhering to these new standards. 

Let’s explore the actions CCOs should take now to ensure they’re in compliance by the Q4 deadline.

Get To Know the New Rules

The new marketing rules change everything, including the very definition of the word advertising. 

According to the SEC, “The amended definition of ‘advertisement’ contains two prongs: one that captures communications traditionally covered by the advertising rule and another that governs solicitation activities previously covered by the cash solicitation rule.”

That first prong includes any direct or indirect communication from an advisor that’s offering investment advisory services to a client or prospect. Your email newsletter, social media posts, or blog content may fall under this umbrella. One-to-one communications are excluded, so personal emails or phone calls are not advertising.

The second prong focuses on compensated testimonials. It’s important to note that compensation need not be in the form of cash. If you offer a prize or reduced advisory fee–any sort of financial incentive–in exchange for a testimonial, it is considered compensation.

In terms of limitations, the SEC’s new marketing rules hold firms accountable for:

  • Making false statements, including statements that are false by omission or that cannot be substantiated. E.g., You cannot promise specific percentage returns to prospects.
  • Providing an unbalanced or unfair treatment of advice, risks, or limitations. E.g., You cannot present actual returns for an unusually strong year as if it represents what clients can expect from future performance.
  • Including any information that is otherwise materially misleading. Essentially, do not overtly lie or fudge the truth. E.g., You cannot say you have $500 million AUM when, in fact, you only manage $100 million.
  • Using testimonials and endorsements only if the firm shares specific details: Namely, the individual’s relationship to the firm and whether or not they have been compensated. E.g., If you hire Chuck Norris to advertise for your firm, you must make it clear that he is not a client and has been paid to appear in your advertising.

For a complete look at the SEC’s new marketing rules, see the SEC’s press release on the updated guidelines.

Audit Your Existing Advertising Assets

Once you’ve developed a comprehensive understanding of the SEC’s new marketing rule, it’s time to audit your existing advertising materials internally.

It’s crucial to be systematic in your approach. Testimonials may be tucked away in a downloadable white paper. Perhaps you have an old blog post that shares high-level year-end performance but omits data that are statistical outliers. Marketing materials considered out of bounds by these updated standards could be lurking anywhere across your firm’s digital footprint.

This content can be overlooked easily and cause headaches if you’re asked to account for your marketing materials. Build a checklist to work through all your marketing platforms so that your team can divide and conquer the internal audit process.

Modify Your Policies and Procedures

In addition to reviewing your assets, you must take a second look at your policies and procedures.

The first step is updating your internal policies to reflect the new marketing rules. Ensure your core marketing policies align with the SEC’s regulations. Remove any language that is ambiguous or runs counter to the new guidance. Consider incorporating the actual language from the SEC so your team can see firsthand what’s expected.

Once you have revised your policies, it’s time to adjust procedures to meet these new expectations. Creating checklists for your team can walk them through the new guidelines. Put guardrails in place so a second set of eyes evaluates every new piece of marketing against the SEC’s rules before it goes out the door.

Leaving execution to chance is a surefire way for old habits to creep in and derail attempts to meet new rules. Make it easy for your team to comply by providing them with a clear roadmap for success.

Test Your Team

Once your team has access to new policies and has received training on new procedures, it’s time for them to test their knowledge.

Rather than risking a costly mistake in the real world, use the time you have now–between the announcement of the rule and the expected November 2022 compliance date–to test your team in simulated situations.

Draft quizzes where you ask your team to identify problematic messaging in fictitious email newsletter copy. Write questions that challenge your team to think about what they’d do in a scenario where a colleague skips steps in the content development compliance checklist.

The best way to ensure real-world success is to create a safe space for your team to make mistakes. That’s why tests and drills can be valuable in helping your team learn the ropes of the new rules.

Document Everything

As all CCOs know, the devil is in the documentation. The SEC will not take your word regarding compliance; it expects to see clear documentation of your processes and procedures.

Part of documentation pertaining to marketing is developing a clear system for showing the compliance team has reviewed and approved all marketing materials before release. Creating a system where each approved piece of content receives a compliance code establishes a paper trail for your review process.

Any time the SEC–or any regulatory body–makes updates to policy, CCOs must take note. It’s not a cause for panic, but it is a time to pay careful attention to your firm’s current processes. 

Identify what needs to change, and take explicit steps to make necessary adjustments. Finally, don’t forget the importance of documentation in providing evidence of compliance with any regulation.

If adhering to the new marketing rules feels overwhelming, a comprehensive compliance tool like BasisCode, can help you keep track of the moving parts and hit crucial deadlines. Reach out to schedule your demo today.


What It Means To Be Audit-Ready in 2022

Uncertainty makes people uneasy. The anticipation of an SEC audit–not knowing if and when your firm might face one–is part of what makes it intimidating.

That’s why we advocate for building an audit-ready business. You can’t control if and when the audit comes. But if you’re always prepared to face one, there’s never a need to panic.

What does it mean to be audit-ready in 2022? We’re so glad you asked! We’ve compiled a list of risks the SEC is watching. Here’s what your firm should be thinking about, from outside risks like cybersecurity to internal compliance procedures like gift and entertainment disclosures.

Monitoring Digital Risks

The world grows more digitally-driven with every passing day. Relying on technology makes our lives more seamless, but it also introduces risk.

One significant liability that remains as a result of the pandemic is the one created by work from home. Financial firms have a duty to protect clients’ personally identifiable information (PII). When your team is distributed and information about clients must circulate outside your office walls, there is the threat of bad actors intercepting those communications.

Smart firms are implementing tools that allow their team to communicate safely and efficiently from afar. Virtual private networks (VPNs) are a must for distributed teams. 

Running vulnerability scans and engaging in penetration testing allows you to identify weaknesses in your security before an ill-intentioned outsider can. 

And features like single sign-on (SSO), multi factor authentication, and write once, read many (WORM) storage ensure your team can share PII without risk.

It’s just as vital that you educate your audience about cybersecurity risks. Encouraging your clients to use multifactor authentication and instituting CAPTCHA tools on your client-facing platforms empower your clients to protect their data when it’s in your hands.

Meeting New Expectations

The SEC’s new chair, Gary Gensler, stepped into his role in April 2021. With new leadership often comes new rules and expectations. We’ve already seen shifts in the SEC’s guidance for firms, such as the new marketing rule. And when its exam priorities are released in the coming weeks, we can expect to see the SEC voice additional concerns.

When new rules are handed down, you must shift internal policy and training to meet them. A compliance tool can help you update procedures and distribute them seamlessly to your team.

Training Your Team

The other piece of creating new policies is ensuring your team knows how to act under them. If your team doesn’t understand what complying with new rules looks like, your business is not audit-ready. Here’s where testing and drills come into play.

Compliance officers can design quizzes and mock scenarios to test each employee’s understanding of new guidelines. Drills are a quantitative way to assess your team’s audit readiness, and they allow CCOs to clarify misunderstandings and strengthen policies to address gaps.

Your team is only as strong as your weakest member, so take the time to get everyone up to speed on the compliance issues that can impact your firm.

Investing In Ethics

The SEC expects firms to implement a code of ethics. This document reinforces the importance of acting ethically on behalf of clients and the firm.

One of the SEC’s recent areas of focus has been on the behaviors of individual employees, not only the firm as a whole. To remain audit-ready in 2022, you must create a clear framework around your expectations of employee behavior.

Your gifts and entertainment policy and insider trading rules should be areas of focus. A compliance tool can help you communicate and enforce these policies, while also making the employee disclosure process seamless.

Aligning Compliance With Consumer Trends

ESG and robo-advising are two areas of investing that have gained significant attention from consumers in recent years. As advisors scramble to meet consumer demand, the SEC is taking notice.

Both ESG and robo-advising are new. Therefore, neither has clear regulatory guardrails around it. Expect that to change. As the SEC begins to identify potential risks in these two areas, they will create new guidance to mitigate them. Once the SEC issues a new policy, you must adjust to meet it if you wish to remain audit-ready.

As a compliance officer, it’s your job to stay on top of shifting rules. And when the rules change, you must review your old policies to make sure they meet new requirements. If they don’t, it’s up to you to adjust your approach and let your team know that things are changing.

There will likely be new trends and risks that emerge throughout the year that will catch the eye of the SEC. For compliance professionals who wish to remain audit-ready, it’s not about identifying every potential risk that may appear. It’s about building a system that empowers you to respond quickly to any possible shifts in policy. 

A comprehensive compliance tool like BasisCode helps you with everything from monitoring SEC expectations to setting new rules to ensuring your team is aligned with the latest expectations.

Schedule a Demo to Be Audit-Ready