Here are some of the most critical and potentially damaging misconceptions held by compliance professionals.
Registered investment advisers face stringent regulations to make sure they are not engaging in risky behavior such as conflicts of interest, cybersecurity and other governance, risk and compliance issues. And it is getting worse. The Securities and Exchange Commission is planning to increase the number of RIA examiners by 20% in 2016 in a bid to create more oversight for the rapidly growing industry. Within the next 10 years, 8,500 SEC-registered advisers with $24 trillion in assets under management are projected to grow to 12,000 advisers with $65 trillion in AUM in fiscal 2016, according to the SEC. That is a lot of people to ensure are acting compliant and in the best interests of their clients.
With these increasing numbers, RIAs need to make sure that they are managing their riskiest asset: their people. There are many misconceptions regarding the issue of people risk management for RIAs. Here are some of the most critical and potentially damaging misconceptions held by compliance professionals – the kind of denials that say, “It's okay if we do nothing.”
1. “We cover the bases by registering our people and monitoring business transactions.”
The news is full of cases where other companies thought the same thing. In 2015, the SEC filed 807 enforcement actions against firms, citing violations concerning everything from insider trading, faulty allocations and conflicts of interest to the firms' failure to “commit the time, attention and resources to a range of critical obligations in the supervision of registered reps.” That covers a lot of territory, and all of it can be treacherous.
2. “We thoroughly vet our people in our recruiting and hiring processes.”
It's been shown that roughly 50% of applicants have lied on their resumes. Furthermore, it's not always possible to reliably predict a person's behavior when the individual is faced with stress, temptation and opportunities for ill-gotten gain or innocent human error.
3. “We haven't had any audit exceptions or regulatory compliance issues to date, so we have every reason to believe our risk management practices are working.”
No news is not necessarily good news; compliance does not always equal risk management; and the fact that risk has gone undetected does not mean it doesn't exist. Too many firms realized these truths too late. The SEC has promised to assert its presence in emerging areas of first impression and is using new, advanced technologies in its pursuit of rules violations. They're working.
4. “Our company is relatively small. The smaller the organization the smaller the potential risk.”
Unfortunately, size is no indicator of safety, as size can scale management resources not potential risk problems scale much greater. Actually, organizations with fewer employees may face a larger preponderance of risk, since the people are likely to wear many different hats. This can dilute attention to risk management and increase the potential that critical indications of risk are being widely overlooked.
5. “People risk management is a compliance officer's or human resources professional's responsibility.”
False. Regulators consider compliance to be an enterprise-wide endeavor, the responsibility for which extends from the board level to each individual employee. In other words, it's everybody's job.
RIAs face a heavy price for non-compliance and are required to develop a code of ethics, in addition to maintaining books and records of activities. With scrutiny coming so heavily from the SEC, and the potential of third-party examiners looming, RIAs need to protect themselves with an arsenal of tools.
Maintaining an automated compliance program is essential to keeping track of employee activity. As complexity in compliance for RIAs is continuing to explode, firms should rely on technology to monitor trades and potentially illicit behavior. Employees' risky behavior and non-compliant conduct can result in devastating consequences on both a corporate and personal level. Make sure you don't fall victim.
Charles Steerman is vice president at Compliance Science.
