Advisers and Funds
On January 31, 2012, the SEC held its Compliance Outreach Program National Seminar, a reboot of the former CCOutreach program. Carlo di Florio, Director, Office of Compliance Inspections and Examinations, opened the seminar by addressing the name change, stating the intent is to broaden the reach of the program and extend the dialogue to include key executives and senior management. Ensuring key executives and board members support the roles of compliance and risk management served as one of the major themes of the seminar.
In addition to considering whether a firm is complying with a particular law or has appropriate processes in place, the SEC also wants to confirm organizations have a real commitment to compliance, ethics and risk management, with key executives setting the tone at the top.
Other key takeaways include:
- There is no one-size-fits-all, off-the-shelf compliance program that will work in every instance. Firms must tailor their Compliance programs to fit their particular organizational needs and risk profiles.
- To test whether firms have a real culture of compliance, the SEC has been increasingly engaging senior management and board members in its examination and monitoring processes.
- Compliance does not end with the CCO, and firms need to ensure they provide Compliance with authority and resources sufficient to meet their objectives.
- Firms need to have ďescalation pathsĒ in place to ensure compliance and risk issues make it to the CEO or Board when necessary.
- The SEC is moving away from fixed exam teams. Instead, examiner groups are tailored to the particular firm being examined and will include examiners with relevant specialized experience or knowledge.
- Three aspects of a good compliance program:
The SEC wants to engage in a dialogue with firms, particularly outside the examination context, and are periodically asking firms to contact them with questions.
Conflicts of interest and custody remain a focus of the SEC.
- Identify areas of risk;
- Adopt and implement policies and procedures designed to address those risks;
- Continually review how risks are being addressed.