As I write, I find myself again sitting on a plane traveling home from somewhere on the North American continent. This weekly junket, like all others, was spent visiting clients and speaking at an industry conference. The message: “Compliance need not be burdensome or complex unless advisors make it so,” and far too many advisors still do. Why? For too many, they continue to drink the Kool-aid peddled by various (not all) form shops and consultants with little appreciation for whether the documents they receive actually reflect their operations and limit their liability and responsibility. Similarly, far too many of these documents are a boilerplate minefield for when regulators or plaintiffs’ lawyers call. No area makes this more apparent than the dreaded “policies and procedures.”
Rule 1: Read the documents! If you did, you would realize that they do not apply to your business.
Rule 2: If you find the documents do not apply to your business, you must revise them.
Rule 3: Make sure you do what you say you do in the policies document. Regulators will read your policies and will seek to confirm that you are doing what they say. Far too many manuals are “micro” in scope and content, presenting overly ambitious compliance processes that far exceed what is required, while missing important issues that regulators are now rightfully much more concerned about post-Madoff, such as having a policy or process to maintain the confidentiality of client information relative to those who have access to your offices and information, including internal staff and outside vendors; monitoring of employees’ outside business activities; initial and ongoing due diligence conducted on unaffiliated separate account managers and private fund sponsors; supervision of branch offices and personnel; and the initial and ongoing investment suitability determination.