Tom Giachetti, chairman of the securities practice group of the securities law firm Stark & Stark in Lawrenceville, N.J., has some words of wisdom for advisors in 2012 regarding compliance: be prepared—first, to answer questions you were never asked before, and second, to explain policies that were never a previous area of concern.
In short, says Giachetti (left), who each month writes the Compliance Coach column in Investment Advisor magazine, "The world has gotten much different post-Madoff."
Those RIA firms remaining under the jurisdiction of the SEC after the "big switch" of smaller advisors to state jurisdiction, he says, will find the agency "asking questions that are new, and … exploring different issues and areas they never have before or in a manner they never did before." Four major concerns for the SEC will have you rethinking how you handled such matters in the past, because the odds are that you will have to change—if you haven't already.
Key SEC Concern No. 1: Confidentiality
At the top of Giachetti's list come confidentiality and privacy. You will find yourself providing confidentiality agreements not just for your staff, he says, but also for vendors, your landlord—in short, anyone with access to your offices. "The SEC wants to know," says Giachetti, "what means you take to make sure the information you get as a fiduciary is secure."
Key SEC Concern No. 2: Branch Supervision
The next area of concern on Giachetti's list will affect firms with branch or satellite offices: the SEC will want to know your procedures for monitoring and supervising those branches. Giachetti says his office provides a checklist, so that main offices "are able to show what they're doing on an ongoing, continuous basis relative to those individuals that provide services from a satellite or branch office."
Key SEC Concern No. 3: Internal Processes
The third big area of concern for the SEC is a new interest in your procedures—or, as Giachetti says, "Show me what you do and why and how you do it. What do you do with a new client, with a new employee?" The SEC will want to see your internal protocols, whether you use a calendar or a checklist, and whether you initiate them at the onset of a relationship with a new employee or client. "It's the responsibility of the firm," he adds, "to indoctrinate the new employee with regard to appropriate policies and procedures they must be aware of: privacy, business continuity, and so forth."
There is a misnomer on the SEC exam, he explains, concerning mandatory training for employees. There is no requirement, he says, but it is incumbent on the firm to have some means of letting employees know proper policies and procedures. He suggests that firms have at least one annual compliance meeting for the discussion of a multitude of compliance topics. Further, everyone should sign in for the meeting. "Take it seriously," he urges.
Key SEC Concern No. 4: Manager Due Diligence