Close Close

Regulation and Compliance > Cybersecurity

‘Top-Down Compliance’ Isn’t Just a Buzzword

Your article was successfully shared with the contacts you provided.

One of the Securities and Exchange Commission’s current important initiatives is employee education. An advisory firm must be able to demonstrate how it educates its staff members on compliance-related matters. Education applies to all firm employees, from the most junior to the most senior, from the mail room to the board room. The firm needs to be able to demonstrate that it has a strong culture of compliance, starting from the top down.

The top, meaning the firm’s senior management team, needs to make clear at a staff meeting, at least annually, that compliance applies to all firm members, including all members of senior management. During that meeting, senior management should also make clear that the chief compliance officer speaks for senior management relative to compliance matters, and that what applies to the most junior staff member also applies to the most senior staff member. By so doing, firm senior management will have successfully empowered the chief compliance officer with the authority required of the position.

Adopting and maintaining this “top-down” approach will demonstrate to the commission during an exam that there is an excellent tone at the top, and that there is a strong culture of compliance at the firm. I know these terms have been bandied about for years, but in the current aggressive regulatory environment, they have been given real import.

So, with the above said, how does an advisory firm demonstrate this “top-down, tone-at-the-top, culture of compliance” approach during a regulatory examination? Here are my recommendations:

  • At the very least, the firm should convene an annual compliance meeting, attendance at which is mandatory for all firm members. There should be an agenda that lists various compliance-related topics that will be up for discussion, including a discussion pertaining to the ever important topics of cybersecurity and business continuity. The agenda discussion topics would generally correspond to topics included within the firm’s policies and procedures, and any additions or amendments thereto. The agenda should conclude with a question-and-answer period to permit staff members to ask questions regarding operational and compliance issues, including any issue pertaining to the firm’s written policies and procedures. There should be a sign-in sheet, which should be retained by the chief compliance officer as part of the firms compliance records.

  • In addition to the annual compliance meeting, the firm should convene regular staff meetings (weekly, monthly or quarterly) at which the chief compliance officer is permitted to address compliance-related issues with the rest of the firm’s members and respond to questions. The chief compliance officer should maintain a record that the meeting was conducted and what compliance-related topics were addressed.

  • The chief compliance officer should make clear at all such meetings that he or she maintains an open-door policy to encourage any staff member to ask compliance-related questions.

  • The firm’s education process should be reflected on the chief compliance officer’s annual review and risk assessment, as well as on the firm’s compliance calendar.

By doing the above, the firm should be able to effectively demonstrate to examiners that it maintains a strong culture of compliance.

— Read “Consumers ‘Crave Trust,’ Concerned DOL Fiduciary Rule Won’t Provide It” on ThinkAdvisor.


© 2023 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.