When PFI Advisors is hired to perform an Operational Diagnostic of an RIA, one of the important components of our assessment is a review of the firm’s compliance manual to ensure it matches what is truly occurring at the firm. When we ask firms to send us their compliance manual, many times they question us and say, “No no … we didn’t ask for a compliance review, we need an operational assessment.” and we say, “Great! Can you send us a detailed document that describes the products and services you provide and how you go about ensuring efficient and correct delivery of those services to your clients?” They think about it for a minute and usually say, “Well, that would be our compliance manual.”
In our most recent course inside The COO Society, we detailed the overlap of an RIA’s compliance and operations functions. Rule 206(4)-7 of the Investment Advisers Act is known as the “Compliance Program Rule” and states that all SEC-registered advisors must have formal policies, procedures, internal controls and designated responsible persons for the compliance programs of their organizations. The rule does not detail the specific elements that advisors must include in their policies and procedures, but an adopting release, issued in 2003, states that a firm’s policies and procedures should be reasonably designed to:
- Prevent violations from occurring
- Detect violations that have occurred; and
- Promptly correct any violations
The adopting release also states that at a minimum, an RIA’s policies and procedures should address these specific areas:
- Portfolio Management Processes
- Trading Practices
- Proprietary Trading
- Accuracy of Disclosure
- Safeguarding of Client Assets
- Valuation and Fees
- Business Continuity Plans
While the above list is clearly in the domain of a firm’s compliance department, there is a definite operations component to each of these core areas of an RIA’s back-office functions. While the compliance department implements and monitors these policies, it is the RIA’s operations staff that will be tasked with executing them. During our review of a firm’s compliance manual, we do not opine on whether the correct items are listed (as we are not compliance experts). We do, however, want to ensure that the operations department is performing the tasks that are spelled out in the manual. There is debate on which is a greater sin: having a compliance manual that excludes items relevant to your business and therefore does not address specific tasks that should be occurring, or, having a compliance manual that specifically states, “We do ____ and ____,” but having no operational workflows in place to execute on those stated tasks. Regardless of which is worse than the other, both are liable to embarrass the firm during a routine SEC audit and should be avoided.
We interviewed Chris Winn of AdvisorAssist back in 2019 for our white paper, “A Deeper Look Into The Role of Chief Compliance Officers at RIAs.” Of this overlap between operations and compliance, Chris had this to say, “Compliance is not just about the rules and regulations, but rather enterprise risk management. There is an inherent intersection between compliance and operations. Effective firms integrate operations and compliance in various ways to enhance internal controls and weave risk management into the routine functions of the firm.” Comprehensive risk management is simply good business.
As 2021 comes to a close, we urge operations and compliance teams alike to review your firm’s policies and procedures to ensure that everything stated in your compliance manual applies to the specific products and services you offer your clients. Many RIAs use “off the shelf” compliance manuals and neglect to customize them to their specific business, or, as their business models change over time, RIAs often neglect to update the compliance manual to reflect their new client niche or service offerings. Have you had any employee turnover this year? Make sure all employees listed throughout the manual are still with the firm and are still acting in the same capacity as described in the manual. Equally important, review your firm’s processes and workflows to make sure your operations team is performing each of the tasks descried in the manual. As Matt Calabro of Compliance Solutions Strategies stated in our white paper, “The most important asset of the firm is its reputation, and by having strong processes and culture in place, you uphold that reputation.” It requires collaboration between compliance and operations to ensure that reputation is upheld.
Matt Sonnen is founder and CEO of PFI Advisors, as well as the creator of the digital consulting platform, The COO Society, which educates RIA owners and operations professionals how to build more impactful and profitable enterprises. He is also the host of the popular COO Roundtable podcast. Follow him on Twitter at @mattsonnen_pfi