Making a List and Checking it Twice: Year-End Recap and Checklist for Compliance Officers

December 3, 2020 by ACA Compliance Group

2020 has been no ordinary year. Amidst a global pandemic, a changing geo-political environment, and increased regulatory scrutiny, firms have had to transform how they conduct business, oversee their compliance programs, and maintain operational resilience. Priorities and projects have shifted, technology adoption has increased, and outsourcing has been embraced as firms navigate turbulent markets, the extended work-from-home environment, and regulatory change.

Peter Driscoll, Director of the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE), said during his remarks for the 10th National Compliance Outreach Program, “Compliance officers are on the front lines to help ensure that registrants meet their obligation under applicable securities laws and regulations. We [SEC staff] too are on the front lines and with a similar mission, and in many ways examiners and compliance officers and personnel are two-sides of the same coin. We cannot overstate a firm’s continued need to assess whether its compliance program has adequate resources to support its compliance function. Resources means a lot of different things, including training, automated systems and adequate staff to support firm growth, but perhaps most importantly, it means ‘empowerment.’ Compliance must be integral to an adviser’s business and part of its senior leadership.”

In a recent Risk Alert, OCIE staff observed that advisers had not devoted adequate resources, such as information technology, staff, and training to their compliance programs.

As you look ahead to 2021, here are a few of 2020’s key regulatory and industry highlights that may impact how you prioritize year-end compliance tasks, allocate resources, and plan future initiatives.


The COVID-19 pandemic dominated much of 2020. As the pandemic spread, markets fluctuated, and firms were forced to transition to a work-from-home set-up, regulators and compliance teams alike sprang into action to stay ahead of risk in the ever-changing environment.

COVID-19-related risks are among the highest priorities for regulators globally. The SEC's Division of Enforcement established the Coronavirus Steering Committee to coordinate its efforts with respect to the uncertainties and risks posed by the pandemic environment. In the UK, the Financial Conduct Authority (FCA) has spoken out regarding the need for firms to evolve their surveillance processes alongside the evolving risks of the pandemic.

Firms were forced to quickly evaluate and enact their Business Continuity Plans while regulators issued several alerts highlighting key concerns and issues.

We continue to observe the SEC’s Office of Compliance Inspections and Examinations’ (OCIE) focus on registrants’ response to the pandemic. In certain instances, we have seen OCIE conduct calls with registrants related to the firm’s business continuity, overall COVID-19 response and operational effectiveness, and any known and/or perceived cyber threats or incidents occurring during the pandemic. We have also seen questions on these topics incorporated into more routine exams being conducted by OCIE during the pandemic.

Consequently, we continue to suggest that advisers maintain a COVID-19 operational response log (or matrix) to aid in examination readiness as well as assist in conversations with current and prospective investors. All said, it is important not to neglect other areas of your compliance program as examination teams continue to delve into additional risks unique to each firm.

U.S. Regulatory Rulings, Changes, and Enforcement Actions

Despite the pandemic, regulators have stayed active throughout the year to uphold their mandate to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. In November, the SEC’s Division of Enforcement published their annual report. By the numbers, FY 2020 was a busy year for Enforcement:

  • Brought 715 total enforcement actions
    • 405 “standalone” actions
    • 180 follow-on proceedings based on the outcome of other actions by the SEC, criminal authorities, or other regulators
    • 130 proceedings to deregister public companies that were delinquent in their filings
  • Individuals were charged in connection with 72% of the 405 standalone enforcement actions
  • The SEC brought 17% fewer actions as compared to last year; however, the associated financial remedies were 8% higher than last year and set a new all-time high
    • $3.6 billion in disgorgements
    • $1.1 billion in financial penalties
  • Since the start of pandemic-related lockdowns in mid-March, Enforcement opened 640 inquiries and investigations, over 150 of which were COVID-related
  • Received approximately 16,000 tips, complaints, and referrals (roughly a 71% increase over the same period last year)

In addition, there were several risk alerts, rules, and enforcement actions that may impact how compliance officers think about their compliance programs in 2021.


With the issuance of nine Risk Alerts this year through mid-November 2020, OCIE has been remarkably transparent in communicating expectations on various risks. This transparency often poses challenges for compliance teams that feel compelled to evaluate current processes and procedures against the risks identified by OCIE.

As you dig into the risk alerts, you may determine the need for additional policies, disclosures, or testing in an environment where many compliance teams are resource constrained. And not be outdone by OCIE’s frenetic pace of alerts, the Division of Enforcement has also been busy interacting with advisers through public speeches touting data analysis and technology enhancements as well as various new strategies that have been employed to enable staff attorneys to assess facts and make decisions sooner.

Commodity Futures Trading Commission (CFTC) registrants and National Futures Association (NFA)

Financial Industry Regulatory Authority (FINRA)

Office of the Comptroller of the Currency (OCC)

LIBOR Transition Preparedness

The discontinuation of LIBOR is currently expected to occur after 2021. As one of the most widely used reference rates in the financial markets, the discontinuation of LIBOR is expected to have a significant impact on all aspects of financial services firms’ business. While there are still many open questions about exactly how a post-LIBOR world will look, the time to start preparing for the end of LIBOR is now. Firms should begin to inventory all areas in which there is exposure to LIBOR that will continue past 2021 and develop a roadmap for mitigating those risks ahead of the discontinuation.

For firms registered with the SEC, OCIE announced in June an examination initiative focused on LIBOR transition preparedness for SEC registrants, including investment advisers, broker-dealers, investment companies, municipal advisers, and clearing agencies. The announcement included a sample document request list, which firms can use to assess their preparedness for the transition.

Additionally, the SEC and FCA have published numerous other pieces of guidance on this topic, including:

No Letup in Regulatory Change for UK Firms as Brexit Draws Near

Although the FCA showed some flexibility during the early stage of the pandemic, it has continued to drive forward the main tenets of its regulatory agenda. Aside from ensuring a smooth transition for financial markets at the end of the Brexit transition on 31 December 2020, its priorities focus on the phasing out of LIBOR by the end of 2021, improving the culture inside financial services with the bedding in of its new Senior Managers & Certification Regime (SMCR), and curbing the exploitation of the UK for financial crime. UK-regulated firms should expect no letup in 2021 as the UK develops a new regulatory agenda separate from the EU.

Accelerated Adoption of Technology

COVID-19-related market volatility and risks posed by employees working from home had regulators on high alert across the globe. The SEC, FCA, SFC, and FINRA called out their continuing focus on detecting and punishing insider trading, market abuse, code of ethics violations, and other misconduct.

These increased risks combined with the need to digitize operations and maintain effective compliance in the remote work environment saw firms turning to technology at unprecedented rates. According to industry analyst Greenwich Associates, 58% of firms invested in third-party surveillance technology in 2020, almost double from the same period in 2019. And given regulators kicked off the year by announcing their plans to invest in technology and data to support their supervisory duties, firms who do not embrace technology will find themselves playing catch-up with today’s rapid pace of technological and regulatory change.

A Focus on Building Operational Resilience

Firms are facing a growing number of operational risks, including global pandemics, natural disasters, geopolitical threats, economic crises, and third-party risks like supply chain disruptions. The ability to manage these risks effectively, efficiently, and promptly determines a firm’s level of operational resilience.

Ensuring that risk and compliance functions are resilient is paramount, as regulators and investors expect firms to operate and function as required during these conditions and thereby help the financial system absorb and adapt to them. Private equity firms face similar concerns when acquiring portfolio companies.

In a Risk Alert regarding deficiencies in investment adviser compliance programs, OCIE staff observed that firms had not devoted adequate resources to maintaining or establishing reasonably designed written policies and procedures that would help to ensure operational resilience. As a result, weaknesses and deficiencies were found across due diligence processes, third-party oversight, marketing, surveillance of trading practices, cybersecurity, and client safeguards for privacy. Additionally, advisers also had not tested their Business Continuity Plans (BCP) and did not update their BCPs to reflect new contacts and responsibilities for each area.

The 2020 GIPS® Standards

The effective date to claim compliance with the 2020 Global Investment Performance Standards (GIPS) is December 31, 2020. Throughout the year, many firms have worked to implement the new standards which represent the most significant changes since the 2010 edition of the GIPS standards went into effect on January 1, 2011.

What You Can Do

Compliance Officer Year-End Checklist

With the above and other upcoming developments in mind, it’s time to make your year-end checklist (and check it twice!) as you work to meet your 2020 obligations and head into 2021 with confidence. Download our checklist below to use as a guide to ending the year strong.

Download U.S. Checklist                   Download European Checklist

Tune in to Our Upcoming Webcasts

Implications of the Election on the Regulatory Agenda
December 8, 2020 | 11:00 AM EST / 4:00 PM GMT

With the upcoming change in political leadership there is likely to be a shift in policies and priorities. Join ACA Compliance Group Chief Services Officer, Carlo di Florio and several guest speakers as they take a look at the currently proposed policy shifts, the implications of those policies on financial services firms, and what firms should know and prepare for in the year ahead. Register here.

Compliance Year in Review
December 15, 2020 | 11:00 AM EST / 4:00 PM GMT

Join us for our annual Compliance Year in Review webcast on December 15, 2020 at 11am ET. ACA Compliance Group's Michael Abbriano, Director, Michelina Cuccia, Director, and Ian Rivera, Senior Principal Consultant will share SEC compliance developments from 2020, and discuss what to expect in 2021. Register here.


If you have questions about these updates or would like more information about how ACA can help enhance or strengthen your compliance program in 2021, please reach out to your ACA consultant or contact us here.