With the holiday season here and year-end looming, the pressure is mounting to cross those final compliance to-do’s off the list and finish the year strong.
2018 has been filled with a number of regulatory updates and industry developments that may impact how year-end compliance tasks are prioritized and 2019 initiatives are set, including:
Regulatory rulings and changes
- The SEC’s OCIE issued Risk Alerts regarding their continued commitment to examining matters important to retail investors, including mutual funds and ETFs.
- The OCC indicated AML will be a focus on its list of FY 2019 annual priorities for OCC-regulated banks.
- The MSRB published a revised set of FAQs regarding the application of MSRB Rule G-40 to advertising by municipal advisors.
- The FCA outlined a number of observations relating to market abuse surveillance, serving as a reminder to firms to review their existing policies, systems, and controls in this area.
- The SFC Fund Manager Code of Conduct (FMCC) went into effect for fund managers with operations in Hong Kong.
- Regulators in both the U.S. and U.K. continued to focus on electronic communication oversight programs, which is likely increase in 2019.
- The OCIE released a Risk Alert regarding the most common deficiencies cited in recent examinations of advisers’ compliance with their best execution obligations.
- The FCA published papers on the extension of its Senior Managers and Certification Regime, whose purpose is to create a "culture of accountability" at all levels within regulated firms.
- Digital assets, such as cryptocurrencies and other virtual coins and tokens, were a hot topic, receiving attention from several U.S. regulatory agencies such as the SEC, CFTC, and FINRA.
- The SEC provided clarity and potential relief regarding one of 2017’s more controversial and debated regulatory updates on inadvertent custody.
- The SEC voted to adopt amendments to Forms N-PORT and N-1A regarding the reporting and disclosure of liquidity information by open-end investment companies.
- As of June, registered investment companies are required to file Form N-CEN with the SEC on an annual basis, replacing the semi-annual census reporting on Form N-SAR.
- FinCEN’s Customer Due Diligence Rule (Ultimate Beneficial Ownership) went into effect in May, requiring all registered financial institutions to obtain identifying information from individuals controlling 25% or more of a company holding a corporate account.
- The Small Business Credit Availability Act (“SBCAA”) was passed and signed into law as part of the Consolidated Appropriations Act, 2018. The changes made through the SBCAA are the most substantial regulatory changes to affect BDCs in years and are widely regarded by the industry as a boon for growth.
- The SEC’s Division of Enforcement announced the Share Class Selection Disclosure Initiative.
- California passed a sweeping data privacy law, the California Consumer Privacy Act (“CCPA”) that will go into effect on January 1, 2020.
- The European Union’s General Data Protection Regulation (GDPR) entered into force in May.
- The release of the Exposure Draft of the 2020 Global Investment Performance Standards (GIPS®) forced firms to assess how the new requirements will impact their business from marketing and operational perspectives.
- UK firms have begun preparing contingency plans for a Brexit deal as the March 2019 deadline looms ahead.
What You Can Do
With the above and other upcoming developments in mind, ACA recommends that compliance professionals take the following into consideration as they work to meet their 2018 compliance obligations before year end as well as plan for 2019. We’ve developed the following checklist to help guide you through the key areas to consider as you head into 2019.
- Personal Trading
Rule 204A-1 under Investment Advisers Act of 1940 (the “Code of Ethics Rule”) is a cornerstone of every registered investment adviser’s compliance program. Take a look at how you’re managing risk and delivering on your business goals this year. Learn more about personal trading best practices and how RegTech can evolve your approach to code of ethics and personal trading compliance.
- Surveillance Analysis
If applicable to your firm, review all surveillance reports to identify new risk areas and emerging trends that should be further investigated and monitored in 2019. Determine whether your firm has adequate resources to conduct effective surveillance. Gain deeper insight on developing a 21st century trade surveillance program and adopting trade surveillance technology.
- Compliance Testing
Ensure that necessary compliance testing is completed before year end. Revisit your annual compliance program review results and internal risk assessments and incorporate these into the development of your 2019 testing plan. Consider centralizing your compliance testing in 2019 with compliance program management technology.
Review your cybersecurity risk assessment and work with your IT team or provider to ensure all critical items have been addressed. Develop a plan for further improvements in 2019. To get started reference these key considerations for building a strong cyber compliance program and review these 4 ways to test your company’s security controls.
- Staff Compliance Training
Arrange for employees to receive compliance and cybersecurity training. Budget for and schedule continuing education and training for yourself, your compliance colleagues, and the broader staff in 2019. Learn more about online and in-person training opportunities.
- Vendor Due Diligence
Complete due diligence on key vendors. Revisit and set plans to refresh vendor diligence throughout 2019. Use this 6-step approach to take control of your vendor risk, and consider outsourcing the vendor management process in 2019.
- Regulatory Filings
Confirm that all filings have been made in an accurate and timely manner or are on track to be submitted as required. Ensure you are prepared to meet any enhanced filing requirements. Review the Q4 regulatory reporting deadlines, sign up here to receive our 2019 Regulatory Filing Calendar, and consider streamlining this process in 2019 with a reporting technology solution.
Complete year-end compliance reporting obligations. Ensure that all required reporting to senior management, clients, investors, and others have been completed or are scheduled to be completed.
- Marketing Reviews
Conduct reviews of websites, social media, and marketing materials to ensure all information continues to be accurate and accompanied by necessary disclosures. Make updates to your disclosure and privacy statements used in client communications and marketing. Be aware of these common marketing pitfalls for Investment Advisers. Consider adopting a marketing review solution in 2019 to streamline this process.
Revisit calculations for performance information appearing in marketing materials and advertisements. Take a look at these GIPS® marketing best practices as well as these pitfalls and best practices for presenting third-party performance.
Review anti-money laundering practices in light of best practices and protocols. Explore how to better leverage analytics and automation in 2019. Listen to these tips on improving and simplifying financial crime detection.
- Regulatory Inspection Preparation
Review all exam summary letters and responses and confirm that all representations made to regulatory authorities have been adhered to. Ensure preparations have been made for regulatory inspections that may occur in 2018. Request a copy of the SEC’s information request list and learn more about mock regulatory inspections.
- Compliance Budget
Complete your compliance budget for 2019. Review your firm’s business plan for additions of or changes to business lines, products, services, and headcount, among other things. Take into account all resources needed to enhance current processes, implement new technologies and protocols, and increase efficiencies. Build a strong foundation and enhance your budget with these budgeting tips from former regulators and CCOs.
- Staffing and Resourcing
Consider whether 2019 will require additional resources relative to 2018, and establish coverage plans for employees expected to take short-term or long-term leave (maternity, paternity, medical, travel, etc.). If needed, review options for secondment or outsourced tasks in their absence. Learn more about secondment and outsourcing solutions.
- Compliance Calendar
Add 2019 dates for regulatory filings, trainings, testing, surveillance, reporting, and conferences to your calendar. Consider centralizing these tasks with a compliance program management solution, and sign up here to receive our 2019 Regulatory Filing Calendar.
Join us on Thursday, January 10 at 11am ET for a live webcast The Compliance Year in Review. You’ll hear from ACA Compliance Group’s Lynne Carreiro and Erik Olsen about 2018 trends and developments and what to expect in 2019. Register here.
For questions on completing end-of-year tasks or to learn more about how ACA can assist please contact your regular ACA consultant or Kelly Santos at email@example.com for more information.
About the Author
Sean McKeveny rejoined ACA in September 2014 to support the launch of ACA’s Analysis and Review Center (“ARC”) in Pittsburgh. Sean had previously worked as a Compliance Analyst in ACA’s Morristown, New Jersey office. After spending three and a half years in Pittsburgh, Sean returned to Morristown, where, as a Principal Consultant, he oversees select ARC projects, provides support during mock exams, and serves as a practice specialist supporting sales and business development initiatives for ACA’s business process outsourcing segment. Sean earned his Bachelor of Science degree in Business Management (summa cum laude) from the University of Scranton. He also holds the Claritas Investment Certification issued by the CFA Institute and a graduate certification in Strategic Decision and Risk Management from Stanford University.