As SEC-registered investment advisors, one thing private fund managers must do at least once a year is review the firm’s compliance policies and procedures.
For many GPs that only just registered in March, 2012 – which Dodd-Frank required large advisors to do – they’ve only been through this formal compliance review process just once now. So PFM reached out to these firms to ask about what best practices are emerging around the annual compliance review, and heard from some that there are a few things worth considering more in this year’s testing.
At its most basic level, compliance officers say they must first fully understand what is required of them and the firm when conducting the review. That can be a trickier than expected exercise as the SEC provides no clear path for CCOs to follow, but rather suggests the review should be tailored to each firm, stress compliance officers.
However, there are a few key areas every compliance officer considers when putting together the firm’s review process. The SEC says CCOs need to answer specifically: what compliance issues arose during the review and how frequently; how has the firm’s business changed over the past year (for instance new personnel or product lines); how does the compliance officer identify conflicts (and how are they dealt with); and how the firm has responded to any changes in laws and regulations.
The SEC also expects to see compliance officers adopt certain methods to thoroughly test compliance programs: that is, to interview employees, to directly observe different compliance processes and then to test those processes for any weaknesses.
REVIEW TIME
But because the SEC allows firms to conduct bespoke reviews, running these interviews and tests doesn’t necessarily have to be done all in one specified time period.
In fact, compliance officers say best practice is to test individual areas at different times of the year. A rolling routine can be a more efficient way to test compliance because it allows the firm to spread the workload – avoiding busy periods for particular business units – and adapt to constantly changing regulations.
“We don’t have set intervals but it’s driven by what is in the news. So when there were a lot of local elections we had gone in and reviewed everybody’s political contributions to make sure that they had been pre-cleared and reported,” said one US-based compliance officer.
And to better manage the time it takes to complete these reviews, some CCOs are creating spreadsheets that include a matrix of the compliance functions that need to be tested.
“Using the compliance manual, I create different tabs for each compliance procedure in Excel and then assessed each procedure’s risk,” says LeAnn Kilarski, chief compliance officer at Wind Point Partners. “I then created checklists within those tabs to document what procedures are in place for each specific policy, how each is monitored and reviewed each procedures overall effectiveness.”
Kilarski says using a checklist not only enables the CCO to easily keep track of the work they are doing, it also provides somewhere to compile the data they are recording in manageable chunks of time.
“[My compliance team] meets on a monthly basis to go through checklists that include reviewing specific compliance procedures. So for example, if we had a new employee join in the previous month, at this time we would review the on-boarding documentation including the completion of all relevant compliance related forms, the completion of required compliance training and ensuring that the new employee was added to our code of ethics and other tracking processes,” says Kilarski.
SAFETY NET
With regulations constantly changing, especially so in recent years, compliance officers also say it can be best practice to have an outside pair of eyes review the firm’s compliance program. Having a third-party consultant come in once a year can be a “safety net” ensuring that no particular firm function or business activity is overlooked, say sources.
By employing third parties to take another look at the compliance manual, and also suggest best practices they pull from observing a broad range of clients, it also adds “an element of independence to the review”, says the US-based CCO.
“We bring in a third party compliance consultancy firm quarterly and they do a deep dive into a number of specific areas of the compliance manual – so over the year they hit every aspect of the compliance manual,” says John Malfettone, chief compliance officer for Clayton, Dubilier & Rice.
“We use the results of their work with our internal back testing and compose an annual review. I like the compliance consultants to be independent and act as if they were an SEC inspector,” Malfettone elaborates. “We generally agree on what areas and categories they will focus on but they will pretty much work on their own and then we’ll review their findings.”
But not all private fund managers can afford a full sweep of their compliance programs, and some prefer to keep compliance fully in-house. In these instances, CCOs say letting individual business units carry out their own reviews with the CCO’s oversight introduces a degree of independence as long as employees are not reviewing their own work.
HEARTS & MINDS
Involving staffers outside the traditional compliance team will also help show the SEC that the firm is adopting a culture of compliance. One of the SEC’s goals in supervising the private equity industry is to see that compliance officers have a direct line to the firm’s key decision-makers, says Jane Jarcho, one of the SEC’s examination chiefs, who adds that compliance officers should be persistent with managing partners that “good compliance is good business.”
Part of that means presenting the annual review findings to senior partners, perhaps as part of regularly scheduled meetings on firm compliance.
“CD&R has a compliance committee, chaired by the chief executive, where we present the annual review findings. The committee meets on an ad hoc basis but at least once a year,” says Malfettone.
Another chief compliance officer says his team meets every Monday with the firm’s senior professionals to talk about any compliance issues or changes that he has become aware of that may need addressing in the future.
Regular training of the troops is also essential in ensuring that the compliance review process runs smoothly. One CCO adds that segmenting training so that employees only attend what is relevant to their job function helps participant engagement and instills a sense that compliance is part of their core job function.
And without regular training, good compliance practices can easily be forgotten. Some CCOs like to track their employees knowledge of the compliance manual (an essential part of the review process) using questionnaires.
One CCO has compliance software that enables her to send questionnaires out through a shared system, automatically track who has responded and chart results to spot any deficiencies. “I will periodically send out 40 or so questions, with things like ‘have you done any proxy voting that hasn’t been reported?’ Things that they need to be aware of that wouldn’t be top of mind.” And of course spreading out these compliance exercises ensures that these issues do not stay top of mind only once a year.
If you do not receive this within five minutes, please try to sign in again. If the problem persists, please email: