The annual PEI Private Fund Finance and Compliance Forum in San Francisco brings together key players in the alternative assets compliance arena, and seeks to answer some of the most pressing questions of the moment for those charged with keeping the regulators from knocking on their firm’s door.
More than 150 fund compliance professionals gathered to swap ideas at this year’s event. Here’s a roundup of some of the main issues covered over the course of the conference.
A CCO is there to put compliance measures into place and to keep up with regulatory requirements, but the responsibility for ensuring compliance lies with everyone in a firm. All staff must be kept informed, trained, and feel comfortable calling out any red flags that could result in a compliance breach. But the firm has to operate – it’s an investment firm, not a compliance firm. The compliance program should be built to fit the firm, not the other way around. Don’t be afraid to say no if a compliance measure is going to be too onerous. Find an alternative solution.
There have been many examples of regulation turning out to be less onerous than anticipated, too. The new US debt-equity law, which re-characterizes cross-border intercompany debt instruments as equity for US tax purposes, is a case in point. After delivering some hard-hitting proposals in April this year, the Treasury retreated on some measures due in large part to lobbying by stakeholders.
The revised version, which passed into law in October, is much more palatable for alternative investors and fund managers, as it encompasses far fewer firms. In Europe, meanwhile, the much maligned Alternative Investment Fund Manager’s Directive has proved to be much less of a buzzkill than was expected.
“[AIFMD] is not as bad as people initially thought it would be. It helps to have clear rules about marketing, depositories, and internal controls,” Marco Pierettori, general counsel of InvestIndustrial said at a roundtable hosted by pfm in September.
The devil’s in the detail
Policies can never be too explicit. Fees and expenses policies, for example, should specify exactly what can and cannot be expensed. A consistent travel booking policy, and making sure everyone keeps all receipts for expenses accrued while on a business trip, are key to ensuring transparency when it comes to T&E reporting.
More and more firms are now reviewing their fees and expenses policy, to varying extents, but but the consensus was business travel expenses in particular are being scrutinised at a more granular level.
“We’re encouraging more shared trips, and trying to economise on travel expenses. We need more documentation, we’re tracking more heavily who is paying for what on a trip,” one GP from a US-based lower mid-market private equity firm said.
Policies have also become more explicit, outlining exactly what can and cannot be charged.
“Small details such as the time after which you can expense your laundry are now included. And we also outline what cannot be expensed, massages, movies, that kind of thing,” the GP added.
A second GP said its firm had brought administrative tracking in-house, having previously outsourced it, and was currently reviewing its expenses policy. “The most important thing is to be consistent, and to ensure that the assessment of expenses is repeatable, that the same things are chargeable or not chargeable in the future,” the GP said.
Paper trails are key to a smooth-running Securities and Exchange Commission exam, regardless of the issue being investigated. When conducting valuations, for example, it is essential everyone involved in the process understands how the valuation was reached, and can explain why the process is considered valid. Detail your methodology, and more importantly, ensure that you are following it to the letter.
“Enforcement action was taken against one firm over the use of a valuation model, created by a major company, which had a mathematical flaw,” one auditor said.
“The action was taken because the firm hadn’t demonstrated why it believed in the output of the model, not because it used a model which produced a flawed valuation assessment.”
There is some disagreement was the extent to which the SEC is cracking down on valuation processes, however. Some think there’s not much focus on valuations; rather, they are examined in instances where a firm’s valuations process was deemed a significant risk. Others believe there are many examples of the SEC “deep-diving” on the matter.
But regardless, it is agreed firms must continue to bolster both the process itself and the documenting of the process, regardless of the extent to which they believe the regulator is scrutinising it.
The GDPR is coming
Any private equity firm with EU exposure must begin preparing for the 2018 entry into force of the General Data Protection Regulation now. The EU legislation is more far-reaching than any North American data protection rules, and the penalties for non-compliance or a breach are severe; the equivalent of 4 percent of global annual turnover. Any firm holding data on any customer in the EU will be impacted by the regulation.
US firms have already been warned by the SEC cyberattack is one of the biggest threats to the financial services industry, and there is unlikely to be any let up in exams to make sure firms are meeting their obligations. There is no excuse now for non-compliance.
“The SEC has been issuing guidance via the Office of Compliance Inspections and Examinations over the course of the last few years, and there has been sufficient time for firms to comply with guidance,” Michelle Reed, partner at Akin Gump and co-head of its cybersecurity, privacy and data protection practice, tells pfm.
“Even in the event of a sophisticated attack, if the firm did not have basic controls like access right restrictions and password protections [it] may be deemed [by the SEC] to have inadequate internal controls,” she said.
4 Takeaways for 2017
1 Find an alternative solution if a compliance measure is too onerous
2 Transparency is key when it comes to expenses reporting
3 A paper trail is key to a smooth SEC exam
4 Private equity firms with EU exposure must begin preparing for the General Data Protection Regulation now