With only 19 business days left in the year, the pressure is mounting to cross those final compliance to-do’s off the list and finish the year strong. 2017 has been filled with a number of regulatory and industry developments that may impact how year end compliance tasks are prioritized and 2018 initiatives are set, including:
- New SEC Chairman Jay Clayton emphasized the SEC’s commitment to expanding technology initiatives, including the use of data analytics and surveillance tools designed to identify high risk activity and detect suspicious behavior.
- The FCA identified cybersecurity as a top risk in its 2017/2018 Business Plan.
- FINRA issued a Regulatory Notice on social media and business communications.
- The New York State Department of Financial Services (“DFS”) issued a Final Rule for Regulation 504 requiring regulated institutions to maintain transaction monitoring and filtering programs.
- New York State DFS cybersecurity regulation 23 NYCRR 500 went into effect.
- FinCEN issued Advisory statements on Venezuela and real estate investments.
- The SEC issued a Risk Alert on cybersecurity and established a Cyber Enforcement Unit.
- The SEC’s Office of Compliance Inspections and Examinations published a Risk Alert on advertising.
- Form ADV amendments went into effect.
- The GIPS® 20/20 Consultation Workpaper was issued and investor demand for transparency increased.
- The European Commission and the SEC issued guidance on compliance with MiFID II.
- Regulators increased requests for trade data as part of investment adviser exams.
- FCA Director of Market Oversight Julia Hoggett commented on the FCA's expectation of compliance with the Market Abuse Regime (“MAR”) surveillance technology requirement.
- The SEC’s National Exam Program examined 15% of registered investment advisers in FY2017, the highest percentage in over 10 years. Additionally, surprise examinations came back into vogue in the Boston region. Examinations are expected to increase in 2018 as well.
What You Can Do
With the above and other developments in mind, ACA recommends that compliance professionals take the following into consideration as they work to meet their 2017 compliance obligations before year end as well as plan for 2018:
- Surveillance Analysis
Review all surveillance reports to identify new risk areas and emerging trends that should be further investigated in 2017 and monitored in 2018. Determine whether your firm is adequately resourced to conduct effective surveillance in 2018. Learn more about surveillance technology here.
- Compliance Testing
Ensure that necessary compliance testing is completed before year end. Revisit your annual compliance program review results and internal risk assessments and incorporate these into the development of your 2018 testing plan.
Review your cybersecurity risk assessment and work with your IT team or provider to ensure all critical items have been addressed. Develop a plan for further improvements in 2018. Learn more about cybersecurity preparedness here.
- Staff Compliance Training
Arrange for employees to receive compliance and cybersecurity training. Budget for and schedule continuing education and training for yourself, your compliance colleagues, and the broader staff in 2018. Learn more about cyber awareness training.
- Vendor Due Diligence
Complete due diligence on key vendors. Revisit and set plans to refresh vendor diligence throughout 2018. Learn more about vendor due diligence.
Confirm all filings have been made in an accurate and timely manner or are on track to be submitted as required. Ensure you are prepared to meet the enhanced filing requirements for Form ADV. Learn more about required regulatory filings here.
Complete year-end compliance reporting obligations. Ensure that all required reporting to senior management, clients, investors, and others have been completed or are scheduled to be completed. Learn more about reporting technology solutions here.
Conduct reviews of websites, social media, and marketing materials to ensure all information continues to be accurate and accompanied by necessary disclosures. Make updates to your disclosure and privacy statements used in client communications and marketing. Learn more about marketing and advertising requirements here.
Revisit calculations for performance information appearing in marketing materials and advertisements. Learn more about independent performance reviews here.
Review anti-money laundering practices in light of best practices and protocols. Explore how to better leverage analytics and automation in 2018. Learn more about anti-money laundering analytics here.
- Regulatory Inspection Preparation
Review all exam summary letters and responses and confirm that all representations made to regulatory authorities have been adhered to. Ensure preparations have been made for regulatory inspections that may occur in 2018. Learn more about mock regulatory inspections here.
- Compliance Budget
Complete your compliance budget for 2018. Review your firm’s business plan for additions of or changes to business lines, products, services, and headcount, among other things. Take into account all resources needed to enhance current processes, implement new technologies and protocols, and increase efficiencies. Learn more about planning your compliance budget here.
- Staffing and Resourcing
Establish coverage plans for employees expected to take short-term or long-term leave (maternity, paternity, medical, travel, etc.). If needed, review options for secondment or outsourced tasks in their absence. Learn more about secondment and outsourcing solutions.
- Compliance Calendar
Add 2018 dates for regulatory filings, trainings, testing, surveillance, reporting and conferences. Consider whether 2018 will require additional resources relative to 2017. Sign up here to receive our 2018 Compliance Calendar.
For questions on completing end-of-year tasks or to learn more about how ACA can assist please contact your regular ACA consultant or Kelly Santos at firstname.lastname@example.org for more information.