Body of Knowledge

A well-defined compliance program must be manageable, enforceable, understandable, and capable of being adequately supervised by current management teams.  Many firms inadvertently violate regulations and increase their own overall risk potential by implementing compliance programs that do not properly accommodate the firm’s management style, business limitations, or client needs. Of equal importance is the ability to impart a sense of employee ownership and accountability.

Compliance programs must be fluid and frequently reassessed to ensure continued firm relevance and regulatory applicability.  A primary component of this process is to assign risk levels, test written procedures, conduct educational sessions, encourage complete support from senior management and provide ideas that make complying with the program easy and doable for all employees.  Actively managing and periodically revisiting and revising compliance programs is key to successful firm growth and expansion regardless of whether a company is young or a mature enterprise.

The following readings provide additional insight into controls and best practices that will assist compliance personnel with creating and maintaining effective ongoing compliance programs.

 

Readings

1.

“Emerging Approaches to Managing Global Compliance Programs”
Corporate Executive Board, Compliance and Ethics Leadership Council, January 2005
2.

“The Vital Role of Effective Comprehensive Compliance Controls at Broker-Dealers", Remarks before the Bond Market Association's Ninth Annual Legal and Compliance, Mary Ann Gadziala,Associate Director, Office of Compliance Inspections and Examinations; U.S. Securities and Exchange Commission, February 4, 2004
3.

“Put the Compliance Rule to Work: IA Compliance Best Practices Summit”, Lori A. Richards, Director, Office of Compliance Inspections and Examinations, U.S. Securities and Exchange Commission, March 15, 2004

 tab500
4.

“Compliance Programs: Our Shared Mission – IA Compliance Best Practices Summit" Remarks before the Investment Adviser Compliance Best Practices Summit,Lori A. Richards, Director, Office of Compliance Inspections and Examinations; U.S. Securities and Exchange Commission, February 28, 2005
5.

“Compliance Function at Market Intermediaries”, Technical Committee of the International Organization of Securities Commissions, April 2005
6.

Compliance: Some Core Principles By Lori Richards, Director, Office of Compliance Inspections and Examinations; U.S. Securities and Exchange Commission, Remarks before the National Regulatory Services' Twentieth Annual Spring Compliance/Risk Management Conference, April 20, 2005
7.

“Investment Adviser/Investment Company Compliance Programs (Small Firm)” By Terrance J. O’Malley, Schulte Roth and Zabel LLP, Prepared for the 2005 NSCP National Membership Meeting (pages 1-6 only plus cover page),October 24, 2005
8.

“Remarks before the SIA Compliance and Legal Division Member Luncheon”, Annette L. Nazareth, Director, Division of Market Regulation, U.S. Securities and Exchange Commission, July 19, 2005
9.

“Designing, Writing and Implementing Internal Controls”, NSCP Workshop IX (d), 2005 NSCP National Membership Meeting, Jerry Danielson, Lincoln Financial Group; Michael Burton, Ameriprise Financial, Incorporated; October 26, 2005
10.

Written Supervisory Procedures Review Checklist, NASD, Revision Date 5/2/06
11.

“Trends in Risk Management and Corporate Governance”, At the Financial Managers Society Finance and Accounting Forum for Financial Institutions; Susan Schmidt Bies, Governor, The Federal Reserve Board; June 22, 2004
12.

“White Paper on the Role of Compliance”, Securities Industry Association, Compliance & Legal Division, July, 2005
13.

“IA/IC Compliance Programs (Large Firm)”, NSCP Workshop I (d), Compliance Programs; David R. Kowalski,Senior VP, Chief Compliance Officer, Janus Capital group; 2005 NSCP National Membership Meeting, October 24, 2005

Every test question on NSCP's certification examination must be referenced to a valid, credible, and current resource. In addition to the aforementioned resources noted by the CDC, the Test Development Committee, during the item writing process, also referenced the following:

  • NASD NOTICE TO MEMBERS 99-57
  • NASD NOTICE TO MEMBERS 98-96

 

Learning Objective

Compliance program management is more than maintaining the required documentation – an effective compliance program can make good business sense.  Firms without effective compliance program management risk serious legal defense costs and financial sanctions.  At the same time a systemic culture of compliance can enhance a firm’s reputation and help avoid compliance failures that could threaten its continued existence.

Learning Outcomes

“Emerging Approaches to Managing Global Compliance Programs”
After reading this document, candidates should be able to:

  • describe the three most common organizational structures for a global compliance program. (Knowledge and Comprehension)
  • compare the two types of compliance frameworks that companies typically create when expanding compliance programs globally. (Application and Analysis)
  • assess the two general methods the Council observed for performing a global compliance risk assessment.  (Synthesis and Evaluation)
  • summarize methods used by multinational companies to stay abreast of and monitor changing regulations in each country of operation. (Knowledge and Comprehension)

“The Vital Role of Effective Comprehensive Compliance Controls at Broker-Dealers
After reading this document, candidates should be able to:

  • list the five areas the SEC evaluates when performing a comprehensive compliance examination of broker dealers within an enterprise.  (Knowledge and Comprehension)
  • explain how the examiners assess compliance in each of these areas.  (Application and Analysis)
  • list the six primary deficiencies and weaknesses that have been noted during comprehensive compliance exams. (Knowledge and Comprehension)
  • describe how these deficiencies should have been addressed by effective compliance controls.  (Application and Analysis)

“Put the Compliance Rule to Work: IA Compliance Best Practices Summit
After reading this document, candidates should be able to:

  • list the four basic requirements of the “Compliance Rule” adopted by the SEC in December 2003. (Knowledge and Comprehension)
  • list and provide examples for the ten areas where the Commission expects that advisory firms and investment companies will have policies and procedures to comply with the Rule.  (Knowledge and Comprehension)
  • list and provide examples of the eight additional areas the Commission expects investment companies, their funds’ or advisors’ policies to include.  (Knowledge and Comprehension)

“Compliance Programs: Our Shared Mission – IA Compliance Best Practices Summit”
After reading this document, candidates should be able to:

  • discuss the four characteristics that should be incorporated into an “activist” compliance program.  (Knowledge and Comprehension)

“Compliance Function at Market Intermediaries
In the course of presenting topics for discussion and consultation, this IOSCO report lists the following six core principles to be considered by all market intermediaries and their regulators with regards to the compliance function:

Establishing a Compliance function Principles

  • Each market intermediary should establish and maintain a compliance function
  • The role of the compliance function is to identify, assess, advise on, monitor and report on a market intermediary’s compliance with securities regulatory requirements and the appropriateness of its supervisory procedures.

Role and Responsibilities of the Board of Directors or Senior Management Principles

  • The board of directors or senior management is responsible for the firm’s compliance with securities regulatory requirements
  • The board of directors or senior management should establish and maintain a compliance function, and compliance policies and procedures designed to ensure compliance with securities regulatory requirements. The board of directors or senior management should assess whether the compliance policies and procedures are being observed and are appropriate on an on-going basis.

Independence and Ability to Act Principle

  • The compliance function should be able to operate on its own initiative, without improper influence from other parts of the business, and should have access to and should report to the board of directors or senior management.

Qualification of Compliance Personnel Principle

  • Staff exercising compliance responsibilities should have the necessary qualifications, experience and professional and personal qualities to enable them to carry out their duties effectively.

Assessment of the Effectiveness of the Compliance Function Principles

  • Each market intermediary should periodically assess the effectiveness of its compliance function.
  • In addition to any internal evaluations, the compliance function should be subject to periodic review by independent third parties, such as the intermediary’s external auditors, SROs or regulators.

Regulators’ Supervision Principles

  • Regulators’ supervision of market intermediaries should include the assessment of the compliance function, taking into account the intermediary’s size and business.
  • Regulators should take steps to encourage market intermediaries to improve their compliance function, particularly when the regulators become aware of deficiencies. In addition, regulators should have the authority to bring enforcement actions, or other appropriate disciplinary proceedings, against market intermediaries relating to their compliance function.

After reading this document, candidates should be able to:

  • discuss strategies (means) for implementing these principles.  (Synthesis and Evaluation)

Candidates are NOT responsible for the material in this reading covering how different countries approach these principles.  Candidates are also not responsible for topics 7 and 8 in this reading.  While cross-border issues and outsourcing the compliance function are important, they are not covered in sufficient depth in this reading.

Compliance: Some Core Principles
After reading this document, candidates should be able to:

  • discuss potential pitfalls for a compliance program in implementing IOSCO’s third core principle – that the compliance function operate on its own initiative and fifth core principle – that their effectiveness of compliance programs be assessed periodically and be subject to review by independent third parties.

“Investment Adviser/Investment Company Compliance Programs (Small Firm)
After reading this document, candidates should be able to:

  • discuss how an effective compliance management program would implement the following three elements in a registered investment adviser/investment company: (Application and Analysis)
    • a designated chief compliance officer who is competent, knowledgeable and empowered
    • written compliance policies and procedures
    • periodic assessments of the adequacy and effectiveness of the compliance policies and procedures
  • identify the ten areas that a registered investment advisor should address in its written compliance policies and procedures.  (Knowledge and Comprehension)

 “Remarks before the SIA Compliance and Legal Division Member Luncheon
After reading this document, candidates should be able to:

  • discuss strategies available to a compliance program for addressing conflicts of interest in proprietary trading and fixed income.  (Application and Analysis)
  • identify the risks and the risk management strategies available to prime brokers for hedge funds to manage the primer broker’s exposure.  (Application and Analysis)

“Designing, Writing and Implementing Internal Controls
After reading this document, candidates should be able to:

  • define internal controls. (Knowledge and Comprehension)
  • describe the five steps in establishing internal controls. (Knowledge and Comprehension)

Written Supervisory Procedures Review Checklist
The Written Supervisory Procedures Checklist (“WSP Checklist”) is an outline of selected key topics representative of the range of business activities typically proposed by applicants seeking approval to become NASD members or to expand their existing securities business under the NASD Membership and Registration Rules. As part of the application process, applicants are required to submit a completed WSP Checklist, together with a copy of their Written Supervisory Procedures (“WSPs”). NASD staff reviews the checklist and the WSPs in conjunction with its determination of whether the applicant meets the standards for admission specified in NASD Rule 1014(a).

After reading this document, candidates should be able to:

  • identify policies and procedures that need to be documented

“Trends in Risk Management and Corporate Governance
After reading this document, candidates should be able to:

  • discuss the following three best practices of internal controls and operational risk management identified in this reading: (Knowledge and Comprehension)
    • Adopt a recognized internal control framework that works for the bank [firm]
    • Adopt a program for independently assessing the effectiveness of internal controls at least annually
    • Adopt a framework for assessing operational risk
  • identify and explain thefive elements of COSO’s internal control framework. (Synthesis and Evaluation)

“White Paper on the Role of Compliance
After reading this document, candidates should be able to:

  • list and describe the thirteen roles of the Compliance Department. (Knowledge and Comprehension)
  • analyze the overlaps and complements of Compliance and other groups such as Internal Audit, Lines of Business, regulators, etc. (Application and Analysis)
  • distinguish between the Compliance Department’s and senior management’s and business line supervisors’ responsibility for ensuring compliance with rules, laws, and regulations. (Synthesis and Evaluation)

“IA/IC Compliance Programs (Large Firm)
After reading this document, candidates should be able to:

  • describe the purpose and goals of a risk assessment process. (Knowledge and Comprehension)
  • list the eight steps in a risk assessment process
  • define the following main considerations for determining a preliminary risk rating:
    • strategic importance
    • likelihood of an error and its possible impact on the organization
    • effectiveness of controls tested in the past. (Knowledge and Comprehension)
  • describe how the preliminary risk rating is modified by the remaining steps in the process. (Application and Analysis)