Posts in

Financial Services

Compliance 101 for Banks
Dec 2, 2020

The purpose of compliance in banking is to detect and prevent any abnormality, criminality, and noncompliance in the bank’s functioning. Banks must operate with integrity and follow regulations, internal policies, and applicable laws.


Every bank should have a compliance division. The division will make sure that the bank cooperates with all the laws and helps in upholding the reputation of the bank. The division should begiven the duty to oversee the bank’s actions, recognize and examine the areas of risk, evaluate the bank’s plans and strategies' suitability, and provide the remedy to risks.

The compliance functions should ensure that the bank’s transactions are transparent and in conformance with the policies. They should have checks in place to prevent any non-compliant acts, especially legal issues, and identify compliance risks and ways to mitigate them.

Banking Laws and Regulations

The United States has a dual banking structure. Dual banking structure means that the United States banks can be regulated by one of the 50 states or by the federal government. Every bank must have a federal manager. The United States has a complex administrative system that has several federal administrative offices.

Here are two bank administrative offices:

The Board of Governors of the Federal Reserve System: This is the main banking structure of the United States and manages the U.S. pecuniary plan.


The Federal Deposit Insurance Corporation: This is the main administrator for those state-chartered banks who are not apart of the Federal Reserve System.


Here are some of the banking acts that were passed to manage regulatory aspects:

  • The National Bank Act 1863
  • The Federal Reserve Act 1914
  • The Banking Act 1933
  • The Bank Holding Company Act 1956
  • The Bank Secrecy Act 1970
  • The International Banking Act 1978

Compliance Function in Banks 

The board of directors of the bank is in charge of supervising the administration of compliance risk for the bank. When the board decides on a compliance plan, they must include a compliance function in the form of an official long-lasting and operative contract.


Every year the board of directors must check if the bank is supervising compliance risk diligently. The bank's compliance plan will not be operative if the board of directors does not encourage the principles of nobility and uprightness all over the company.

The senior management of the bank is in charge of administering the compliance risk of the bank. The management needs to set up and pass on a compliance plan, ensure it is obeyed, and report to the board of directors on the administration of the bank's compliance risk. The senior management is also in charge of setting up a lasting and operative compliance function in the bank as a section of the bank's compliance plan.

Challenges of Regulatory Compliance Management in Banks 

The compliance attempts of the bank are concentrated on an established governance, risk, and compliance (G.R.C.)function. Because of that, banks haven’t been able to construct modern capacities necessary for fighting back arising compliance risks. 


The administration of compliance is not totally connected to the bank's policy-making procedure. Banks use a compliance sign-off method rather than using a preventive defense approach. G.R.C. programs are controlled in a clumsy way, which leads to irregular executions. 


Compliance I.T. execution attempts focus only on the primary compliance instructions and don’t provide any focus towards the longevity features. This gives rise to unusual ‘quick fixes’ that enlarge the later complexity and decrease flexibility.

Best Practices Of Banking Compliance

Compliance functions make sure that the banks work with honesty and follow the rules and regulations. A powerful compliance function reduces risks that are connected to wrongdoings, money manipulation, and other risks. 

Here are some of the best practices for banking compliance:

1. Up-to-date technology

Upgrading banking technology can help not only the company but also the consumers. Procedure advancements can supply consumers with superior financial protections at the user level. The technology will have to develop if the consumer base becomes bigger.

2. Managing compliance

Banks must try and automate compliance processes, to ensure they don’t fall behind on their regulatory responsibilities. The compliance function in the bank is responsible for ensuring all employees are aware of their roles in maintaining compliance. There are also several tools such as VComply that provide banks with risk-based alerts, so they can deal with concerns before they become an issue.

3. Get all departments on the same page

When physical actions have been replaced with automation, then the banks should take a long term view and tackle exterior risks. It's essential for each member in a bank to be aware of all the rules and how they must be dealt with.

Banking Compliance Strategic Plan

There are eight necessary components for an efficient compliance structure in banking:

1. Administrative Level Management

The Board must make sure that the bank has a Compliance Plan. The Senior Management should form and manage the Compliance Program and the Chief Compliance Officer (CCO) must be the Senior Officer of Compliance.

2. Compliance Framework

The compliance framework should be developed in three important zones: governance, committed capital, and imposition of schemes and strategies.

3. Schemes and Strategies

The bank must have up-to-date schemes and strategies which comply with the rules and regulations.

4. Observation and Evaluation

The compliance plan should be observed and evaluated all the time.

5. Management Information Systems and Accountability

Banks should account for everything to keep a tab on: crucial matters and administration problems, execution, and reliable deployment and exchange of data.

6. Coaching

A good compliance structure is only possible if the entire personnel is well-educated on how to sustain a strong compliance plan.

7. Compliance Analysis

An individualistic analysis must be done to ensure that the compliance-risk reduction instruments are working as expected.

8. Working Together with Supervisors

Banks should work together with the supervisors by providing them with regulatory documents and responses on draft plans. 

Banking Regulatory Compliance Checklist

Here's a quick checklist for banks to create their own compliance and regulatory framework: 

1. Assign Responsibility of the Compliance Structure

Every division should take responsibility for the compliance structure and should be held responsible if something goes wrong. The division that produces the risk should deal with that risk as well.

2. Recognize and Deal with Risks

Even after a bank recognizes and provides controls to risks, there might be additional risks to consider. Banks can deal with these risks by avoiding them, accepting them, transferring them or mitigating them.

3. Use Integrated Risk Management

Integrated risk management helps banks set up schemes and strategies. These are backed by risk-aware ways to better policy-making and work.

4. Oversee Development 

Schemes and strategies should not be deployed on a set-it-and-forget-it basis. Banks should regularly conduct audits and reviews to see if their compliance strategies are bringing the results expected.

Wrapping Up

As with any other business, banks have a set of rules and regulations to abide by too. The failure to keep up with the se can result in heavy penalties and increased risk for banks. 

We hope this article provides you with enough information to set up your banking compliance policy. 

If you're looking to manage banking compliance in a simple and efficient way, we'd recommend you checkout GRC software by VComply.

VComply Editorial Team
Read More
What Do the New Advertising Regulations Mean for RIAs?
Dec 2, 2020

If the recent proposal for amending the RIA advertising rules becomes a reality, RIAs (Registered Investment Advisers) can start using testimonials and third-party ratings in their advertisements very soon! Just like how lawyers woo their prospects using their clients' stories of million-dollar settlements in their favor, investment advisers can soon advertise testimonials of how their clients have benefitted through their services.

What are the significant changes on the horizon?

Let's look at the background of the rule and the reforms proposed by the Securities and Exchange Commission.


The advertising rule was first adopted in 1961, and it has mostly been the same since then. The rule prohibits investment advisers from using testimonials or third-party endorsements. The rule also prohibits references to specific recommendations that the investment adviser has made in the past.

The SEC has recognized that technology advancements have changed how consumers interact with investment advisers and evaluate the financial products. Today's customers rely on information and reviews on the internet before buying any products. After analyzing the market changes, the SEC has proposed reforms and adopted a principle-based approach instead of prohibiting testimonials completely. In November 2019, the Securities Exchange Commission formally released a proposal for replacing it sage-old advertising rules.

The New Proposal  

In the new proposal, the SEC has suggested broadening the definition advertisement as "any communication" disseminated by or on behalf of investment advisers to obtain or retain clients. However, the definition does not include 1) live oral communication that is not broadcast, 2) responses to some unsolicited request for specific information 3) advertisements or sales literature about mutual funds covered by other SEC rules. 4) information to be contained in statutory or regulatory notice or filing.

The proposed rule would permit testimonials, endorsements, and third-party ratings subject to some restrictions and conditions in reverse from the current rule's restriction on testimonials in advertisements.

The restrictions include:

  • Advertisements should not contain untrue statements.
  • Advertisements should not contain unsubstantiated claims.
  • Advertisements should not give rise to materially untrue implications.
  • Any implication of the benefits of the advertisement's services should be accompanied by discussions on associated risks and limitations.
  • References to past investment picks and or investment performances should be portrayed "fair" and "balanced" in advertisements.
  • Advertisements should not be materially misleading.

Regarding the advertisements showing retail and non-retail persons, SEC has distinguished between "retail" and "non-retail persons", and advertisements for "retail persons" will be subject to heightened requirements.

The new rule proposal was subject to the 60 days "comment" process where the public could register their comments about the proposed amendments. The public comment period ended on 03 January 2020; SEC is reviewing the comments. It is expected that SEC will announce the updated versions of the rule sometime before this year's end.

Closing Note

The proposed reforms are beneficial to investment advisers and customers alike. Using testimonials in advertisements can help future clients understand what type of clients the investment advisers have worked with and their experiences. The business becomes competitive, and both individual advisers and firms can leverage these reforms and advertise for growing their business. They might have to incur some additional costs and, chances are there that this can turn out to be more beneficial for big investment adviser firms.

Another perspective on there form is that the principle-based approach to advertising rule makes it open to more than one interpretation. If the rules are too broad, then the same standards may not be followed by all. The proposal's wordings and statements' ambiguity make it difficult for compliance officers and lawyers to make clear decisions and advise companies on any legal impact. And they hope that when rules become a reality, SEC comes up with more precise standards, definitions, and descriptions.

While the new rule might help clients pick up an investment adviser from a google search review result, it might create a new burden for compliance officers as they might need to review each advertisement for its due diligence. For more information on SEC's recent proposed changes, read the complete proposal here.

VComply is an intuitive and intelligent platform that empowers businesses to monitor and manage their compliance and risk initiatives. The team at VComply is dedicated to empowering customers to create and manage powerful, risk, compliance, and governance programs. Contact us to learn more about how VComply can help you meet your compliance and governance goals.

Devi Narayanan
Read More
The Importance of Risk Assessment for RIAs
Oct 8, 2020

The Securities and Exchange Commission has laid down various rules and regulations for registered investment advisors (RIA.s), to prevent fraud and unlawful activities. One of the activities that a RIA must undertake to ensure that they comply with all of SEC's requirements is an internal risk assessment of their firm. 

Risk assessment for R.I.As helps them identify the different types of risks based on their business model, conflicts of interests, and affiliations. While conducting a risk assessment, they might discover operational and compliance risks related to their firm, and thus be able to remedy it. 

Investment advisory firms are prone to some common errors such as incorrect filing of form ADV, making wrong fee calculations, and also a lack of organization of records and books. 

Let's take an in-depth look at the importance of risk assessment for RIAs and how firms can conduct it. 

What is an RIA?

A registered investment advisor is a person or firm, that helps institutional investors and affluent individuals manage their wealth and investment portfolios. 

All investment advisors must register either with the SEC (Securities and Exchange Commission) or state securities administrators. The latter is usually a government or regulatory agency, or official, overseeing and enforcing state-level regulations and rules regarding securities transactions.

Apart from managing assets for their clients, RIAs also create portfolios by using bonds, mutual funds, and individual stocks. They may also use a mix of individual issues and funds or only funds for streamlining asset allocation and cutting down on commission costs.

Registered investment advisors must follow the fiduciary standard. This means they must always keep the interest of their clients at the forefront. They receive compensation from their clients for their investment advice. 

What is Risk Assessment?

The purpose of risk assessment is twofold: to assess risks to the investment firm and assess potential risks to its clients. They must carefully assess and prioritize operational issues, procedure, and vulnerability in their organisation. Ultimately, they must try to mitigate and minimize risks. 

Purpose of Risk Assessment

The best way to detect and prevent regulatory violations is having written policies and procedures. This is usually the responsibility of the Chief Compliance Officer (CCO). 

Firms should conduct an annual audit for all their processes. This helps them: 

  • Understand the risks their organization may be exposed to
  • Assess of they have the right processes and procedures in place to mitigate risks
  • Customize processes and procedures to be able to mitigate newly identified risks

Risk assessment serves as a timely shot in the arm to help firms know if their organizational policies and procedures are sufficient to manage risks. Identifying potential compliance slip ups can help them avoid penalties in the future. 

Issues That Risk Assessment Should Address 

Risk assessment for RIAs begins with identifying all conflicts and compliance factors that may create risk exposure for the firm and its clients. Then, they must design policies and procedures that address those risks. It is expected that the policies and procedures should address the following (but not limited to) issues:

  • Safeguarding records and information of clients
  • Preventing fraud and incorrect usage of client assets  by employees for the from
  • Accurately storing and maintaining records, so they cannot be modified or altered unauthorized  
  • Ensuring full disclosure of statements and advertisements to clients, regulators;# and investors.  
  • Portfolio management processes
  • Fair trading practices
  • Business continuity plans

Identifying Risks for RIAs

There are many types of risks that may harm the interests of a firm and its clients. Take a look:  

  1. Strategic risks arise from inadequate business decisions. 
  1. Operational risks arise from the inadequate operations systems, mismanagement of information systems, and transaction processing. These risks can result in unforeseen losses. 
  1. Being unable to meet the financial obligations counts as a financial risk.
  1. Compliance risks arise from the possibility that a breach of internal policies or procedures may impact negatively or disrupt the firm's condition or operations. 
  1. Finally, reputation risks arise from the possibility that inappropriate management or employee actions may cause the public or press to form a negative opinion of the firm or its products and services.

An individual or a risk committee may identify these risks or any other risks by brainstorming about possible threats to the interests of the firm and its clients. 

When identifying the risks, it is important for the advisers to think outside the box. After successfully identifying the risks, the individual or the risk committee should assign a person or team to examine a firm's policies, day-to-day business processes, procedures, and systems surrounding the risks. Then, they must ascertain the level of risk, and propose reasonable compliance solutions for eliminating or decreasing the risk.

Wrapping Up 

Risk assessment is an essential responsibility for a registered investment advisor. It allows them to safeguard their clients against potential harm, and also ensures their firm complies with the necessary regulations and laws. 

If you're an RIA looking for a better way to assess and manage risks, take a look at the governance and legal compliance solutions provided by VComply

VComply Editorial Team
Read More
An Introduction to Compliance for Registered Investment Advisors (RIAs)
Oct 7, 2020

What is RIA Compliance 

As financial planners and money managers for wealthy individuals and corporations, registered investment advisors or RIAs are required to comply with a set of rules and regulations laid down by the Securities and Exchange Commission (SEC). 

First, some basic housekeeping: Advisers handling small-scale accounts must register with the state securities authorities, while those who handle more than $100 million worth of assets must register with the Securities and Exchange Commission (SEC).

According to the Investment Advisers Act of 1940, the Registered Investment Advisers (RIAs) have to set up plans and strategies that will comply with the rules established by the Securities and Exchange Commission (SEC). Note the Investment Advisers Act has been modified twice, once in 1996, and later in 2010. As per the new amendments, only advisers with at least $100 million under management must register with the SEC. Essentially, abiding by the rules and regulations put forth by the SEC is known as RIA compliance.

RIA Compliance has many different aspects such as the Investment Advisers Act, the Securities and Exchange Commission (SEC) Examination Priorities, Form ADV, Compliance Officers (CCOs), Funds & Assets, and Code of Ethics. The Advisers Act exists along with the SEC’s rules to prevent any breach of the law. The SEC’s rules are constantly changing in order to be up-to-date with evolving technology. 

RIA compliance can present a few challenges to investment firms such as valuation, cybersecurity and theft, custody of assets, and foreign tax compliance which we’ll review in depth in this article. 

Before we move on to discuss RIA compliance in detail, we’d also like to shine a light on the basic differences between RIAs and broker dealers. It's common for professionals to confuse the two. However, they vary not just in their scope of work, but also in the laws they must follow and the way they earn a living. 

Difference between RIAs and Broker Dealers

A broker dealer helps in carrying out investing deals. Think advisors that tell you which shares to buy and which ones to sell. Broker dealers collect a small percent of the transaction as commission. Unlike RIAs, they are not bound by fiduciary rules. What does this mean? They generally focus on the deals that are most beneficial to them, as opposed to those which are best for the client

Registered brokers work for full-service broker dealers, where they have to follow a set of guidelines when it comes to recommending stocks, suggesting investments, and carrying out their business.  

On the other hand, independent broker dealers have more legroom when it comes to suggesting investments. For instance, they can also advise clients to invest in hedge funds, IPOs, and nonqualified plans. 


Here are some differences between broker dealers and RIAs: 

  • Compensation: Broker dealers charge commission based on each product they suggest and sell, while RIAs charge fees for advice or a percentage of assets under management. 
  • Standards: Broker dealers provide advice according to the suitability standard which means that they provide advice which is suitable for the customer’s personal needs, but not necessarily the best for them. 

On the contrary, RIA’s provide advice according to the fiduciary standard which means that they provide advice which is best for the customers needs. The fiduciary standard is stricter than the suitability standard.


The Different Aspects of RIA Compliance

RIA compliance has a lot of different aspects such as:

  • Investment Advisers Act: This is a U.S. Government law that shapes, explains, and conveys the duties of a Registered Investment Advisor. The Securities and Exchange Commission is given the authority by the Advisers Act to observe advisers, ease resource development, and maintain just, organized and structured markets. The Advisers Act defines precisely what counts as an investment advice and who needs to enroll with the SEC before providing that advice.
  • SEC Examination Priorities: Annually, a list of specific policies, goods or services, that are of high risk to the investors or the market, is issued by the SEC’s Office of Compliance Inspections and Examinations (OCIE). This list is an attempt to prepare the public and encourage transparency. SEC examiners look at this list while preparing the examinations of RIA’s. The advisers can also refer to this list while preparing for the examination.
  • Form ADV: This is a quintessential document for a Registered Investment Advisor. It is an annual form that must be filled out for the company to stay compliant. Form ADV has two parts. The first part requires details about a company, assets under management, and so on. The SEC uses these details to evaluate and impose rules. The second part is a brochure that can be distributed to clients and prospective customers. It is required that a firm discloses all it's activities in this form, in plain English simple English, a narrative format, and disclose their obligations as a fiduciary. 
  • Chief Compliance Officer (CCO): The SEC needs every company to appoint a CCO to look after RIA compliance plans and strategies. Many owners take up the role of a CCO in order to save costs in the short run. However, this can be detrimental in the long run. Savvy companies know must hire a CCO in order to let the owner concentrate on the profit-making activities. The CCO helps the company to keep up a tradition of compliance and ensures all duties, documentation, and procedures are duly fulfilled.

RIA Compliance: Things to Keep in Mind 

Here are some of the common challenges that registered investment advisors can face with compliance:

  • Time and cost intensive: Without support from a professional, RIAs can be at a loss when it comes to managing compliance. The rules of the SEC can be complex and wide-ranging, taking up several hours a week for RIAs to simply keep up with developments. Compliance administration can also lead to heavy expenditure for RIAs. Those who do not spend resources on compliance run the risk of getting under the scrutiny of the SEC. 

A better and faster way for RIAs to manage their compliance is using an automated system such as VComply, that helps them receive alerts, automate their calendar, and assign responsibilities. 

  • Cybersecurity - ID theft is a major concern for advisors. If a customer’s private details or assets are stolen, it can land an RIA firm in deep trouble. In recent years, various cybersecurity specialists have confirmed that the protective barriers used by the advisory companies are fragile and can be hacked by a group of hacking specialists.

In order to safeguard their organization from cybersecurity thefts, advisors must run their cybersecurity measures through framewowkrs such as CIS, PCI, NIST, and SOC 2, to deteremine if their security measures are appropriate. 

  • Custody of assets - Advisors require more than just cybersecurity to safeguard their customer’s details and assets. They also have to safeguard other customer assets such as security documents, money, cheques, and account files. To prevent physical assets from being stolen, advisors must implement better procedures and also educate customers on keeping their assets safe. 

  • Marketing - Owing to investment scandals and scams, new rules are constantly being introduced to avoid firms from promoting dubious schemes. RIAs must keep a constant tab on changing regulations around marketing. For example, mortgage providing advisors need to follow the advertising rules in the Truth-In-Lending Act. Advisors who advertise other goods and services must be sure that they are adding necessary disclaimers and their advertisements are truthful.


Compliance for RIAs is not straightforward, and with ever changing regulations, CCOs are forced to balance budgets as well as ensure compliance. As the organization grows larger, it becomes even more cumbersome to track and map regulations. 

The best option for RIAs to ensure compliance as well as data security is to opt for an automated system for compliance. To reduce the cost of noncompliance, streamline documentation, and keep risks at bay, RIAs can take a look at VComply, an automated governance and compliance software. 

VComply Editorial Team
Read More