The purpose of compliance in banking is to detect and prevent any abnormality, criminality, and noncompliance in the bank’s functioning. Banks must operate with integrity and follow regulations, internal policies, and applicable laws.
Every bank should have a compliance division. The division will make sure that the bank cooperates with all the laws and helps in upholding the reputation of the bank. The division should begiven the duty to oversee the bank’s actions, recognize and examine the areas of risk, evaluate the bank’s plans and strategies' suitability, and provide the remedy to risks.
The compliance functions should ensure that the bank’s transactions are transparent and in conformance with the policies. They should have checks in place to prevent any non-compliant acts, especially legal issues, and identify compliance risks and ways to mitigate them.
The United States has a dual banking structure. Dual banking structure means that the United States banks can be regulated by one of the 50 states or by the federal government. Every bank must have a federal manager. The United States has a complex administrative system that has several federal administrative offices.
Here are two bank administrative offices:
The Board of Governors of the Federal Reserve System: This is the main banking structure of the United States and manages the U.S. pecuniary plan.
The Federal Deposit Insurance Corporation: This is the main administrator for those state-chartered banks who are not apart of the Federal Reserve System.
Here are some of the banking acts that were passed to manage regulatory aspects:
The board of directors of the bank is in charge of supervising the administration of compliance risk for the bank. When the board decides on a compliance plan, they must include a compliance function in the form of an official long-lasting and operative contract.
Every year the board of directors must check if the bank is supervising compliance risk diligently. The bank's compliance plan will not be operative if the board of directors does not encourage the principles of nobility and uprightness all over the company.
The senior management of the bank is in charge of administering the compliance risk of the bank. The management needs to set up and pass on a compliance plan, ensure it is obeyed, and report to the board of directors on the administration of the bank's compliance risk. The senior management is also in charge of setting up a lasting and operative compliance function in the bank as a section of the bank's compliance plan.
The compliance attempts of the bank are concentrated on an established governance, risk, and compliance (G.R.C.)function. Because of that, banks haven’t been able to construct modern capacities necessary for fighting back arising compliance risks.
The administration of compliance is not totally connected to the bank's policy-making procedure. Banks use a compliance sign-off method rather than using a preventive defense approach. G.R.C. programs are controlled in a clumsy way, which leads to irregular executions.
Compliance I.T. execution attempts focus only on the primary compliance instructions and don’t provide any focus towards the longevity features. This gives rise to unusual ‘quick fixes’ that enlarge the later complexity and decrease flexibility.
Compliance functions make sure that the banks work with honesty and follow the rules and regulations. A powerful compliance function reduces risks that are connected to wrongdoings, money manipulation, and other risks.
Here are some of the best practices for banking compliance:
1. Up-to-date technology
Upgrading banking technology can help not only the company but also the consumers. Procedure advancements can supply consumers with superior financial protections at the user level. The technology will have to develop if the consumer base becomes bigger.
2. Managing compliance
Banks must try and automate compliance processes, to ensure they don’t fall behind on their regulatory responsibilities. The compliance function in the bank is responsible for ensuring all employees are aware of their roles in maintaining compliance. There are also several tools such as VComply that provide banks with risk-based alerts, so they can deal with concerns before they become an issue.
3. Get all departments on the same page
When physical actions have been replaced with automation, then the banks should take a long term view and tackle exterior risks. It's essential for each member in a bank to be aware of all the rules and how they must be dealt with.
There are eight necessary components for an efficient compliance structure in banking:
1. Administrative Level Management
The Board must make sure that the bank has a Compliance Plan. The Senior Management should form and manage the Compliance Program and the Chief Compliance Officer (CCO) must be the Senior Officer of Compliance.
2. Compliance Framework
The compliance framework should be developed in three important zones: governance, committed capital, and imposition of schemes and strategies.
3. Schemes and Strategies
The bank must have up-to-date schemes and strategies which comply with the rules and regulations.
4. Observation and Evaluation
The compliance plan should be observed and evaluated all the time.
5. Management Information Systems and Accountability
Banks should account for everything to keep a tab on: crucial matters and administration problems, execution, and reliable deployment and exchange of data.
A good compliance structure is only possible if the entire personnel is well-educated on how to sustain a strong compliance plan.
7. Compliance Analysis
An individualistic analysis must be done to ensure that the compliance-risk reduction instruments are working as expected.
8. Working Together with Supervisors
Banks should work together with the supervisors by providing them with regulatory documents and responses on draft plans.
Here's a quick checklist for banks to create their own compliance and regulatory framework:
1. Assign Responsibility of the Compliance Structure
Every division should take responsibility for the compliance structure and should be held responsible if something goes wrong. The division that produces the risk should deal with that risk as well.
2. Recognize and Deal with Risks
Even after a bank recognizes and provides controls to risks, there might be additional risks to consider. Banks can deal with these risks by avoiding them, accepting them, transferring them or mitigating them.
3. Use Integrated Risk Management
Integrated risk management helps banks set up schemes and strategies. These are backed by risk-aware ways to better policy-making and work.
4. Oversee Development
Schemes and strategies should not be deployed on a set-it-and-forget-it basis. Banks should regularly conduct audits and reviews to see if their compliance strategies are bringing the results expected.
As with any other business, banks have a set of rules and regulations to abide by too. The failure to keep up with the se can result in heavy penalties and increased risk for banks.
We hope this article provides you with enough information to set up your banking compliance policy.
If you're looking to manage banking compliance in a simple and efficient way, we'd recommend you checkout GRC software by VComply.
If the recent proposal for amending the RIA advertising rules becomes a reality, RIAs (Registered Investment Advisers) can start using testimonials and third-party ratings in their advertisements very soon! Just like how lawyers woo their prospects using their clients' stories of million-dollar settlements in their favor, investment advisers can soon advertise testimonials of how their clients have benefitted through their services.
Let's look at the background of the rule and the reforms proposed by the Securities and Exchange Commission.
The advertising rule was first adopted in 1961, and it has mostly been the same since then. The rule prohibits investment advisers from using testimonials or third-party endorsements. The rule also prohibits references to specific recommendations that the investment adviser has made in the past.
The SEC has recognized that technology advancements have changed how consumers interact with investment advisers and evaluate the financial products. Today's customers rely on information and reviews on the internet before buying any products. After analyzing the market changes, the SEC has proposed reforms and adopted a principle-based approach instead of prohibiting testimonials completely. In November 2019, the Securities Exchange Commission formally released a proposal for replacing it sage-old advertising rules.
In the new proposal, the SEC has suggested broadening the definition advertisement as "any communication" disseminated by or on behalf of investment advisers to obtain or retain clients. However, the definition does not include 1) live oral communication that is not broadcast, 2) responses to some unsolicited request for specific information 3) advertisements or sales literature about mutual funds covered by other SEC rules. 4) information to be contained in statutory or regulatory notice or filing.
The proposed rule would permit testimonials, endorsements, and third-party ratings subject to some restrictions and conditions in reverse from the current rule's restriction on testimonials in advertisements.
The restrictions include:
Regarding the advertisements showing retail and non-retail persons, SEC has distinguished between "retail" and "non-retail persons", and advertisements for "retail persons" will be subject to heightened requirements.
The new rule proposal was subject to the 60 days "comment" process where the public could register their comments about the proposed amendments. The public comment period ended on 03 January 2020; SEC is reviewing the comments. It is expected that SEC will announce the updated versions of the rule sometime before this year's end.
The proposed reforms are beneficial to investment advisers and customers alike. Using testimonials in advertisements can help future clients understand what type of clients the investment advisers have worked with and their experiences. The business becomes competitive, and both individual advisers and firms can leverage these reforms and advertise for growing their business. They might have to incur some additional costs and, chances are there that this can turn out to be more beneficial for big investment adviser firms.
Another perspective on there form is that the principle-based approach to advertising rule makes it open to more than one interpretation. If the rules are too broad, then the same standards may not be followed by all. The proposal's wordings and statements' ambiguity make it difficult for compliance officers and lawyers to make clear decisions and advise companies on any legal impact. And they hope that when rules become a reality, SEC comes up with more precise standards, definitions, and descriptions.
While the new rule might help clients pick up an investment adviser from a google search review result, it might create a new burden for compliance officers as they might need to review each advertisement for its due diligence. For more information on SEC's recent proposed changes, read the complete proposal here.
VComply is an intuitive and intelligent platform that empowers businesses to monitor and manage their compliance and risk initiatives. The team at VComply is dedicated to empowering customers to create and manage powerful, risk, compliance, and governance programs. Contact us to learn more about how VComply can help you meet your compliance and governance goals.
The Securities and Exchange Commission has laid down various rules and regulations for registered investment advisors (RIA.s), to prevent fraud and unlawful activities. One of the activities that a RIA must undertake to ensure that they comply with all of SEC's requirements is an internal risk assessment of their firm.
Risk assessment for R.I.As helps them identify the different types of risks based on their business model, conflicts of interests, and affiliations. While conducting a risk assessment, they might discover operational and compliance risks related to their firm, and thus be able to remedy it.
Investment advisory firms are prone to some common errors such as incorrect filing of form ADV, making wrong fee calculations, and also a lack of organization of records and books.
Let's take an in-depth look at the importance of risk assessment for RIAs and how firms can conduct it.
A registered investment advisor is a person or firm, that helps institutional investors and affluent individuals manage their wealth and investment portfolios.
All investment advisors must register either with the SEC (Securities and Exchange Commission) or state securities administrators. The latter is usually a government or regulatory agency, or official, overseeing and enforcing state-level regulations and rules regarding securities transactions.
Apart from managing assets for their clients, RIAs also create portfolios by using bonds, mutual funds, and individual stocks. They may also use a mix of individual issues and funds or only funds for streamlining asset allocation and cutting down on commission costs.
Registered investment advisors must follow the fiduciary standard. This means they must always keep the interest of their clients at the forefront. They receive compensation from their clients for their investment advice.
The purpose of risk assessment is twofold: to assess risks to the investment firm and assess potential risks to its clients. They must carefully assess and prioritize operational issues, procedure, and vulnerability in their organisation. Ultimately, they must try to mitigate and minimize risks.
The best way to detect and prevent regulatory violations is having written policies and procedures. This is usually the responsibility of the Chief Compliance Officer (CCO).
Firms should conduct an annual audit for all their processes. This helps them:
Risk assessment serves as a timely shot in the arm to help firms know if their organizational policies and procedures are sufficient to manage risks. Identifying potential compliance slip ups can help them avoid penalties in the future.
Risk assessment for RIAs begins with identifying all conflicts and compliance factors that may create risk exposure for the firm and its clients. Then, they must design policies and procedures that address those risks. It is expected that the policies and procedures should address the following (but not limited to) issues:
There are many types of risks that may harm the interests of a firm and its clients. Take a look:
An individual or a risk committee may identify these risks or any other risks by brainstorming about possible threats to the interests of the firm and its clients.
When identifying the risks, it is important for the advisers to think outside the box. After successfully identifying the risks, the individual or the risk committee should assign a person or team to examine a firm's policies, day-to-day business processes, procedures, and systems surrounding the risks. Then, they must ascertain the level of risk, and propose reasonable compliance solutions for eliminating or decreasing the risk.
Risk assessment is an essential responsibility for a registered investment advisor. It allows them to safeguard their clients against potential harm, and also ensures their firm complies with the necessary regulations and laws.
If you're an RIA looking for a better way to assess and manage risks, take a look at the governance and legal compliance solutions provided by VComply.
As financial planners and money managers for wealthy individuals and corporations, registered investment advisors or RIAs are required to comply with a set of rules and regulations laid down by the Securities and Exchange Commission (SEC).
First, some basic housekeeping: Advisers handling small-scale accounts must register with the state securities authorities, while those who handle more than $100 million worth of assets must register with the Securities and Exchange Commission (SEC).
According to the Investment Advisers Act of 1940, the Registered Investment Advisers (RIAs) have to set up plans and strategies that will comply with the rules established by the Securities and Exchange Commission (SEC). Note the Investment Advisers Act has been modified twice, once in 1996, and later in 2010. As per the new amendments, only advisers with at least $100 million under management must register with the SEC. Essentially, abiding by the rules and regulations put forth by the SEC is known as RIA compliance.
RIA Compliance has many different aspects such as the Investment Advisers Act, the Securities and Exchange Commission (SEC) Examination Priorities, Form ADV, Compliance Officers (CCOs), Funds & Assets, and Code of Ethics. The Advisers Act exists along with the SEC’s rules to prevent any breach of the law. The SEC’s rules are constantly changing in order to be up-to-date with evolving technology.
RIA compliance can present a few challenges to investment firms such as valuation, cybersecurity and theft, custody of assets, and foreign tax compliance which we’ll review in depth in this article.
Before we move on to discuss RIA compliance in detail, we’d also like to shine a light on the basic differences between RIAs and broker dealers. It's common for professionals to confuse the two. However, they vary not just in their scope of work, but also in the laws they must follow and the way they earn a living.
A broker dealer helps in carrying out investing deals. Think advisors that tell you which shares to buy and which ones to sell. Broker dealers collect a small percent of the transaction as commission. Unlike RIAs, they are not bound by fiduciary rules. What does this mean? They generally focus on the deals that are most beneficial to them, as opposed to those which are best for the client.
Registered brokers work for full-service broker dealers, where they have to follow a set of guidelines when it comes to recommending stocks, suggesting investments, and carrying out their business.
On the other hand, independent broker dealers have more legroom when it comes to suggesting investments. For instance, they can also advise clients to invest in hedge funds, IPOs, and nonqualified plans.
Here are some differences between broker dealers and RIAs:
On the contrary, RIA’s provide advice according to the fiduciary standard which means that they provide advice which is best for the customers needs. The fiduciary standard is stricter than the suitability standard.
RIA compliance has a lot of different aspects such as:
Here are some of the common challenges that registered investment advisors can face with compliance:
A better and faster way for RIAs to manage their compliance is using an automated system such as VComply, that helps them receive alerts, automate their calendar, and assign responsibilities.
In order to safeguard their organization from cybersecurity thefts, advisors must run their cybersecurity measures through framewowkrs such as CIS, PCI, NIST, and SOC 2, to deteremine if their security measures are appropriate.
Compliance for RIAs is not straightforward, and with ever changing regulations, CCOs are forced to balance budgets as well as ensure compliance. As the organization grows larger, it becomes even more cumbersome to track and map regulations.
The best option for RIAs to ensure compliance as well as data security is to opt for an automated system for compliance. To reduce the cost of noncompliance, streamline documentation, and keep risks at bay, RIAs can take a look at VComply, an automated governance and compliance software.