The Changing Face of Regulatory Compliance

1
The Changing Face of Regulatory Compliance

• Terri Messina, Ernst Young

2
Regulatory Expectations A continuous, risk based
approach to compliance

• Seven steps to regulatory compliance
• Conduct an inventory of compliance obligations
• Identify areas of conflicts of interest
• Match existing compliance policies to your
  inventory of obligations and find any gaps
• Assess the effectiveness of existing compliance
  functions
• Identify additional compliance procedures that
  are warranted
• Implement them, in writing, in a clear, plain
  English manner
• Test the compliance procedures
• Source Speech by Lori Richards to the
  Investment Counsel Association of America March
  15, 2004 Put the Compliance Rule to Work IA
  Compliance Best Practice Summit

3
Regulatory Expectations An integrated view of
compliance
Compliance Governance Establishes, Maintains, and
Updates Policies Establishes and Communicates
Risk Tolerance Sets the Tone at the Top
Regulatory Risk Specific Rules
andRegulations Conflicts of Interest
Compliance Policies Documented policiesand
audit trail Responsive to changes in regulatory
risk
Compliance Procedures Internal
controlsaddressingcompliance risk
Testing Self Assessment(404, RCSA) Compliance
Reviews Internal Audit Risk Management Third
Parties
Affected Functions Compliance, Operations,
Investment Management Research, Technology,
Client Service, Legal, Finance
4
Regulatory Expectations The Risk Assessment

• Considerations for Regulatory
• Risk Assessment
• Risk identification and ranking
• Fiduciary responsibility
• Conflicts of Interest
• Regulatory requirements

• Four scenarios giving rise to
• conflicts of interest
• Dealings involving insiders
• Inappropriate financial benefit
• Conflicting roles and responsibilities
• Employee unethical conduct

Each adviser, in designing its policies and
procedures should first identify conflicts, and
other compliance risk factors creating risk
exposure for the firm and its clients in light of
the firms particular operations, and then
design policies and procedures that address those
risks. Compliance Programs of Investment
Companies and Investment Advisers Final Rule
December 24, 2003
5
Regulatory Expectations Documented Policies and
Procedures

• Tailored and responsive to the firms business
  model
• Align/address identified risks/conflicts of
  interest
• Reflect procedures consistently applied within
  the business
• Business ownership
• Oversight by compliance
• Basis and nature of exceptions
• Extend to escalation of potential violations
• Address documentation of violations and their
  resolution
• Retain the audit trail

• Minimum requirements, if applicable
• Portfolio management processes
• opportunity allocation
• Style drift
• Disclosures and regulatory restrictions
• Trading practices
• Best execution
• Soft dollars
• Trade allocation
• Proprietary trading of the advisor and personal
  trading of access persons
• Disclosures made to investors, clients, and
• regulators
• Safeguarding of client assets and privacy
• Record retention and maintenance

6
Present the linkage between risks and policies
7
Regulatory Requirements Procedural Testing

• Developing a testing plan
• Risk based versus full coverage
• Rotational versus point in time
• Testing tools
• Transaction sampling
• Forensic analysis
• Interview and observation
• Financial analysis
• IT evaluation/technology analysis
• Exception resolution
• Executing a testing plan requires an
  understanding of regulatory risk and expectations
• Internal audit
• Self testing
• Compliance associates
• Third parties

8
Compliance Reviews - An objective approach

• Assisting firms in attaining compliance
• Independent Risk assessment
• Assistance in documentation of policies and
  procedures
• Objective review of policies/procedures for
  completeness and risk mitigation
• Assistance in development/exection of testing
  plan
• Development of compliance reports to assist
  compliance monitoring

9
Why Seek Assistance?

• Lack of resources
• Existing resources lack the skills requisite for
  all aspects of compliance
• Understanding of securities regulations
• Broad operational background
• Experience in risk assessment and control
  testing
• Objective assistance in establishing the tone at
  the top
• Deliver the tough messages

individuals who understand the mechanisms of
trading from pricing, clearing, settlement,
andnetting have a natural aptitude for
identifying and locating compliance
breaches.Operationspeople know how things work.
They know how to get to the bottom of everything
on a practical And theoretical basis. Compliance
Reporter, May 16, 2005
10
Questions?