On October 24, 2023, Gurbir Grewal, the Director of the SEC’s Division of Enforcement, delivered remarks at the New York City Bar Association Compliance Institute.
https://www.sec.gov/news/speech/grewal-remarks-nyc-bar-association-compliance-institute-102423
Within these remarks, Director Grewal emphasized that investment advisers and their CCOs should endeavor to create a culture of “proactive compliance” within their firms by implementing effective policies and procedures necessary to comply with their legal and regulatory obligations.
Salus GRC Takeaways:
Investment advisers and CCOs should consider the following steps in order to address Director Grewal’s comments:
- Engage for a thorough review of their firm’s policies and procedures to ensure these policies address their firm’s risk profile as well as recent regulatory developments.
- Undertake a comprehensive gap analysis of the various business units of their firm and particularly those functions where the firm’s compliance personnel may not be subject matter experts (e.g., marketing, finance).
- Arrange for comprehensive and targeted training for the personnel of each of the firm’s business units in order to ensure that their firm’s policies and procedures are appropriately implemented and executed upon.
Summary of Director Grewal’s Remarks:
Director Grewal stated that creating a culture of proactive compliance requires three things:
- Education
- Engagement
- Execution
Investment advisers and their CCOs should educate themselves about the law and external developments relevant to their businesses, particularly emerging and heightened risk areas. CCOs should digest SEC enforcement actions, examination priorities and rulemaking and evaluate their firm’s own potential exposure to similar issues highlighted in these SEC releases.
Proactive compliance also requires CCOs to really engage with personnel inside an investment adviser’s different business units and to learn about their activities, strategies, risks, financial incentives, counterparties, and sources of revenues and profits. CCOs should take the necessary steps to learn and understand potential compliance risks inherent within these different business units. These engagement efforts should occur an on-going basis and not be a mere one-time undertaking.
Further, while many investment advisers prepare comprehensive policies and procedures for their firms, too many fall short in the implementation of these policies and the execution necessary to integrate these policies and procedures into their firm’s practices. Thorough leadership, training, constant oversight and the right tone at the top are necessary to ensure that these policies are actually implemented as follows.
CCO Liability:
Director Grewal also highlighted three situations in which the SEC typically brings enforcement actions against compliance personnel:
- where compliance personnel affirmatively participated in misconduct unrelated to the compliance function;
- where they misled regulators; and
- where there was a wholesale failure by them to carry out their compliance responsibilities.
In these types of cases, CCOs have not sufficiently undertaken the necessary education, engagement and execution to create a culture of proactive compliance within their firm.
Let’s Discuss:
Please contact Salus GRC at inquiries@salugrc.com so that we can assist you in educating you and your firm, engaging with stakeholders across your business, and executing and implementing robust policies and procedures in order to create a culture of proactive compliance at your firm.