Violations are a sensitive area for any firm. No one wants to deal with compliance issues. The reality for compliance officers, however, is that someday, something will happen. How you handle the issues – how you identify them, mitigate them and analyze them – reflects the strength of your compliance program.
Mitch Avnet, Founder and Managing Partner at Compliance Risk Concepts (CRC), notes that in his experience, 99.9% of the violations that firms deal with are inadvertent. Often, these issues happen when employees are just being careless.
Find patterns of behavior in your compliance data
Mitch tells firms that there are often patterns and trends in a firm's history of compliance violations. Whether you’re delivering the info to the CEO, the board, an audit committee or regulators, present violations in the context of statistical analysis. You should be able to look at the types of violations to figure out if and where there might be gaps.
Regulators and other stakeholders want to see that your program has processes in place to identify problems and then processes in place to address them. For example, when we found issue X, we conducted training to address it, followed by certifications to attest to attendance and understanding. Mitch says, “Training is cheap – get in front of your people if you see patterns of violations emerge – it’s the perfect opportunity for just-in-time education.”
Read more about compliance certifications and attestations.
And that shines a positive light on your compliance program, demonstrating proactive compliance to the regulators. You found it, fixed it, and critically, stored it where it’s easily accessible and compliant with books and records requirements.
Another tip from Mitch is to publish the firm’s code of conduct electronically. He noted that in many companies that he's worked with, the sections of the code most frequently visited by employees can often correlate with the highest areas of risk to the firm.
Read advice from Mitch and Lauren on getting your compliance program audit ready.
What about questionable employee behavior?
What about those employees who are pushing the line? Sometimes, there are no blatant conflicts, but you can see a pattern of coming close to the limits emerging. That’s where it’s key that compliance has a seat at the leadership table. There must be repercussions for those employees that don’t follow the rules. Mitch also suggests that there are consequences for employees who are not good compliance citizens, such as tying timely fulfillment of compliance obligations with the bonus pool.
The process must start with clearly defining compliance obligations for employees in your WSPs and then clearly defining required escalation and discipline. Mitch is often asked what to do when the non-compliant behavior involves a high performer, leadership or even ownership. It’s a challenge to deal with for sure, but the same level of discipline outlined in your WSPs must be imposed regardless of where someone sits on the org chart.
Mitch goes on to say that as a compliance officer, you need to protect yourself as much as you protect the firm. You still need to follow up in these cases, and as you do, make sure that you keep an audit trail in your compliance system. Your compliance system should contain documentation of your activities, your follow-ups and the responses you receive—or lack thereof.
Mitch finds that sometimes a third-party consultant can provide helpful assistance in resolving sticky compliance situations, especially when dealing with personalities or leadership. Having a third party with regulatory expertise who can convey the risks and consequences of non-compliance to the individual can take the pressure off the compliance team.
Use the MyComplianceOffice platform for effective identification and mitigation of compliance violations
CRC Regulatory Analyst Lauren Mitchell adds that the MyComplianceOffice platform provides firms with a framework for identifying potential issues and efficient and standardized follow-up when there’s a compliance violation. Whether dealing with laggards who miss deadlines or potential bad actors, MyComplianceOffice enables firms to automate the internal escalation processes defined in your WSPs. Automated reminders are especially helpful for employees who fail to submit disclosures and attestations on time. Lauren also suggests that compliance officers add comments and attachment histories to the violation in MCO for a holistic view of the situation and the actions taken to resolve it.
Ready for better compliance?
MCO can help you proactively identify and address compliance issues across your organization and be ready to provide defensible proof of compliance. Contact us today for a demo to see MyComplianceOffice in action.
Mitch Avnet is the Founder, Managing Partner and CEO of Compliance Risk Concepts (CRC). Bringing a wealth of financial services industry experience to his clients, he is responsible for relationship management and overseeing all client-driven / business-focused Compliance and Ethics Risk Management strategic engagements.
Lauren Mitchell is a Senior Compliance Professional at CRC. She previously worked as a compliance analyst for consulting firms in New York and Chicago. Her responsibilities include solution implementation for various regulatory platforms, project management, and general compliance support.
If you’d like to connect with Mitch, Lauren and the rest of the CRC team, you can contact them here.
Jeff Childs is the Director of SMB Sales at MCO. Jeff leads a team of sales professionals dedicated to helping firms across the globe improve compliance and reduce risk. If you’d like to connect with Jeff or any of our experts to learn more about the MyComplianceOffice platform, schedule a conversation here.
