It should come as no surprise to compliance teams that the management of Books and Records is in the regulatory spotlight. The U.S. Securities and Exchange Commission (SEC) recently charged several large Wall Street firms with widespread record keeping failures. The firms will be required to pay combined penalties of more than $1.1 billion, and also must make substantive improvements to their compliance policies and procedures around books and records.
Regulators have been emphasizing the importance of books and record keeping. The 2022 Report on FINRA’s Examination and Risk Monitoring Program includes a section on Books and Records, and appropriate recordkeeping and record retention is a consistent theme in the SEC’s 2022 Examination Priorities. And this priority on proper keeping of books and records has been a consistent regulatory focus year over year.
Shamanesh has noticed in her work with clients over the past few years that remote audits seem to lead to more time for questions and more requests for documentation from examiners. Many of these questions have revolved around the recordation of processes – not just what are compliance departments doing, but also where is it being done? How is it being done? And importantly, are you documenting all of the steps?
Outside Business Activities were also a key focus in FINRA’s 2022 report. Watch the on-demand webinar Understanding OBAs: Compliance Insight on Outside Business Activities to learn more.
She notes that regulators are looking for a formulaic approach in respect to documenting policies and procedures. And that gets to the heart of often one of the biggest challenges in compliance. It’s not that firms aren’t doing the right thing – it’s that they don’t always have the proof that they did the right thing.
Recently proposed SEC rules and amendments will require Registered Investment Advisers to increase the amount of documentation they keep around compliance reviews. According to Shamanesh, “What they are asking is to make sure that your disclosures are full and robust and to make sure you’re giving the right information to clients. Where compliance needs to be on target is to make sure you are appropriately documenting the processes, and that probably means having to amend your manuals and WSPs and to include some level of description about what you do. So, not just doing an annual review, but basically explaining in advance how you plan to do that. And once you do that you are obligated to stick with the process that you outlined.”
Shahmanesh has seen that many firms do annual reviews rather robustly, but often with a level of inconsistency, inventing a new way to do them every year. In these situations it’s not that the process is necessarily bad, but that firms are continually reinventing the wheel. Regulators would prefer that a thought-out process that anticipates the risks to your business is determined in advance, clearly documented, and then followed during the annual review.
Shahmanesh has also noticed, especially with private equity firms, that regulators have been taking a deep dive on fees and due diligence. And again, it’s not that examiners think firms have not been doing appropriate due diligence, just that they have not been documenting it sufficiently. Shamanesh recommends keeping better books and records not just of the quarterly statements, but also of the backups for the quarterly statements. For example, if a report quotes Bloomberg, compliance should be able to show regulators where they pulled the data from. She notes that firms have always been advised to do this, but these new regulations really drive the need for compliance to think about it more formulaically.
The new regulations are much easier to manage with technology according to Shamanesh. Electronic systems can make difference in properly keeping books and records—and being able to provide proof of compliance to regulators. She finds that many firms have compliance technology in place to manage attestations, disclosures and approvals around conflicts like personal trading and outside business activities. She recommends that now’s the time to revisit how compliance departments are using that technology to properly maintain books and records, reminding firms that their electronic system can also keep their manual and all of their policies in one place. Shamanesh recommends getting a compliance system if a firm doesn’t already have one, and if they do to make sure that they are using the functionality in the system to the best of its capabilities. If a firm isn’t sure if they are using their system to its full extent, she advises a call to their support team can help them start to better understand the functionality available to them. Read about optimizing the software selection process for the best outcome.
Watch the on-demand webinar Books and Records in the Regulatory Spotlight featuring Jane Shamanesh from Adherence LLC.
And if you’d like to have a conversation about how MyComplianceOffice can help you manage books and records and provide proof of compliance, contact us today for a demo.