Protect Your Firm with a Strong Remediation Plan

The Importance of Remediation Planning

Although examinations and annual reviews can be burdensome for investment advisers, they also present advisers with a valuable opportunity to address areas of risk and strengthen the overall business practices, compliance, and culture of the firm. Unfortunately, many advisers don’t take advantage of this opportunity and instead ignore the issues raised or defer them to another day that never comes. When risks identified during an exam or annual review go unaddressed, the consequences can include regulatory fines, enforcement actions, and ultimately reputational harm.

In this article, we discuss the importance of remediating compliance findings resulting from annual reviews, mock exams and regulatory exams, and offer practical tips to help ensure your firm is in a stronger place after going through one of these exercises.

Turning Reviews into Action

Annual reviews, mock exams and regulatory exams are different flavors of the same exercise: a comprehensive evaluation of the firm’s business practices, compliance program and overall culture. While annual reviews may be conducted by internal personnel or outside experts, mock exams are typically conducted by outside compliance experts, and regulatory examinations are conducted by the Securities and Exchange Commission (SEC). Each presents an opportunity for self-evaluation or evaluation by a third-party expert (the proverbial second set of eyes).

Whether it is an annual review, mock or regulatory exam, the adviser should receive a report or letter discussing areas of weakness and deficiency in their compliance program. These findings may be a surprise to firm personnel or may be well-known and possibly long-standing problems that have never been addressed. Taking intentional, practical and organizational steps to remediate the issues is critical to avoiding repeated violations and regulatory scrutiny.

Remediation Tips

Establish a Remediation Committee. Remediation of issues should be a collaborative process. An existing compliance committee or executive committee may be the best place to discuss deficiencies especially where there is adequate representation from various business units. If an appropriate committee doesn’t exist a new one may be established for this purpose. The committee should agree on actionable steps and target deadlines to resolve any identified weaknesses. Assigning a lead person with responsibility for each remediation topic is critical to ensuring accountability for results and that timely progress is achieved on each issue.

Maintain a Remediation Log. Staying organized is crucial when resolving recognized deficiencies. A remediation log is an important tool that helps organize and document the firm’s remediation efforts. An effective remediation log should i) identify the issues to be addressed, ii) clearly define actionable steps to accomplish the remediation goals, iii) assign individuals with lead and support responsibility for each item, and iv) establish target deadlines to complete the remediation.  Not only does this help with current remediation efforts, but it also serves as a historical record that can be invaluable in future exams or investor, client or other third-party due diligence.

Update Firm Compliance Manual. The completion of an annual review, mock exam or regulatory exam is a perfect opportunity to review and update the firm’s compliance policies and procedures. The exam may have revealed that the firm’s compliance manual i) lacks policies in certain key areas, ii) has policies with weak or ineffective controls, or iii) includes policies that do not accurately reflect the firm’s actual practices. Ensure your remediation plan includes updates to the firm’s policies and procedures to address deficiencies.

Re-evaluate Risk Assessment. Remediation should also inform your firm’s broader risk assessment process. Deficiency findings may warrant adjusted risk rankings for impacted categories of the business. Higher risk categories may need additional compliance monitoring, testing or newly introduced controls. Embedding findings into the risk assessment ensures that the firm proactively mitigates future deficiencies.

Conclusion

While examinations and annual reviews can be daunting, these reviews provide a critical opportunity to address areas of risk and strengthen the overall compliance culture of the firm. Failure to adequately address known deficiencies creates regulatory, reputational and business risk for the firm. The SEC views firms with recidivist violations more seriously, which elevates the risk of more severe consequences including regulatory fines, publicly announced enforcement actions, and disgorgement where clients have been harmed. Moreover, investors, clients, and other third-parties increasingly scrutinize how firms respond to past findings. Demonstrating a thoughtful, documented remediation process protects the firm while also enhancing its credibility and operational resilience.

Written by Michael Mann