SlideShare a Scribd company logo

11-2016 Compliance_Corner

M
Marina Baranovsky
1 of 3
Download to read offline
NOVEMBER 2016 IAA NEWSLETTER- 12 - Marina Baranovsky, Scitus Consulting LLC, and Jennifer Zordani, Zordani Law, P.C.* Risk Focused: Third-Party Reviews as Part of an Effective Risk Management Program The SEC’s Focus on Risk The SEC’s Division of Investment Management has recently focused on investment advisers’ identification and oversight of a wide variety of risks that pervade their businesses. Aside from inherent investment risk, advisers are tasked with paying explicit attention to risks arising from violations of appli- cable laws and regulations, conflicts of interest, breaches of contract, failures to act in accordance with the firm’s own policies, cybersecurity, risks relating to the firm’s client relations, business com- petition, and reputation, among many others. A series of SEC regulatory initiatives stemming from the financial crisis – ad- opted enhanced data reporting require- ments and liquidity risk management for open-end funds, a proposal on de- rivatives, and an anticipated proposal on stress testing for large advisers – are intended to further reform different as- pects of risk management. Other SEC divisions and offices have become more adept at risk manage- ment as well. The Division of Economic and Risk Analysis (DERA) has developed tools to proactively detect anomalous results in data and identify aberrational performance and other factors that indi- cate fraud or other serious malfeasance at the advisory or fund level. Meanwhile, the Center for Risk and Quantitative Analytics (CRQA) coordinates risk iden- tification, risk assessment and data analytic activities. Unsurprisingly, SEC staff is also making use of data submitted by its reg- istrants, publicly available data and industry-related measures. These efforts – to enhance risk identifica- tion, assessment and analysis – ultimately inform the actions taken by the Office of Compliance Inspections and Examinations (OCIE). The SEC’s Recognition That Regulation Might Not Be Enough Consistent with its focus on risk and its enhance- ment of its internal analytics, the SEC staff recognizes that OCIE may leave stones unturned. Although OCIE has increased its staffing in response to a perceived need to increase the frequency of investment adviser examinations, the SEC is actively considering propos- ing mandated third-party reviews in connection with compliance examinations of investment advisers. Despite the SEC’s efforts to reallocate some of its re- sources, OCIE and the SEC Division of Enforcement continue to face a herculean task. A mandated third- party review proposal would be an explicit request for the industry to assist with that task. Many difficult issues would need to be considered and addressed before any potential third-party involve- ment could be implemented. However, it is worth con- sidering ways that advisers can increase their focus on risk and benefit from voluntary third-party reviews. Following the SEC’s Lead: How Advisers Can Increase Their Focus on Risk Taking their cue from the SEC’s recent actions, advisory firms could also enhance their risk identifi- cation, assessment and analysis, such as by having formal risk management programs. Risk reviews of- ten are driven by compliance, and typically include the Continued on page 13 COMPLIANCE CORNER Jennifer Zordani, Principal, Zordani Law, P.C. Marina Baranovsky, Principal, Scitus Consulting
NOVEMBER 2016IAA NEWSLETTER - 13 - COMPLIANCE CORNERContinued from page 12 full range of subjects that compliance is required to address, whereas risk man- agement programs are broader and deeper in many respects. Consider the example of an adviser that transacts in Level 3 Assets which, by virtue of being very illiquid and hard to value, rank high on risk rating scales prepared by compliance. The adviser evaluates at the outset whether these assets are approved for a particular investor or fund, and confirms that ap- propriate disclosures are provided. The adviser has an established process for legal and compliance reviews of these transactions. It also has a process to monitor market and other financial risks. And specific personnel have de- fined roles and responsibilities for these activities, which are documented. An effective compliance program addresses the procedures for transact- ing in Level 3 Assets but are relatively basic – and no different than proce- dures that many advisers use for other types of assets. A risk management program, however, considers more than what would be required by the SEC’s compliance program requirements alone. A risk management program will consistently: • View risk management as an entity- wide endeavor; • Utilize expertise from key personnel outside of compliance and legal, in- cluding operations and manage- ment; • Evaluate what data and information is available; • Make an assessment as to whether to utilize the available data and infor- mation for risk reviews; • Regularly monitor underlying as- sumptions and criteria; • Require multiple areas of the firm to contribute information and analysis specifically directed at reducing firm risks and risks to clients, including identifying anomalies; • Demand prompt reviews and re- sponses by the appropriate person- nel; and • Provide reporting of significant events to senior management. A risk management program reviews the full spectrum of financial risks, re- viewing not just default risk, but other aspects of credit usage, leverage and li- quidity. For instance, there is an obvious correlation between Level 3 Assets and the probability of default risk, but toler- ance levels differ by firm (and within a firm). Insight from a range of operation- al, financial and management personnel as to why they recommend certain toler- ance levels will lead to better-informed risk reviews and facilitate updates more quickly when changes to the underlying assumptions occur. In considering what data and infor- mation is available, an adviser should also consider what comparisons might identify anomalies. With Level 3 Assets, it might assess changes in those assets relative to other assets within the firm. In other situations, changes relative to a parent or holding company might be relevant and useful. In addition, com- parisons to peers and competitors are useful for a variety of reasons, including because the SEC is making these types of comparisons. Of course, there are in- herent limitations where information is not publicly available. If an adviser places singular or heavy reliance on annual assessments from compliance, that is an indication that there is not an enterprise-wide commit- ment to risk management or a fulsome risk management program. Larger firms with risk committees and Chief Risk Of- Continued on page 14 ficers are familiar with a multi-depart- ment and multi-dimensional approach to risk and implementing risk manage- ment programs. But firms of all sizes should be tailoring risk management programs to their activities. How Third-Party Reviews can Increase the Effectiveness of an Adviser’s Risk Management Program While the debate over SEC-man- dated third-party reviews continues, a significant segment of the advisory industry currently benefits from vol- untary third-party reviews as a way to strengthen their programs. These ad- visers use service providers for basic reviews (e.g., compliance checklists), customized reviews (e.g., responding to investor requests) and targeted reviews (e.g., providing directors and senior management with detailed information on particular topics). Regardless of the impetus behind a third-party review, re- cent risk-related regulations, coupled with the SEC’s expanded risk analytics, strongly suggests that advisers are go- ing to be asking their third-party review- ers to spend more time looking beyond the compliance department as they pro- vide risk-related assessments. On the other hand, advisers that struggle to address compliance require- ments in an effective manner may not initially benefit from a risk review, since a third-party reviewer’s priority will be basic compliance requirements. Con- sider, for example, advisers that engage sub-advisers without having or conduct- ing appropriate evaluation and monitor- ing procedures. These firms are unlikely to be evaluating risk sufficiently if there is a huge information gap in an area of the firm that is integral to the adviser’s business. For firms that have basic com- pliance issues to address, requesting a third party to conduct a risk review is putting the cart before the horse. This leaves the great majority of A risk management program reviews the full spectrum of financial risks, reviewing not just default risk, but other aspects of credit usage, leverage and liquidity.
NOVEMBER 2016 IAA NEWSLETTER- 14 - that utilize voluntary third-party reviews that increase their focus on risk will be better positioned regardless of whether the SEC moves forward with another level of regulation. *Jennifer Zordani is the principal of Zordani Law, P.C. based in Chicago, IL. She counsels investment advisers, bro- ker-dealers and professional traders on regulatory, transactional and litigation matters. She can be reached at (312) 380-6555 or jzordani@zordanilaw.com. Marina Baranovsky is the principal at Scitus Consulting based in Washing- ton, DC. Her services and expertise are focused on Risk Assessment for Regis- tered Investment Advisers and Broker- Dealers. She can be reached at (703) 688-2534 or mbaranovsky@scitus consulting.com. This article provides general infor- mation and is not to be relied upon as legal advice for any matter. advisers that can benefit from third- party reviews that focus on the risk. These enhanced forms of review can be paired with a compliance review or conducted separately to target particular aspects of the firm’s activities (rules, processes, departments or products). The approaches taken by third-party reviewers will vary as they correspond to the firm’s size, business, resources, and, importantly, dedication to compliance and risk management. Regardless of the approach, advisers Continued from page 13COMPLIANCE CORNER

Recommended

Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...LexisNexis Benelux
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...vivacidade
 

Recommended

Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...
Anti-Money Laundering and Anti-Bribery and Corruption Systems & controls: Ass...LexisNexis Benelux
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...Compliance Officer update: What you should know about your Business Partner -...
Compliance Officer update: What you should know about your Business Partner -...vivacidade
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Data as a Hidden Gem in Compliance Programs
Data as a Hidden Gem in Compliance ProgramsData as a Hidden Gem in Compliance Programs
Data as a Hidden Gem in Compliance ProgramsJamal Ahmad, Esq., CPA, CFF, CFE
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
 
Keys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleKeys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleGrant Thornton LLP
 
Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012aj22dms
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Deloitte UK
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
The Shift in the Compliance Landscape
The Shift in the Compliance LandscapeThe Shift in the Compliance Landscape
The Shift in the Compliance LandscapePYA, P.C.
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party RiskThe Business Council of Mongolia
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal auditaakash malhotra
 
White Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewWhite Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewLexisNexis Benelux
 
NY State Dept of Financial Services Part 504
NY State Dept of Financial Services Part 504 NY State Dept of Financial Services Part 504
NY State Dept of Financial Services Part 504 Daniel Connor
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Monuments in the united states
Monuments in the united statesMonuments in the united states
Monuments in the united statesJordan Miller
 
Cd design project research
Cd design project researchCd design project research
Cd design project researchShannonJanes
 
Drowsy Driving & Cdl Licensure Rules Pp
Drowsy Driving & Cdl Licensure Rules PpDrowsy Driving & Cdl Licensure Rules Pp
Drowsy Driving & Cdl Licensure Rules Ppalertmedical
 
11U bio ani 02
11U bio ani 0211U bio ani 02
11U bio ani 02mrglosterscience
 
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"Jet Cornejo "Branded Customer Experience that lasts a Lifetime"
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"courageasia
 

More Related Content

What's hot

CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
 
Keys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleKeys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleGrant Thornton LLP
 
Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012aj22dms
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Deloitte UK
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
The Shift in the Compliance Landscape
The Shift in the Compliance LandscapeThe Shift in the Compliance Landscape
The Shift in the Compliance LandscapePYA, P.C.
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal auditaakash malhotra
 
White Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewWhite Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewLexisNexis Benelux
 
NY State Dept of Financial Services Part 504
NY State Dept of Financial Services Part 504 NY State Dept of Financial Services Part 504
NY State Dept of Financial Services Part 504 Daniel Connor
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot SpotsRon Steinkamp
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 

What's hot (17)

CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
 
Data as a Hidden Gem in Compliance Programs
Data as a Hidden Gem in Compliance ProgramsData as a Hidden Gem in Compliance Programs
Data as a Hidden Gem in Compliance Programs
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and value
 
Keys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleKeys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycle
 
Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
 
The Shift in the Compliance Landscape
The Shift in the Compliance LandscapeThe Shift in the Compliance Landscape
The Shift in the Compliance Landscape
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party Risk
 
The changing role of internal audit
The changing role of internal auditThe changing role of internal audit
The changing role of internal audit
 
White Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic reviewWhite Paper: A summary of the FSA thematic review
White Paper: A summary of the FSA thematic review
 
NY State Dept of Financial Services Part 504
NY State Dept of Financial Services Part 504 NY State Dept of Financial Services Part 504
NY State Dept of Financial Services Part 504
 
2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots2015 Tackling This Year's Audit Hot Spots
2015 Tackling This Year's Audit Hot Spots
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 

Viewers also liked

Monuments in the united states
Monuments in the united statesMonuments in the united states
Monuments in the united statesJordan Miller
 
Cd design project research
Cd design project researchCd design project research
Cd design project researchShannonJanes
 
Drowsy Driving & Cdl Licensure Rules Pp
Drowsy Driving & Cdl Licensure Rules PpDrowsy Driving & Cdl Licensure Rules Pp
Drowsy Driving & Cdl Licensure Rules Ppalertmedical
 
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"Jet Cornejo "Branded Customer Experience that lasts a Lifetime"
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"courageasia
 
Fortification and the ‘Faces of Anemia’ campaign
Fortification and the ‘Faces of Anemia’ campaign Fortification and the ‘Faces of Anemia’ campaign
Fortification and the ‘Faces of Anemia’ campaign Milling and Grain magazine
 
The State of the Hospitality Manpower in the Philippines
The State of the Hospitality Manpower in the PhilippinesThe State of the Hospitality Manpower in the Philippines
The State of the Hospitality Manpower in the Philippinescourageasia
 
Tendon transfer for radial nerve palsy
Tendon transfer for radial nerve palsyTendon transfer for radial nerve palsy
Tendon transfer for radial nerve palsyMohammed Aljodah
 
Drug incompatibilities
Drug incompatibilitiesDrug incompatibilities
Drug incompatibilitiesmostafa hosni
 
Chronic Kidney Disease: Diagnosis and management
Chronic Kidney Disease: Diagnosis and managementChronic Kidney Disease: Diagnosis and management
Chronic Kidney Disease: Diagnosis and managementkkcsc
 

Viewers also liked (12)

Monuments in the united states
Monuments in the united statesMonuments in the united states
Monuments in the united states
 
Cd design project research
Cd design project researchCd design project research
Cd design project research
 
Drowsy Driving & Cdl Licensure Rules Pp
Drowsy Driving & Cdl Licensure Rules PpDrowsy Driving & Cdl Licensure Rules Pp
Drowsy Driving & Cdl Licensure Rules Pp
 
11U bio ani 02
11U bio ani 0211U bio ani 02
11U bio ani 02
 
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"Jet Cornejo "Branded Customer Experience that lasts a Lifetime"
Jet Cornejo "Branded Customer Experience that lasts a Lifetime"
 
testinglifeline-linkedin1
testinglifeline-linkedin1testinglifeline-linkedin1
testinglifeline-linkedin1
 
Fortification and the ‘Faces of Anemia’ campaign
Fortification and the ‘Faces of Anemia’ campaign Fortification and the ‘Faces of Anemia’ campaign
Fortification and the ‘Faces of Anemia’ campaign
 
The State of the Hospitality Manpower in the Philippines
The State of the Hospitality Manpower in the PhilippinesThe State of the Hospitality Manpower in the Philippines
The State of the Hospitality Manpower in the Philippines
 
Tendon transfer for radial nerve palsy
Tendon transfer for radial nerve palsyTendon transfer for radial nerve palsy
Tendon transfer for radial nerve palsy
 
Drug incompatibilities
Drug incompatibilitiesDrug incompatibilities
Drug incompatibilities
 
Chronic Kidney Disease: Diagnosis and management
Chronic Kidney Disease: Diagnosis and managementChronic Kidney Disease: Diagnosis and management
Chronic Kidney Disease: Diagnosis and management
 
Pharmacoeconomics
PharmacoeconomicsPharmacoeconomics
Pharmacoeconomics
 

Similar to 11-2016 Compliance_Corner

Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesDun & Bradstreet
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016jennyhollingworth
 
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetGP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetMarco Villacorta Olano
 
EY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesEY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesMatthew Whalley
 
Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...Kyiv National Economic University
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Third Party Risk Management
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementAnu Damodaran
 
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadRISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadAlexei Sidorenko, CRMP
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligenceethiXbase
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)Keith Darcy
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementCharles Steve
 
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Cognizant
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorGrayline
 
MRM: PwC Top Issues
MRM: PwC Top Issues MRM: PwC Top Issues
MRM: PwC Top Issues PwC
 
Commercial: PwC Top Issues
Commercial: PwC Top Issues Commercial: PwC Top Issues
Commercial: PwC Top Issues PwC
 
Third Party Due Diligence - Know Your Third Party - EY India
Third Party Due Diligence - Know Your Third Party - EY IndiaThird Party Due Diligence - Know Your Third Party - EY India
Third Party Due Diligence - Know Your Third Party - EY IndiaErnst & Young
 

Similar to 11-2016 Compliance_Corner (20)

Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third Parties
 
My slides
My slidesMy slides
My slides
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016
 
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheetGP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
 
EY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pagesEY Legal Risk Brochure LR_single-pages
EY Legal Risk Brochure LR_single-pages
 
Credit rating crisil
Credit rating crisilCredit rating crisil
Credit rating crisil
 
Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...Definitive guide to third-party risk management - how to successfully mitigat...
Definitive guide to third-party risk management - how to successfully mitigat...
 
Ey segregation of_duties
Ey segregation of_dutiesEy segregation of_duties
Ey segregation of_duties
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free downloadRISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
RISK-ACADEMY’s guide on risk appetite in non-financial companies. Free download
 
Presentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due DiligencePresentation: Compliance & Third Party Due Diligence
Presentation: Compliance & Third Party Due Diligence
 
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
WSJ-Compliance Risks What You Don’t Contain Can Hurt You - Deloitte Risk (1)
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
 
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk Advisor
 
MRM: PwC Top Issues
MRM: PwC Top Issues MRM: PwC Top Issues
MRM: PwC Top Issues
 
Commercial: PwC Top Issues
Commercial: PwC Top Issues Commercial: PwC Top Issues
Commercial: PwC Top Issues
 
Third Party Due Diligence - Know Your Third Party - EY India
Third Party Due Diligence - Know Your Third Party - EY IndiaThird Party Due Diligence - Know Your Third Party - EY India
Third Party Due Diligence - Know Your Third Party - EY India
 

11-2016 Compliance_Corner

  • 1. NOVEMBER 2016 IAA NEWSLETTER- 12 - Marina Baranovsky, Scitus Consulting LLC, and Jennifer Zordani, Zordani Law, P.C.* Risk Focused: Third-Party Reviews as Part of an Effective Risk Management Program The SEC’s Focus on Risk The SEC’s Division of Investment Management has recently focused on investment advisers’ identification and oversight of a wide variety of risks that pervade their businesses. Aside from inherent investment risk, advisers are tasked with paying explicit attention to risks arising from violations of appli- cable laws and regulations, conflicts of interest, breaches of contract, failures to act in accordance with the firm’s own policies, cybersecurity, risks relating to the firm’s client relations, business com- petition, and reputation, among many others. A series of SEC regulatory initiatives stemming from the financial crisis – ad- opted enhanced data reporting require- ments and liquidity risk management for open-end funds, a proposal on de- rivatives, and an anticipated proposal on stress testing for large advisers – are intended to further reform different as- pects of risk management. Other SEC divisions and offices have become more adept at risk manage- ment as well. The Division of Economic and Risk Analysis (DERA) has developed tools to proactively detect anomalous results in data and identify aberrational performance and other factors that indi- cate fraud or other serious malfeasance at the advisory or fund level. Meanwhile, the Center for Risk and Quantitative Analytics (CRQA) coordinates risk iden- tification, risk assessment and data analytic activities. Unsurprisingly, SEC staff is also making use of data submitted by its reg- istrants, publicly available data and industry-related measures. These efforts – to enhance risk identifica- tion, assessment and analysis – ultimately inform the actions taken by the Office of Compliance Inspections and Examinations (OCIE). The SEC’s Recognition That Regulation Might Not Be Enough Consistent with its focus on risk and its enhance- ment of its internal analytics, the SEC staff recognizes that OCIE may leave stones unturned. Although OCIE has increased its staffing in response to a perceived need to increase the frequency of investment adviser examinations, the SEC is actively considering propos- ing mandated third-party reviews in connection with compliance examinations of investment advisers. Despite the SEC’s efforts to reallocate some of its re- sources, OCIE and the SEC Division of Enforcement continue to face a herculean task. A mandated third- party review proposal would be an explicit request for the industry to assist with that task. Many difficult issues would need to be considered and addressed before any potential third-party involve- ment could be implemented. However, it is worth con- sidering ways that advisers can increase their focus on risk and benefit from voluntary third-party reviews. Following the SEC’s Lead: How Advisers Can Increase Their Focus on Risk Taking their cue from the SEC’s recent actions, advisory firms could also enhance their risk identifi- cation, assessment and analysis, such as by having formal risk management programs. Risk reviews of- ten are driven by compliance, and typically include the Continued on page 13 COMPLIANCE CORNER Jennifer Zordani, Principal, Zordani Law, P.C. Marina Baranovsky, Principal, Scitus Consulting
  • 2. NOVEMBER 2016IAA NEWSLETTER - 13 - COMPLIANCE CORNERContinued from page 12 full range of subjects that compliance is required to address, whereas risk man- agement programs are broader and deeper in many respects. Consider the example of an adviser that transacts in Level 3 Assets which, by virtue of being very illiquid and hard to value, rank high on risk rating scales prepared by compliance. The adviser evaluates at the outset whether these assets are approved for a particular investor or fund, and confirms that ap- propriate disclosures are provided. The adviser has an established process for legal and compliance reviews of these transactions. It also has a process to monitor market and other financial risks. And specific personnel have de- fined roles and responsibilities for these activities, which are documented. An effective compliance program addresses the procedures for transact- ing in Level 3 Assets but are relatively basic – and no different than proce- dures that many advisers use for other types of assets. A risk management program, however, considers more than what would be required by the SEC’s compliance program requirements alone. A risk management program will consistently: • View risk management as an entity- wide endeavor; • Utilize expertise from key personnel outside of compliance and legal, in- cluding operations and manage- ment; • Evaluate what data and information is available; • Make an assessment as to whether to utilize the available data and infor- mation for risk reviews; • Regularly monitor underlying as- sumptions and criteria; • Require multiple areas of the firm to contribute information and analysis specifically directed at reducing firm risks and risks to clients, including identifying anomalies; • Demand prompt reviews and re- sponses by the appropriate person- nel; and • Provide reporting of significant events to senior management. A risk management program reviews the full spectrum of financial risks, re- viewing not just default risk, but other aspects of credit usage, leverage and li- quidity. For instance, there is an obvious correlation between Level 3 Assets and the probability of default risk, but toler- ance levels differ by firm (and within a firm). Insight from a range of operation- al, financial and management personnel as to why they recommend certain toler- ance levels will lead to better-informed risk reviews and facilitate updates more quickly when changes to the underlying assumptions occur. In considering what data and infor- mation is available, an adviser should also consider what comparisons might identify anomalies. With Level 3 Assets, it might assess changes in those assets relative to other assets within the firm. In other situations, changes relative to a parent or holding company might be relevant and useful. In addition, com- parisons to peers and competitors are useful for a variety of reasons, including because the SEC is making these types of comparisons. Of course, there are in- herent limitations where information is not publicly available. If an adviser places singular or heavy reliance on annual assessments from compliance, that is an indication that there is not an enterprise-wide commit- ment to risk management or a fulsome risk management program. Larger firms with risk committees and Chief Risk Of- Continued on page 14 ficers are familiar with a multi-depart- ment and multi-dimensional approach to risk and implementing risk manage- ment programs. But firms of all sizes should be tailoring risk management programs to their activities. How Third-Party Reviews can Increase the Effectiveness of an Adviser’s Risk Management Program While the debate over SEC-man- dated third-party reviews continues, a significant segment of the advisory industry currently benefits from vol- untary third-party reviews as a way to strengthen their programs. These ad- visers use service providers for basic reviews (e.g., compliance checklists), customized reviews (e.g., responding to investor requests) and targeted reviews (e.g., providing directors and senior management with detailed information on particular topics). Regardless of the impetus behind a third-party review, re- cent risk-related regulations, coupled with the SEC’s expanded risk analytics, strongly suggests that advisers are go- ing to be asking their third-party review- ers to spend more time looking beyond the compliance department as they pro- vide risk-related assessments. On the other hand, advisers that struggle to address compliance require- ments in an effective manner may not initially benefit from a risk review, since a third-party reviewer’s priority will be basic compliance requirements. Con- sider, for example, advisers that engage sub-advisers without having or conduct- ing appropriate evaluation and monitor- ing procedures. These firms are unlikely to be evaluating risk sufficiently if there is a huge information gap in an area of the firm that is integral to the adviser’s business. For firms that have basic com- pliance issues to address, requesting a third party to conduct a risk review is putting the cart before the horse. This leaves the great majority of A risk management program reviews the full spectrum of financial risks, reviewing not just default risk, but other aspects of credit usage, leverage and liquidity.
  • 3. NOVEMBER 2016 IAA NEWSLETTER- 14 - that utilize voluntary third-party reviews that increase their focus on risk will be better positioned regardless of whether the SEC moves forward with another level of regulation. *Jennifer Zordani is the principal of Zordani Law, P.C. based in Chicago, IL. She counsels investment advisers, bro- ker-dealers and professional traders on regulatory, transactional and litigation matters. She can be reached at (312) 380-6555 or jzordani@zordanilaw.com. Marina Baranovsky is the principal at Scitus Consulting based in Washing- ton, DC. Her services and expertise are focused on Risk Assessment for Regis- tered Investment Advisers and Broker- Dealers. She can be reached at (703) 688-2534 or mbaranovsky@scitus consulting.com. This article provides general infor- mation and is not to be relied upon as legal advice for any matter. advisers that can benefit from third- party reviews that focus on the risk. These enhanced forms of review can be paired with a compliance review or conducted separately to target particular aspects of the firm’s activities (rules, processes, departments or products). The approaches taken by third-party reviewers will vary as they correspond to the firm’s size, business, resources, and, importantly, dedication to compliance and risk management. Regardless of the approach, advisers Continued from page 13COMPLIANCE CORNER